All personal data to be received/collected in connection with a communication, inquiry or request to the Companies shall be managed in accordance with this Policy; provided, however, that any personal data remaining as a result of access to external websites from the links on homepages, blogs, newsletters or other content operated by the Companies is not covered by this Policy, since the Companies are not able to manage such data directly.Personal data to be covered and the management thereof
The Companies may receive information that may identify an individual, including but not limited to a company’s name, an individual’s name, identification card number, gender, date of birth, home address, phone number, email address, bank account details, healthcare data, participation in a labor union, and criminal record. The Companies shall apply strict security measures to protect all personal data from loss, alternation, and leakage, and manage it within a safe environment. The Companies shall also develop and implement an effective education plan for employees handling personal data.Purposes to receive personal data
The Companies shall use the personal data for the following purposes:
- Advisory services, bookkeeping and tax filing services, tax audit support, internal audit, payroll, visa and work permit application, employment contract preparation, and other office services related to various laws and regulations: Company name, individual’s name, identification card number, gender, date of birth, home address, phone number, email address, bank account details, healthcare data, participation in a labor union, criminal record, etc.
- Sending newsletters:
Company name, individual’s name, email address, etc.
The Companies shall receive, use and/or disclose the personal data solely for the purposes previously notified to you, unless permitted otherwise under the law.Retention period of personal data
Personal data received by the Companies will be retained by the Companies for the period not over five (5) years from the completion of services, as long as it is necessary for any of the above purposes, and so required by the laws.Disclosure of personal data
- Provision to a third party
In order to perform the office services related to various laws and regulations, the Companies may provide personal data to the Ministry of Commerce, the Ministry of Labor, the Immigration Department, the Revenue Department, or other governmental offices, and its subcontractors which have signed the relevant non-disclosure agreement with the Companies.
Supervision and prior consent upon disclosure
The Companies shall supervise the persons who receive the personal data to ensure that they apply measures to secure personal data in confidence and not use the personal data for any other purposes. Also, in order to disclose the personal data for any other purpose than the above, the Companies shall give a notice to the data’s subject and obtain prior consent.
Transfer outside Thailand
The Companies may disclose the personal data to affiliated company in Japan (Business Management Co., Ltd.), as needed. In this regard, the level of protection over the personal data outside Thailand may be less than that set forth in the PDPA.
The Companies shall, if requested by the data’s subject, and subject to verification of the data’s subject, disclose, correct and/or delete the personal data provided to the Companies without delay, unless:
- It would cause damage to any right or interest of the data’s subject or a third party;
- It would significantly prevent the Companies from carrying out business properly; or
- It would violate any other laws.
Any questions regarding handling of the personal data by the Companies may be communicated to:
BM Accounting Co., Ltd.
BM Legal Co., Ltd.
Address: BB building, F12, Room No.1213, 54 Soi Sukhumvit 21 (Asoke) Road, Kwaeng Klong Toey Nua, Khet Wattana, Bangkok 10110, Thailand.Modification and revision
The Companies may modify or revise this Policy as needed, and such shall be notified on the website accordingly.
April 1, 2021