1. Definitions


means Rangsit Plaza Company Limited. 


means employees of Rangsit Plaza Company Limited which includes monthly and daily employees.

Department Store

means Future Park Department Store and Zpell Department Store.

Job Applicants

means outsiders who desire to work for the Company and has filed job application forms to the Company for consideration.


means students from educational institutions who work for the Company on temporary basis for the period defined by the educational institutions.

Temporary Employees

means employees who work on temporary basis for the company for the period defined in employment contracts as part-time employees, daily employees and project employees.

Authorized Person

means a person assigned by the Company to have authority for any approval within the scope defined by the Company.

System Administrator

means a unit or person assigned by the System Owner or Data Subject to take charge of a system.

System Owner

means an executive of business unit or executive who has duty and responsibility for taking charge of a system.


means a normal person who is under the age of 20 years, except for a normal person who is under the age of 20 years, but has legally married, therefore has attained maturity age under the law.

Incompetent Person

means a person with mental disorder who cannot take care of one’s self or one own’s benefits and is ordered to be an incompetent person by the court.

Quasi Incompetent Person

means a person with physical disorder or mental disorder or a person with dissipation or alcohol addiction or other similar causes causing him not to take effective action or take action which causes damages to his own or family’s assets, therefore, ordered to be a quasi incompetent person by the court and under custody of guardian appointed by the court.

Personal Data

means data relating to a person which helps directly and indirectly identify a person but not including that of a specific passed person. Moreover, it also includes data that alone may not identify a person but when combined with others can create a set of data that can identify personal data such as address, gender and age which can be combined to identify a person. This kind of data is Personal Data.

Sensitive Data

means personal data regarding nationality, race, political opinion, sect, religious or philosophy belief, sexual orientation, criminal record, health information, disability information, labor union information, genetics information, Biometric Data or any other data affecting Data Subject in the same manner as stipulated by law.

Biometric Data

means personal data retrieved from use of technique or technology relating to unique physical or behavioral traits of an individual to identify a person such as face recognition, retina recognition, and fingerprint recognition.

Public Record

means Personal Data Data Subject disclosed to the public such as social media profile and social media credential such as Facebook, Twitter, Line and other channels to be created in the future to connect or log in to any services of the Company such as Social Media Account ID, Interests, Likes and list of friends of Data Subject which the Data Subject can control the credential by settings provided by the social media.

Data Subject

means a normal person who can be identified by such personal data directly or indirectly.

Data Controller

means a person authorized to make a decision on gathering, using or disclosing Personal Data.

Data Processor

means a person who collects, gathers, uses or discloses Personal Data following order of or on behalf of the Data Controller.

Data Protection Officer (DPO)

means a person who gives advice or audits the Company’s implementation and has a duty to coordinate and collaborate with Personal Data Protection Commission Office. 

Personal Data Processing

means any action made with Personal Data or Personal Data Set whether in automatic manner or not such as storing, recording, organizing of storage system, changing or modifying, receiving, considering, using, disclosing by forwarding, publicizing or any other actions which makes the data to be ready, uses, displays or merges, limits, erases or disposes the data.


means programs or instruction sets to control computers and other peripherals to follow instructions and response to desire of the users. The Application must have user interface or UI as medium for using functions.

IP Address

means a series of number that identifies each device such as computer or network device using Transmission Control Protocol/Internet Protocol (TCP/IP) and identifying location of the device. IP Address is unique.


means a small piece of information the Company’s website sends to computers or electronic devices connected to the Internet to store Personal Data. Cookie will be sent to web server every time, users are browsing the websites.

Personally Unidentifiable Information

Information which has passed data anonymization process.

2. Personal Data Gathered, Used and Disclosed by the Company

2.1 Personal Data

Personal Data means information that relates to an identified person on directly and indirectly basis (but not including data of the passed person) as follows:

2.1.1 Personal Data given directly to the Company received from job application forms, interviews, internship or employment.
2.1.2 Personal Data the Company receives or accesses to from other sources which is not directly given by you such as government agencies, companies in financial business group, financial institutions, financial service providers, business partners, credit bureau and data service providers. The Company shall collect data from other sources only upon your consent as stipulated by laws, except for a case that the Company has any necessity allowed by laws.

Personal Data the Company gathers, uses and discloses is such as

2.2 Sensitive Data

Sensitive Data means personal data stipulated by laws such as nationality, race, political opinion, sect, religious or philosophy belief, sexual orientation, criminal record, health information, disability information, labor union information, genetics information, Biometric Data such as face recognition, fingerprint recognition, retina recognition, or any other data in the same manner as stipulated by law which the Company has to handle with special care. The Company shall gather, use and disclose the Sensitive Data and send or transfer the Sensitive Data abroad only upon getting your clear consent or in a case the Company has any necessity as allowed by laws.

(Unless otherwise provided specifically herein, your Personal Data and Sensitive Data shall be collectively referred to as “Personal Data” in the rest of this Policy.)

3. Objectives for Gathering, Using and Disclosing Personal Data

The Company shall gather, collect, use and disclose Personal Data for recruiting Employees/Interns to work for the Company as Employees or to be the Company’s personnel or for other benefits specified in this policy.

3.1 Contractual Basis

To comply with contracts for which you are a party such as employment contract, internship contract or any other contracts or to comply with your request/application form before entering into the contract as a case may be. Examples of the cases, the Company shall gather, use and disclose the data are such as,

(1) Written test, interview, payment of wage and other remunerations, provision of welfare or other benefits, time attendance, leave, appointment, rotation, change in titles, restructuring, performance appraisal and management.

(2) Development of capability, employee card issuance, employee registration production, employee profile production, contact and communication, outsourcing, legal compliance, tax payment, risk management, governing and auditing, fraud prevention, disciplinary investigation and punishment, complaint handling, organization management and other objectives necessary for employment objective.

3.2 Legal Obligation

To comply with laws defining roles of the Company as employer or other status such as financial institution business laws, securities and exchange laws, insurance laws, labor protection law, social security law, severance law, labor relation law, provident fund law, tax law, bankruptcy law, anti money laundering law, Counter Terrorism and Proliferation of Weapon of Mass Destruction Financing, and computer law.

3.3 Legitimate Interest

For legitimate interest of the Company or another person or juristic person which does not exceed the scope you reasonably anticipate or for other objectives allowed by laws such as

(1) Recording of voice, still or motion picture via CCTV to prevent or stop life, physical or health threats of an individual.

(2) Survey of opinion, participation of internal activities, announcement of results, receipt and sending of parcels, research and analysis and statistic preparation.

(3) Risk management, governing and auditing, complaint handling, internal administration, prevention, handling and mitigation or risk in fraud.

(4) Cyber threat, legal violation, data verification, and electronic appliance use to boost efficiency in working or tracking working behaviors and legal action in court.

(5) Making the data to be anonymous data.

(6) Information of Job Applicants who are not qualified and reference persons of the Job Applicants.

3.4 Consent

To gather, use and disclose Personal Data as necessary such as

(1) Health information for consideration of recruiting/ providing medical welfare/medical treatment at nursing room/ annual medical check-up/health promotion programs such as vaccination and others, etc.

(2) Biometric such as face recognition, fingerprint recognition, and retina recognition to check and prove your identity for time attendance recording for work/meeting/training/participating in activities/access control/criminal record/behavior record to consider selecting and recruiting and inspecting qualifications for your job assignment.

(3) Information relating to religion for considering approving monkhood leave/pilgrimage leave/food preparation/ religious ceremony for passed employees, etc.

4. Disclosure of Personal Data

The Company may disclose Personal Data to external party with your consent or under other legal basis according to objectives specified in this Policy such as Personal Data Processor, service provider in and out of the country, representatives of a company, agency or external company the Company pays site visit, sub-contractors, financial institutions, public accountants, external auditors, legally competent officers, a person interested in getting right assignment and/or assignees or in merging of the Company, juristic person/person having relation or contract with the Company including executives, Employees, staff, contractors, representatives, the consultants of the Company and a person or agency who receives such information.

5. Personal Data Sending or Transfer of Personal Data Abroad

The Company may have to send or transfer your Personal Data to a company located in foreign country where you are working or other receivers which is a part of normal business operation of the Company such as sending or transferring of Personal Data to store in server/cloud in foreign countries. In case the receiving country does not have sufficient standard, the Company shall arrange transfer or sending of such data to comply with the law and shall ensure personal data protection and remedy measures the Company considers necessary and appropriate with secrecy standards stipulated by laws of such country. Examples of the measures are defining the data receivers to have personal data security measure which is equal to the Company’s measure and having secrecy agreement between the Company and the receiver in such country.

6. Period of Personal Data Storage

The Company shall store your Personal Data for a necessary period during your term as Job Applicants or Employees of the Company or necessary period to achieve relevant objectives in this Policy which may be after such period ends if the law stipulates or allows such as

6.1 Job Applicants

For Job Applicants who are not selected, the Company shall keep your Personal Data for the period of 2 years as proof that the Company has fairly considered your applications as your given consent in order to consider recruiting you for appropriate job in the future.

6.2 Employees

The Company shall store data according to labor law as proof in case of conflict within the lawsuit period stipulated by law which does not exceed 10 years after employment terminates.

The Company shall delete/dispose your Personal Data or make it anonymous when necessity ends or when the period defined in No. 6.1 and 6.2 ends.

7. Personal Data Protection

The Company shall store your Personal Data with technical measure and organizational measure for security in processing the Personal Data and preventing violation of Personal Data by having policy, regulations and criteria in personal data protection such as information system security measure and measure to prevent receivers of data from the Company to use or disclose the data out of defined objectives or without authority or rights. The Company will review the policy, regulations and criteria occasionally as necessary and appropriate.

Moreover, the Company has defined duty of Employees, representatives and receivers of Personal Data from the Company to keep the data secret and secured following the Company’s measures when handling your Personal Data.

8. Rights of Data Subject

Your rights are statutory which you should learn about. You may request exercise of rights under provisions of existing or future laws and policy and regulations the Company defined.

8.1 Right to consent withdrawal

If you have given consent to the Company to gather, use and disclose your Personal Data (whether it was given before this personal data protection law is effective or after that), you may withdraw your consent at any time during the period your Personal Data is with the Company, except there is limitation of rights by law or contract which provides benefits to you.

Your withdrawal of consent may affect you, therefore, for your benefits, you should study/inquire about impacts before withdrawing the consent.

8.2 Right to data access

You may request to access to your Personal Data under the Company’s responsibility and ask the Company to make copy of such data for you and ask the Company to reveal how the data is retrieved without your consent.

8.3 Right to data transfer

You may request your Personal Data transfer in case the Company has made the data in a form that can be read or seen by automatic tools or equipment which can use or disclose the data in automatic manner. You can also request the Company to send or transfer Personal Data in such format to other Data Protection Controller whenever it can be done automatically and may request to receive the data the Company sent or transferred to other Personal Data Controller directly, except there is technical constraint.

8.4 Right to objection

You may object, at any time, gathering, use and disclosure of your Personal Data for legal benefits of the Company or other persons or for carrying out missions for public benefits. If you file objection, the Company shall continue gathering, using or disclosing your Personal Data only for the area the Company can explain about laws which have higher priority than your statutory right or to confirm compliance with laws or defend in court as a case may be.

8.5 Right to deletion or disposal of data request

You may request to delete or dispose your Personal Data or make it anonymous if you believe your Personal Data has been gathered, used or disclosed in a manner not complying with relevant laws or if you consider the Company does not have any necessity in storing the data for objectives relating to this Policy or when you have withdrawn your consent or exercised the right to objection specified above.

However, the Company does not have to delete or dispose or make your Personal Data anonymous if the Company has to store Personal Data to comply with the law, form legal claim right or use the data to defend against legal claim right.

8.6 Right to suspension of data use request

You may choose to request suspension of data use in case the Company is during investigation of request to revise your Personal Data or objection request on in other cases the Company does not have any necessity and must delete or dispose your Personal Data as prescribed by relevant laws.

8.7 Right to data revision

You may revise your Personal Data to be correct, updated, complete and not to cause misunderstanding.

8.8 Right to complaint

You may file complaint to relevant competent officer prescribed by law, if you believe that gathering, use and disclosure of your Personal Data violates or does not comply with relevant laws.

8.9 Right exercise

-10-Exercise of the above rights can be made by filling in request form and filing it to unit in charge. However, your rights may be limited by relevant laws and in some necessary cases, the Company may reject your request or may not be able to grant the request in cases such as obligation to comply with laws or court’s order for public benefits or a case that exercise of use shall violate other people’s rights or freedom. If the Company reject your request, the Company shall give you reasons for doing so.

9. Contacting Data Protection Officer

If you have any suggestion or inquiry about details of gathering, using and disclosing your Personal Data or desire to exercise any of the rights relating to this Policy, please contact the Company and/or Data Protection Officer as follows,


Rangsit Plaza Company Limited


94Future Park Rangsit, Phaholyothin Road, Prachathipat District, Thanyaburi District, Pathumthani 12130



Telephone Number




This Privacy Policy is effective from the date of announcement.

Announced on 28th April 2022.