EASTERN POLYMER GROUP POLICY COMPANY LIMITED
PRIVACY NOTICE
( FOR DIRECTOR OF THE COMPANY )
Eastern Polymer Group Public Company Limited, hereinafter referred to as the “Company”, respects the privacy rights of its director and sub-committees, hereinafter referred to as “you”; the Company is aware of the importance of personal data and the protection of personal data that must be adequately provided. To prevent infringement of the privacy rights of the personal data subject, whom are our responsibility, therefore; the Company hereby prescribes and notifies the privacy for processing personal data to the personal data owner for their acknowledgement regarding the details related to the collection, use or disclosure of personal data as follows:
1. The purpose for collecting, using, or disclosing personal information
In the event that you are the directors or sub-committees of the Company and the person who is eligible to be the Company’s director and sub-committees. The Company will collect, use or disclose personal data as necessary based on lawful data processing basis for the following purposes:
1.1 For legitimate interests of the Company, such as the Company’s management, transaction and/or compliance and observance of any contract with customers, partner or other third party for the purpose of business planning, reporting and projection, opinion surveys and the Company’s operation improvements.
1.2 For compliance and observance by laws, regulations, and orders of those with legal authority, such as recording of the meetings, recording audio and/or video of the meeting and preparing minutes of meetings to send to relevant agencies such as the Department of business development, operations relating to the payment of remuneration to the Company’s directors and sub-committees, delivery of meeting’s agenda documents, disclosure of information via the Company’s website, or media such as print media and electronics media to third parties, disclosure and report of directors’ information to relevant regulatory agencies for acknowledgment, audit of information on stakeholder of directors and related persons of directors, conflict of interests of the Company, preparation and storage of personal information, including directors’ profile information for the purpose of the Company’s database and/or transmitting information to agencies outside the Company to apply for training or other activities that have been participated as a director of the Company, to collect information and report relevant information in accordance with the public company law securities and exchange law including any appointment, registration of any amendment or other operation prescribed by other relevant laws, regulations and orders.
1.3 For the Company’s building and premises security, record of entering and leaving the Company’s premises and video recording through CCTV devices.
1.4 To prevent and suppress harm to the body, life or health of the shareholders such as emergency contacts and communicable disease control and prevention.
1.5 To achieve the objectives of implementing the consent which the directors has given to the Company from time to time
If the data subject does not provide such personal information for the compliance and observance by and of a law contracts, or for the necessity to provide personal information to execute a contract, this may result in the cessation of any other transaction or activity involving the Personal Data Subject or suspension until the Company receives the data subject information because the Company is unable process those data or prohibited by the law for conducting such transactions or activities any longer.
2. Personal Data Processing Basis
The Company will process personal data based on lawful data processing basis as follows:
2.1 Processing based on a contract basis
2.2 Processing based on a legal basis
2.3 Processing based on the Company’s legitimate benefits basis
2.4 Processing based on the consent of the personal data subject basis
2.5 Processing based on other lawful basis
3. Classification and Sources of Personal Information
The Company collects your personal information directly from you in document format or electronic data. You may be asked to fill in the documents that the Company has prepared or fill in the information in the online platform designated by the Company and/or any other methods. However, the Company needs to process some of your data. This may be your personal information that the Company receives from other sources in order to achieve the objectives in clause 1, the Company has collected as follows:
3.1 General of Personal Data
(1) Personal identification includes first name, last name, ID card, passport, date of birth, gender, age, nationality, marital status, signature, name-surname change, photograph, etc.
(2) Contact information such as current address, domicile address, telephone number, fax number, e-mail addresses and other electronics contact information, etc.
(3) Financial information such as bank account number, securities holding information.
(4) Other information such as work experience, education, directorship, references, family’s information and training experience, etc.
(5) Information about opinion or suggestion.
(6) Information about participation in events organized by the Company and/or contact information with the Company, such as recordings of still images, sounds, videos or motion pictures.
3.2 Sensitive Personal Data
The Company has no intention of keeping, collecting, and using the religious and blood group information that appears on the page of your ID card. If you give a copy of your ID card to the Company, the Company may request you to conceal such information before delivering it to the Company. If you do not conceal the above information, you are deemed to have consented to the Company’s concealment of such information, and it is deemed that the documents to be concealed are complete and enforceable in all respects by law.
However, in some activities, the Company must process your personal data. The Company may also collect and use some additional sensitive personal data such as health information which included but not limited to congenital disease, medical certificate, body temperature, communicable disease information to facilitate the organisation of such activities for the fulfilment of the purposes as stated explicitly by the Company in the consent documents, and the Company will proceed to obtain your explicit consent before the collection of such sensitive personal data.
4. Storage Period
The Company will retain personal data for the period necessary to achieve the stated purpose. By considering the necessity of each type of data practice and after the expiration of such period. The Company will further destroy or delete personal data by appropriate means as determined by the Company. The Company will consider the criteria used to determine the period to keep your personal information, such as the length of time the Company still has a relationship with you or the length of time the Company still has benefits for you and may continue to be retained for the period necessary for legal compliance or legal statute of limitations.
However, in general, the Company will keep personal information of the directors throughout the term of the Company’s directorship and after the expiration of their terms of not exceeding 10 years
5. Disclosure of Personal Information to Third Parties
To achieve the objectives stated in this notice, the Company may disclose your information to third parties as follows:
5.1 Subsidiaries and affiliates for the purpose of implementation to achieve the objectives stated above.
5.2 Government agencies, regulators, or any agency prescribed by law, including officials who exercise legal powers such as the courts, the police, the Securities and Exchange Commission, the Revenue Department, etc.
5.3 Agents, contractors, subcontractors and/or service providers for any operations such as auditors, lawyers, legal advisors, financial advisors, etc.
5.4 Banks or financial institution.
6. Your Rights as the Owner of Personal Data
6.1 The right to withdraw consent
In the event that your consent is required by the Company to collect, use or disclose your personal information, you have the right to withdraw your consent to the processing of personal data that you have given us throughout the period that your personal data is kept by us unless such withdrawal of consent will be limited by law or your beneficial contracts. However, withdrawal of consent shall not affect the collection, use, or disclosure of personal data that the data subject has given rightfully and legitimately.
6.2 The right to access personal data
You have the right to access your personal data and to request the Company to make a copy of that personal data, including asking the Company to disclose the acquisition of personal information that you did not give consent to us.
6.3 The right to correct personal data
If you opine that your personal information collected by the Company is inaccurate, you have the right to request the Company for the correction and addition of such inaccurate or incomplete information.
6.4 The right to delete personal data
You have the right to request the Company to delete your personal data for certain reason.
6.5 The right to suspend the use of personal data
You have the right to suspend the use of your personal data for certain reason.
6.6 The right to transfer personal data
You have the right to transfer personal data you have provided to the Company to another data controller.
6.7 The right to object to the processing of personal data
You have the right to object to the processing of information of you according to the law in the event of the collection, use or disclosure of your personal data.
6.8 The right to appeal
You have the right to appeal to a competent official under the Personal Data Protection Act B.E. 2562 (2019) if the Company violates or fails to comply with the aforesaid Act.
7. Measurement to Maintain the Security of Personal Data
The Company has provided a system for collecting personal information to maintain security and prevent the loss, access, use, alteration or disclosure of personal information without authority or abuse. The Company has access control mechanism, and security and security measures. And the Company will arrange for regular reviews of the measures to be effective in maintaining physical, administrative and technical security.
8. Chanel to Contact the Company and the Personal Data Protection Officer
If you have any query about this Privacy Notice for Directors or wish to exercise the rights specified in clause 6, please use the contact form posted on the Company website at https://epg.co.th/ or contact via the Personal Data Controller, or Personal Data Protection Officer, Eastern Polymer Group Public Company Limited, as follows:
8.1 Personal Data Controller: Eastern Polymer Group Public Company Limited: Human Resources and Administration Department
- No. 770 Thepharak Road, Thepharak Subdistrict, Mueang District, Samut Prakan Province 10270
- Tel. 02 383 6599
8.2 Personal Data Protection Officer:
- No. 770 Thepharak Road, Thepharak Subdistrict, Mueang District, Samut Prakan Province 10270
- Email dpooffice@EPG.co.th
- Tel. 02 383 6599
You can contact the Personal Protection Officer to submit a claim for rights action using the contact details above without any cost. The Company will consider and notify the result pursuant to the request within 30 days from the date the Company receives such request.
This announcement is effective on October 1st, 2022.
It was announced on September 27th, 2022.