Personal Data Protection Notice
Bluebik Group Public Company Limited and its affiliates located in Thailand (hereinafter referred to as the “Bluebik Group”) would like to inform you about the collection, use, and disclosure (collectively referred to as “processing”) of personal data of employees, contractors, consultants, probationers, interns, job applicants, as well as former personnel and persons related to them, such as family members or emergency contacts, for the purposes of human resources management. This notice is in accordance with applicable data protection laws, including the Personal Data Protection Act B.E. 2562 (2019) and the General Data Protection Regulation (GDPR) of the European Union.
1. Purposes of Personal Data Processing
Bluebik Group processes your personal data for the purpose of effectively managing human resources in compliance with the law. This includes recruitment, employment, and post-employment activities, fulfilling legal and contractual obligations, protecting legitimate interests, and defending legal claims.
You have the right to choose whether to provide your data. However, refusal to do so may limit your access to certain benefits or prevent the Company from fulfilling contractual obligations.
Summary of Processing Purposes and Legal Bases:
A detailed table of 23 specific purposes is included, covering activities such as:
- Identity verification and recruitment procedures (legal basis: contract and legitimate interest)
- Internal employment administration (contract and legitimate interest)
- Criminal and health background checks (consent)
- Payroll and benefits processing (contract, legitimate interest, and consent)
- Time tracking via fingerprint or facial recognition (explicit consent)
- Legal compliance (various employment and tax regulations)
- Communication, employee engagement, internal surveys, and business interest protection (legitimate interest)
| Section | Purpose | Legal Basis |
| A. Customers | Service delivery, account creation, transaction handling, after-sales support | Contractual |
| Marketing communications, surveys, analytics, product promotion | Legitimate Interest | |
| Online security management (e.g., login records) | Legitimate Interest | |
| Legal compliance, claims and disputes | Legitimate Interest | |
| B. Suppliers / Partners | Pre-contractual registration, due diligence, procurement | Contractual |
| Contract execution and verification | Contractual | |
| Business coordination | Legitimate Interest | |
| Statutory compliance (e.g., tax and trade regulations) | Legal Obligation | |
| C. Visitors / Premises Access | Security control, visitor log management, surveillance (CCTV) | Legitimate Interest |
| Safety training and physical access control | Legitimate Interest | |
| Health and safety protection | Vital Interest | |
| Epidemic prevention and health law compliance | Legal Obligation | |
| D. Corporate Governance (Shareholders, Directors, Executives) | Governance matters, meetings, payments, document delivery | Legal Obligation |
| Conflict of interest reports, data disclosures | Contractual / Legitimate Interest / Legal Obligation | |
| Compliance with corporate and stock exchange laws | Legal Obligation |
2. Types of Personal Data Collected
Data collected includes but is not limited to:
- Personal details: Name, gender, date of birth, ID/passport number, education, marital status, family information
- Identification: Face and fingerprint scans, copies of official documents
- Health data: Vaccination records, medical certificates, allergies
- Employment data: Work history, leave records, performance reviews, disciplinary actions
- Contact info: Address, email, phone, social media accounts
- Financial data: Bank account, taxpayer ID
- Third-party data: Spouse, dependents, emergency contacts
- Media: Photos, video/audio recordings, CCTV footage
3. Retention Period
- If hired: Personal data will be retained for the duration of employment and up to 10 years post-employment or as required by law.
- If not hired: Data will be retained for 5 years from the application date for future recruitment consideration.
4. Sensitive Personal Data
Sensitive data (e.g., religion, biometric data, health records) will only be processed with explicit consent, unless obtained prior to June 1, 2022, or under legal exceptions (e.g., vital interest, public record).
5. Disclosure of Personal Data
Your personal data may be shared with:
- Affiliated companies (as listed in the annex)
- Government agencies (e.g., Labour Department, Immigration, Social Security Office, Revenue Department)
- Service providers and partners (e.g., insurance companies, payroll processors, training providers, IT platforms like HumanOS and Airtable)
- External evaluators and certifying bodies
- Only parties with appropriate data protection measures will receive such data.
6. Your Rights as a Data Subject
You have the right to:
- Withdraw consent
- Access and request copies of your data
- Request data portability
- Object to data processing
- Request deletion, anonymization, or restriction
- Request data correction
These rights can be exercised via written request or email to the HR department of the relevant Bluebik entity, including proof of identity. The company reserves the right to lawfully deny requests with proper justification.
7. Data Security
Bluebik Group implements adequate safeguards to protect your personal data in accordance with its security management standards to ensure lawful and appropriate use.
8. Amendments to This Notice
This notice may be amended to remain compliant with the law. Please check regularly for updates.
9. Contact Information
For questions or to exercise your data rights, contact the HR department of the relevant Bluebik company. Alternatively, email: [email protected]
Effective Date: November 1, 2023