TH
  1. Home
  2. Privacy Policy for DEMCO’s employees

Privacy Policy for DEMCO’s employees

To ensure that employees' personal information or data is collected, kept, used in good faith, and in compliance with the Personal Data Protection Act B.E. 2562 (2019), DEMCO establishes this policy, as an extension of the "DEMCO Group Personal Data Protection Policy.", to be the practice for individuals involved in keeping, controlling, and using the employees’ confidential information.

  1. Definition of " Owner of personal information ": In this policy, " Owner of personal data " shall be referred to;
    Job Applicants means individuals who apply for a job hired by DEMCO or
    Employees means individuals employee under a labor contract or
    Labor Workers means individuals or juristic person providing temporary labor for DEMCO from time to time

    In cases wherever this policy mentions the term " person in charge”, it shall include “Job Applicants” and “Labor Workers” beside the word “Employees” itself.

    Beyond the aforementioned definition specified, it shall adhere to the definitions determined in the personal data protection policy of DEMCO Business Groups.

  2. Purposes of Personal Data Processing
    1. To be used acc.to the requirement of the Owner of Personal Data.
      • For usage in the process of being entered into Labor Workers Contracts engagement. (for Job Applicants)
      • To fulfill contractual obligations of Labor Workers Contracts or any other related Contracts.
    2. To fulfill contractual obligations:
      • Employees enter into a contractual relationship with DEMCO under Labor Workers Contracts engagement, such as in the preparedness of employment contracts, adherence to employment contract terms, compliance with DEMCO's personnel management regulations and codes of conduct, task assignments, staff transfers, off-site work assignments, training, work performance assessment, job position and remuneration considerations, management, the health and safety care of employees. This also includes the disbursement of funds related to or utilized for the performance of duties according to the employment contract.
      • The personal information or data of employees may be utilized for business operations related to the duties of those employees. For example, the names and license numbers of employees who are engineering supervisors may be used in pre-contractual processes such as tendering or bidding, contracting, including completed milestone’s delivery between DEMCO and clients or business partners.
    3. In fulfilling DEMCO's legal obligations as the data controller, such as:
      • Compliance with statutes, regulations, and directives issued by authorities empowered by laws, such as labor protection laws, labor relations laws, social security laws, occupational health and safety laws, environmental laws in the workplace, laws governing professional practices and diseases resulting from the environment, laws controlling contagious diseases, and legislation addressing computer-related offenses, wage garnishment in accordance with legal due process, etc.
    4. For the legal benefit of DEMCO, such as : Human resource management, including workforce analysis, allocation, and development of employees. Initiatives to foster employee relations within the organization, such as organizing employee activities. Administration of healthcare benefits, insurance, and other employee welfare services, such as the provision of medical facilities. Financial management and budgeting. Internal and external communication for pre-contractual processes, such as job bidding, authorization, certification issuance, information sharing with government agencies, identity verification, authorization and access control. Verification of the accuracy of information obtained from employees. Performance reviews and analysis of employee works. Compilation and analysis of work history databases. Connection and communication improvement. Provision of convenient facilities in the workplace. Information security and user account creation. Identity verification for system access. Security maintenance and prevention of accidents and crimes. Investigation and management of complaints, disputes, and allegations of corruption, cases, or conflicts. Post-employment care for former employees.
    5. To prevent and mitigate risks to life, body, or health of employees or other individuals, such as emergency contact and control including prevention of contagious diseases.
    6. To achieve specific objectives in activities or projects for which DEMCO agrees with individual employee consent.

    The processing of personal data by DEMCO for the purposes outlined in section 2.1, 2.2, 2.3, 2.4, and 2.5 can be carried out without any consent as mandated by laws. For other purposes those require consent, they can be studied more for the details in section 10.

  3. Storage, Keeping, and Usage of Employee Personal Data
    1. DEMCO Business Groups respect the personal rights of employees highly.
    2. DEMCO Business Groups will request personal data from employees only to the extent of necessity for management, as required by law, or as specified by relevant organizations or authorities.
    3. DEMCO Business Groups ensures that the keeping, storage, and usage of personal data are stringent, confidential, and secure.
    4. DEMCO Business Groups defines the roles of data collectors, data processors, custodians, users, and approval authorities, including transparent verification processes, to ensure the secure and ethical handling of employee personal data.
    5. Each employee, as the owner of personal data, has the right to inspect, verify, and update the data in case of any changes in information. In situations where DEMCO or related agencies request for the information, consent must be provided.
    6. The personal data of foreign employees will be kept, stored, and used in the same manner as Thai employees.
    7. In cases external individuals or organizations require information about employees, a written requirement stating the necessary reasons must be submitted for approval by the data controller before disclosure is permitted.
    8. When government agencies request employees’ information, the data controller should review and consider if it is reasonable to submit the personal data to, except for regular periodic mandated by laws, such as social security, taxation, labor protection, etc.
    9. For the transfer of personal data of employees to foreign countries, the Chief Executive Officer/Managing Director acts as the approving authority and ensures compliance with legal requirements.
    10. The personal data that DEMCO retains is considered as the Company's property, and any unauthorized access, disclosure, utilization, or destruction without approval from DEMCO. It will result in severe penalties and legal actions, including full compensation for damages according to the laws.
    11. Any action related to the collection, storage, usage, verification, review, approval, or processing of personal data under this policy should be carried out with the utmost confidentiality and integrity. Employee personal data is considered the highest-level confidentiality.
  4. Disclosure of Employee Information

    DEMCO may disclose, transmit, or transfer employee data and/or special personal information to external individuals, personal data processors, or legal entities for the following purposes:

    1. For the purposes related to recruitment activities, contract management, and/or other agreements associated as per the aforementioned, DEMCO may transmit, transfer, or disclose employee personal information including sensitive information to external consultants or service providers.
    2. DEMCO may disclose personal information and/or one’s sensitive information to internal and external auditing organizations, the Thai Life Assurance Association, the Insurance Commission, the Anti-Money Laundering Office and terrorism for both domestic and international, police officers, public prosecutors, law enforcement officers, revenue officers, or any other authority with the legal mandate to investigate and monitor.
    3. There may be a necessity for DEMCO to disclose the personal information of the data owner to DEMCO Business Group or the others, both domestic and international, such as service providers engaged in activities related to personal data. In such cases, DEMCO will ensure that these entities maintain the confidentiality of the information and do not use it for purposes beyond the scope defined by DEMCO.
    4. DEMCO may disclose personal information under legal criteria, such as providing information to government agencies, public authorities, compliance units, or in response to legal requests, such as information requested for legal proceedings, lawsuits, or requests from private entities or individuals related to legal processes.

    The disclosure or transfer of personal data for the purposes of 4.1, 4.2, 4.3, and 4.4 can be executed without the need for consents as mandated by law. For other purposes requiring consent, you can refer to the details in section 10.

    If the recipient of the information is considered as a personal data processor, DEMCO will establish a contract and provide instruction in compliance with legal requirements.

  5. Types of Personal Data Collected
    1. Data and documents related to the employee recruitment process, such as resumes, application letters, job applications, and recruitment-related opinions.
    2. Contact information of employees, including names, addresses, phone numbers, and email addresses.
    3. Personal information about self-employees, such as date of birth, age, gender, marital status, interests, and opinions.
    4. Information about employee’s family members, such as marital status, spouse's name, children, or dependents of employees who are eligible for benefits under DEMCO's personnel management regulations. Employees are required to inform the individuals concerned about this privacy policy before providing their information to DEMCO.
    5. Maps, photographs, including motion pictures or other information related to the residence for employee’s sickness visits, maternity visits, or providing help in case of emergencies. This is also a basic creation for good relationships with the employee's family.
    6. Educational and developmental information about employees, such as education level, qualifications, training history, academic history, exam results, language proficiency, and other professional skills.
    7. Work experience details, including job positions, employer details, salary, and compensation received.
    8. Information about locations where work performed.
    9. Information about military obligations.
    10. Personal characteristics of employees, such as personality, behavior, attitudes, aptitudes, leadership, ability to work with other ones, emotional intelligence, and relationship to the organization. This information may be obtained through observations and analyses by DEMCO’s representative or colleagues during working or participation in activities with DEMCO business units.
    11. Information required for reporting to regulatory authorities, such as the Ministry of Labor, the Stock Exchange of Thailand (SET), the Office of the Securities and Exchange Commission (SEC), and the Thai Institute of Directors (IOD).
    12. Financial information, including wage, salary, income, tax, provident fund, bank account details, loan information, Items exempted or deducted from taxes, company’s securities holding, name of securities company.
    13. Information related to social security, labor protection, rights, benefits, and welfare received or entitled to receive under DEMCO's personnel management regulations.
    14. Work entering & leaving records, working hours, overtime, and leave.
    15. Employment history details, job positions, participation in meetings, and opinions provided during serve as the Company Director. Additional information may be that for Board Members, such as Director profiles and Board Members registers.
    16. Information about the usage and access of information systems, computers, work systems, websites, applications, and electronic devices to align with the technology policies of DEMCO's business units and relevant laws.
    17. Data collected from participation in DEMCO activities, surveys & assessments questionnaire responses.
    18. Information voluntarily shared and disclosed by employees through DEMCO's applications, tools, questionnaires, and documents.
    19. Copies of identification documents that can be used to identify employees, such as ID cards, passports, and other documents issued by government agencies.
    20. Contactable persons of individuals those DEMCO can reach in case of emergencies.
    21. Information about vehicles, vehicle registration numbers, and motorcycles for permission to enter and exit the area including safe and adequate parking inside DEMCO's premises. This shall also include driving license information and, in the case of company-provided vehicles, information about the driving behavior of employees, such as the use of GPS systems for vehicle tracking.
    22. Other data necessary for checking conflicts of interest in benefits, such as shareholding information and business relationships.
    23. Data related to accidents occurring both directly during working hours and that relate to work duties.
    24. Other information necessary for performing contractual obligations, managing welfare benefits, analyzing, and managing DEMCO's operations, caring for employees after the end employment, and all the conducting which comply with various laws.
    25. Information related to complaints, investigations, and disciplinary punishment (whistleblowing).

    If an employee refuses to provide personal data required for legal compliance, contractual obligations, or to enter a contract with DEMCO, it may cause the incomplete execution of employment contracts and affect to welfare benefits or services provided by DEMCO.

  6. Specific Categories of Personal Data
    1. DEMCO may need to collect, process, and/or disclose specific categories of personal data of employees for the purposes stated in Sections 2 or 4 of this policy, including but not limited to:
      • Health-related Information: Such as weight, height, medical conditions, eye defects, results of medical examinations, food allergies, medication allergies, blood type, medical certificates, medical treatment history, and prescription receipts. This information is used for employee healthcare coverage, assessing the employee's ability to perform job duties, and complying with relevant laws, such as the Ministerial Regulations specifying the criteria and method for conducting health examinations of employees and submitting the results to labor inspectors, B.E. 2004. Additionally, this information is used for analyzing employee health data for proper management.
      • Biometric Data such as fingerprint templates and facial recognition data for identifying and confirming the identity of employees, preventing criminal activities, and ensuring to keep benefits for DEMCO or others legal rights.
      • Criminal Record Information: To evaluate suitability for employees’ practices and providing benefits in accordance with DEMCO's or others' legal rights.
      • Beliefs in Religion, Philosophy, Ethnicity, Nationality, Disabilities, and Genetic & Biologic Information for providing appropriate facilities, activities, and benefits to employees ensuring equal and fair treatment, and complying with human rights principles.
      • Other specific Categories of Personal Data: Such as for specific legal purposes, when an employee is unable to provide consent, voluntarily discloses information to the public, or exercises legal rights. This includes information necessary for exercising legal rights related to employment, social security, and employee benefits.
    2. DEMCO will process special categories of personal data under Section 6.1 only when it is necessary for the purposes specified in Sections 2 or 4, and with explicit consent from the employee or for other legal purposes. DEMCO will make every reasonable effort to implement adequate security measures to protect this specific information.
    3. Information related to criminal records will be obtained through evidence provided by employees or with the employees' consent for verification from competent authorities, as required by law. DEMCO will ensure that adequate measures are in place to protect such information as required by law.
  7. Regulations and Practices for Personnel Involved in Employee Personal Data

    To ensure the collection, retention, usage, and control of employees' personal data comply with various data protection policies of DEMCO and relevant legal requirements, the duties and responsibilities of personnel involved are outlined as follows :

    1. Managing Director
      1. Appoint a Data Controller responsible for updating, keeping current, and ensuring the confidentiality and legal compliance of personal data.
      2. Review and approve the use and control of personal data beyond the Data Controller's authority or when transferring employee data to external or foreign entities.
      3. Conduct an annual review of the collection, retention, and usage of personal data to ensure compliance with policies and legal requirements.
    2. Human Resources Manager
      1. Act as Data Controller for employees, ensuring compliance with the Personal Data Protection Act.
      2. Prepare employee data details for collection, retention, and control along with justifications for usage.
      3. Setting secured data storage guideline
        A. Access to document secured storage cabinets shall be restricted to authorized personnel only.
        B. Implement password-protected access for computers or information systems which store personal data.
        C. Additional access to data can be granted, but any deletion, modification, or extraction of data must not be done independently.
      4. Organize meetings to provide employees the knowledges about policies, rights, and responsibilities under this policy.
      5. Consider approving the requirement for employee personal data usage for DEMCO purpose or for employee him/herself.
      6. Hold spare keys or login passwords for emergency access situations.
      7. Manage to solve and then report any abnormal data handling or usage immediately to the managing director to rectify and prevent further breaches timely.
      8. Review personal data collection and usage at least once a year to ensure compliance with the policy or legal.
      9. Prepare personal data reports as required by laws for audits or submitting to inspection authority.
      10. Keep records of data usage and storage to verify compliance with the policy.
    3. Recruitment Personnel
      1. Retain applicant data for a minimum of 2 years after end of employment or until the docket ending of any related cases.
      2. Retain data of rejected applicants for at least 3 months.
      3. Using secure methods like shredding or burning to destroy data.
      4. Manage keeping the keys or passwords related to data storage.
      5. Record of data usage, change and storage to ensure conduct acc. to the policy.
    4. Responsibilities of Payroll and Benefits Personnel
      1. Process and store personal data related to compensation, welfare, social security, and income tax.
      2. Process additional data requested for tax calculations or interim welfare.
      3. Issue certificates or provide requested information to the data owners.
      4. Permanently store compensation-related data as per tax regulations.
      5. Manage keeping the keys or passwords related to compensation data.
      6. Record of data usage and storage to ensure conduct acc. to the policy.
    5. Safety Personnel for workplace
      1. Keep employee health data confidential.
      2. Coordinate with medical entities for treatment or legal compliance.
    6. The Information Technology Manager or specialized experts shall provide guidance on the confidential storage of personal data into the information system. Ensure that the data is complete, not deleted, not violated, and not destroyed. It should be possible to verify usernames, dates, and times of usage, including to control and audit Information Technology (IT) personnel to be designated as confidential processors of personal data into the information system confidentially.
    7. IT staff for data processing, password set for the secure storage of data, preventing breaches and destruction to ensure compliance with the policy.
    8. The Managing Director, HR Manager, or relevant parties shall review for supplement or elimination personal data stored at least once a year. This is to ensure that the collection, retention, and usage of employee personal data comply with the policy, relevant and current laws.
    9. In the performing of duties or using the data related to the network and computer systems of DEMCO business group, all of the employees must adhere to the Network and Computer Usage Policy.
  8. Cookie Usage

    DEMCO utilizes cookies to gather personal information related to the use of the DEMCO website, as specified in the Cookie Usage Policy.

  9. Rights for Employee Access, Inspection, and Additional Notification Personal Data

    Employees who are the owners of personal data held by DEMCO have the following rights and responsibilities:

    1. Having the right to request an inspection of the storage and use of their own data during working hours every day. This request shall be made to the Data Controller (Personnel Manager) for processing.
    2. Employees have the right to withdraw the consent provided to DEMCO for processing their personal data.
    3. Having the right to request for certification, copy or usage their specific personal data only, by notifying the Data Controller (Personnel Manager) for processing.
    4. Be responsible for delivering documents or any personal data requested by DEMCO within the specified time.
    5. Having the responsibility to notify DEMCO for any changes of personal information, such as a change of name, surname, address, marital status, or newborn children within 7 days.
    6. Having the responsibility to notify the original affiliation manager or the personnel manager immediately for significant personal information, such as infectious diseases, epidemics, mental health issues, substance abuse, criminal records, or any legal violations affecting health, safety, life, property, or the peaceful coexistence of working together, for prompt consideration to be correction, prevention, or assistance.
    7. Having the right to suspend the usage, request for deletion or destruction, or anonymize their specific personal data that cannot be personally identified.
  10. Consent requested and possible consequential effect of withdrawal
    1. In cases where DEMCO collects and processes an employee's personal data beyond the purposes outlined in sections 2.1, 2.2, 2.3, 2.4, 2.5, and discloses personal information beyond the purposes outlined in sections 4.1, 4.2, 4.3, 4.4, DEMCO will seek a consent from employee. Employee has the right to withdraw his/her consent at any time. However, the withdrawal of consent will not effect the collection, usage, disclosure, or processing of personal data that the employee has previously consented to.
    2. If an employee withdraws his/her consent given to DEMCO or refuses to provide any specific information, it may result in DEMCO being unable to proceed with achieving some or all the purposes specified in this Privacy Policy.
  11. Data Retention Period
    1. DEMCO will retain the personal data of employees for the necessary duration to achieve the objectives according to the type of personal data, unless the law allows for a longer retention period. In cases where the specific retention period for personal data cannot be clearly defined, DEMCO will retain the data for a duration that may be reasonably expected based on standard data collection practices (e.g., a maximum of 10 years in accordance with general legal requirements).
    2. DEMCO will retain the personal data of employees throughout their employment period with DEMCO and for a necessary duration after the termination of their employment to fulfill contractual obligations.
    3. DEMCO will retain the personal data of family members or individuals under the responsibility of DEMCO’s employees for the necessary duration to process and achieve the objectives outlined in this Privacy Policy, especially to respond to the rights of employees to receive benefits according to DEMCO's personnel management regulations.
    4. In cases where DEMCO uses an employee's personal data with their consent, DEMCO will process such data until the employee requests the withdrawal of the consent and DEMCO had fulfilled the requirement. However, DEMCO will continue to retain the employee's personal data as necessary for record-keeping purposes, indicating that the employee had previously withdrawn their consent. This allows DEMCO to respond to future requests from the employee.
    5. DEMCO has set a monitoring system to carry out the deletion or destruction of personal data when the retention period expires, or when it becomes irrelevant or exceeds the necessity for the purposes of data collection.
  12. Personal Data Security Measures
    1. The security of employee personal data is of extreme importance to DEMCO. The Company has implemented technical, managerial, and physical security standards to protect personal data from loss, unauthorized access, use, or disclose, as well as from improper operations, alterations, modifications, and destruction. Technologies and security measures such as encryption and access restrictions are employed to ensure that only authorized individuals can access to employee personal data. These authorized individuals undergo training on the importance of personal data protection.
    2. DEMCO has implemented appropriate security measures to prevent loss, unauthorized access, use, modification, correction, or disclosure of personal data by individuals who do not have the right or duty related to that personal data. The Company conducts periodic reviews of these security measures when it is necessary or when technological change occurs, to ensure the sufficiency in maintaining appropriate security.
  13. Penalties for violation of this regulation and/or Infringement of Employee Personal Data Rights
    1. Any employee who discloses, uses, or violates the personal data of other employees without approval from the Data Controller (Personnel Manager) or the Managing Director or the data owner, He / She will be considered as acting dishonestly, intentionally causing harm, infringing on personal rights, and causing severe harm. Such actions may result in penalties, including termination without compensation.
    2. Employees assigned by DEMCO to control, collect, retain, process, and use data are considered personnel officers. If they do own mistake, they will face with higher penalties than regular employees.
    3. Employees who refuse to submit requested personal data to DEMCO or provide false information are considered intentionally causing harm and dishonesty. Appropriate disciplinary action will be taken by DEMCO.
    4. Any employee who violates or fails to comply with this policy may be held responsible for any resulting damages in accordance with the laws.

DEMCO, therefore, requests all employees to study and strictly adhere to the above-mentioned policy and guidelines. This is to ensure the secure for proper collection, retention, and usage of personal data of employees throughout their collaboration.