1. Introduction

1. AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our employees (including our outsourced staffs) and ex-employees, including family members, contact persons, reference persons, guarantors, associates and other related persons of our employees and ex-employees, and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

2. AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

3. AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal information will be in accordance with the provisions of relevant laws only.

4. AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

5. AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

7. AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

8. AEONTS trains and educates our officers and employees regarding the importance of protecting personal information to ensure that they handle personal information of data subject under this Privacy Policy Statement in an appropriate manner.

9. AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

- Identity data (for example, name, surname, identification card number, passport number, birth date, gender, nationality).

- Contact data (for example, address, telephone number, email)

- Financial data (for example, bank account, credit bureau, anti-money laundering information)

- Information relevant to your work such as working details, work permit details, work performance evaluation, leave information, information about your use of our information and communication systems Work performance related information (for example, working details, work performance evaluation, test score, and in some cases, AEONTS may process sensitive data such as biometric data health data, religion as shown in your identification card, and criminal record only with your explicit consent or when permitted by law)

- Personal information of your family members to the extent that is necessary for your employment benefits

- Information obtained through video and voice recordings during your work performance such as images caught on CCTV, voice recordings during conversation with customers or other third parties

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

1) Collect information directly from you, for example:

- Our internal process for your employment contract, when you sign employment contract, and employee insurance and benefit claims processes.

- Your communication with us via our contact channels, e.g. telephone, e-mail, etc.

- AEONTS online system, e.g. when you use our website or internal system, etc.

2) Collect information from other sources, for example:

- Government authorities such as Royal Thai Police, Anti-money Laundering Office, and court.

- Hospital that performs health checkup for new employees.

- From your employer (for outsourced staffs).

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information for various purposes depending on relationship between you and AEONTS as follows:

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: (i) we retain the personal information for the duration we have an ongoing employment relationship with you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Social Security office, Revenue Department, Immigration Bureau, Ministry of Commerce, Student Loan Fund.

5.2 AEONTS parent company in Japan for internal administrative purposes such as handling employees’ complaint.

5.3 Our customers, vendors or other third parties due to the rights and obligations for work performance under employment contract.

5.4 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure such as document storage and destruction service providers, printing house, IT development companies, auditor, lawyer, consultants, etc.

5.5 External training institutes.

5.6 Banks or credit card companies expected to have a legal relationship with you.

5.7 Hospital for your annual health checkup.

5.8 Insurance companies.

5.9 Provident fund management company.

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in working with AEONTS, or may not receive employees’ benefits or special offers.

2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

3) Right to Data Portability

Where AEONTS arranges your personal information to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal information and are also entitled to:

a request us to send or transfer your personal information in such formats to other data controllers if it can be done by the automatic means;

b request to directly obtain your personal information in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.

4) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

5) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims..

6) Right to Restriction of Processing

You have the right to request AEONTS to restrict the use of your personal information under certain circumstances where you believe such personal information to be inaccurate, our processing is unlawful; or we no longer need to process such personal information for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

7) Right to Rectification

EONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:

SAP SuccessFactors System of the Company (for consent withdrawal) Channels specified in Clause 8 below.

Nonetheless, if we reject your request, we will inform you of the reasons.

In addition, outsource staffs may withdraw their consent by notifying head of section in charge of your outsourcing contract.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.1 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Takashi Hisae)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110

Tel: DPO Office 02-302-4656

E-mail: privacy@aeon.co.th

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.