Puumsoft Company Limited (“Puumsoft”, “we” or “us”) would like Candidate and Employee (“you”) do understand this Privacy Policy. This Privacy Policy describes how we handle your Personal Data and Sensitive Data, including collection, storage, use, disclosure and your rights relating to your Personal Data and Sensitive Data.
1. What is Personal Data?
Personal Data is any other data which identify yourself (no matter it can be identified by itself, or together with other information) comprises of 2 groups as follows;
Group 1: Basic information e.g. name, surname, age, address, gender, occupation, married status, nationality, id card number, passport and visa information, bank account, driver license, telephone number, e-mail, Line id, Facebook, cookies website, picture, emergency contact, car license etc
Group 2: Work information e.g. application details, education, work experience, contract, work license, social security, compensation fund, provident fund, employee code, salary, compensation, bonus, position, welfare, tax, job specifications, career goal, performance appraisal, training record, leave and absence record, illegal and/or work discipline behavior, reason of termination, security data, communication data and record of using computer, telephone, internet and e-mail etc.
Sensitive Data is Personal Data relating to racial or ethnic origin, religious or philosophical beliefs, political opinion, data concerning a natural person’s sex life, criminal record, data concerning health, disabilities, biometric data etc.
Candidate is the applicant for permanent employee or temporary employee or freelance person or outsourcing person. Applicant may proceed by his/herself or internal recruitment or referral program or head hunter.
Employee is the Candidate who is selected and enter into the employment contract with us and is permanent employee or temporary employee or outsourcing person or freelance person who works at Puumsoft’s office.
2. Personal or Sensitive Data Processing
2.1 You acknowledges that under the purposes of job application, employment contract, employment term contract, consulting contract and other service contracts (“Contract”), we is entitled to collect, use and disclose your Personal Data and Sensitive data (“Processing”)
We needs to correctly, completely, sufficiently receive your personal information in order to perform the obligations under job application, Contract, regulations, internal rules and/or our operating rule and/or performance under applicable law. Should we did not correctly, completely and sufficiently receive your personal information, it may result in the delay or any inconvenience of our performance under Contract or rule binding between Puumsoft and Candidate or Employee. In case of necessity, we may reject any obligations to Candidate or Employees in order to comply with the terms in the Contract and applicable laws. However, we respects your personal right and will process Personal data and Sensitive data based on legitimate purposes.
Below are details of our processing activities:
| Processing Area
|
Activities
|
Basis for Processing
|
Job Application and Employment Management
[self-managing and outsource performing]
|
Recruitment activities by Puumsoft including when Candidate and Employee contacts Puumsoft directly and internal recruitment.
|
Contract
|
| Employee applied the job from referral program or from recruitment outsourcing service provider.
|
Contract
|
| Interviewing, examining education background or working experience history from other sources, data analysis, comparison, employee selection and contract process.
|
Contract/ legitimate interest
|
Work performance management
[self-managing and outsource performing]
|
Employee record, employee card, equipment, tool, computer, mobile phone, e-mail, username & password for accessing necessary system and other related matters in order to prepare working, training or test.
|
Contract
|
| Applying or renewing visa and work permit and requesting approval relating to work performance
|
Contract/ lawful basis/consent (relating to sensitive data)
|
| Requesting for food allergy, vaccination records and any other allergies record in order to train or arrange for related activities.
|
Consent
|
| Examining criminal record (only specific position)
|
Consent
|
Compensation and welfare management
[self-managing and outsource performing]
|
Managing salary, remuneration, wage, bonus, overtime, accommodation cost, travel fee and any other benefits for employee
|
Contract/lawful basis
|
| Managing social security fund, provident fund, workmen compensation fund and education Loan Fund
|
Contract/lawful basis
|
| Managing employment taxes e.g. withholding tax
|
Contract /lawful basis
|
| Managing welfare, protection, accidental and dangerous alleviating measure, report and medical care service
|
Contract/lawful basis/legitimate interest
|
| Recording medicine history and alleviating accident, incident, emergency case or danger against life, body, health of employee, including the security of employee
|
Consent/protecting or preventing danger against life, body or health of person
|
| Managing life insurance, group insurance, underwriting, reinsurance, consideration for insurance claim
|
Contract/legitimate interest/consent (as related to sensitive data)
|
| Disclosing employee data to outsource and consultant e.g. disclosure for survey and compensation analysis
|
Consent
|
| Birthday announcement and condolences on loss of employee’s family member and the request of food allergy record in order for activity and party arrangement
|
Consent
|
| Managing employee’s activities e.g. birthday party, new year party, any party and outing trip for employee.
|
Contract/legitimate interest
|
| Managing day off, leaves, late arrival and employee working location
|
Contract/lawful basis
|
| Managing advertising, public relations of which employee is a presenter either wholly or partly express himself in the media of Puumsoft.
|
Consent
|
| Announcement as a new comer, candidates or employee of the month/year, long service award, promotion and relocation of employee.
|
Legitimate interest
|
| Seizing of salary or remuneration as required by the order of execution department or official receiver in bankrupt case.
|
Lawful basis
|
Training and performance evaluation management
[self-managing and outsource performing]
|
Training and exam testing for any area of knowledge of employee.
|
Contract/legitimate interest
|
| Goal setting, performance evaluation, promotion, salary and bonus review.
|
Contract/legitimate interest
|
Compliant, Dispute, Lawsuit and Risk Assessment Management
[self-managing and outsource performing]
|
Monitoring, investigating fraud or illegal behavior in accordance with law, rule and working regulations, including disciplinary action consideration.
|
Contract/lawful basis/legitimate interest
|
| Taking any action for monitoring, investigation, suing or undertaking any measures to protect lawful or contractual right.
|
Contract/lawful/legitimate
|
| Reporting fraud case of employee to regulator and any authorized officer as required by law e.g. police, AMLO, Revenue Department, Execution Office, Royal Thai Police.
|
Lawful/legitimate interest
|
Termination Management
[self-managing and outsource performing]
|
Managing resignation, retirement, termination, informing thereof to related government e.g. Revenue Department, Bank, Social Security Office, Immigration Office
|
Contract/lawful basis
|
2.2 We will strictly and properly implement the Personal Data security measure and be compliant with Privacy Policy in order to protect your Personal Data or Sensitive Data from any loss, destroying, modifying, accessing or disclosing without permission or legality in accordance with Data Security Policy and Procedure and IT Security Guideline and Policy.
2.3 If there is any change and/or adding of the purpose of processing e.g. processing based on contract or lawful basis etc., we will inform you of new purpose via Puumsoft website, poster announcement or e-mail. We will record such changes for evidence. In addition, we may request your consent before processing any activities of new purposes (if consent required by law).
3. We process your Personal Data restrictively
3.1 We will restrictively process your Personal Data or Sensitive Data by using legitimate and fair method and within the scope of the specified objective.
3.2 Other than the specified objective, we will obtain your consent prior to processing Personal Data; unless
(1) It is required by laws;
(2) It is beneficial to you, given that it is impossible to obtain your consent at that time;
(3) It is beneficial to your or someone else’s life, health or security;
(4) It is for a purpose of investigation of an officer or judicial process of court;
(5) It is beneficial to research or statistics preparation.
3.3 In case of necessity, we may collect your Sensitive Data for a purpose of Contract, performing regarding Contract and other agreement as related to employment. We however will not collect your Sensitive Data which is adverse to your reputation or discriminating; unless
(1) You give a consent to us;
(2) It is required by laws;
(3) It is beneficial to you, given that it is impossible to obtain your consent at that time;
(4) It is beneficial to your or someone else’s life, health or security;
(5) It is for a purpose of investigation of an officer or judicial process of court;
(6) It is beneficial to research or statistics preparation.
3.4 We may store your Personal Data together with your Personal Data that we have received from other sources with feasible 30-days receiving notification and may request your consent (in case consent required by law) for abovementioned purpose, for updating Personal Data, or improving our services
4. We may disclose your Personal Data to Data Processor or any authorities as required by laws
4.1 In order to perform the obligation of job application, Contract and/or other agreement as related to above mentioned objective, we may transfer or disclose your Personal Data and/or Sensitive Data to data processor, third party who is the advisor or service provider located both inside and outside country.
4.2 We may store your Personal Data and/or Sensitive Data through Cloud Computing which is offered by outsourced service provider located both inside and outside country.
4.3 We may disclose your Personal Data and/or Sensitive Data to Puumsoft, our affiliate, internal and external audit, The Office of Insurance Commission, Anti-Money Laundering Commission, Anti-Money Laundering and Counter-Terrorism Office located both inside or outside country, police officer, public prosecutor, court, legal execution enforcement officer, legal official receiver, Revenue Department officer, or any other office as required by relevant laws.
The following table depicts the service providers that we use and their related privacy policy reference.
| Service Provider
|
Privacy Policy Reference
|
| Amazon Web Services (AWS)
|
https://aws.amazon.com/compliance/thailand-data-privacy/
|
| Microsoft
|
https://privacy.microsoft.com/en-US/
|
| CS Loxinfo
|
https://csl.co.th/csl-files/pdf/03_CSL_The%20Personal%
|
| 20Information%20Privacy%20Protection%20Policy-TH.pdf
|
| INET
|
https://www.inet.co.th/assets/html/data_policy_en.html
|
5. Your participation as Personal Data owner
5.1 If you would like to know how we process your Personal Data or Sensitive Data, you can send an email to [email protected]. When we receive your email, we will feedback you the existence or the detail of your Personal Data within appropriate time.
5.2 If you think that your Personal Data or Sensitive Data is not accurate, you can request us to make change or amend your Personal Data or Sensitive Data. In this regard, we may reject your request and we will record the rejection or objection of such request with reason as an evidence.
5.3 You have the right to check the existence, the type of your Personal Data and/or Sensitive Data, the using objective of your Personal Data and Sensitive Data. In addition, you also have the right to:
(1) Request a copy or a certified copy of your Personal Data and/or Sensitive Data;
(2) Request to make a change or correct your Personal Data and/or Sensitive Data;
(3) Request to suspend the use or the disclosure of your Personal Data and/or Sensitive Data;
(4) Request to erase or destroy your Personal Data and/or Sensitive Data;
(5) Request to disclose the method of obtaining your Personal Data and/or Sensitive Data for the case which your consent has not been made;
(6) Request to cancel your consent which you have previously made;
(7) Request to transfer your Personal Data and/or Sensitive Data to other data controller;
(8) Contact us or any relevant authorities, if necessary;
You have the rights to exercise above mentioned under Applicable Personal Data Protection Law and within the company policies.
5.4 You have the rights to your own contact information which will be used within the organization. The contact information is being used without transferring to any device unless you intentionally disclose the information
Remark:
If we process your Personal Data and/or Sensitive Data based on Contract, legitimate interest or legal obligation basis, we reserve our right to refuse your right in (3) and (4).
Please note that if you choose to exercise your right in (3) (4) and (6), we will not be able to perform the obligations under Contract which might result in Contract termination and/or the inability to provide the welfare to you.
6. Data Collection and Use
- Contact List: We access your contact list to enable features such as sharing your contact details with colleagues and managing and saving contacts from your company within the app. This functionality ensures that you can easily sync the company's contact list to your device, keeping your contacts up-to-date at all times.
- Images: We collect personal and VCard images to facilitate sharing contact details visually. This feature enhances the ease of sharing and receiving contact information in a more engaging and convenient format.
- Files: We access and collect file information on your device to enable comprehensive file management features within the app. This includes attaching files for various requests such as leave, overtime, and other company-specific requisitions, streamlining your request and approval workflows.
Purpose of Data Collection:
To improve app functionality and user experience by allowing seamless contact synchronization, ensuring that you view data based on the permissions assigned to your role in the company, and enabling all request/approval processes to be conducted efficiently within the app.
To provide personalized content and features, ensuring that you have immediate access to up-to-date contact information and are empowered with permission control based on your position within the company.
We ensure that your data is not sold or shared with third parties for marketing purposes.
Your Consent:
By using our app, you actively consent to the data collection and usage as outlined in this notice. You can manage your preferences and withdraw your consent at any time through the app settings, specifically under the PDPA section.
Security and Privacy:
We are committed to protecting your privacy and ensuring the security of your data. All data collected is handled in accordance with comprehensive data protection and security measures. We strictly implement personal data security measures and comply with our Privacy Policy to protect your personal or sensitive data from any loss, destruction, modification, unauthorized access, or disclosure, in line with our Data Security Policy and Procedure and IT Security Guidelines and Policies.
7. Period of Personal Data processing
We reserve our right to process and disclose your Personal Data and your Sensitive Data and any relevant authorities as required by laws, whichever the case may be, within 2 years from the job application date (for Candidate) and 10 years from the last working date (for Employee).
8. Limitation of liability
Although the company employs the strictest measures and best technology to protect personal data security, the company is not able to guarantee zero incidents of personal data security breach. Therefore, the company reserves the right to not be held responsible for any loss or damages to personal data in all cases.
9. Notification of personal data security breaches
Employees may notify any breaches of personal data to the Data Protection Officer (DPO) of the company as specified in section 9 of this policy for the benefit of the employee. The company requests that the employee notify the company of such breaches as soon as possible after the employee discovers the breach.
10. DPO Contact Information
If you have any questions or concerns regarding this policy, please contact us at:
Puumsoft Company Limited
54 BB Building 14th Floor, Unit 1402 54 Sukhumvit 21(Asoke) Road, Klongtoey Nua, Wattana, Bangkok 10110
Visit our website at: https://www.puumsoft.co.th
Email: [email protected]
Tel. 0 2260 0100-2
11. Updates to the Personal Data Protection Policy
The company may make improvements or modifications to this Personal Data Protection Policy from time to time to comply with your company’s policy, operations, or suggestions and or recommendations from your company. The company will announce the changes officially before actually making any changes. Your company may notify you directly through your company’s communication channels such as bulletin boards or e-mail.
This policy is effective from 25 October 2021.