info-siam@gorioux.com
+66 (0)200-48-549 +66(0)33-0032-31

Privacy Policy

GORIOUX SIAM Privacy Policy

Introduction

This charter applies to all personal data processed by GORIOUX SIAM entities acting as data controllers or processors in the course of its business.

It explains what data we may collect, how we use this data, with whom we may share it, and what measures we take to ensure its confidentiality and security.

When we use the terms “you” or “your”, this refers to you or any person who may carry out your actions with us. This only applies to people considered as natural persons, that is, human beings with legal personality who have been granted rights: employees, trainees, suppliers, customers, service providers, third parties. This charter does not apply to companies and businesses considered as legal entities.

Similarly, when we use the terms “GORIOUX SIAM”, “we” or “us”, this includes all entities of the GORIOUX SIAM in Thailand.

The purpose of this charter is to bring GORIOUX SIAM into compliance with current legislation and in particular with Personal Data Protection Act B.E. 2562 (2019) (English version), known as PDPA.

What data do we collect?

The data we collect or hold about you comes from various sources. Some is collected directly from you, while others are collected in compliance with applicable regulations. We may also collect information about you when you interact with us, for example, when you contact us via our website, when you call us, or when you visit one of our offices.

Some may even come from publicly available sources (e.g., DBD, Ministries, websites) or from Thai government agencies.

The data you provide to us may, for example, include:

• Information relating to your marital status and identity, such as your first and last name, gender, nationality, date and place of birth;

• Your contact information, such as your telephone number, postal address, and/or email address;

• Information you provide by completing forms or communicating with us, whether by telephone, email, post, or any other means of communication (marital status, qualifications, professional experience, resume, bank details, social security number, etc.).

The data we collect or generate may include:

• Information necessary for our contractual relationship (company functions, transactions, solvency, personal assets, remuneration, tax number, salary coefficient, reasons for dismissal, etc.);

• Location data, particularly through expense or travel reports;

• Archiving certain correspondence and communications between us, particularly regarding electronic messaging or electronic notes;

• Information we need to meet our legal and regulatory obligations, including data relating to your professional training, your social security number, and your banking information.

The data we collect comes from many sources, including:

• Paper documents such as proof of identity, your social security card, your banking information, notes, questionnaires, or your resume;

• Digital documents such as software, computer files, electronic or instantaneous conversations;

• Human sources when you provide us with information about yourself orally or by telephone.

Purpose and basis for using your data

We only use your personal data if you have consented to it or if this use is based on law of the Kingdom of Thailand:

• The performance of a contract to which you are a party or the execution of pre-contractual measures taken at your request (particularly when an employment contract or an engagement letter is central to our relationship);

• Compliance with a legal obligation to which we are subject;

• The protection of your vital interests or those of another natural person;

• The performance of a task carried out in the public interest or in the exercise of official authority vested in us;

• The protection of our legitimate interests.

Similarly, we may collect data about you that is considered sensitive> The collection and use of such data is prohibited unless:

• You have given your explicit consent to this collection and use for one or more specific purposes;

• We are required to do so by the law of the Kingdom of Thailand;

• It is necessary to protect your vital interests or those of another natural person;

• Your data is made manifestly public by you;

• It is necessary for the exercise or defense of a legal claim;

• It is necessary for reasons of important public interest or in the area of public health.

How do we use your data?

We collect and process information about you for various reasons, including to:

• Meet our legal, regulatory, and tax obligations, particularly regarding labor law and health and safety;

• Provide the services you request, particularly with regard to pre-established engagement letters;

• Enable our departments to carry out their missions;

• Defend our rights in court.

The data used is hosted internally on our servers. The following software programs may host your data in SaaS mode, but each vendor has implemented the most appropriate security measures and taken care to develop privacy policies appropriate to the data stored:

• Xero and Odoo software are used to provide our accounting services;

Who might we share your data with?

We may transfer, communicate, and disclose your data to:

• Other departments or companies within GORIOUX SIAM;

• Social and tax agencies;

• The Thai government and judicial or administrative courts.

How long do we keep your data?

We archive your data every three years and securely destroy it, in accordance with our internal policy, once it is no longer required. However, we may retain it for a certain period to comply with applicable legislation, to assert our rights, or to defend our interests.

What are your rights?

You have numerous rights regarding your personal data:

• The right to obtain any information we hold about you and the processing carried out;

• The right to receive your data in electronic or paper form and/or to request that we transmit this data to a third party where technically feasible;

• The right to obtain modification and rectification of your data;

• In certain circumstances, the right to request that we delete your data (for legitimate reasons, we may not comply with this request);

• In certain circumstances, the right to request that we restrict or object to the processing of your data (for legitimate reasons, we may not comply with this request).

What do we expect from you?

You must ensure that the information you provide to us is accurate and up-to-date. You must also inform us without delay of any significant change in your circumstances.

How do we ensure the security of your data?

Your personal data is processed using both manual and electronic systems. We take the necessary technical and organizational measures to protect your personal data stored in our IT systems and in paper form against loss, destruction, unauthorized access, modification, or dissemination.

In particular, we have implemented:

• Logical and physical access controls within our group;

• Security of our IT systems (antivirus, firewalls, secure protocols, logging, etc.);

• A data backup and archiving policy;

• An asymmetric encryption system for certain processing operations;

• Data minimization for certain processing operations;

• An IT charter.

We require our employees and any third parties working on our behalf and under our responsibility to comply with strict security and information protection standards. All our subcontractors have also undertaken to fulfill their obligations regarding the protection of personal data.

Updating this Charter

This charter may be updated at any time, particularly in accordance with legal or regulatory provisions.

Learn more

If you would like to know more about the provisions of this charter or the regulations applicable to our Companies, or if you wish to exercise your rights, you can contact us.