Personal Data Protection Center
Personal Data Protection Notice for External Parties
Group 2
Vendors or business partners, outsourced service providers, and contracting parties
(This includes only the Personal Data of natural persons who were, are, or may, in the future, be the Company's vendors or business partners, outsourced service providers, or contracting parties, and employees, personnel, officers, representatives, agents, any persons authorized to act on behalf of the juristic persons, directors, and other natural persons acting on behalf of the vendors or business partners, outsourced service providers, and the Company's corporate contracting parties)
Data Processing
The Company will collect, use, disclose, and/or cross-border transfer the following Personal Data of external parties who are the Company's vendors or business partners, outsourced service providers, and contracting parties:
General Personal Data, such as the first name, last name, job position, address, telephone or fax number, email address, photographs, motion images from video recording or closed-circuit television (CCTV), audio recordings from meetings, information on the national identification card or passport, signature, first or last name change certificate, social media account information (such as the LINE ID), visa information, work permit, foreign national card, car information (such as the car plate number, brand, model, and color), and other personal data you provide to the Company;
Sensitive Personal Data, including health data for the purpose of disease (including the COVID-19) screening upon your visit or entry into the Company's buildings or operating areas, disability information, which the Company has obtained consent from you or as necessary and permitted by laws;
Payment information, such as bank account number and details; and
Technical data, such as the username and password used to access the system, IP address, Media Access Control data, log files, cookies data, system usage data, website usage data, operating systems and platforms, and other technologies on devices used to access the platform, as well as other Personal Data regarding the use of the Company's system.
Remarks: In the case that you are asked to provide supporting documents that contain Sensitive Personal Data, such as race and religion, for the purpose of identity verification, and such data are unnecessary for operations, you may redact such Sensitive Personal Data before delivering these documents to the Company. If the Sensitive Personal Data contained in the documents received by the Company is not redacted, the Company reserves the right to redact it. In this case, no Sensitive Personal Data will be deemed to be collected by the Company from you.
2. Sources of Personal DataThe Company may collect your Personal Data from the following sources.
2) The Company collects your Personal Data from other sources, such as that available in the public websites or obtained from the companies of its vendors or business partners, outsourced service providers, contracting parties, affiliated companies or PTT group companies, or other third parties.
The Company collects, uses, discloses, and/or cross-border transfers your Personal Data for the following purposes:
4) To prepare tools and equipment, the commencement of the work, to use as database for the preparation of work systems, such as to request IT devices and email accounts, and to request to set up information technology system user accounts;
5) To manage information technology management regarding performance of contractual obligations, such as access to, maintenance of systems, and examination on and solve issues regarding information technology systems, websites, and applications, as well as maintenance of system security;
For Sensitive Personal Data, the Company collects, uses, discloses, and/or cross-border transfer your Sensitive Personal Data for the following purposes:
1) To examine health condition and readiness to perform contractual obligations to prevent risks and danger that may occur to workers in the Company's buildings;
2) To screen diseases and assess risks of communicable diseases before visits or entry into the Company's buildings or operating areas; and
3) To produce reports in compliance with the reporting procedures established by the Company, or as regulators or agencies order as specified by laws.
4. Legal bases for the collection, use, and disclosure of Personal Data
The Company generally collects, uses, discloses, and processes your Personal Data on the following legal bases:
2) Where it is for legitimate interests of the Company or a third party to the extent that these interests do not override the fundamental rights in your Personal Data;
Only in the case of the collection, use, and disclosure of your Sensitive Personal Data, the Company relies on the following legal bases:
5) it is information that is disclosed to the public with the explicit consent of the data subject; and/or
6) Other cases permissible by laws.
5. Types of persons or organizations to whom or to which the Company discloses your Personal Data
The Company may disclose your Personal Data (only as necessary) to the following external parties or organizations for the purposes indicated in this Notice, who or which may be located in or outside Thailand.
The Company may disclose your Personal Data to these persons, who may act as the data controller or data processor, such as banks, information technology solution providers, cloud service providers, data or document storage providers, application service providers, hospitals, survey service providers and data analysts, and space and car parking service providers.
The Company may disclose your Personal Data to government officials and government agencies that have the legal authority, or for the purpose of protecting the rights of the Company or third parties, or for your own interests, such as the State Audit Office, the Comptroller General's Department, the Court of Justice, the Revenue Department, the Department of Mineral Fuels, the Department of Consular Affairs, embassies, and the Legal Execution Department.
The Company may disclose your Personal Data to external parties or organizations, or allow them to access your Personal Data, such as professional advisors (including legal advisors and external auditors) and external organizations to which the Company would like to carry out public relations for the purposes indicated above.