1. Definitions

2. Personal Data Gathered, Used and Disclosed by the Company

2.1 Personal Data

Personal Data means information that relates to an identified person on directly and indirectly basis (but not including data of the passed person) as follows:

Personal Data the Company gathers, uses and discloses is such as

• Personal information such as name, surname, gender, age, date of birth, place of birth, marital status, nationality, ID number, passport number, driving license number, military service status, educational record, working record, learning record, training record, license and bank account number.
• Contact information such as housing registration address, current address, telephone number, e-mail account information, Line ID and information in social media.
• Information relating to employment such as position, title, unit, salary rate, other remunerations, use of welfare, time attendance, leave, appointment, rotation, change in title, probation appraisal, performance appraisal, capability, personality and behaviors, investigation and penalty (except for sexual orientation).
• Information of tools or equipment such as IP address, MAC address, Cookie ID, IMEI.
• Information of the third party such as information of family members, beneficiary from welfares, emergency contact and reference persons.
• Other information such as use of website, opinion, preference, hobby, written test results, voice, still picture, motion pictures, participation in activities or campaigns organized by the Company or other information considered Personal Data by laws.

Sensitive Data means personal data stipulated by laws such as nationality, race, political opinion, sect, religious or philosophy belief, sexual orientation, criminal record, health information, disability information, labor union information, genetics information, Biometric Data such as face recognition, fingerprint recognition, retina recognition, or any other data in the same manner as stipulated by law which the Company has to handle with special care. The Company shall gather, use and disclose the Sensitive Data and send or transfer the Sensitive Data abroad only upon getting your clear consent or in a case the Company has any necessity as allowed by laws.

(Unless otherwise provided specifically herein, your Personal Data and Sensitive Data shall be collectively referred to as “Personal Data” in the rest of this Policy.)

3. Objectives for Gathering, Using and Disclosing Personal Data

The Company shall gather, collect, use and disclose Personal Data for recruiting Employees/Interns to work for the Company as Employees or to be the Company’s personnel or for other benefits specified in this policy.

3.1 Contractual Basis

To comply with contracts for which you are a party such as employment contract, internship contract or any other contracts or to comply with your request/application form before entering into the contract as a case may be. Examples of the cases, the Company shall gather, use and disclose the data are such as,

(1) Written test, interview, payment of wage and other remunerations, provision of welfare or other benefits, time attendance, leave, appointment, rotation, change in titles, restructuring, performance appraisal and management.

(2) Development of capability, employee card issuance, employee registration production, employee profile production, contact and communication, outsourcing, legal compliance, tax payment, risk management, governing and auditing, fraud prevention, disciplinary investigation and punishment, complaint handling, organization management and other objectives necessary for employment objective.

3.2 Legal Obligation

To comply with laws defining roles of the Company as employer or other status such as financial institution business laws, securities and exchange laws, insurance laws, labor protection law, social security law, severance law, labor relation law, provident fund law, tax law, bankruptcy law, anti money laundering law, Counter Terrorism and Proliferation of Weapon of Mass Destruction Financing, and computer law.

3.3 Legitimate Interest

For legitimate interest of the Company or another person or juristic person which does not exceed the scope you reasonably anticipate or for other objectives allowed by laws such as

(1) Recording of voice, still or motion picture via CCTV to prevent or stop life, physical or health threats of an individual.

(2) Survey of opinion, participation of internal activities, announcement of results, receipt and sending of parcels, research and analysis and statistic preparation.

(3) Risk management, governing and auditing, complaint handling, internal administration, prevention, handling and mitigation or risk in fraud.

(4) Cyber threat, legal violation, data verification, and electronic appliance use to boost efficiency in working or tracking working behaviors and legal action in court.

(5) Making the data to be anonymous data.

(6) Information of Job Applicants who are not qualified and reference persons of the Job Applicants.

3.4 Consent

To gather, use and disclose Personal Data as necessary such as

(1) Health information for consideration of recruiting/ providing medical welfare/medical treatment at nursing room/ annual medical check-up/health promotion programs such as vaccination and others, etc.

(2) Biometric such as face recognition, fingerprint recognition, and retina recognition to check and prove your identity for time attendance recording for work/meeting/training/participating in activities/access control/criminal record/behavior record to consider selecting and recruiting and inspecting qualifications for your job assignment.

(3) Information relating to religion for considering approving monkhood leave/pilgrimage leave/food preparation/ religious ceremony for passed employees, etc.

4. Disclosure of Personal Data

The Company may disclose Personal Data to external party with your consent or under other legal basis according to objectives specified in this Policy such as Personal Data Processor, service provider in and out of the country, representatives of a company, agency or external company the Company pays site visit, sub-contractors, financial institutions, public accountants, external auditors, legally competent officers, a person interested in getting right assignment and/or assignees or in merging of the Company, juristic person/person having relation or contract with the Company including executives, Employees, staff, contractors, representatives, the consultants of the Company and a person or agency who receives such information.

5. Personal Data Sending or Transfer of Personal Data Abroad

The Company may have to send or transfer your Personal Data to a company located in foreign country where you are working or other receivers which is a part of normal business operation of the Company such as sending or transferring of Personal Data to store in server/cloud in foreign countries. In case the receiving country does not have sufficient standard, the Company shall arrange transfer or sending of such data to comply with the law and shall ensure personal data protection and remedy measures the Company considers necessary and appropriate with secrecy standards stipulated by laws of such country. Examples of the measures are defining the data receivers to have personal data security measure which is equal to the Company’s measure and having secrecy agreement between the Company and the receiver in such country.

6. Period of Personal Data Storage

The Company shall store your Personal Data for a necessary period during your term as Job Applicants or Employees of the Company or necessary period to achieve relevant objectives in this Policy which may be after such period ends if the law stipulates or allows such as

For Job Applicants who are not selected, the Company shall keep your Personal Data for the period of 2 years as proof that the Company has fairly considered your applications as your given consent in order to consider recruiting you for appropriate job in the future.

The Company shall store data according to labor law as proof in case of conflict within the lawsuit period stipulated by law which does not exceed 10 years after employment terminates.

The Company shall delete/dispose your Personal Data or make it anonymous when necessity ends or when the period defined in No. 6.1 and 6.2 ends.

7. Personal Data Protection

The Company shall store your Personal Data with technical measure and organizational measure for security in processing the Personal Data and preventing violation of Personal Data by having policy, regulations and criteria in personal data protection such as information system security measure and measure to prevent receivers of data from the Company to use or disclose the data out of defined objectives or without authority or rights. The Company will review the policy, regulations and criteria occasionally as necessary and appropriate.

Moreover, the Company has defined duty of Employees, representatives and receivers of Personal Data from the Company to keep the data secret and secured following the Company’s measures when handling your Personal Data.

8. Rights of Data Subject

Your rights are statutory which you should learn about. You may request exercise of rights under provisions of existing or future laws and policy and regulations the Company defined.

8.1 Right to consent withdrawal

If you have given consent to the Company to gather, use and disclose your Personal Data (whether it was given before this personal data protection law is effective or after that), you may withdraw your consent at any time during the period your Personal Data is with the Company, except there is limitation of rights by law or contract which provides benefits to you.

Your withdrawal of consent may affect you, therefore, for your benefits, you should study/inquire about impacts before withdrawing the consent.

8.2 Right to data access

You may request to access to your Personal Data under the Company’s responsibility and ask the Company to make copy of such data for you and ask the Company to reveal how the data is retrieved without your consent.

8.3 Right to data transfer

You may request your Personal Data transfer in case the Company has made the data in a form that can be read or seen by automatic tools or equipment which can use or disclose the data in automatic manner. You can also request the Company to send or transfer Personal Data in such format to other Data Protection Controller whenever it can be done automatically and may request to receive the data the Company sent or transferred to other Personal Data Controller directly, except there is technical constraint.

8.4 Right to objection

You may object, at any time, gathering, use and disclosure of your Personal Data for legal benefits of the Company or other persons or for carrying out missions for public benefits. If you file objection, the Company shall continue gathering, using or disclosing your Personal Data only for the area the Company can explain about laws which have higher priority than your statutory right or to confirm compliance with laws or defend in court as a case may be.

8.5 Right to deletion or disposal of data request

You may request to delete or dispose your Personal Data or make it anonymous if you believe your Personal Data has been gathered, used or disclosed in a manner not complying with relevant laws or if you consider the Company does not have any necessity in storing the data for objectives relating to this Policy or when you have withdrawn your consent or exercised the right to objection specified above.

However, the Company does not have to delete or dispose or make your Personal Data anonymous if the Company has to store Personal Data to comply with the law, form legal claim right or use the data to defend against legal claim right.

8.6 Right to suspension of data use request

You may choose to request suspension of data use in case the Company is during investigation of request to revise your Personal Data or objection request on in other cases the Company does not have any necessity and must delete or dispose your Personal Data as prescribed by relevant laws.

8.7 Right to data revision

You may revise your Personal Data to be correct, updated, complete and not to cause misunderstanding.

8.8 Right to complaint

You may file complaint to relevant competent officer prescribed by law, if you believe that gathering, use and disclosure of your Personal Data violates or does not comply with relevant laws.

8.9 Right exercise

-10-Exercise of the above rights can be made by filling in request form and filing it to unit in charge. However, your rights may be limited by relevant laws and in some necessary cases, the Company may reject your request or may not be able to grant the request in cases such as obligation to comply with laws or court’s order for public benefits or a case that exercise of use shall violate other people’s rights or freedom. If the Company reject your request, the Company shall give you reasons for doing so.

9. Contacting Data Protection Officer

If you have any suggestion or inquiry about details of gathering, using and disclosing your Personal Data or desire to exercise any of the rights relating to this Policy, please contact the Company and/or Data Protection Officer as follows,

This Privacy Policy is effective from the date of announcement.

Announced on 28th April 2022.