Protocols, Rights and Methods to Access Personal Data

Refer to Section 39 (5) of the Personal Data Protection Act, B.E. 2562 (2019) and the Announcement on the Personal Data Protection, all Data Subject including job applicants, employees, customers, suppliers of goods or raw materials, contractors, service providers, or any person who is a partner, including any business contact person who has given consent to Thai Plaspac Public Company Limited, which is a Data Controller or Data Controller Agent to collects, uses, discloses personal data, and processes personal data for the purposes of which Data Subject has given consent to collect, use and disclose personal data based on consent, contract, legitimate interest and any other under the Data Protection Act.

Personal Data means any information relating to a person, which enables the identification of such person, whether directly or indirectly, such as first and last name, photo, personal history in applying for a job or work, position, date of birth, copy of identification card or identification number, salary, wages, leave data, absences, etc., as well as personal sensitive data such as religious, nationality, health, fingerprints for work time records, which are biological and other personal data that may affect the owner of personal data as under the Data Protection Commission, which is biological data under the Personal Data Protection Act.

The Company hereby informs your rights and conditions for requesting access to the use of your personal data as follows:

  1. A job applicant, employee, partner, business visitor as a Data Subject has the rights to access your personal data according to the conditions and procedures for accessing your personal data. as follows.
    1. Request access and obtain copy of personal data or disclose the acquisition of

his/her personal data.

  1. Request for personal data concerning his/her or correct his/her personal data to be up-to-date, complete, and not misleading.
    1. Request to transfer his/her personal data in document or electronic form (if any) to the Data Controller or others
    1. Object to the collection of personal data concerning him/her.
    1. Request to delete or destroy the personal data or anonymize the Personal Data to become the anonymous data which cannot identify the Data Subject, where the Personal Data is no longer necessary in relation to the purposes for which it was collected, used or disclosed.
    1. Withdraws consent on which the collection, use, or disclosure, where the Data Controller has no legal ground for such collection, use or disclose that personal data.
    1. Request to restrict the use of personal data when it is under investigation, or when personal data shall be deleted or destroyed, but the Data Subject requests the restriction of the use of such Personal Data instead, or when it is no longer necessary to retain such Personal Data for the purposes of such collection, but the Data Subject has necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims
  2. In case that the Company, which is the Data Controller, has assigned to a third party or other juristic person who is a person or entity to process personal data, such as medical service providers, or annual health check-up providers, workwear tailor, quality auditor, other system auditor or computer system/program service provider etc.

2.1 The Company shall enter into agreements or contracts with any person or entity who has been assigned by the Company to process the information, which shall be in accordance with the order or as directed by the Company which is the Data Controller (DC).

2.2 The Company and the Data Processor shall provide security measures for the personal data, including deletion or destruction at the end of the contract or as consent the Data Controller and the Processor to collect, use, process or disclose such personal data.

  • How to access personal data of employees or partners service providers, service receivers who is Data Subject.

3.1 Data Subject who wish to access his or her personal data can contact Data Controller for details and submit a request form to Data Controller or appointed person who is responsible for collecting such personal data as follows:

Data Controller : Thai Plaspac Public Company Limited

Contact Location : 77 Soi Tian Talay 30, Bangkhuntien-Chai Talay Road, Tha Kham Sub-district, Bang Khun Thian District, Bangkok

4. In case of supervisor of each department who need to collect and use personal data such as personnel training and development department or accounting department, finance department, information technology department, security department, etc. The Company, Data Controller, determines the scope of collection, usage, disclosure of personal data according to position, responsibilities, and necessity of the work in the appointment which assigned representative of Data Controller.

 5. Any person or entity who has not been assigned to access, collect, use, and process the personal data of other persons. He or she has no right to access, collect, use, modify, delete, destroy, or act in any way to other persons’ personal data whether intentionally or not by any means without approval of the Data Controller. If violated, he or she will be prosecuted under the Personal Data Protection Act and other applicable laws.

6. Data Controller shall not collect and use personal for purposes other than consent provided and shall not use personal data for unlawful expropriation.

7.  In case that the person requesting the use or collection of personal data and processing only within the specified period of time. There must be a system or measures to keep data from anyone accessing, modifying, changing, leaking or any otherwise under the Personal Data Protection Act. If the disclosure or exploitation damage to the Data Subject, he or she will also face the punishment required by law.

8. If there is any person who has doubts or does not understand about requesting collecting, use or disclose the information, please contact the Data Controller.

9.  In case that anyone who knows other’s personal data due to their work duties in accordance with the protocols or without any duties involved this Act. If the person is disclosed the data to others, they will be punished by both civil and criminal charges as required by law in addition to the work regulations sanctions.

10. Data Subject or who has the duty and necessity to access the Personal Data in accordance with this notice shall comply with below procedure.

10.1. Request access to your personal data according to the specified form on company’s working day.

10.2 Fill in the details and attach a copy of ID card or employee card to express yourself as Data Subject.

10.3. The department that stores the data will process the request and record the use, or  disclose personal data as a Data Controller, according to Section 39 (ROC- Record of Controller)

11. In case of any doubts or conflicts, decision and judgement reached by Data Controller and data protection officer is deemed final.

Other details shall be in accordance with the Personal Data Protection Act or announcement established by the Personal Data Protection Commission and the Personal Data Control Management Protocols established by the Data Controller and shall be strictly implemented. Therefore, this protocol has been announced for acknowledgment and practice from June 1st 2022 until any change is made.