Privacy Policy For Employees

YKK (Thailand) Co., Ltd. (hereinafter referred to as the “Company”, “we”, “us”, or “our”) recognises the importance of personal data in order to comply with the Personal Data Protection Act B.E. 2562 (“Applicable Law”). We have established this privacy policy for employees (“Policy”) to inform our employees of all levels including but not limited to directors and interns, of our purpose of collecting, using, and/or disclosing your Personal Data, and to inform you of your rights relating to your Personal Data.

The Company is committed to ensure that your Personal Data is processed in accordance with the Applicable Law and other regulations in the jurisdictions in which we operate. If you provide any Personal Data to us, you understand we will only collect, use, disclose and/or transfer your Personal Data in accordance with this Policy. You do not have to provide all the requested Personal Data to us, however where the Personal Data we collect is necessary or legally required in relation to our potential and existing relationship with you, if you do not agree or provide the Personal Data when requested, it may affect our ability to process your application and/or employment related request.

“Personal Data” means any information relating to a Person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.

“Sensitive Data” means Personal Data which is considered to be sensitive as defined by the Applicable Law.

WHAT PERSONAL DATA WE COLLECT

The Company may collect your Personal Data directly from you or indirectly from other sources. Examples of Personal Data we may collect are as follows: –

• Personal details, such as title, name, surname, gender, age, nationality, date of birth, place of birth, weight and height, blood group, signature, photos, vehicle plate number, vehicle brand, educational backgrounds, training experiences, language skills, talents, hobbies, interests, occupation, professional licenses, certificates of training, information relating to health insurance, smoking or drinking record, alcohol test result, marital status, military status, and/or CCTV recordings (refer to our ‘Privacy Policy on CCTV use’);
• Contact details, such as postal address, house registration address, national identification card address, work address, phone numbers, business phone number, facsimile number, email address, social media account information (e.g., LINE ID, Facebook account etc.), and/or other information-related to social networking sites;
• Identified information from government agencies, such as national identification card, passport, house registration, car registration, driving license, death certificate, company affidavit, certificate of personal name change, military record, conscription certificate, VISA, and/or immigration form and status;
• Work details, such as staff identification number, job title, workplace, certification of employment, salary confirmation letter, business/work user accounts and passwords, employment commencement /termination date, work experience, performance report, information relating to work outside of the workplace (e.g., place, time, and date of the work outside the workplace, travel plan), work records, disciplinary record, transfer record, promotion record, log book (e.g., clock-in, clock-out), complaint details, litigation details, , application or request for withdrawal of any extraordinary rights, inspection form of the director’s qualifications;
• Financial details, such as details relating to the opening of bank account, copy of bank book, bank account number, credit/debit card number, transaction details, expense details, disbursement document, current return, salary, wage, other income and deduction, withholding tax details, bankruptcy record, details in loan applications, minutes of shareholder’s meeting, copy of shareholder register, shareholder/security holder number, security account number, number of shares, securities, and/or amount of dividend;
• Technical details, such as Internet Protocol (IP) address, media access control, computer traffic record, website history, operating system and platform, and/or other technology on devices used to access the platform;
• Information of your related person, such as details of your work references personnel, parents, spouse and children (e.g., birth certificate, number of children, gender, relationship, copy of national identification card, birth certificate or letter of exercising parental power certification, document showing education expense, school record, education certificate, welfare), certificate of marriage and/or document of spouse (e.g., income, relationship, copy of national identification card, information relating to health insurance);
• Sensitive Data, such as religious or other beliefs, racial or ethnic origin, health or medical information, biometric data (i.e., fingerprint, facial recognition), criminal records, details about trade unions and/or political opinions/ membership.

If you provide Personal Data of any third party such as parent, spouse, children, emergency contact, or work referral person to us, you represent and warrant that you have the authority to do so by (i) informing such other persons about this Policy; and (ii) obtaining consents (where necessary or required by laws) to permit us to collect, use, and/or disclose such Personal Data in accordance with this Policy. Additionally, we will only collect Sensitive Data from you in limited circumstances and where necessary.

HOW WE COLLECT YOUR PERSONAL DATA

The Company may collect your Personal Data through multiple channels including but not limited to:

• Directly from you – for example as part of the process of a job application, interview, at the beginning and throughout the term of employment as part of your employment engagement with us;
• Indirectly from other sources – such as any companies under YKK Corporation , our service providers, third-party business alliances (e.g., outsourcers, agencies, contractors, insurance companies, hospitals, banks) other third parties (e.g., reference persons, complainants, creditors), public sources, and website of third parties or relevant governmental agencies (e.g., Department of Business Development, Revenue Department, Department of Provincial Administration, Royal Thai Police, Anti-Money Laundering Office, Securities Depository).

WHY WE COLLECT, USE AND/OR DISCLOSE YOUR PERSONAL DATA

3.1 THE LEGAL BASES THAT WE MAY RELY ON FOR THE COLLECTION, USE, AND/OR DISCLOSURE OF YOUR PERSONAL DATA

1. Contractual basis, for our initiation or fulfilment of a contract with you;
2. Legal obligation, for the fulfilment of our legal obligations;
3. Legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and any relevant third party with your interest in relation to the protection of your Personal Data;
4. Legal compliance, for fulfillment of any requirements under the Applicable Law;
5. Vital interest, for preventing or suppressing a danger to a person’s life, body or health; and/or
6. Public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.

3.2 PURPOSES FOR THE COLLECTION, USE AND/OR DISCLOSURE OF YOUR PERSONAL DATA

Accordingly, depending on the context of the interactions and your relationship with us, we may collect, use and/ or disclose your Personal Data for the following purposes:

• To manage job application and/or employment: such as, compilation of data from job applicant as part of the job application process, verification and background checks, assessment of suitability and qualifications of job applicant, employment decision making, entering into employment agreement or service agreement, the preparation of work permit and employment document, and/or determination of salary, welfare, and other basic contractual information in any particular position;
• To contact and communicate: such as, to contact and communicate relating to your interview or activity, document delivery, and to contact your emergency contact when necessary;
• To administrate, pay remuneration, and provide welfare: such as to pay salary and provide welfare, expense, bonus, compensation, medical and health disbursement, and other rights and privileges to you and your related person;
• To manage human resources and employment relationship: such as to document work records, to monitor performance and working hours, to manage work hours, to prepare employment documents for foreign employee, arrange work activities; to evaluate an employee’s competency, suitability and performance, to consider adjustment or relocation of position and/or workplace, to consider salary adjustment, to issue staff identification card and other appropriate employee cards, to analyse, plan and manage company’s resources, maintenance and internal affairs, to advise, consider, manage and solve complaints, disciplinary action, blacklist of employee internally, employment termination, resignation or retirement, to manage and administrate accounting matters and issue documents or certification letter (e.g., certification letter for employment status or reward letter);
• To arrange for training: such as orientation, internal and external training and seminar facilitation of events and evaluation of the training/seminar and attendee’s satisfaction;
• To fulfil financial obligation of the organization, including (internal and external) audit and accounting requirements: such as to project and determine budget, analyse and control cost/budget, complete financial statement, evaluate salary and other income, for tax procedures and disbursement, issue payment and bill, verify the accuracy of accounting and financial documents, and/or to prepare accounting, balance sheet, and expense summary of the Company;
• To manage systems: such as IT system, communication system, IT security system for control access to data system and IT security audit, to manage internal business for internal compliance requirements, policies and procedures; and to update our databases;
• To comply with laws and orders of competent authority: where there are reasonable grounds for the Company to believe that it shall cooperate and comply with the law, legal proceedings or government authorities’ orders, which can include orders from government authorities outside Thailand and/or cooperate with court, regulators, government authority and law enforcement bodies. Under such circumstances, the Company may need to disclose your Personal Data to strictly comply with the said legal obligations, proceedings and/or orders. This includes aiding any investigation and prevention of crime, fraud, and/or establish the right to claim under the law;
• To provide security: such as to prevent or suppress a danger to a person’s life, body, health and asset, for control of situations such as contagious disease/ epidemic, to manage any other cases of emergencies; and/or
• To share and publish Company’s event and activities: such as related information, stories and photographs in the Company’s and YKK Corporation’s internal publication (e.g., newsletters, social media accounts, company website and regional newsletters).

3.3 PURPOSES FOR THE COLLECTION, USE AND/OR DISCLOSURE OF YOUR SENSITIVE DATA

We may also collect, use and/ or disclose your Sensitive Data for the following purposes:

• Data as shown in Government Issued Documents (e.g., Passport): To identify applicants and employees and verify his/her details;
• Health Data (e.g., medical certificate): To check record, qualifications, suitability for employment and to examine and monitor performance during employment, to retain as work record and in cases of emergency, to arrange work schedule, to grant leave, to support the procurement and disbursement of welfare, medical fee, health insurance and annual health check-up, to analyse and improve human resources management, to comply with the laws or orders of a government agency including disclosing health information in relation to disease control or emergencies;
• Disability Data (e.g., health records): To check record, qualifications and suitability for employment, to calculate and make payment to the Empowerment for Person with Disabilities Fund;
• Criminal Data (e.g. police check record): To check record, qualifications and suitability for employment for certain positions;
• Biometric Data (e.g., fingerprint/facial recognition): To enter and exit working areas, to clock-in and clock-out;
• Data Incorporated in Complaint, Report and Lawsuit: To investigate and manage the issue/case, to record, verify and provide information, to request for additional information; and

We will obtain your consent for use and/or disclosure of Sensitive Data unless there are compelling legitimate bases for us to conduct without obtaining your consent such as disclosing your Personal Data, in the event of a critical incident or emergency and/or under certain circumstances as required or authorised by law.

Where we may rely on consent for the collection, use and/or disclosure of Personal and Sensitive Data, you have the right to withdraw your consent at any time by contacting us (please see our contact details as per Item 9 of this Policy). However, if you do not provide or withdraw your consent, we may not be able to achieve the purposes stated above in this Policy.

TO WHOM WE MAY DISCLOSE AND/OR TRANSFER YOUR PERSONAL DATA

The Company takes reasonable precautions to ensure that we keep your Personal Data secure and will not disclose and/or transfer it unless we have your permission or otherwise as necessary for the purposes set out in this Policy. We may disclose your Personal Data to the following categories of recipients: –

1. Our subsidiaries and affiliated companies – we are a subsidiary under YKK Corporation. We collaborate and/or partially share customer services and systems (i.e., service systems), and thus where necessary, we may need to disclose your Personal Data for the relevant purposes;
2. Governmental and/or regulatory agencies – we may be required to disclose your Personal Data, in the event of a critical incident or emergency and/or under certain circumstances as required or authorised by law, to government agencies, courts, tribunals, regulatory authorities, embassy, consulates, emergency services personnel and/or other relevant enforcement officers;
3. Other third-parties – we may need to disclose your Personal Data to external service providers such as our contracted and professional services providers, professional advisors, lawyers, consultants, auditors and technicians, to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above.

CROSS-BORDER DATA TRANSFERS OF YOUR PERSONAL DATA

The Company is part of YKK Corporation which operates a global business, and thus your Personal Data may be disclose and/or transfer to any company under YKK Corporation, for the purposes set out in this Policy.

It may also be necessary for us to disclose your Personal Data to third parties located overseas in connection with the purposes set out above. We will obtain your consent for such disclosure and/or transfer unless there are other compelling legitimate bases or other cross-border mechanism as permitted by law for us to conduct without obtaining your consent. We will ensure that any such transfer of Personal Data will only be undertaken in compliance with the Applicable Law.

YOUR RIGHTS AS A DATA SUBJECT

Subject to Applicable Law and exceptions thereof, you may have the following rights to:

1. Access: You may have the right to access or request a copy of your Personal Data we collect, use and/or disclose, or request that we disclose how we acquired your personal information. For privacy and security, we may require proof of your identity before providing the requested Personal Data;
2. Rectification: You may have the right to request for rectification of incomplete, outdated, inaccurate or misleading Personal Data that we collect, use and/or disclose;
3. Restriction: You may have the right to restrict our use of your Personal Data in certain circumstances, including where you believe such Personal Data to be inaccurate; that our collection, use and/or disclosure is unlawful, or that we no longer need such Personal Data for a particular purpose;
4. Data portability: You may have the right to obtain your Personal Data we hold, in a structured, electronic format, and to transmit such data to another party (data controller), where this is personal information which you have provided to us or if we had collected, used and/or disclosed that data on the basis of your consent;
5. Objection: You may have the right to object to our collection, use and/or disclosure of your Personal Data subject to the Applicable Law;
6. Withdraw consent: You may have the right to withdraw consent at any time, for the purposes you have consented to our collection, use and/or disclosure of your Personal Data;
7. Deletion: You may have the right to request that we delete, destroy or anonymise your Personal data that we collect, use, and/or disclose, except we are not obligated to do so if we need to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims; and
8. Lodge a complaint: You have the right to lodge a complaint to the competent authorities if you believe that our collection, use and/or disclosure of your Personal Data does not comply with the Applicable Law. However, we ask that you contact us first about any complaints before contacting the relevant authorities so that we have an opportunity to address your complaints.

There may be cases where the law limits the exercise of any duties or rights above, or where we may appropriately or justifiably decline your request to your Rights mentioned above. For example, we may decline your exercise of such rights in order to comply with our legal obligations, for our legitimate and/or public interest, or if your exercise of such right violates any right or freedom of any other person. If your request is decline, we will notify you of the reason(s).

HOW LONG DO WE KEEP YOUR PERSONAL DATA

The Company will only retain your Personal Data for as long as reasonably necessary to fulfil our duties to achieve the objectives prescribed in this policy – with the exception of job applicants and candidates, where we will generally only retain your Personal Data for a maximum of two years.

We will remove your Personal Data from our systems and records when we are no longer permitted by the Applicable Law to store your Personal Data. In the event a judicial or disciplinary action is initiated, your Personal Data may be stored until the end of such action, including any potential periods for appeal, and will then be deleted or archived as permitted by the Applicable Law.

SECURITY MEASURES TO MAINTAIN YOUR PERSONAL DATA

The Company maintains appropriate security measures in compliance with the Applicable Law. This includes administrative, technical and physical safeguards in relation to access control, in order to protect the confidentiality, integrity, and availability of Personal Data against any accidental, unlawful or unauthorised loss, alteration, correction, use, disclosure and/or access.

In particular, we have implemented access control measures to maintain the security of your Personal Data such as management administrative safeguards, technical safeguards and physical safeguards. And these include the following measures:

1. Control and restrict usage and security access to Personal Data, and the related devices that store and process the data;
2. Determination of permission or assignment of right to access Personal Data;
3. User access management to control and restrict access to Personal Data such as access granted only to certain authorised employees;
4. Determining user responsibilities to prevent unauthorised access, disclosure or illegal copying of Personal Data, and/or theft of personal data storage or processing devices;
5. Providing additional means to enable retrospective review of access, alteration, deletion and/or transfer of Personal Data and to ensure such process complies and is consistent with the methods and mediums used for collecting, using and/or disclosing Personal Data.

OUR RIGHTS TO AMEND THE POLICY

The Company reserves the right to amend this Policy at any time without prior notice, in its sole discretion and as it deems appropriate, to revise and update the Policy. We will use reasonable endeavors to inform our employees in any appropriate methods, of any revision to the terms or details of this Policy when it comes to effect.

OUR CONTACT DETAILS

If you have a question or complaint about this Policy and/or our privacy practices, or if you would like to exercise your Rights in relation to your Personal Data, please contact us at: –

Contact person: Ms. Jurairat Gotan
Address: 689 Moo 6, Sukhumvit k.m. 35, Bangpoomai, Muang District, Samutprakarn 10280
Contact number: 02-323-9041 (Ext. 132)
Contact email address: Jurairat_g@ykk.com