Privacy Policy
Puumsoft Company Limited (“Puumsoft”, “we” or “us”) would like Customer (“you”) do understand this Privacy Policy. This Privacy Policy describes how we handle your Personal Data and Sensitive Data, including collection, storage, use, disclosure and your rights relating to your Personal Data and Sensitive Data.
1. What is Personal Data?
Personal Data is any other data which identify yourself (no matter it can be identified by itself, or together with other information).
Sensitive Data is Personal Data relating to racial or ethnic origin, religious or philosophical beliefs, Political Opinion, data concerning a natural person’s sex life, criminal record, data concerning health, disabilities, biometric data etc.
Customer is the person who is coordinating the project or contract.
2. Personal or Sensitive Data Processing
2.1 We entitle to collect, use and disclose your Personal Data and Sensitive data (“Processing”) for the purposes of project coordination or contract implementation with the following data:
- Name-surname
- Date of birth
- Nick name (if any)
- Title (if any)
- Phone number
- Address
- Copy of National Identification
Below are details of our processing activities:
Processing Area | Activities | Basis for Processing |
Coordination | For use in coordinating sales activities. | Contract/Before contract |
For use in presenting price quotation. | Contract/Before contract | |
Contract Signing | For use in signing the contract and appendices. | Contract/Before contract |
For use in payment collection. | Contract/Before contract | |
For use in reference to our services and products. | Contract/Before contract | |
Contract Execution | For use in coordinating the execution of the contract. | Contract/Before contract |
Processing Area | Activities | Basis for Processing |
Follow-up of Services | For use in conducting satisfaction surveys. | Contract/Before contract |
2.2 We will strictly and properly implement the Personal Data security measure and be compliant with Privacy Policy in order to protect your Personal Data or Sensitive Data from any loss, destroying, modifying, accessing or disclosing without permission or legality in accordance with Data Security Policy and Procedure and IT Security Guideline and Policy.
2.3 If there is any change and/or adding of the purpose of processing e.g. processing based on contract or lawful basis etc., we will inform you of new purpose via Puumsoft website, poster announcement or e-mail. We will record such changes for evidence. In addition, we may request your consent before processing any activities of new purposes (if consent required by law).
3. We process your Personal Data restrictively
3.1 We will restrictively process your Personal Data or Sensitive Data by using legitimate and fair method and within the scope of the specified objective.
3.2 Other than the specified objective, we will obtain your consent prior to processing Personal Data; unless
(1) It is required by laws;
(2) It is beneficial to you, given that it is impossible to obtain your consent at that time;
(3) It is beneficial to your or someone else’s life, health or security;
(4) It is for a purpose of investigation of an officer or judicial process of court;
(5) It is beneficial to research or statistics preparation.
3.3 In case of necessity, we may collect your Sensitive Data, obtained from outside sources only as necessary and will notify the data owner within 30 days or will seek permission from the customer (in the case the law requires it), all for the purposes above and to bring customer’s data up-to-date, improve quality and efficiency for us.
4. Transfer to Third Country
We may transfer customer personal data to a foreign country to support our operations. The customer grants permission to us to transfer customer personal data to a foreign country to persons or companies in another country, or into another country’s jurisdiction, even if personal data protection laws in such a country may be at the same or less than the level of protection in Thailand. In any case, we will follow suitable steps in protecting the customer’s personal data at the same protection level as in Thailand.
5. Your participation as Personal Data owner
We have rights to check the existence of personal data, type of data and the purpose of the use of the data. In addition, the customer has a right to:
5.1 Request a copy of the personal data in electronic form that can be transferred outside of the company or the customer can request direct transfer of the data from us.
5.2 Request us to modify, update or correct the personal data to avoid any misunderstanding.
5.3 Dispute or prohibit the use or revealing of customer personal data for purposes of marketing or other purposes.
5.4 Request the deletion of customer personal data when there is no useful purpose for the data, including limiting the use of the data in the case the data cannot be deleted.
5.5 Reveal the source of where the personal or sensitive data was obtained in the case the customer did not grant permission to obtain or store such personal data.
5.6 Cancel any permission granted to obtain or use the personal data.
5.7 Request the transfer of the personal data to other data protection officers.
5.8 Lodge a complaint with the relevant organizations in the case the customer suspects there has been a breach of personal data.
However, the customer’s rights must be in compliance of the Personal Data Protection Act as well as the Privacy Policy and other relevant data regulation.
Remark:
If we process your Personal Data and/or Sensitive Data based on Contract, legitimate interest or legal obligation basis, we reserve our right to refuse your right in (5.4).
Please note that if the customer chooses to exercise your right in (5.4), we may not be able to perform the obligations under the contract which might result in contract termination and/or the inability to provide the benefits under the contact to you.
If the customer refuses to provide crucial data that we may not be able to perform the obligations under the contract which might result in contract termination and/or the inability to provide the benefits under the contract to you.
6. Data Retention Period
We reserve our rights to process and disclose your Personal Data and your Sensitive Data and any relevant authorities as required by laws. In the event there is no agreement on data retention, the data will be retained for 10 years from the date the data was received.
7. Limitation of liability
Although we employ the strictest measures and best technology to protect personal data security, we will not able to guarantee zero incidents of personal data security breach. Therefore, we reserve the right to not be held responsible for any loss or damages to personal data in all cases.
8. Notification of personal data security breaches
Employees may notify any breaches of personal data to our Data Protection Officer (DPO) as specified in section 9 of this policy for the benefit of the employee. We request that the employee notify us of such breaches as soon as possible after the employee discovers the breach.
9. Changes to this Privacy Notice
You may ask questions regarding this Privacy Policy or the methods in obtaining, storing, revealing or making use of personal data and how to exercise their right under the law with the Data Protection Officer at:
– Email: dpo@puumsoft.co.th
– Website: https://www.puumsoft.co.th
– Telephone: 02 260 0100-2
– Address: 54 BB Building 14th Floor Room 1402, Sukhumvit 21 Road, Klongtoeyneau, Wattana, Bangkok 10110.
10. Changes to the Personal Data Protection Policy
We may make improvements or modifications to this Personal Data Protection Policy from time to time to comply with your company’s policy, operations, or suggestions and or recommendations from us. We will announce the changes officially before actually making any changes. We may notify you directly through our communication channels such as bulletin boards or e-mail.
This policy is effective from 1 February 2023.
Arporna Paul Sribhibhadh
Managing Director
Candidate and Employee Privacy
Puumsoft Company Limited (“Puumsoft”, “we” or “us”) would like Candidate and Employee (“you”) do understand this Privacy Policy. This Privacy Policy describes how we handle your Personal Data and Sensitive Data, including collection, storage, use, disclosure and your rights relating to your Personal Data and Sensitive Data.
1. What is Personal Data?
Personal Data is any other data which identify yourself (no matter it can be identified by itself, or together with other information) comprises of 2 groups as follows;
Group 1: Basic information e.g. name, surname, age, address, gender, occupation, married status, nationality, id card number, passport and visa information, bank account, driver license, telephone number, e-mail, Line id, Facebook, cookies website, picture, emergency contact, car license etc
Group 2: Work information e.g. application details, education, work experience, contract, work license, social security, compensation fund, provident fund, employee code, salary, compensation, bonus, position, welfare, tax, job specifications, career goal, performance appraisal, training record, leave and absence record, illegal and/or work discipline behavior, reason of termination, security data, communication data and record of using computer, telephone, internet and e-mail etc.
Sensitive Data is Personal Data relating to racial or ethnic origin, religious or philosophical beliefs, political opinion, data concerning a natural person’s sex life, criminal record, data concerning health, disabilities, biometric data etc.
Candidate is the applicant for permanent employee or temporary employee or freelance person or outsourcing person. Applicant may proceed by his/herself or internal recruitment or referral program or head hunter.
Employee is the Candidate who is selected and enter into the employment contract with us and is permanent employee or temporary employee or outsourcing person or freelance person who works at Puumsoft’s office.
2. Personal data records
2.1 The company requires keeping records of the following information in order to propose the customer with the COACH project prior to or after the contract:
- First name and Last name
- Nick name
- Position name
- Hire date and terminate date
- Employee code
- Current address
- Birth place
- Gender
- Phone
- Social account name
- Personal ID Card Number
- Military status
- Training records
- Educational records
- Parent and spouse (ID card, birthplace)
- Parent and spouse educational records
- Parent and spouse working records
- Certificate records
- Language and training certificate
- Driving certificate
- Target career
- Military exemption records
- 50 Tawi
- Book bank for salary
- Personal ID Card copies
- Salary and income records
- Photos
- Face scan records
- Temp file on COACHPS
- Login/Logoff using AD account
3. Personal or Sensitive Data Processing
3.1 You acknowledge that under the purposes of job application, employment contract, employment term contract, consulting contract and other service contracts (“Contract”), we is entitled to collect, use and disclose your Personal Data and Sensitive data (“Processing”)
We need to correctly, completely, sufficiently receive your personal information in order to perform the obligations under job application, Contract, regulations, internal rules and/or our operating rule and/or performance under applicable law. Should we did not correctly, completely and sufficiently receive your personal information, it may result in the delay or any inconvenience of our performance under Contract or rule binding between Puumsoft and Candidate or Employee. In case of necessity, we may reject any obligations to Candidate or Employee in order to comply with the terms in the Contract and applicable laws. However, we respect your personal right and will process Personal data and Sensitive data based on legitimate purposes.
Below are details of our processing activities:
Processing Area | Activities | Basis for Processing |
Job Application and Employment Management [self-managing and outsource performing] | Recruitment activities by Puumsoft including when Candidate and Employee contacts Puumsoft directly and internal recruitment. | Contract |
Employee applied the job from referral program or from recruitment outsourcing service provider. | Contract | |
Interviewing, examining education background or working experience history from other sources, data analysis, comparison, employee selection and contract process. | Contract/ legitimate interest | |
Work performance management [self-managing and outsource performing] | Employee record, employee card, equipment, tool, computer, mobile phone, e-mail, username & password for accessing necessary system and other related matters in order to prepare working, training or test. | Contract |
Applying or renewing visa and work permit and requesting approval relating to work performance | Contract/ lawful basis/consent (relating to sensitive data) | |
Requesting for food allergy, vaccination records and any other allergies record in order to train or arrange for related activities. | Consent | |
Examining criminal record (only specific position) | Consent | |
Compensation and welfare management [self-managing and outsource performing] | Managing salary, remuneration, wage, bonus, overtime, accommodation cost, travel fee and any other benefits for employee | Contract/lawful basis |
Managing social security fund, provident fund, workmen compensation fund and education Loan Fund | Contract/lawful basis | |
Managing employment taxes e.g. withholding tax | Contract /lawful basis | |
Managing welfare, protection, accidental and dangerous alleviating measure, report and medical care service | Contract/lawful basis/legitimate interest | |
Recording medicine history and alleviating accident, incident, emergency case or danger against life, body, health of employee, including the security of employee | Consent/protecting or preventing danger against life, body or health of person | |
Managing life insurance, group insurance, underwriting, reinsurance, consideration for insurance claim | Contract/legitimate interest/consent (as related to sensitive data) | |
Disclosing employee data to outsource and consultant e.g. disclosure for survey and compensation analysis | Consent | |
Birthday announcement and condolences on loss of employee’s family member and the request of food allergy record in order for activity and party arrangement | Consent | |
Managing employee’s activities e.g. birthday party, new year party, any party and outing trip for employee. | Contract/legitimate interest | |
Managing day off, leaves, late arrival and employee working location | Contract/lawful basis | |
Managing advertising, public relations of which employee is a presenter either wholly or partly express himself in the media of Puumsoft. | Consent | |
Announcement as a new comer, candidates or employee of the month/year, long service award, promotion and relocation of employee. | Legitimate interest | |
Seizing of salary or remuneration as required by the order of execution department or official receiver in bankrupt case. | Lawful basis |
Processing Area | Activities | Basis for Processing |
Training and performance evaluation management [self-managing and outsource performing] | Training and exam testing for any area of knowledge of employee. | Contract/legitimate interest |
Goal setting, performance evaluation, promotion, salary and bonus review. | Contract/legitimate interest | |
Compliant, Dispute, Lawsuit and Risk Assessment Management [self-managing and outsource performing] | Monitoring, investigating fraud or illegal behavior in accordance with law, rule and working regulations, including disciplinary action consideration. | Contract/lawful basis/legitimate interest |
Taking any action for monitoring, investigation, suing or undertaking any measures to protect lawful or contractual right. | Contract/lawful/ legitimate | |
Reporting fraud case of employee to regulator and any authorized officer as required by law e.g. police, AMLO, Revenue Department, Execution Office, Royal Thai Police. | Lawful/legitimate interest | |
Termination Management [self-managing and outsource performing] | Managing resignation, retirement, termination, informing thereof to related government e.g. Revenue Department, Bank, Social Security Office, Immigration Office | Contract/lawful basis |
3.2 We will strictly and properly implement the Personal Data security measure and be compliant with Privacy Policy in order to protect your Personal Data or Sensitive Data from any loss, destroying, modifying, accessing or disclosing without permission or legality in accordance with Data Security Policy and Procedure and IT Security Guideline and Policy.
3.3 If there is any change and/or adding of the purpose of processing e.g. processing based on contract or lawful basis etc., we will inform you of new purpose via Puumsoft website, poster announcement or e-mail. We will record such changes for evidence. In addition, we may request your consent before processing any activities of new purposes (if consent required by law).
4. We process your Personal Data restrictively
4.1 We will restrictively process your Personal Data or Sensitive Data by using legitimate and fair method and within the scope of the specified objective.
4.2 Other than the specified objective, we will obtain your consent prior to processing Personal Data; unless
(1) It is required by laws;
(2) It is beneficial to you, given that it is impossible to obtain your consent at that time;
(3) It is beneficial to your or someone else’s life, health or security;
(4) It is for a purpose of investigation of an officer or judicial process of court;
(5) It is beneficial to research or statistics preparation.
4.3 In case of necessity, we may collect your Sensitive Data for a purpose of Contract, performing regarding Contract and other agreement as related to employment. We however will not collect your Sensitive Data which is adverse to your reputation or discriminating; unless
(1) You give a consent to us;
(2) It is required by laws;
(3) It is beneficial to you, given that it is impossible to obtain your consent at that time;
(4) It is beneficial to your or someone else’s life, health or security;
(5) It is for a purpose of investigation of an officer or judicial process of court;
(6) It is beneficial to research or statistics preparation.
4.4 We may store your Personal Data together with your Personal Data that we have received from other sources with feasible 30-days receiving notification and may request your consent (in case consent required by law) for abovementioned purpose, for updating Personal Data, or improving our services.
5. We may disclose your Personal Data to Data Processor or any authorities as required by laws
5.1 In order to perform the obligation of job application, Contract and/or other agreement as related to above mentioned objective, we may transfer or disclose your Personal Data and/or Sensitive Data to data processor, third party who is the advisor or service provider located both inside and outside country.
5.2 We may store your Personal Data and/or Sensitive Data through Cloud Computing which is offered by outsourced service provider located both inside and outside country.
5.3 We may disclose your Personal Data and/or Sensitive Data to Puumsoft, our affiliate, internal and external audit, The Office of Insurance Commission, Anti-Money Laundering Commission, Anti-Money Laundering and Counter-Terrorism Office located both inside or outside country, police officer, public prosecutor, court, legal execution enforcement officer, legal official receiver, Revenue Department officer, or any other office as required by relevant laws.
The following table depicts the service providers that we use and their related privacy policy reference.
Service Provider | Privacy Policy Reference |
Amazon Web Services (AWS) | https://aws.amazon.com/compliance/thailand-data-privacy/ |
Microsoft | https://privacy.microsoft.com/en-US/ |
CS Loxinfo | https://csl.co.th/csl-files/pdf/03_CSL_The%20Personal%20Information%20Privacy%20Protection%20Policy-TH.pdf |
INET | https://www.inet.co.th/assets/html/data_policy_en.html |
6. Your participation as Personal Data owner
6.1 If you would like to know how we process your Personal Data or Sensitive Data, you can send an email to hr@puumsoft.co.th. When we receive your email, we will feedback you the existence or the detail of your Personal Data within appropriate time.
6.2 If you think that your Personal Data or Sensitive Data is not accurate, you can request us to make change or amend your Personal Data or Sensitive Data. In this regard, we may reject your request and we will record the rejection or objection of such request with reason as an evidence.
6.3 You have the rights to check the existence, the type of your Personal Data and/or Sensitive Data, the using objective of your Personal Data and Sensitive Data. In addition, you also have the rights to:
(1) Request a copy or a certified copy of your Personal Data and/or Sensitive Data;
(2) Request to make a change or correct your Personal Data and/or Sensitive Data;
(3) Request to suspend the use or the disclosure of your Personal Data and/or Sensitive Data;
(4) Request to erase or destroy your Personal Data and/or Sensitive Data;
(5) Request to disclose the method of obtaining your Personal Data and/or Sensitive Data for the case which your consent has not been made;
(6) Request to cancel your consent which you have previously made;
(7) Request to transfer your Personal Data and/or Sensitive Data to other data controller;
(8) Contact us or any relevant authorities, if necessary;
You have the rights to exercise above mentioned under Applicable Personal Data Protection Law and within the company policies.
Remark:
If we process your Personal Data and/or Sensitive Data based on Contract, legitimate interest or legal obligation basis, we reserve our right to refuse your right in (3) and (4).
Please note that if you choose to exercise your right in (3) (4) and (6), we will not be able to perform the obligations under Contract which might result in Contract termination and/or the inability to provide the welfare to you.
7. Period of Personal Data processing
We reserve our right to process and disclose your Personal Data and your Sensitive Data and any relevant authorities as required by laws, whichever the case may be, within 2 years from the job application date (for Candidate) and 10 years from the last working date (for Employee).
8.Limitation of liability
Although the company employs the strictest measures and best technology to protect personal data security, the company is not able to guarantee zero incidents of personal data security breach. Therefore, the company reserves the right to not be held responsible for any loss or damages to personal data in all cases.
9. Notification of personal data security breaches
Employees may notify any breaches of personal data to the Data Protection Officer (DPO) of the company as specified in section 9 of this policy for the benefit of the employee. The company requests that the employee notify the company of such breaches as soon as possible after the employee discovers the breach.
10. DPO Contact Information
If you have any questions or concerns regarding this policy, please contact us at:
Puumsoft Company Limited
54 BB Building 14th Floor, Unit 1402 54 Sukhumvit 21(Asoke) Road, Klongtoey Nua, Wattana, Bangkok 10110
Visit our website at: https://www.puumsoft.co.th
Email: dpo@puumsoft.co.th
Tel. 0 2260 0100-2
11. Updates to the Personal Data Protection Policy
The company may make improvements or modifications to this Personal Data Protection Policy from time to time to comply with your company’s policy, operations, or suggestions and or recommendations from your company. The company will announce the changes officially before actually making any changes. Your company may notify you directly through your company’s communication channels such as bulletin boards or e-mail.
This policy is effective from 7 October 2022.
Arporna Paul Sribhibhadh
Managing Director
Reference: https://www.pdpc.or.th/
