Recruitment Privacy Policy

CBM Facilities & Security Management (Thailand) Co., Ltd. (the “Company”) recognizes the importance of the protection of your personal data as an applicant, candidate or prospective employee of the Company. This Recruitment Privacy Policy explains our practices regarding the collection, use or disclosure of personal data including other rights of the Data Subjects in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Laws”).

Sources of Personal Data
We collect your personal data that receive directly from you as following;

• Job-application form
• Internship-application form
• Submission of information via the Company’s website
• Supporting documents for job-application or internship process
• Aptitude test
• Language test
• Participate in the Company’s recruitment activities
• Contact via telephone
• Contact via email
• Contact via post
• Google login
• LINE login
• Linkedin login
• Facebook login

We may collect your personal data that we can access from the other source not directly from you such as search engines, social media, job recruitment websites, universities or colleges registrar, government authorities, third parties, reference person, family members, ex-employers, ex-colleagues etc.

Type of Data Collected

Personal data such as name, surname, gender, age, weight, height, date of birth, nationality, identification card numbers, passport numbers, marital status, military status, photo, etc.

Contact data such as address, telephone number, email address, etc.

Financial data such as bank account, salary, benefits, etc.

Education data such as certificates, diplomas degree, transcripts, education background, etc.

Working and skill data such as work permit, past work experience, past work performance,information about training and seminar, awards, portfolios, language test result, aptitude test result, interview process result, etc.

Photo or video recording data such as photo recording via CCTV, Self- introduction video, etc.

Proof of identity data such as copy of identification card, copy of passport, etc.

Technical data such as IP address, Cookie ID, Activity Log, etc.

Other information such as CV or resume, cover letter, reference person, information related to family members or any information which you provide to us during the interview process.

We may collect, use or disclose your sensitive data that is specially categorized by law when we have obtained explicit consent from you or where necessary for us as permissible under law. We may collect, use or disclose your sensitive personal data as following;

• racial
• ethnic
• religious or philosophical beliefs
• criminal records
• health data
• disability
• biometric data such as facial recognition, data, iris recognition data or fingerprint recognition data
• Any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee

In the case the personal data collected by the Company as specified above is necessary for the employment selection or legal compliance, such as your past work experience and criminal records (if any). If you do not provide the Company with such necessary personal data, the Company may not be able to process your application further.

Children

If you are under the age of 20 or having legal restrictions, we may collect, use or disclose your personal data. We require your parents or guardian to be aware and provide consent to us or allowed by applicable laws. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

Storage of Personal Data

We store your personal data as hard copy and soft copy.
We store your personal data by using the following systems:

• Our server in Thailand
• Our server outside of Thailand
• Third-party server service providers in Thailand
• Third-party server service providers outside of Thailand

Use of Personal Data

We use the collected personal data for various purposes:

• Job-application procedures
• Internship-application procedures
• Internal human resource management of the Company
• Procedure for conducting background and qualification check
• Monitor security in the Company’s area such as recording photo via CCTV and ID card deposit before entering into the building or area of the Company
• Communicate, advertise and offer other jobs offer of the Company that may suit you
• To comply with any related law, government orders or regulation.

Disclosure of Personal Data

We may disclose your personal data to the following parties in certain circumstances.

Organization Management
We may disclose your personal data within our affiliate company and group company only as necessary for job-application procedure.

Law Enforcement
Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by government authorities such as court or a government body.

Business Partner
We may disclose your personal data to the business partners in order to pursue the purposes of this Recruitment Privacy Policy.

Service Providers
We may disclose your personal data to the service providers for the purposes as follows:

• Document storage and destruction service
• Security service
• Health checkup service
• Criminal record and background checks service
• Information technology service
• Recruitment service
• Professional services such as business consultant, auditor, legal firm, tax firm or any other advisors.

Business Transfer
In connection with any reorganization, restructuring, merger or acquisition, or other transfer of assets, we will transfer information, including certain your personal data, provided that the receiving party agrees to respect your personal data in a manner that is consistent with this Recruitment Privacy Policy and Personal Data Protection Laws.

Cross-Border Data Transfer
We may disclose or transfer your personal data to third parties, organizations or servers located in foreign countries. We will take steps and measures to ensure that your personal data is securely transferred, and the receiving parties have an appropriate level of personal data protection standard or as allowed by laws.

Data Retention
We will retain your personal data for as long as necessary for the purposes set out in this Recruitment Privacy Policy unless law requires or permits a longer retention period. However, we may maintain your information for the purpose of considering you for other suitable roles and/or job openings in the future. We will erase, destroy, or anonymize your personal data when it is no longer necessary or when the period lapses.

Data Subject Rights
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:

1. Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
2. Data access: You have the right to access your personal data that is under the company’s responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how we obtain your personal data.
3. Data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
4. Objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
5. Data erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this Recruitment Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
6. Suspension: You have the right to request us to suspend processing your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary and we must erase or destroy your personal data pursuant to relevant laws but you instead request us to suspend the processing.
7. Rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
8. Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.

You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email, telephone, registered mail (if applicable)

Data Security

We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls.

Data Breach Notification

We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay by SMS, email, telephone call or registered mail if applicable.

Changes to this Recruitment Privacy Policy

We may change this Recruitment Privacy Policy from time to time in accordance with our processing activities. Any changes of this Recruitment Privacy Policy, we encourage you to frequently check on our website or internal communication. This Recruitment Privacy Policy was last updated and effective on 25th February 2022.

Contact Information

If you have any questions about this Recruitment Privacy Policy, please contact us by using the contact information through the following channels:

Data Controller

If you have any questions about this Recruitment Privacy Policy, please contact us by using the contact information through the following channels:

Data Controller

Name: CBM Facilities & Security Management (Thailand) Co., Ltd.
Address: 65, Room 1903, 42 Tower, 19th Floor, Sukhumvit 42 Road, Phra Khanong, Khlong Toei, Bangkok, 10110
Telephone: (66) 2 381 5015-7 # 12
Email: thippa@cbm-thai.com
Website: www.cbm-thai.com

Data Protection Officer

Name: Thippayaporn or DPO team
Address: 65, Room 1903, 42 Tower, 19th Floor, Sukhumvit 42 Road, Phra Khanong, Khlong Toei, Bangkok, 10110
Telephone: (66) 2 381 5015-7 # 12
Email: thippa@cbm-thai.com