For the performance of its activities AISIN POWERTRAIN (THAILAND) Co., Ltd. (hereinafter referred to as
“
AIPT understands the importance of the protection of personal data and the concerns of our employees, family members of employees, applicants and other persons with whom it has contacts regarding the processing of their personal data. AIPT always carefully considers the protection of personal data during the different personal data processing operations.
This policy is designed to provide a uniform minimum standard for the protection of personal data applicable to AIPT. This Policy will be applied by AIPT, except if other compulsory data protection legislation is applicable which contains stricter obligations and conditions.
The data controller for the purposes of this policy is AIPT, with registered office address at WHA Eastern Seaboard Industrial Estate 2 –WHA ESIE 2 890/2 Moo 3 Khao Khan Song Sub-district, Sriracha District, Chonburi 20110
AIPT has created a PDPA contact point, to ensure the implementation and enforcement of the Personal Data Protection Act B.E. 2562 (2019) (referred to as the “PDPA”) and this policy.
To exercise any of your rights (see article 7 of this policy), or if you have any other questions about how AIPT processes your personal data, please contact to the Data Protection Working Group by E-mail or phone number below:
The Data Protection Working Group
E-mail: DPO@aipt.aisin-ap.com
Phone number: 033-085-111 ต่อ 6008
The applicable data protection legislation uses specific language and refers to an abstract matter. Below you will find several definitions in order to enable you to better understand the terminology, and by extension, this policy.
a. Personal data
Personal data means any information relating to a natural person, also known as the data subject, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons. For example, a name, an identification number, location data, an online identifier or one or more elements that are characteristic of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b. Data controller
Data controller means a natural person or juristic person (for example a company), having the power and duties to make decision regarding the collection, use, or disclosure of the personal data.
c. Data processor
Data processor means a natural person or juristic person who operates in relation to the collection, use, or disclose of the personal data pursuant to the orders given by or on behalf of the data controller, whereby such natural person or juristic person is not the data controller.
d. Processing personal data
Processing personal data means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means (e.g. software), such as collection, use, disclose by transmission, transfer, send, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
The PDPA has several basic principles which every data controller and data processor must comply with in order to be in accordance with this legislation. In the event of doubt regarding the application of these principles in a concrete case, you can always contact the PDPA contact point for further explanations.
a. Lawfulness
The PDPA provides that personal data must be processed lawfully and fairly with respect to the data subject.
In order to process personal data lawfully, a legal basis must exist. In principle, the Company processes personal data only when:
Other than where justified by the legal basis above, the Company will usually process personal data where necessary for:
If you have given your consent for a specific processing purpose to AIPT in order to process your data for that purpose, you can withdraw this consent at any time. AIPT will then stop any further processing of your data for which you gave consent and will inform you of the possible consequences of your withdrawal of consent. If AIPT processes your personal data for other purposes and in order to do so it refers to other legal bases, it will still be able to process your personal data.
AIPT ensures that it always refers to at least one of the above-mentioned legal bases when it processes personal data. If you have questions about the applicable legal basis that AIPT is referring to, you can always contact the PDPA contact point.
Some categories of personal data are of a sensitive nature and data protection legislation also has a stricter regime for these special categories of personal data (also known as “sensitive personal data”). These are data concerning racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect the data subject in the same manner.
In principle, the processing of these sensitive personal data is forbidden unless the Company can refer to one of the exceptions. In a limited number of cases, should AIPT process sensitive personal data, the data subject will be informed in advance. For more information about the AIPT's handling of sensitive personal data, please contact the PDPA contact point.
b. Fairness
The data controller ensures that personal data shall be processed:
c. Transparency (personal data collected and purposes for processing)
In principle, AIPT processes personal data it has received directly from the data subject or indirectly and shall inform him/her about the following matters:
When the data subject already has all the information, AIPT will not inform the data subject unnecessarily about the processing of his/her personal data.
If AIPT processes personal data for other purposes that are incompatible with the purposes for which they were initially collected (the new purpose is not described in the initial information note and the data subject cannot guess that his or her personal data will also be processed for this new purpose), the Company will take all the necessary measures to process such data lawfully and will inform the person concerned.
Specific legislation may contain exceptions or set additional requirements which the Company must comply with, with respect to the provision of information to data subjects. These mandatory legal provisions take precedence over this policy.
d. Personal data to be processed and purpose of processing
The personal data that AIPT processes, and the purposes of processing may notably include the following
information:
Order | Category | Purpose |
---|---|---|
1. |
Recruit and Hiring Process: name-surname, nick-name, picture, gender, religion, blood-type, e-mail, telephone number, ID card related information, date and place of birth, household registration related information, educational background, marital status, social security number, financial and tax related information, conscript information, health and disability information, employment training information, birth and death certificate information, finger scan, etc. |
To recruit and register employee to the Company’s employment system |
2. |
Human Resource and General Administration Management: name-surname, ID card related information, passport related information, age, gender, blood type, address, telephone number, status, weight and height, race and nationality, criminal record, health information, beneficiary information, bank account, employee number, invoice, picture, salary information, passport number, guarantor’s citizen card related information, company rental car related information, conscript information, educational background, sim card, copy of (1) ID card (2) birth and death certificate (3) marriage certificate (4) parent’s ID card (5) household registration and (6) medical certificate, etc. |
To manage HR and GA matters such as internal and Japanese expats payroll, tax clarification, job performance evaluation, welfare reimbursement, in-house and external training, certificated internal trainer, intern recruitment, outsourcing agreement, CCTV management, air ticket reservation, employee health check-up, insurance, etc. |
3. | Whistleblowing Management: | To receive reports, conduct investigations, report to the affiliated companies, and conduct corrective measures, etc. |
4. |
Company Administrative Procedure: name-surname, ID card related information, taxpayer ID, social security number, social security contributions, salary and benefit information, remitted tax amount, educational background, disability, nationality, picture, employee number, department and job position, training certificate, copy of ID card and passport etc. |
To submit necessary document to the Social Security Office, Revenue Department, Office of Social Development and Social Human Stability, Department of Labor Protection and Welfare, Chon buri Institute for Skill Development, Department of Employment, Department of Alternative Energy Development and Efficiency, municipality office and other relevant government authorities. |
e. Confidentiality and integrity
AIPT takes the required technical and organizational measures to ensure that the processing of personal data is always carried out with the appropriate safeguards to protect the data against unauthorized access or unlawful processing and against loss, destruction or damage, accidental origin. AIPT use a range of physical, electronic and managerial measures to ensure that it keeps personal data secure, accurate and up to date.
f. Personal Information of others provided by you
In certain situations, including administration of health insurance programs and other benefits for employees, and as a contact in emergency, you may provide to AIPT personal data of others (e.g. your next of kin, beneficiaries). It is your responsibility to inform the nominated individual about the processing of their personal data for the described purposes and to confirm, if required by law, that they have given their permission.
In some cases, AIPT may have to transmit personal data to third-party receivers, both inside and outside the Company's group. In any event, these personal data are only transferred on a need-to-know basis to these receivers who carry out the processing for specific purposes. AIPT shall always observe the necessary security measures when transferring the data and with respect to the receivers, in order to guarantee the confidentiality and integrity of the personal data
The transfer to third parties can take several forms, as described in more details below.
a. Transfer within the group of AIPT
Third-party transfers can only intervene if AIPT has respected the various principles and obligations imposed by PDPA. This means that the transferring Company can rely on a legal basis (legitimate interest, consent from the data subject, performance of an agreement, etc.) for this transfer.
In this further processing, the Company must also comply with the other principles listed in article 5 of this policy.
When your personal data are passed on to companies within the group, but which are located outside Thailand (i.e. Japan), AIPT will provide for the appropriate guarantees described in point c.
b. Transfer to third parties
Other than specified in the preceding paragraph, AIPT may send or transfer personal data to third parties including law enforcement agencies and other third parties that are our service assignees for recruitment services, healthcare services, accounting services, auditing services, banking services, insurance services and other professional consultancy services, etc.
c. Overseas Transfer
It is also possible that AIPT transfers personal data to parties that are based outside Thailand.
Such a transfer is possible if the country where the receiver is based has adequate data protection standard in accordance with the rules for the protection of personal data as prescribed by the Data Protection Committee.
In other cases, AIPT may send or transfer your personal data overseas if the Company provide appropriate safeguards which enable the enforcement of the data subject’s rights, including effective legal remedial measures according to the rules and methods as prescribed and announced by the Data Protection Committee.
Where this has not occurred or is not possible, AIPT may still transfer the personal data of the data subject, following the consent of the data subject. In order to allow the transfer, and therefore the processing, also in these cases, AIPT will ask the person concerned if he/she agrees to this transfer to third countries that may have inadequate personal data protection standards.
If more information for these international transfers are desired, the procedure as described under article 7 can always be followed.
AIPT will securely store your personal data on our systems at least ten years after the expiration of the employment contract with you. Provided, however, AIPT may retain your personal data for a longer period if it is necessary for the longest of the following periods:
To determine the appropriate retention period of the personal data, AIPT will consider the amount, nature and sensitivity of such personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purpose for which the Company process the personal data and whether that Company can achieve those purpose through other means, and the applicable legal requirements.
After the final time limit has passed, AIPT shall delete or anonymize the personal data if the Company still wishes to use such personal data for statistical purposes and may retain it for a longer period of time for dispute management, study or archiving purposes.
Data protection legislation provides for different rights for data subjects with respect to the processing of personal data so that the data subject can still exercise sufficient control over the processing of his or her personal data.
Through this policy, AIPT is already trying to provide as much information as possible to the data subjects in order to be as transparent as possible with respect to the processing of personal data.
AIPT understands that the data subject may still have questions or desire additional clarifications with respect to the processing of his or her personal data. AIPT thus understands the importance of the rights and shall therefore comply with these rights, considering the legal limitations in the exercising of these rights. The different rights are described in detail below.
a. The right of access
The data subject has the right to request access to and obtain a copy of your personal data, which is under the responsibility of the Company, or to request the disclosure of the acquisition of the personal data obtained without your consent. For any further copies requested by the data subject, the Company may charge a reasonable fee.
b. The right to rectification
When the data subject establishes that AIPT has incorrect or incomplete data about him or her, the data subject always has the right to inform AIPT of this fact so that appropriate action can be taken to rectify or supplement these data. It is the data subject’s responsibility to provide correct personal data to the Company.
c. The right to erasure
The data subject can ask to have his or her personal data erased, or destroyed, if the processing is not in accordance with data protection legislation (Article 33 of PDPA).
d. The right to restriction of processing
The data subject may request the processing restricted if:
e. The right to data portability
The data subject has the right to obtain his or her personal data which he or she provided to AIPT in case where AIPT has arranged such personal data to be in the format which is readable or commonly used by ways of automatic tools and can be used or disclosed by automated means.
In addition, the data subject has the right to have those personal data transmitted to another data controller (directly by AIPT). This is possible if the data subject has consented to the processing.
f. The right to object
When personal data are processed for direct marketing purposes, the data subject can always object to this processing.
The data subject can also object to processing due to a specific situation regarding the data subject. AIPT shall stop processing the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests of the data subject or for the exercise or defense of legal claims.
g. The right to withdraw consent
If you have given your consent for a specific processing purpose to AIPT in order to process your data, you can withdraw this consent at any time by contacting the PDPA contact point. However, such withdrawal of consent shall not affect the processing of personal data that you have already given consent legally to the Company.
h. The right to complaint to the authority
The data subject has the right to file a complaint with the relevant data protection authority in the event that AIPT does not comply with the data protection legislation (the PDPA).
The data subject can exercise his/her rights provided in the a. to g. above by sending an e-mail or registered letter to AIPT’s PDPA contact point described in article 2 of this policy. AIPT may ask the data subject to identify themselves in order to ensure that the effective exercise of the rights is requested by the data subject.
In principle, AIPT shall respond to the request of the interested person within 30 days. Otherwise, AIPT informs the data subject of the reasons for their delay in the follow-up of the request.
AIPT reserves the right to adjust and review this policy when it deems necessary and to remain coherent with the legal obligations and/or recommendations of the competent supervisory authority for data protection.