Privacy Notice for Applicants
Greenline Synergy Company Limited
Greenline Synergy Company Limited (the “Company”) is committed to protect your Personal Data as an applicant for employment with the Company. Your Personal Data will be protected in accordance with the Personal Data Protection Act B.E. 2562 (2019). As the Data Controller, the Company has a statutory duty to issue this Privacy Notice to inform you of the reasons for and methods through which the Company collects, uses, or discloses your Personal Data, as well as to inform you of your rights as the data subjects. The Company confirms that it has duly complied with the Personal Data Protection Act B.E. 2562 to protect your Personal Data.
1. Definitions
“Personal Data” means any information relating to an individual, which enables the identification of the owner of such Personal Data, whether directly or indirectly, excluding the data of a deceased person in particular;
“Sensitive Personal Data” means Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data (such as facial model data, iris or retina image data, or fingerprint data), or any data which may affect the data subject in the same manner as prescribed by the Personal Data Committee;
“Process” or “Processing” means collection, use or disclosure;
“Data Controller” means a person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data;
“Data Processor” means a person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such person or juristic person is not the Data Controller;
“BDMS Group” means companies in the network of Bangkok Dusit Medical Services Public Company Limited, whether currently in existence or to be incorporated hereafter; regardless whether registered in Thailand or overseas; and includes Bangkok Dusit Medical Services Public Company Limited.
2. Personal Data collected by the Company
The Company will collect your Personal Data as follows:
1. The Company will collect and process Personal Data which is used for identification and contact such as your full name, address, telephone number, email address, sex, age, identification number, photograph, educational background, employment history, data on your family members, and emergency contact information.
2. The Company will not process your Sensitive Personal Data without your prior express consent. However, the Company may process your Sensitive Personal Data without your consent if it is so permitted by the Personal Data Protection Act B.E. 2562, such as when it is necessary to comply with labor protection laws, or for providing healthcare or social security benefits, for any other public health or social protection purposes. In this regard, the Company has in place appropriate measures for protecting the fundamental rights and benefits of the data subject.
3. Sources of Personal Data
The Company will collect your Personal Data from the following sources:
1. Personal Data which you have directly provided to the Company, such as Personal Data in the application form which you have submitted to the Company in person, via the Company website, or the mobile application;
2. Personal Data which the Company receives indirectly from:
2.1 The application form which you had submitted to another agency which provides employment services or an employment services organization;
2.2 BDMS Group; in the case that you had previously submitted an application for employment, or had previously performed work duties for an organization in BDMS Group, and where you had given consent to the disclosure of your Personal Data.
4. Objectives for Personal Data Collection, Use and Disclosure
The Company processes your Personal Data only to the extent as prescribed in the Personal Data Protection Act B.E. 2562, and collects Personal Data only to the extent necessary for the foregoing purpose. A summary of how the Company uses your Personal Data and the lawful basis of processing of Personal Data is provided below:
No.
|
Objective
|
Lawful Basis of Processing
|
1.
|
Assessment of your qualifications for employment with the Company through interviews, qualification verifications, employment history verifications with third parties, and qualification screening for suitable work position;
|
For the legitimate interests of the Company in selecting suitable employees for employment, whereby such selection process does not involve the use of Personal Data in any manner which will affect the fundamental rights relating to your Personal Data (Section 24 (5))
|
2.
|
Compilation of anonymized statistical data for preparing reports on human resources management, which may be shared with BDMS Group for the purpose of improving human resources work management;
|
For the legitimate interests of the Company in preparing anonymized human resources statistics, whereby Personal Data is not used in any manner which will affect the fundamental rights relating to your Personal Data (Section 24 (5))
|
3.
|
3.1 Collecting your medical examination results prior to employment with the Company to assess the physical ability to perform work in the position which you have applied for; 3.2 In Collecting your medical examination results, the Company will keep all such health information confidential, and shall not disclose the same to third paries. In the case that you are not selected for the employment, the Company will immediately destroy your medical examination results;
|
Upon receipt of your consent to disclose health information for the said purpose (Section 26)
|
4.
|
Disclosing the information which you have provided in your application form to other BDMS Group members, so that such other members may access such information to propose other employment opportunities suitable to you;
|
Upon receipt of your consent to disclose health information for the said purpose (Section 24)
|
The Company will not use your Personal Data for any purpose other than for the objectives listed above, unless processing of Personal Data is otherwise necessary as prescribed in the Personal Data Protection Act B.E. 2562, such as for compliance with the law, establishing legal claims, prevention or suppression of a danger to the life, body, or health of a person.
5. Disclosure or Sharing of Personal Data
1. The Company may disclose or share your Personal Data to the following third parties:
- BDMS Group, provided that your consent is given;
- Data Processor, as necessary for the performance of work of the Company.
The Company requires that the foregoing third parties maintain full confidentiality of and protect your Personal Data in line with the standards prescribed by the Personal Data Protection Act B.E. 2562, and that such third parties are only able to use your Personal Data for the objectives determined or instructed by the Company. Such third parties are not authorized to use your Personal Data for any purpose other than the said objectives.
2. The Company may store Personal Data on a cloud computing system offered by a third party service provider located in Thailand or overseas. In entering into the relevant agreement with such cloud computing service provider, the Company has exercised due care and consideration of the security systems for the storage of the Personal Data in order to protect the Personal Data.
3. The Company may disclose your Personal Data to the government agencies, competent authorities, or other juristic persons in compliance with the law, or with a court order.
6. Retention Period of Personal Data
1. If you are not selected for the employment, the Company will store the Personal Data which you have provided for a period of one year from the date of receipt of the same. This is retained as evidence in the event of any doubt or complaint relating to unfair selection process for employment with the Company.
2. In order to comply with the law, a court order, or to establish legal claims under the law so as to become a party to any dispute resolution proceedings, the Company may retain the Personal Data for the duration which corresponds with the statutory period under the law, as the case may be.
3. Upon the expiry of the period under 1 or 2 above, the Personal Data will be destroyed by following the Company’s procedure for data destruction, and such process shall be completed without delay.
7. Measures for Personal Data Security
1. The Company will store Personal Data using measures that are at least in compliance with the standards prescribed by the law, and using appropriate systems for ensuring the protection and security of Personal Data. These include use of, for example, a Secure Sockets Layer (SSL) protocol, firewall protection, password protection, and other technical measures for online data encryption, and storage of paper-based Personal Data in a facility with restricted access.
2. The Company will restrict access to Personal Data, which may be accessed by employees, agents, business partners, or third parties. Access to Personal Data by third parties is strictly restricted to the extent prescribed or instructed by the Company, and such third party has the duty to maintain full confidentiality of and protect such Personal Data.
3. The Company shall put in place technological methods for preventing unauthorized computer systems access.
4. The Company has an auditing mechanism for destroying Personal Data which is no longer required for the operations of the Company.
8. Transfer of Personal Data Overseas
1. The Company may transfer your Personal Data overseas in order to achieve the objectives as the Company has notified you and for which you have granted consent. The Company will notify you of any inadequacies relating to Personal Data protection standards applicable to the recipient country.
2. The Company may transfer your Personal Data without your consent in the case that transfer of Personal Data overseas is for the performance of an agreement to which you are a party, or compliance with your request prior to entering into such agreement, or as prescribed in the Personal Data Protection Act B.E. 2562.
9. Your Rights as the Data Subject
As the data subject, you have the right to request the Company to take the following acts in relation to your Personal Data, to the extent permitted by law:
1. Right to withdraw consent: you have the right to withdraw consent for the Company to process your Personal Data, for which you had given consent, any time which your Personal Data is retained with the Company;
2. Right of access: you have the right to access your Personal Data and to request that the Company makes copies of the same, as well as request that the Company discloses any acquisition of your Personal Data for which you had not given consent;
3. Right to rectification: you have the right to request that the Company rectifies inaccurate Personal Data, or to add to the existing Personal Data which is incomplete;
4. Right to erasure: you have the right to request that the Company erases your Personal Data, for certain reasons;
5. Right to restriction of Processing: you have the right to request that the Company suspends the use of your Personal Data, for certain reasons;
6. Right to data portability: you have the right to transfer your Personal Data which you had provided to the Company to another Data Controller, or to yourself, for certain reasons;
7. Right to object: you have the right to object to the Processing of your Personal Data, for certain reasons; To file a request relating to any of the above rights, contact GLS-DPO-Group@glsict.com
10. Amendments to the Personal Data Protection Policy
The Company may subsequently revise and make amendments to its Personal Data Protection Policy in order to ensure better protection of Personal Data. The Company will notify you of any revision or amendment.
11. Contact Information
If you wish to contact the Personal Data Controller, ask questions, or exercise any right in relation to Personal Data, please contact us or Personal Data Protection Officer Greenline Synergy Company Limited 488, 7th Floor, Samitivej Srinakarin Hospital, Srinakarin Road, Suanluang, Bangkok Tel. No. 02-762-8000 Email: GLS-DPO-Group@glsict.com