Adecco Thailand Data Protection Policy


Welcome to Adecco. We look forward to working with you to help you to further develop your career. As you’d expect, to properly perform our services, we collect and use information about you.

Adecco is committed to protecting and respecting your privacy. This Policy describes your privacy rights in relation to

the information about you that we process, as well as the steps we take to protect your privacy. We know it’s long, but please read this Policy carefully.


Topics

1  General Principles
2  Type of Personal Data
3  Collection Principles
4  Data Quality Testing
5  Objectives of Data Processing
6  Limitation of Use
7  Data Security
8  Disclosure of Personal Data
9  Data subject Rights
10  Retention Period
11  Data controller and Data Protection Officer’s Information


1. General Principles

1.1 General Content

Adecco Group Thailand (the Company) are committed to conducting business operations in compliance with relevant laws, particularly in the area of personal data protection of those involved in business operations. Thus, the Company has developed personal data management systems with modern operating systems and information technology systems which are secure and safe in effectively protecting personal data. The Company designates only the Company’s staff or relevant individuals to have the right to access personal data. In addition, the Company arranges systems to strictly examine access to and use of personal data along with arranging regular updates and improvements to personal data storage and maintenance systems in order for systems to have accurate and reliable personal data storage, protections against leaks or revisions of personal data by unauthorized individuals or use of personal data for objectives other than objectives originally informed to the relevant individuals by the Company.

This document describes categories of personal data and collection objectives to use or disclose personal data, data collection time periods, types of individuals or agencies to whom the Company may disclose personal data collected by the Company, data subject rights including security measures for personal data in compliance with laws including other information concerning the Company’s personal data management.

This document is considered part of the relevant agreement(s) and terms of use of the Company’s services. This policy may be revised, modified, added to or changed. The Company will inform you and request consent from you pursuant to specifications in personal data protection laws.

1.2 Definitions

For clarity in communications with individuals involved in business operations and to avoid confusion concerning the interpretation of certain terms in this document, the Company has prepared the following definitions:

The Company” means Adecco Group Thailand consisting of the companies listed in this link: https://adecco.co.th/en/contact as amended from time to time and including an individual or individuals assigned by the Company to act on behalf of the Company.

Personal Data” means any information relating to a natural person, which enables the identification of such person, whether directly or indirectly.

Sensitive Data” means Personal Data prescribed in Article 26 of the Personal Data Protection Act of B.E. 2562 (2019).

Data Controller” means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.

Data Processor” means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of the Personal Data pursuant to the orders given by or on behalf of a Data Controller, whereby such Person or juristic person is not the Data Controller.

Client” or “Supplier” means individuals or juristic persons including one or several individuals with authority or assignments to act on behalf of juristic persons to become party to business agreements with the Company as the Client or the Supplier in order to sell goods, offer services or use services in businesses involving the Company.

Job Seeker” or “Applicant” means an individual who is interested in seeking work via the Company applying to work with the Company, including visitors in activities or work organized by the Company including all types of online activities or work, or work provided at employment facilities, along with participants who responded to questions, data survey forms, website visit satisfaction survey forms, online media or work provided by the Company.

Employee” means an individual who works for the Company in accordance with employment agreements made with the Company, including Employees who entered into employment agreements with the Company to work for the Company’s Clients.

Website Visitor” means a person who uses the internet to enter the Company’s website.

1.3 Involvement

The Company will give thorough consideration when collecting, using or disclosing your Personal Data under lawful business objectives for the following reasons:

(1) When necessary to comply with business agreements made with the Company that you are party to.
(2) To comply with legal requirements.
(3) For other necessary reasons than legal requirements or to comply with agreements or for your welfare or benefit exceeding your status as an ordinary party to an agreement.


2. Type of Personal Data

This policy is used with the following Personal Data that the Company may have collected, used or disclosed including cases where you granted consent to the Company:

2.1 General Personal Data such as the following:

   • First name, last name, signature, date of birth, ethnicity, photographs, photographs on an identification card, address on an identification card, address based on location, current address and mobile phone number.

   • Identification card numbers, passport numbers, identification card numbers issued by the government and professional worker numbers or codes specified by law.

   • Family status, education background and work background.

   • Bank depository account numbers, stock or asset holding items or backgrounds, financial status, income and debts.

   • Registration numbers of automobiles and/or motorcycles registered with a government agency.

   • Online platform and electronic mail user accounts.

   • Data on visits to websites including device IP addresses, device location data, electronic timestamps, data transfers, dates, times and places of transactions on weblogs, any communication data and content accessed by you.

   • Data on behaviors in using services, background on use of services and products.

   • Data recorded in a security system.

   • Still images, motion pictures, audio data of interviews recorded on videotapes, telephones or by electronic means, activity photographs, interview statements or expressions of opinions in activities or interview statements or expressions used in training, seminars, competitions, participation in activities, Employee codes, tape recordings of still images, motion pictures or conversations on the part of Employees, Clients and participants in activities organized by the Company, registration forms and price coupons.

   • Any other information that is not directly Personal Data that can identify the data subject when the aforementioned data is assembled.

2.2 Sensitive Data

consists of data on ethnicity, religion, blood type, health examination results, record of dangerous work-related encounters or danger unrelated to work and shown to the Company, diagnosis results, health data, physical disability data, opinions on politics, society and culture, labor union data, sexual behavior, criminal behavior, performance assessment results, expressions of opinion on online social media, expressions of opinion concerning the Company and the Company’s services, scanned images of faces, retinas or fingerprints, genetic data and biological data including any other data that may affect data subjects pursuant to legal requirements, etc.

3. Data Collection Principles

3.1 General Personal Data

Although laws on Personal Data grant the Company the right to collect your Personal Data as a direct party to an agreement or a person who must act on behalf of a juristic person or a person authorized to enter into legal actions as a party to an agreement without requiring consent based on the principle of legal consent, the Company maintains involvement and will clearly inform you that parties to agreements are required to provide only Personal Data necessary for entering into an agreement as a party to an agreement in which the Company and you must comply with laws on that juristic act or agreement. Other than specifications, the Company may collect data without consent from data subjects in the following cases:

(1) Data collection has objectives concerning research or statistics with appropriate protective measures in order to protect the rights and freedoms of data subjects in compliance with criteria specified by law.
(2) To prevent or stop danger to a person’s life, body or health.
(3) Data collection is necessary to comply with agreements that the data subject is party to with the Company or for use in complying with requests of data subjects before entering into any agreement with the Company.
(4) When data collection is necessary to carry out missions for the public benefit of the Data Controller or to perform duties in authority granted to the Company by the state.
(5) When data collection is necessary for the lawful benefit of the Company, individuals or other juristic persons unless the aforementioned benefits are less important that basic rights in Personal Data of the data subject.
(6) To comply with laws that the Company is obligated to comply with.

3.2 Sensitive Data

The Company may collect Sensitive Data without consent from the data subject in the following cases:
(1) in cases where the Company needs to prevent or suppress a danger to life, body or health of an individual, where the data subject is incapable of giving consent by whatever reason;
(2) in cases where it is information that is disclosed to the public with the explicit consent of the data subject;
(3) In cases where it is necessary of the Company for the establishment, compliance, exercise or defense of legal claims;
(4) In cases where it is necessary of the Company for compliance with a law to achieve the purposes with respect to preventive medicine or occupational medicine, the assessment of working capacity of the employee, medical diagnosis, public interest in public health, employment protection, social security, national health security, social health welfare of the entitled person by law, the road accident victims protection or social protection, statistic research purposes or other public interests, and the substantial public interest by providing the suitable measures to protect the fundamental rights and interest of the Data Subject.

3.3 Personal Data Sources

The Company is committed to complying with the law and collects Personal Data from only the data subject except in necessary cases where the data subject is unable to provide or does not store the Personal Data. The Company may collect Personal Data from other sources only in cases where the Company received written consent from the data subject. In general, cases where the Company may collect Personal Data directly from the data subject and other sources consist of:

3.3.1 Job Seekers, Applicants or Employees

(1) Personal Data related to health or chronic illnesses of Applicants or Employees for which the Company, the Company’s Clients or future employers require Applicants or Employees to have health examinations before beginning work by directing medical facilities that performed health examinations to send examination results to the Company including annual health examination results of Employees.

(2) Personal Data concerning background of prosecution under the law or criminal backgrounds. The Company may require any Job Seekers, Applicants or person who will enter work in any position to be checked for criminal backgrounds or consent to allow the Company to check Employees for criminal backgrounds and consent for the Company to collect, use or disclose data for the duration specified by the Company.

(3) Personal Data concerning work background before working with the Company or references by specifying for the data subject to clearly consent every time in advance. The Company will notify that outside person of consent before sending the data to the Company.

3.3.2 Clients or Suppliers

(1) In cases where a Client or Supplier who is an ordinary person or a juristic person (including an individual or individuals assigned to act on behalf of the juristic person) or a servant or Employee of the Client or Supplier who submitted a request or agreement to become party to an agreement with the Company who showed interest in the Company’s services including contacts for post-sale services, reviews, expressions of opinion, satisfaction with services, contacts between the data subject and the Company by telephone, emails, applications of the Company, applications used in communications, training services, activities for prizes or contacts by other methods, the Company may record those communications to use as evidence, to develop and improve services, to monitor the data subject’s satisfaction, for training purposes, to assess personal test results, to analyze data and to improve the Company’s systems.

(2) In cases where Clients or Suppliers are lecturers or guests who were invited to give lectures/provide recommendations concerning training processes, seminars or meetings, the Company will collect, use or disclose Personal Data that is personal background data including data on education, work experience, special ability and photographs of activities.


4. Data Quality Testing

Before or during the Company’s collection, use or disclosure of your Personal Data, the Company has processes to manage and analyze Personal Data based on the principles of accuracy, integrity, readiness for use, reliability, currency, uniqueness, and accuracy

In the processes, the Company makes arrangements to have analysis and planning to collect only unique data with accuracy suitable for processes in order to use or disclose your Personal Data for maximum benefit and checking of data accuracy and validity before collection regardless of whether data was recorded in writing or electronically for data integrity and accuracy. In addition, the Company checks accuracy of data from reliable data sources or based on legal requirements to be an agency with authority to manage that Personal Data to protect Personal Data along with maintaining data safety and security to prevent future legal and commercial complaints.


5. Objectives of Data Processing

The Company specifies necessary objectives for collection, use or disclosure of Personal Data under lawful objectives in order to achieve objectives along with providing services and privileges for data subjects based on categories of data subjects involved in the Company’s business operations as follows:

5.1 Shareholders, Executive Directors and Directors with Authority to Act on Behalf of the Company

The Company collects, uses or discloses Personal Data as shareholders, executive directors, authorized persons or persons granted authority with duties and responsibilities to act on behalf of the Company in order to sign and bind the Company to obligations in business agreements, documents and forms specified by government agencies or financial institutions, approve actions, grant authority to perform actions in business/legal actions/bank transactions/contacts with government agencies, ordinary actions in meeting invitations, notification of meeting results, dividend management, reports on the Company’s performance pursuant to regulations or legal requirements including for donations or charitable activities.

5.2 Job Seekers, Applicants, Employees and Family Members of Employees

The Company collects, uses or discloses Personal Data within boundaries or requests to find work in order to find work suitable for Job Seekers’ experience and skills, recruit and select Applicants to work, enable Employees to become party to employment agreements, confirm identity to enable Employees to enter work or use internal information systems, calculate and pay wages and remuneration, assess performance, adjust wages, store backgrounds on disciplinary actions including punishments, training, seminars, recreational activities, observe work, tourism and manage human resources, check criminal backgrounds, move and transfer positions, disburse payments pursuant to work regulations, coordinate with executives regarding doctor’s appointments, reserve bus tickets, apply for a VISA, reserve rooms and service facilities, health examinations required by law and provided by the Company including provision of benefits and privileges for Employees and family members, sending data to outside organizations to comply with laws on revenue, social security, labor skill development, the Legal Execution Department, office management, internal coordination, advance payments for expenses, possession of assets, building administration management, letter and mail management, work area entry-exit logs, checking and evaluation by internal and external organizations including sending, transfer or disclosures to delivery service providers in order to coordinate with/contact Clients, analytical studies and research concerning statistics of Employee enrollment, notification of news or positions open to Applicants in the future including activities concerning the Company’s public relations or marketing communication via email, telephone, mail and/or other means of communication.

In the case of Employees’ family members, the Company collects, uses or discloses Personal Data as necessary for benefits in cases where the Company is compelled by laws or to perform any other actions to significantly benefit Employees or family members. The Company arranges for family members whose Personal Data will be collected, used or disclosed to grant consent to the Company through Employees. However, in cases where Employees did not take consistent and appropriate actions to enable the Company to comply with laws, Employees may be affected in cases where Employees may be unable to use privileges or benefits from the Company’s services. The Company reserves the right to not provide, give or pay privileges or benefits if Employees or family members have not complied with the law.

5.3 Clients and Suppliers

The Company collects, uses or discloses Personal Data of Clients and Suppliers within the scope of registering new Clients, new Suppliers, opening staff accounts or trade accounts receivable, offering services or prices, negotiations, agreements, sales promotion activities, meetings, training, domestic and foreign seminars, business accreditations, recruitment, training, testing of technical capabilities, advertisement, production of printed media, payment of rewards for sales, procurement, assessment, employment in service agreements and delivery of documents and goods.

In the case of auditors/assessors from external organizations, the Company collects, uses or discloses Personal Data only to confirm identify and register certified public accountants.

5.4 Website Visitors

The Company collects, uses or discloses Personal Data including any data concerning use of goods and services by Website Visitors in order to analyze or make predictions concerning preferences, behaviors, research/development/modifications to the Company’s website and service systems including current or future websites or systems and marketing to enable the Company to present suitable goods and services, privileges, sales promotions and offers to Website Visitors.

6. Limitation of Use

The Company thoroughly considers limited use of your Personal Data under the scope of objectives notified to you before or during collection of that Personal Data.

Apart from considering your privacy and basic rights as the data subject including laws, rules, regulations and government specifications, the Company considers limited use of Personal Data to benefit you or respond to you as a Client or service recipient within the scope of objectives in order to contact, respond to questions from Job Seekers, Applicants, Clients or Suppliers on topics related to being party to an agreement and user of the Company’s services, deliver goods or services, contacts as a party to an agreement or management and compliance with an agreement made between you and the Company, marketing research and development of new goods and services, introduce gods or services, survey satisfaction in using services, recommend marketing proposals, marketing communications and other objectives concerning the abovementioned items. If there is need to obtain or use Personal Data for other objectives than the abovementioned specifications, the Company will strictly request consent from you before collection and use of the personal data pursuant to the law.

However, in the case of Personal Data collected, used and disclosed by the Company before Personal Data protection laws were enacted, the Company collects and uses your Personal Data based on old objectives notified by the Company and given consent based on the Company’s business methods in treating you before Personal Data protection laws were enacted for the period specified in this document except in cases with time specifications. However, if the Company will disclose Personal Data or use Personal Data for other objectives that those notified previously, the Company will commit to complying with the law while giving primary consideration to the privacy of the data subject.

7. Data Security

7.1 Security of Data Stored in Ordinary Document Systems

The Company specifies security measures for Personal Data stored as hard copies by storing data in line with information security policies and guidelines in order to control work and maintain information security.

7.2 Security of Data Stored in Electronic Systems

The Company specifies security measures for Personal Data by considering basic rights to your Personal Data by designing information systems, networks and computers to have the most appropriate security in order to consistently support the Company’s operations and comply with laws in addition to preventing threats with potential damage to the Company.

(1) The Company governs and specifies an information technology security policy in writing and the Company is required to communicate the aforementioned policy to create understanding and enable correct compliance, particularly between information technology agencies and other agencies in the company in order to facilitate coordination and business operations according to the Company’s goals.

(2) The Company holds at least one annual review of the information technology security policy or when changes occur with effects on the Company’s information technology security.

(3) The Company specifies individuals with duties and responsibilities in the area of information technology risk management to ensure that the Company is able to find information technology methods or guidelines to mitigate or manage existing risks before presenting methods or guidelines to executives for consideration in managing information technology risks.

(4) The Company identified risks involving information technology with coverage of major risks such as risks from personnel, software and data from networks, the internet, hardware and computer devices, financial risks, risks from floods, storms, fires, earthquakes, building collapse, theft and from malfunctioning electricity.

(5) The Company specifies methods to manage risks at levels acceptable to the Company, prepares tables with characteristics and descriptions of risks, topics, risk names, categories, categories, factors and effects, etc., in addition to specifying levels of incident likelihood and severity of effects from risks.

(6) The Company specifies information technology risk indicators in addition to arranging follow-ups and reports on indicators to the individuals responsible in order to enable appropriate and timely risk management.

(7) The Company prohibits the Company’s personnel from using computer networks for illegal actions and actions against good social mores such as the creation of websites to trade or disseminate illegal items or items in conflict with good mores, etc.

(8) The Company does not permit use of computer networks or computers with the user account of other persons with and without permission from the user account owner.

(9) The Company forbids use of computers and data protected against access by others to edit, delete, add to or copy data.

(10) The Company does not permit dissemination of data belonging to other individuals or agencies without permission from the data subject.

(11) The Company does not permit any person to disrupt, obstruct or cause damage to the Company’s resources and computer networks such as by sending computer viruses or entering programs that cause computers or network devices to deny services, etc.

(12) The Company prohibits every person from tapping into data in the Company’s computer network or computer networks of other persons during data transfers within the computer network.

(13) Before using portable media, opening files attached to electronic mail or files downloaded from the internet, users must use antivirus programs to scan portable media and files every time.

(14) The Company assigns users in the Technology Department to take responsibility for maintaining security of information systems used by the Company and controlling operations in order to maintain the Company’s information system security policy and guidelines.

(15) Every Employee of the Company must be responsible for complying with the Company’s policies and guidelines in maintaining security of the Company’s information systems in addition to not violating laws concerning computer-related crimes.

(16) The Company does not permit users to install, edit or change programs in the Company’s computers without consultation or recommendations from the system administrator or permission from the person with the highest authority in the work unit.

(17) The Company specifies network routing connections for using the internet to pass through security systems such as firewalls. Before connecting to a network, the Company’s computers must be installed with antivirus programs and have gaps in the operating system closed. After using the internet, users are to turn off web browsers to prevent use by other individuals.

(18) Users must access data sources based on given rights in the course of duties and responsibilities for network system efficiency and the Company’s safety. Users are prohibited from disclosing the Company’s secret and vital data except in compliance with the company’s official disclosure criteria.

(19) Users must use the internet without violating other persons and without causing damage to the Company. In addition, users must not commit any action fitting the scope of offences pursuant to the Computer-related Crimes Act or other laws. When using the internet for the Company’s work in every case, users must strictly follow steps outlined by the Company.

(20) Classification of secret information has categorization of data based on missions and data significance. The Company specifies methods for managing data in each category in addition to specifying methods for treating confidential data or significant data before cancellation or reuse. Significant data transfers via public systems and networks must be encrypted under international standards such as by using secure socket layers and by using virtual private networks (VPNs), etc.

(21) The Company has measures for controlling the accuracy of stored, imported, processed and displayed data. In cases where the same data is stored in many places or sets of interrelated data are stored, control of data accuracy, integrity and consistency is required, including data security measures when computers are brought outside the Company’s areas such as when computers are sent to be repaired, etc., or when data stored on devices is pending disposal.

(22) The Company controls access to data and data processing equipment by considering use and security of information systems, specifying rules concerning access permissions and rights for users at every level to acknowledge, understand and strictly follow specified guidelines with awareness of the importance of information system security. The Company specifies appropriate rights in using data and information systems such as rights in using information programs and systems and rights in using the internet, etc., for user duties and responsibilities. The Company grants rights only as necessary for work with written approval from authorized persons in addition to reviewing the aforementioned rights constantly.

(23) In necessary cases where users who own important data granted rights to allow other users to access or revise and change data such as by sharing files, rights must be granted to only specific users or groups and the aforementioned rights must be canceled in unnecessary cases. The data subject must have evidence of granting the aforementioned rights, specify duration of data use and suspend data use immediately after the aforementioned time.

(24) In cases with a need to grant rights to other persons, the Company has the right to use information systems or networks in an emergency or on a temporary basis. The Company is required to have steps or methods and the Company must request approval from authorized persons every time in addition to recording reasons and needs along with specifying duration of use and suspend use of data immediately after the aforementioned time.

(25) The Company has sufficiently strict systems for identifying users and user rights before entering information systems such as by setting difficult passwords, etc., and requiring each user to have his/her own user account. When considering whether passwords are difficult to guess and whether password control is strict, the Company uses the following factors in overall considerations:

(26) Identity must be confirmed before accessing the system with a password determined by the administrator. Passwords should be changed regularly. When changing passwords in each time, passwords should not repeat the three most recent passwords and should be kept secret without writing passwords and attaching the password to the screen. In cases where users are shared users, the administrator will notify users to change passwords for accessing that system when users are changed.

(27) The Company arranges systems to regularly check usernames of major work systems and checks lists of users who no longer have rights to use systems such as lists of users who resigned, lists attached to the system, etc., and suspends use immediately upon detection such as by disabling systems to turn off functions, deleting users from the system or changing the password, etc.

(28) The Company arranges separate data center rooms by separating network systems, server computers, backup generators, batteries and uninterrupted power supply to facilitate operations and make control over access to main computers more effective.

(29) The Company makes data transfer agreements with consideration given to data security and system administrators must control operational safety in three areas consisting of confidentiality, preservation of data accuracy and readiness to provide service. The Company requires signatures on agreements between the Company and outside organizations requiring non-disclosure of the Company’s secrets. In addition, the Company has measures for monitoring and tracking operations and quality of services provided by external service providers for consistency with contracts and agreements.


8. Disclosure of Personal Data

The Company may disclose your Personal Data as previously stated to the following individuals or juristic persons that are government agencies, private organizations, state enterprises and any public organization to achieve the objectives notified above:

8.1 Members of the Adecco group of companies in other countries. Different members of the group fulfil different functions and as result your information will be shared with them for different reasons:

a) information is shared with members of Adecco that provide IT functions for the Adecco companies world-wide;

b) information is also shared with Adecco affiliates worldwide where you have expressed an interest in opportunities in that market, or members of Adecco identify that you may have particular skills required or helpful in that market.

A list of the countries and Adecco affiliates found in this link: https://www.adeccogroup.com/worldwide-locations/ as amended from time to time.

Also, you can refer the Asia Data Protection Policy in this link: Adecco Asia Data Protection Policy as amended from time to time.

8.2 Individuals or juristic persons who are product owners for benefits in collecting purchase order history. The Company will disclose only the product owner or Personal Data necessary for operations.

8.3 Government agencies based on the Company’s obligations to comply with notifications, criteria or laws such as the Revenue Department, the Social Security Office, the Department of Business Development, the Office of the Consumer Protection Commission, the Thai Industrial Standards Institute, the Customs Department, the Department of Employment, the Department of Labor Protection and Welfare, the Department of Skill Development, the Stock Exchange of Thailand and the Bank of Thailand.

8.4 Business allies based on the Company’s obligations to comply with regulations, specifications, agreements and conditions to disclose data to business allies or other individuals such as financial data, insurance companies, medical facilities, asset companies and fund management companies for your benefit and welfare and disclosures to Clients or work facilities of data subjects based on specifications by business allies.

8.5 Professional service providers such as financial consultants, legal consultants, quality system consultants, certified public accountants and internal auditors.

8.6 Infrastructure, information technology, data storage and cloud service providers

8.7 Providers of services in the areas of marketing, preparation of statistical data, advertisement, public relations and communication.

8.8 Any other individuals specified by law in cases where laws, rules, regulations, directives from government agencies, agencies with governing duties or orders from an arbitration agency require the Company to disclose your Personal Data and the Company needs to disclose the Personal Data.

8.9 Recipients of rights transfers and/or duties from the Company in cases where the Company wishes to transfer rights and duties of the Company including partial or total business transfer, business mergers, changes to the Company’s shareholding structure and the Company needs to disclose your Personal Data to transfer recipients including potential transfer recipients), whereby rights and duties of the transfer recipient concerning your personal will also be consistent with this policy.


9. Data subject Rights

In addition to basic rights of data subjects whose Personal Data was collected, used or disclosed by the Company such as the right to be notified of data, the right to limit use of data, the right to receive warning notifications or the right to request data transfers, data subjects have the following rights specifically prescribed by the Personal Data Protection Act of B.E. 2562 (2019):

9.1 Consent

Data subjects have the right to decide whether to provide any Personal Data requested by the Company and consent for the Company to collect, use or disclose the Personal Data. However, data subjects must acknowledge that providing incomplete data based on the Company’s requests or refusal to consent to collection, use or disclosure of the personal data may cause data subjects to be limited from the right to use certain services provided the Company or prevent the Company from providing services to data subjects if the aforementioned data is necessary for the Company to provide services for data subjects.

9.2 Access to Data

Data subjects have the right to request access to and request copies of the Personal Data or request the Company to send Personal Data to the data subject or other Data Controllers (if the data is in a form that enables the actions). In addition, data subjects may request the Company to disclose acquisition of data subjects’ Personal Data if data subjects did not consent to collection and storage of the Personal Data.

9.3 Objection

Data subjects have the right to object to collection, use and disclosure of Personal Data concerning data subjects in the following cases:

(1) In cases where the Company collected that data without consent from the data subject when necessary for the performance of duties and missions for public benefit, the benefit of the Company or when performing duties and authority was granted to the Company by the state and when necessary for the lawful benefit of the Company or other persons or juristic persons who are not the Company.

(2) In cases where that data was collected, used or disclosed for direct marketing.

(3) In cases where that data was collected, used or disclosed for research.

9.4 Deletion, Disposal or Suspension of Use

Data subjects have the right to request for the Company to delete, dispose of or suspend use of Personal Data belonging to data subjects collected and stored by the Company or direct the Company to render the aforementioned data incapable of identifying the data subject if the data subject withdraws consent or objects to collection, use and disclosure of Personal Data related to the data subject or when there is no need to collect, use or disclose Personal Data for objectives that the data subject consented to or when the Company does not comply with Personal Data protection laws.

9.5 Data Correction

Data subjects have the right to request the Company to correct Personal Data of data subjects collected by the Company to be accurate, up-to-date, complete and not misleading.

9.6 Consent Withdrawal

Data subjects have the right to withdraw consent for collection, use and disclosure of Personal Data belonging to data subjects. However, consent withdrawal does not affect collect, use or disclosure of Personal Data that data subjects previously consented to. The consent withdrawal may prevent the Company from providing services to data subjects.

In exercising rights of data subjects according to specifications in Items 9.1 to 9.6, the rights have limitations pursuant to the laws involved and the Company may deny rights of data subjects if the Company has a legal reason to deny the rights.

However, rights exercised by data subjects as specified in this document are limited to only provision of basic services that do not cause the Company to incur unnecessary expenses as the data subject. If data subjects exercise rights and create fees and expenses in complying with requests from data subjects, data subjects must accept responsibility and compensate the Company for operating costs in complying with requests made by exercising the rights.


10. Retention Period


10.1 Personal Data Retention Period

Unless special requirements are made pursuant to the law, the Company shall keep your Personal Data for seven (7) years from the end of your legal relationship with the Company except in necessary cases involving uses or objections to rights to make demands pursuant to the law, legal execution, placement of assets in escrow or specific legal requirements. 

10.2 Systems for Checking Deletion/Disposal of Personal Data after the Retention Period

The Company has in place systems to check and delete or dispose of your Personal Data after the retention period or when the aforementioned data becomes irrelevant or exceeds needs based on objectives or your requests or when you withdraw your consent except in cases where the Company must keep data for objectives in exercising freedom to express opinions or complying with specific legal exceptions including use of data to create rights to make demands pursuant to the law or comply with exercising of rights to make demands pursuant to the law, to make claims and fight for the right to make demands pursuant to the law or to comply with laws.


11. Data Controller and Data Protection Officer’s Information

If you wish to exercise your Personal Data rights or if you have questions concerning the Personal Data protection policy, you can contact the Company by using the following information:

Data Controller

Adecco Group Thailand
No. 99/9, Central Plaza Changwattana Office Tower, 20th Floor, Room No. 2005-8, Changwattana Rd., Bang Talad, Pakkred, Nonthaburi, 11120

Tel: 02-832-3399
Email: th.pdpa@adecco.com

Data Protection Officer:

Mr. Chatnarin Bumpenwattana

Tel: 02-832-3399 ext. 356
Email: th.legal@adecco.com

Data Subject Rights Request Form:

Adecco Group Thailand
Announced on February 22, 2022