Privacy policy

Privacy policy and Privacy Notice

Privacy Notice for Employee and Job Applicant
Privacy Notice of Hitachi Transport System Group Thailand

For the purpose of complying with the Personal Data Protection Act B.E. 2562 (2019) and subordinate laws issued thereunder, including any amendments which may be made thereto, (hereinafter referred to be “Laws on Personal Data Protection”), Hitachi Transport System Group Thailand i.e Hitachi Transport System Vantec (Thailand) Limited, TST Sunrise Service Limited, Eternity Grand Logistics Public Company Limited, Pands Group Logistics Company Limited, Eternity Consulting and Service Company Limited (hereinafter referred to be "Company”) has prepared this Personal Data Privacy Notice (hereinafter referred to be “Privacy Notice”) for Employees and Job Applicants (hereinafter referred to be “you”) to inform data subject for the purpose of collecting Personal Data, lawful basis, the retention period, disclosure of Personal Data (hereinafter referred to be “Processing”) Data about the Personal Data controller and the rights as the data subject. The details are as follows.


1. Definition

Under this Privacy Notice, the definitions used are as follows:

  • 1.1. Employees means persons who work or perform any duties for the Company and receive wages, welfare benefits, or any other
    • compensations from the Company, irrespective of what such compensation is called, such as directors, executives, managers,
    • employees, trainees, or any other persons having similar characteristics, but not including contractors or service providers which are
    • business partners of the Company.
  • 1.2. Job Applicants means a person who applying for a job directly with the company, a person applying for a job through an employment
    • agency or a persons who may be selected of the Company, whereby the Company may directly collect Personal Data from the
    • job applicants.
  • 1.3. Personal Data means any data relating to a Person, which enables the identification of such Person, whether directly or indirectly, (but not
    • including the data of the deceased Persons in particular).
  • 1.4. Sensitive Personal Data means data about race, ethnicity, political opinion, creed, religious or philosophical belief, sexual behavior,
    • Criminal records, health data, disability data, trade union data, genetic data, biometric data or any data that may affect the owner
    • of the data in the same way.

2. Types of Personal Data collected and Personal Data Protection

The Company will collect various types of personal data that you provide directly to the Company from the operation and/or the Company may collect your personal data from third parties such as third party recruitment agency web sites, recruitment agency, Government agencies, educational institutions under the terms/based processing as required by law as stated as follows :

  • 2.1. General Personal Data include:
  • 2.1.1. Personal data, such as first name, last name, date/month/year of birth, age, sex, weight, height, identification number, photograph,
    • signature, nationality, race, religion, marital status, military status, health condition, etc.
  • 2.1.2. Contact data, such as address, telephone number, fax number, e-mail, emergency contact person details, and reference person
    • details, etc.
  • 2.1.3. Data on education and training, such as academic and training background (such as institution name, faculty, program, and year of
    • graduation, etc.), academic certificate, transcript, language skills, computer skills, training and test details, etc.
  • 2.1.4. Data on job application, such as personal profile, working experience, details in resume/CV, criminal record, position applied,
    • expected salary, interviewed details, evidence or reference documents, and details as appeared in the interview assessment form, etc.
  • 2.1.5. Data that is used as supporting evidence in the job application or in execution of juristic acts, such as Personal Data which appears
    • in a copy of the national identification card, copy of passport, copy of change of name certificate, copy of house registration book, copy of military service certificate, copy of bank account book, copy of marriage certificate, copy of birth certificate, medical certificate, result of pre-employment medical check, form for specifying beneficiary, social security application form, letter of consent for personal background check, result of personal background check, employment contract, letter of guarantee for performance of employment contract, and relevant documents.
  • 2.1.6. Data on work and assessment, such as personnel code, position, department, affiliation, chain of command, performance
    • assessment, training data, disciplinary action data, details which appear in personnel transfer document of the Company, letter of resignation, and reason for the resignation, etc.
  • 2.1.7. Data on benefit and remuneration, such as salary, wages, reward, bonus, pension details, welfare, bank account number, guarantor’s
    • details, beneficiary’s details, social security details, provident fund details, tax details, tax deduction details, Personal Data which appears in medical certificates, annual health reports, maternity leave forms, salary reduction consent letters, etc.
  • 2.1.8. Technical data, such as log file, IP Address, etc.
  • 2.1.9. Other data, such as voice recording of conversations, and video recording by means of CCTV, etc.
  • 2.2. Sensitive Personal Data
  • 2.2.1. Health data such as weight, height, medical conditions, color blindness, physical examination results, food allergies data, drug
    • allergy data, blood group, doctor's certificate, medical history, dispensing history, medical bills for the purposes of labor protection, provision of medical care, work capability assessment, compliance with relevant laws.
  • 2.2.2. Biometric data such as fingerprint and face image data in order to identify and confirm your identity to prevent crime and
    • safeguard legitimate interests of us or other persons.
  • 2.2.3. Data about criminal records to consider your suitability with our operations and protect legitimate interests of us or other persons.
  • 2.2.4. Your religious belief, philosophy, race, nationality, disability, trade union data, genetic data, and biometric data to provide f
    • acilities, activities and welfare that are suitable for you and to make sure that we treat you equally, fairly, and in accordance with human rights principles.
  • 2.2.5. Other Sensitive Personal Data for lawful purposes such as when he data is disclosed to the public with your express consent or the
    • processing of the data is necessary to prevent or stop the danger to one's life, body, or health in the event that you are unable to give consent, to exercise legal claims, and to achieve the objectives of labor protection, social security, and employee benefits.
  • 2.3. If necessary, the Company will process your Sensitive Personal Data with your explicit consent or for other purposes as required
    • by law. We will use our best efforts to provide security measures that is appropriate to protect your Sensitive Personal Data.
  • 2.4. Data about criminal records, which will be collected from the evidence provided by you or you consent us to acquire from a relevant
    • authority. The Company will impose measures to protect your Sensitive Personal Data as required by law.
  • 2.5. Retention of Personal Data, the Company collects Personal Data according to the nature of the data received.
  • 2.5.1. Personal Data in electronic (Soft Copy) from the Company's computer system will be stored in the Company's central database that
    • maintains and maintains the security of data, assigns access control rights, including control rights. Enter the computer room. In the case of cloud-stored data, the Company utilizes a cloud service provider that has received ISO/IEC 20000-1:2011 International Cloud Service Management and CSA STAR Certification. Information security system in accordance with international standards ISO/IEC 27001:2013.
  • 2.5.2. Personal Data in paper Document (Hard Copy), for paper documents in the process of Company’s operations are stored in the
    • Company's secure area where access rights are set. The finished paper documents are stored in a secure document storage facility.

3. Purposes and Lawful Basis for the Collection, Use, Disclosure and Processing of your Personal Data

The Company will collect, use and/or disclose your Personal Data in accordance with the relationship between the Company and you only if necessary with Based on Legitimate Interest Base, Contract Performance Base, Legal Compliance Base, Consent Base or other legal bases as determined by the Personal Data Protection Act as the case may be, for the purposes of collecting, using or disclosing the Company's data as follows:

  • 3.1. For the purpose of used to process prior to entering into a contract or to perform the contract which the employee is a party to the
    • company such as the preparation of employment contracts, agreements, performance of employment contracts, compliance with
    • the Company's regulations and HR management regulations, code of conduct, assignment of work, employee migration, training,
    • performance appraisal, consideration of the position and compensation, management of employee health and safety.
  • 3.2. For the purpose of complying with the laws such as compliance with a legal obligation to which the Company are subject such as
    • labor protection law, labor relations law, ocial security law, safety, occupational, health, and working environment law, law regulating
    • occupations and diseases from the environment, contagious disease control law, etc.
  • 3.3. For the purpose of preventing or suppressing danger to a person’s life, body, or health basis such as emergency contact.
  • 3.4. For the purpose of the performance with a task carried out in the public interest or in the exercise of official authority vested in us.
  • 3.5. For the purpose with your consent which the company will inform and request to you from time to time.
  • 3.6. In the event of use other than the purpose to Clause 3.1-3.5. Collecting your Personal Data that you will be informed of the details and
    • the Company will request your express consent.
  • 3.7. Where the Company has previously collected your Personal Data before the Laws on Personal Data Protection have become effective,
    • the Company will continue to collect and use your Personal Data in accordance with the original purposes of collection. In this regard,
    • you have the right to withdraw your consent by contacting the Company using the contact details set out in article 9 contacting the
    • Company. However, the Company reserves the right to consider your request for the withdrawal of consent and proceed in
    • accordance with the Laws on Personal Data Protection.

4. Disclosure of Personal Data

  • 4.1. The Company may need to disclose your Personal Data in accordance with the purposes and rules prescribed under the law on Personal
    • Data protection by providing appropriate measures to protect your Personal Data disclosed to the following persons and entities:
  • 4.1.1. Hitachi Transport System group of companies are shall include executives, directors, employees and/or internal personnel
    • to the extent and as necessary for the processing of your Personal Data.
  • 4.1.2. Business partners, service providers, and data processors designated or hired by the Company to
    • perform duties in connection with the management/Processing of Personal Data for the Company in the provision of various services or any other services which may be beneficial to you or relevant to the Company’s business operation.
  • 4.1.3. Advisors of the Company, such as legal advisors, lawyers, auditors, or any other internal and external experts of the Company.
  • 4.1.4. Relevant governmental agencies which have supervisory duties under the laws or which have requested the disclosure pursuant to
    • their lawful powers or relevant to the legal process or which were granted permission pursuant to applicable laws, such as Revenue Department, Ministry of Commerce, Office of the Personal Data Protection Commission, etc.
  • 4.2. The disclosure of your Personal Data to third parties other than article 4.1 shall be in accordance with the Purposes or other purposes
    • permitted by law, provided that if the law requires your consent to be provided, the Company will request for your prior consent.
    • And the Company will put in place appropriate safeguards to protect the Personal Data that has been disclosed and to comply with
    • the standards and duties relating to the protection of Personal Data as prescribed by the Laws on Personal Data Protection.
  • 4.3. Where the Company sends or transfers your Personal Data as specified in article 4.1 and 4.2.which are outside Thailand, the Company
    • will ensure that the recipient country, the international organization or such overseas recipient has a sufficient standard for the
    • protection of Personal Data. In some cases, the Company may request your consent for the transfer of your Personal Data outside
    • Thailand, subject to the requirements under Laws on Personal Data Protection.

5. Security of Personal Data

The Company has provide appropriate security measures to prevent of Personal Data as required by the law on Personal Data protection. It's covers management preventive measures, technical and physical safeguards in regard to access or control of access to Personal Data, to maintain confidentiality, integrity and completeness and the availability of Personal Data, to prevent the loss, unauthorized access, use, alteration, correction or disclosure of Personal Data.


6. Retention Period of Personal Data

The Company will retain your Personal Data for the period necessary to the purposes for which the Personal Data was processed, whereby the retention period will vary depending on the purposes for which such Personal Data. The Company will retain Personal Data for the period prescribed under the applicable laws (if any) and the Company will keep your Personal Data until the end of the lawsuit (if any).


After the period of time set forth above has expired, the Company will delete or destroy such Personal Data from the storage or system of the Company. In this regard, for additional details regarding the retention period of your Personal Data, you can contact the Company by using the contact details set out in article 9 contacting the Company.


7. Rights related to data subjects

  • 7.1. Under the Laws on Personal Data Protection and under the Company's rights management process, you have the rights follows:
  • 7.1.1. Withdraw the consent you have given to the Company for the processing of your Personal Data.
  • 7.1.2. Request to view and copy you’re Personal Data or disclose the source where we obtain your Personal Data.
  • 7.1.3. Send or transfer Personal Data that is in an electronic form as required by Personal Data protection laws to other data controllers.
  • 7.1.4. Oppose the collection, use, or disclosure of Personal Data about you.
  • 7.1.5. Delete or destroy of your Personal Data.
  • 7.1.6. Suspend the use of your Personal Data.
  • 7.1.7. Correct your Personal Data to be current, complete, and not cause misunderstanding.
  • 7.1.8. Complain to the Personal Data Protection Committee in the event that the Company violate to comply with Personal Data protection laws.
  • 7.2. If you wish to exercise any of the rights as specified in article 7.1. Please contact using the contact details set out in article 9
    • contacting the Company. However, may be cases where applicable law restricts the exercise of any rights or there may be cases
    • Company can refuse your request such as in the case of refusing to exercise your right to comply with the law or court order. In the
    • case of where the refusing to exercise your right to comply with the law or court order if the Company refuses your request for
    • such reasons. If you find that there is a violation of your Personal Data in accordance with the data protection law, please
    • contact the Company to clarify the reasons and take corrective action according to your complaint.
  • 7.3. In this regard, the process of receiving a request to exercise rights from you, the Company will consider and notify you within 30 days
    • from the date of receipt of the request form as required by the Personal Data Protection Law.

8. Changes to This Privacy Notice

The Company may change or update this Privacy Notice from time to time and if there is a change in the Company's Personal Data protection practices due to reasons such as technological change or legal changes. The amendment to this Privacy Notice will become effective when the Company publishes the revised version on the website as follows

However, if revision has an effect on you as the Data Subject, the Company will notify you in advance of the revision as appropriate before it becomes effective.


9. Contacting the Company.

If you have any questions about any aspect of the Company’s practices in relation to your Personal Data, the Company appreciate to advise, provide data, suggestions and resolve your complaints by contacting Personal Data Protection Officer (DPO), Corporate Group Compliance Department. By using the contact data provided below:

  • 9.1. By phone: 02 337-2086-99 Ext. 3111
  • 9.2. By E-mail: TST-Corporate-Compliance@hitachi-tstv.com
  • 9.3. By registered mail or express mail, sending a letter to:
    • Personal Data Protection Officer (DPO).
    • Corporate Group Compliance Department.
    • No. 11/8-11/9, Moo 9, Bangchalong, Bangplee, Samut Prakan10540.


..........................................................................



ISD-BLC1-LC-05_Privacy Notice for Employees and Job Applicants_01-Jul-2021_Rev00