Privacy Notice of Siam Premier International Law Office Limited
(For Shareholders, Directors, Partners and Consultants, Employees and Applicants)
Siam Premier International Law Office Limited (“Company” or “we” or “us”) respects and values the protection of privacy and personal data of our shareholders, directors, partners and consultants, employees as well as those interested in applying for a job with us through available channels (“you”). We shall collect, use and disclose your personal data only in a manner and to the extent that is required for the fulfilment of the purposes stated in this privacy notice (“Privacy Notice” or “Notice”). Moreover, we shall strictly comply with the applicable regulations and standards for personal data protection as prescribed by law.
-
Data Subjects
For the purpose of this Notice, we shall collect and process the personal data of the following individuals:
Shareholders – current and former shareholders of the Company.
Directors – the Company’s directors, executive directors, and other directors howsoever called.
Partners and Consultants - current and former partners and consultants of the Company.
Employees – permanent employees, temporary employees, outsource and subcontract employees, and trainees (if any).
Applicants – persons who apply for a job with us, either directly or through job websites or other employment agencies.
Other Related Persons –proxies/appointees/attorneys-in-fact, references, family members, emergency contacts, beneficiaries, guarantors for work, or any other persons whose names and other personal data are given to the Company by its shareholders, directors, partners, consultants, employees or applicants for the purposes referred to in this Notice.
-
Personal Data that We Collect
For the purpose of this Notice, we shall collect “personal data,” which is defined as any information that verifies your identification and which includes the following:
General personal information concerning individuals – including, title, first name, last name, nickname, gender, age, date of birth, identification number, taxpayer identification number, passport number, social security number, vehicle license plate, marital status, military status, ordination status, information provided in documents issued by government agencies or professional federations (e.g., identity cards, professional licenses, and other certificates), physical identity of a natural person (e.g., face, weight, height), voice, photograph, video, CCTV data, and signature.
Contact data – including, address, workplace, phone number, and e-mail address.
Bank account and financial data – including, bank account number, bank account name, bank account holder name, payment details, and other information relating to bank transaction.
Recruitment data – including, educational record, employment history, training record, information provided in documents issued by educational institutions (e.g., degree certificates, transcripts, and other certificates of educational achievement), qualifications, skills, hobbies, and talents, references, CV and application, interview and assessment data, vetting and verification information.
Information concerning work and workplace behaviour – including, workplace, position, department, section, length of service, term of office, salary/wage, bonus, fringe benefits and welfare, contributions to funds, records of company entrances and exits, records of overtime work, working ability and skills, performance assessment and opinions of assessors, advances and disbursements, consideration and approval of work under a person’s responsibility, access/use/printout/copy/disclosure of data stored in the Company’s system, e-mail reception and transmission, leave of absence, exercise of rights under labour protection and other laws including the Company’s welfare services, complaints, warnings and disciplinary actions, meeting attendances, casting of votes/expressing of opinions/passing of resolutions at meetings, termination of employment (e.g., resignation/dismissal, reasons for termination, effective date of termination), and expiration of office term.
Information concerning shares – including, the number of shares held, share serial number, share price, transfer/receipt of shares, share subscription, share payment, receipt of dividend payment, refund of investments, and exercise of rights attached to shares.
Sensitive personal data – including, information about racial or ethnic origin, religious beliefs and blood type (if any) provided in documents issued by government agencies; criminal record; and health information (e.g., physical impairment, results of medical check-up, occupational injuries, medical certificates).
Apart from the aforementioned personal data, we may collect other types of personal data, if necessary and permissible by law. In doing so, we will strictly comply with the applicable rules, regulations and standards for data protection as prescribed by law.
-
Sources of Personal Data Collected
-
Personal Data Collected Directly from You
In general, we collect your personal data directly from you in the following manners:
(a)when you receive or about to receive transfers of the Company’s shares or subscribe to the Company’s right offering;(b)when you consent to your nomination for directorship or partnership;(c)when you attend the Company’s shareholders meetings, board of directors meetings, partners meetings and other meetings;(d)when you apply for a job with the Company, either as a walk-in applicant or by e-mailing your application and resume to the Company, in which case the Company may, if you pass the initial selection process, seek your consent to the collection and processing of your criminal record and/or pre-employment medical examination, as deemed necessary;(e)when you are employed or appointed to hold office in the Company, in which case we will collect additional personal data from you for the preparation of a contract of employment, a guarantee for work, and a personal file and for providing you with our welfare services in accordance with the conditions of employment;(f)when you exercise your right or perform your duty as the Company’s shareholder, director, partner, consultant, or employee;(g)when you transfer your share(s) in the Company to a third party or when your term of office expires or your employment terminated; or(h)such other manners in which you will be notified. -
Personal Data Collected Automatically
Your personal data will be automatically collected, with the aid of technology, in the following manners:
(a)Your personal data will be collected via our surveillance technology or other measures such as CCTV installed on the Company’s premises.(b)Your personal data will be collected through entrance/exit controls(c)Your personal data will be collected when you use the Company’s information technology system, be it the access/use/printout/copy of data stored in the Company’s system or the use of system or the Internet.(d)Your personal data may be collected in such other manners in which you will be notified. -
Personal Data Collected from Third Party
We may receive your personal data from a third party in the following manners:
(a)We may receive your personal data from any one of our subsidiaries/affiliates or any companies in our group.(b)If you use the services of an employment agency or a job website/platform, we will receive your personal data from such agency or website/platform.(c)We may contact your reference to collect and process your personal data as well as your employment history.(d)If you have a pre-employment or an annual medical examination, we will receive the results of the examination from the hospital that conducts the medical examination for you.(e)If you are an outsource/subcontract employee, we will receive your personal data from your company.(f)If you are a person related to our shareholders, directors, partners, consultants, employees or job applicants, we may receive your personal data from your related persons.(g)We may receive your personal data in such other manners in which you will be notified.In addition, it may be necessary for us to collect from you the personal data of other related persons. Before disclosing such personal data to us, you must inform such persons and receive their consents to our use of their personal data for the purposes stated in this Notice. The Company shall strictly comply with the rules and regulations of the personal data protection law in regard to the collection and processing of thirdparty personal data.
If you are required to provide your personal data for compliance with the law or for contractual relationship or contractual obligations, we shall inform you of the possible effects of not giving such personal data at the time of the collection. In some cases, your failure to provide the personal data may result in you being denied certain rights due to lack of personal data that are vital to the fulfilment of the condition for such right.
-
Personal Data Collected Directly from You
-
Purposes of Personal Data Processing
The purposes of our collection, use and disclosure (if any) of your personal data are explained in the table below. Your personal data will generally be processed under one or several of the following bases:
(a)The processing of your personal data for preventing or suppressing a danger to a person’s life, body or health;(b)The processing of your personal data necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;(c)The processing of your personal data necessary for the performance of a task carried out in the public interest by the Company, or it is necessary for the exercising of official authority vested in the Company;(d)The processing of your personal data necessary for legitimate interests of the Company or any other persons, except where such interests are overridden by the fundamental rights of your personal data; and(e)The processing of your personal data necessary for compliance with a law to which the Company is subject.If we are unable to process your personal data under any one of the aforesaid bases, we will seek your explicit consent. Specifically, in the case of a minor, an incompetent person or a quasi-incompetent person, we will seek consent of the person exercising the parental power who acts on behalf of the minor, the guardian or the custodian (as the case may be) to the processing of the personal data of such minor or person in accordance with the data protection law. You can withdraw your consent at any time by contacting the Company through means of communication provided in this Notice.
For the purpose of this Notice, we explain the purposes and the legal bases for the collection and processing of your personal data, as follows:
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary in order to take steps at the request of the data subject prior to entering into a contract.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for the performance of a contract to which you are a party.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary in order to take steps at the request of the data subject prior to entering into a contract.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for the performance of a contract to which you are a party.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for the performance of a contract to which you are a party.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- Certain personal data shall be processed once the Company obtains the explicit consent from you (e.g., result of the annual check-ups).
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for the performance of a contract to which you are a party.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- Your explicit consent shall be obtained in certain scenarios, particularly where our use of your personal data is beyond your expectation.
- The processing of your personal data is necessary in order to take steps at the request of the data subject prior to entering into a contract.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- Certain personal data shall be processed once the Company obtains the explicit consent from you (e.g., result of medical examination and criminal record).
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for compliance with a law to which the Company is subject to.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is for preventing or suppressing a danger to a person’s life, body or health.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
- The processing of your personal data is necessary for legitimate interests of the Company or any other persons.
-
Data Retention Period
Generally, we will retain your personal data throughout the term of the agreement or contract you made with the Company or throughout your legal relation with the Company, unless any applicable law, statute of limitations, or professional standard requires or permits a longer duration for a legitimate purpose, in which case we will retain your personal data further, but not longer than necessary for the purpose.
In the absence of storage limitation imposed by the applicable law, statute of limitations, or professional standard, we will retain your personal data only for a duration necessary and appropriate for the purposes stated in this Notice.
We will take appropriate technical and organizational measures for the protection of personal data, particularly against unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of your personal data.
Once your personal data is no longer necessary or upon the lapse of the retention period, your personal data will be anonymized or permanently removed from the Company’s electronic records, and all physical records will be completely destroyed.
-
Disclosure of Personal Data
Generally, your personal data will be disclosed to our personnel only on a need-to-know basis or to those in charge of processing. In addition, your personal data may be disclosed to any of the following third parties:
(a)Our subsidiaries, affiliates and companies in our group: SPI Legal Consulting Co., Ltd., Siam Premier Service Co., Ltd., and Lao Premier International Law Office Limited including their personnel.(b)Our suppliers/providers: providers of development and maintenance services for infrastructure, software, websites and information technology; Cloud computing and storage providers; data analysts; paper-document depositories; legal advisors; financial advisors and auditors; provident fund management services; life/health insurers; hospitals; commercial banks; training services; employment agencies or job websites/platforms; and outsourcing or subcontracting services.(c)Our customers/business partners: customers or business partners of the Company, including their personnel who need to process your personal data.(d)Persons or agencies with legal authority: Revenue Department, Social Security Office, Department of Business Development, police officers, inquiry officials, agencies/authorities supervising the Company’s business conduct, courts, and other law enforcement officers or agencies.(e)Those responsible for public health control: medical facilities, hospitals, and other public health agencies.(f)New employers of our (former) employees: companies or persons that are (or would be) new employers of our former employees inquiring about or asking for evidence of the employee’s previous employment, provided that the employee has made a request for, or given a consent to, the disclosure.(g)Aggrieved parties: employees or third parties (including their agents or representatives) who are violated or have suffered as a result of a tortious act or a criminal offence and who have requested the disclosure in accordance with the procedures set out by the Company.(h)Those involved in merger or reorganization: investors, inspectors, and advisors/ consultants who are involved in decision-making for our business management. -
International Data Transfers
For the purpose of managing our subsidiaries/affiliates and companies in our group, we may transfer your personal data to Lao Premier International Law Office Limited in the Lao PDR.
Additionally, we may also transfer your personal data to be stored and processed in servers of our service providers located in another country.
While the Lao PDR and those countries may not be recognized as having an adequate level of data protection, we shall take all relevant measures to ensure that your personal data are protected in accordance with the rules and regulations of the applicable laws.
-
Rights of the Data Subject
As a data subject, you have the following rights in regard to your personal data subject to the rules, procedures, and conditions set out by the laws on personal data protection:
(a)Right to withdraw consent: Where your personal data are collected, used or disclosed on the basis of your consent, you have the right to withdraw your consent at any time, unless there is a restriction on the withdrawal of consent by law, or the contract which gives benefits to the data subject. However, the withdrawal of consent shall not affect the collection, use, or disclosure of personal data prior to such withdrawal.(b)Right to access: You have the right to request access to and obtain a copy of your personal data which is under the responsibility of the Company, or to request the disclosure of the acquisition of your personal data obtained without your consent.(c)Right to data portability: Where your personal data are collected, used or disclosed on the basis of your consent, or where your personal data are collected without your consent due to the necessity for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, you have the right to receive your personal data from the Company if such personal data is in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. You also have the right to request the Company to send or transfer your personal data in such formats to other data controllers if it can be done by automated means.(d)Right to objection: You have the right to object the collection, use, or disclosure of your personal data at any time.(e)Right to erase: You have the right to request the Company to erase or destroy your personal data, or anonymize your personal data to become the anonymous data which cannot identify the data subject.(f)Right to suspension: You have the right to request the Company to restrict the use of your personal data.(g)Right to rectification: You have the right to request the Company to rectify your personal data so that they remain accurate, up-to-date, complete, and not misleading.However, we reserve the right to proceed as necessary to verify your identification before granting your request, and in some cases, we may deny your request when permitted by law.
If you wish to exercise the aforesaid rights, you can contact the Company through the means of communication set forth in this Notice.
You also have the right to file a complaint to the expert committee in the event that the Company collects, uses, or discloses your personal data in a way that violates or does not comply with the laws on personal data protection.
-
Amendment
This Notice will be reviewed on a regular basis and may be amended from time to time to be aligned with the practices and laws on personal data protection. You will be informed of any material change by appropriate means.
-
Contact
If you have any queries with respect to this Notice, or any personal data collected, used or disclosed by us, or wish to exercise your rights under the laws on personal data protection, you can contact us at:
Contact Person:Thaneeya Kitchawet
Data Protection Officer (DPO)Address:Siam Premier International Law Office Limited
999/9 The Offices at Central World, 26th Floor, Rama I Road,
Pathumwan Sub-District, Pathumwan District, BangkokE-mail:Phone:
| Purposes | Legal Bases | |
|---|---|---|
| 1 | Shareholders | |
| 1.1 | For preparing and keeping registrations, share certificates, reports and records about the Company’s shareholders as well as arranging for the submission of documents to relevant authorities such as Department of Business Development, Ministry of Commerce. |
|
| 1.2 | For convening and arranging the Company’s general meetings as well as preparing the meeting notices and minutes |
|
| 1.3 | For the payment of dividends to the shareholders and the withholding of tax |
|
| 2 | Directors/Partners/Consultants | |
| 2.1 | For checking and verifying the qualifications for directorship and the appointment or promotion as director/partner/consultant (when the data subject has provided consent to his or her nomination for directorship/partnership/consultantship) |
|
| 2.2 | For keeping the personal data of those who are nominated for, but not elected to, directorship/partnership/consultantship for future reference |
|
| 2.3 | For the assumption of directorship and the notification of change of directors as well as the preparation and submission of documents to relevant authorities such as the Department of Business Development, Ministry of Commerce |
|
| 2.4 | For convening and arranging the Company’s board of directors meetings as well as preparing the meeting notices and minutes |
|
| 2.5 | For the purpose of the Company’s business operation, communication, business deals and contracts, and for monitoring the performance of duty as the Company’s director/partner/consultant |
|
| 2.6 | For the payment of the director’s/partner’s/consultant’s remuneration and the withholding of tax |
|
| 3 | Employees | |
| 3.1 | For preparing contracts of employment, guarantees for work (if any), and personnel files and providing welfare services to employees |
|
| 3.2 | For the calculation of wages, salary, bonus, and other payments to permanent and fixedterm employees, including the withholding of tax |
|
| 3.3 | For the payment of fees to outsourcing and subcontracting companies |
|
| 3.4 | For the registration of membership and the notification of the termination of membership under the labour and social security laws as well as for the deduction of the contributions to Social Security Fund, Compensation Fund, Provident Fund, Employee Wellness Fund, and other similar funds |
|
| 3.5 | For the purpose of taking out life insurance and/or health insurance |
|
| 3.6 | For providing annual health check-ups for the employees and preventing infection in the workplace |
|
| 3.7 | For the employee training program, which includes registering employees, facilitating training sessions, and photographing and videoing activities |
|
| 3.8 | For the purpose of IT Request such as the registrations for logging into computers, e-mail, and other IT services |
|
| 3.9 | For examining and assessing work performance, as well as considering pay rises for permanent and fixed-term employees |
|
| 3.10 | For negotiating with the employees’ welfare committee, and settling of labour disputes |
|
| 3.11 | For the purpose of the Company’s organizational management, human resources management, and business operation such as work assignment, job transfer, performance of assigned work, warning or disciplinary actions, retirement and renewal of employment contract, disbursements, etc. |
|
| 3.12 | For the purpose of production of the Company-related identification materials or marketing materials |
|
| 4 | Applicants | |
| 4.1 | For the recruitment and selection of employees |
|
| 4.2 | For retaining the personal data of the applicants who are not selected for future available positions |
|
| 5 | Other Purposes | |
| 5.1 | For use as ancillary information or ancillary evidence in legal proceedings, which includes the execution of court orders, the issue of demand letters, and the disclosure of said information to counsels or third-party counsellors to carry out the same |
|
| 5.2 | For the safety of, and the protection against damage to, people and property as well as the investigation and prevention of illegal activities |
|
| 5.3 | For responding to requests of the government agencies performing their official duties and for cooperating in official investigations and prosecutions against offenders |
|
| 5.4 | For the prevention and suppression of a danger to life, body and health of a person |
|
| 5.5 | For the disclosure and transfer of information to related persons when divestiture, merger or reorganization is concerned |
|
| 5.6 | For the control, supervision and management of our subsidiaries |
|
| 5.7 | For such other purposes as permitted by law and subject to the rules and regulations set out by law | |