This Human Resources Privacy Policy is established by Krung Thai Asset Management Public Company Limited (“KTAM”) and was last updated on 8 July 2020.
Krungthai Asset Management Public Company Limited (also referred from here onwards as “the company” or “KTAM”), as employer, places great importance on the protection of privacy in accordance with personal data protection laws for the purpose of protecting the privacy and security of data subjects who include the chairman of the board, directors, chief executive officer, advisors, experts, specialists, staff, temporary staff, outsourced workers, job candidates, student interns, independent investment advisors servicing the company, sales representatives for private funds, and client referrers (also referred from here onwards as “you”), inclusive of current, former, and retired individuals whose personal data have been provided to KTAM.
This policy document is intended to explain how your personal data is collected, used, disclosed, and/or transferred to a foreign country (also referred from here onwards as “use” or “process”). It also explains the rights to access your personal data as part of the company’s Human Resources management process. The company encourages that you read this policy document to acknowledge and understand the purposes and justification of why the company needs to use your personal data.
The company needs to process your personal data in order to formulate an employment contract with you, to perform our contractual obligations stated in the employment contract, to comply with the law, or for other benefits to yourself and the company. If you do not provide personal data about yourself that is necessary for the aforementioned purposes, the company may not be able to comply with the employment contract, or provide you with various benefits, or continue a working relationship with you. Furthermore, in some cases, the company may be unable to employ you or to continue employing you.
The company may process your personal data in ways that your identity may be known such as through documents and/or photographs and/or electronic media or non-electronic media in accordance with privacy laws and this HR Privacy Policy, in their both current and future updated versions.
This privacy policy is not considered a part of your employment contract. KTAM may revise this policy document from time to time; the latest update can be accessed on www.ktam.co.th
This privacy policy document is pre-launched to create awareness; it will become effective on the same day the Personal Data Protection Act B.E. 2562 is enforced.
Krungthai Asset Management Public Company Limited (also referred from here onwards as “the company” or “KTAM”), as employer, places great importance on the protection of privacy in accordance with personal data protection laws for the purpose of protecting the privacy and security of data subjects who include the chairman of the board, directors, chief executive officer, advisors, experts, specialists, staff, temporary staff, outsourced workers, job candidates, student interns, independent investment advisors servicing the company, sales representatives for private funds, and client referrers (also referred from here onwards as “you”), inclusive of current, former, and retired individuals whose personal data have been provided to KTAM.
This policy document is intended to explain how your personal data is collected, used, disclosed, and/or transferred to a foreign country (also referred from here onwards as “use” or “process”). It also explains the rights to access your personal data as part of the company’s Human Resources management process. The company encourages that you read this policy document to acknowledge and understand the purposes and justification of why the company needs to use your personal data.
The company needs to process your personal data in order to formulate an employment contract with you, to perform our contractual obligations stated in the employment contract, to comply with the law, or for other benefits to yourself and the company. If you do not provide personal data about yourself that is necessary for the aforementioned purposes, the company may not be able to comply with the employment contract, or provide you with various benefits, or continue a working relationship with you. Furthermore, in some cases, the company may be unable to employ you or to continue employing you.
The company may process your personal data in ways that your identity may be known such as through documents and/or photographs and/or electronic media or non-electronic media in accordance with privacy laws and this HR Privacy Policy, in their both current and future updated versions.
This privacy policy is not considered a part of your employment contract. KTAM may revise this policy document from time to time; the latest update can be accessed on www.ktam.co.th
This privacy policy document is pre-launched to create awareness; it will become effective on the same day the Personal Data Protection Act B.E. 2562 is enforced.
1. Personal data processed by the company and its sources
As part of the job application process, employment process, or to perform duties and tasks for the company, it is necessary for you to reveal your personal data in order to establish your identity and allow you to work according to the employment contract and/or to enable the company to properly assess your qualifications to suit the job position. This includes any other hiring of work opened to contestants. Aforementioned data include:
1.1 Data that you directly submit to the company
- Identity Data about you, whether the data identifies you directly or indirectly, such as name/surname, ID card number, passport number, date of birth, address, sex, including copies of any documents containing such information.
- Other Personal Data such as marital status, military conscription status, references, details of family members, details of emergency contact person.
- Educational and Work Experience such as education records and work experience (Resume/CV), activities, accolades, application forms, salary and compensation records, academic degrees, transcripts, certificates/designations, professional licenses/certificates, certification of employment, details of directorships or positions in other organizations, including copies of any documents containing such information.
- Financial and Transaction Records such as bank account numbers, investment account balances, withdrawal records, expense details, deposit account balances, credit information, securities holdings, credit records or debt payment records held with financial institutions, information in the Public Execution Department’s records, including copies of any documents containing such information.
- Sensitive Data which is personal data that the Personal Data Protection Act classifies as sensitive in nature such as criminal records, health conditions, disability information, etc. Handling and processing of such data must receive explicit consent or only if permitted by law.
- Personal data of a third party which you submit to the company such as name, surname, telephone number, type of relationship, etc. about a third party, beneficiary, spouse, emergency contact person, and nominees holding securities on your behalf. You must confirm that you have informed such third party and have already received consent from aforementioned person, allowing you the rights to use their personal data and therefore allowing KTAM to use the data.
1.2 Data revealed to you through your job position as chairman of the board, director, chief executive officer, advisor, expert, specialist, staff, temporary staff, outsourced worker, student intern, independent investment advisor to the company, sales representative for private funds, or referrer of a client to KTAM. As examples, such data includes date of employment, salary, current job title, job attendance records, leave and absence records, medical expense claim records, treatment records associated with medical expenses claimed, annual medical checkup results, phone conversation records (fixed line), user login accounts, e-mail log, file and system access (audit log), internet usage records (internet log), photos and video clips from the company’s CCTV, training records, information about travel route, mode of travel, class travelled, restaurant / hotel / and/or place of service used as part of work travel (i.e. petrol station, department store, etc.), itinerary of events attended, training seminars, disciplinary action, participation in events including photos and videos while attending event, bank account number for payroll / bonus / welfare / others, including copies of documents containing such information.
1.3 Personal data revealed to you due to your position as an authorized signer, contact person, or person involved in tasks such as preparation of notices, agreements, contracts, application for the company to procure services from a vendor. As examples, such data include name, surname, copy of ID card, copy of passport, signature specimen, address on utility invoices, and/or credit card, including copies of documents containing such information.
To conduct various tasks related to your employment as well as obligations that the company and yourself have to meet with respect to the employment contract, KTAM will handle and process your personal data for purposes described below in accordance with the law. Your personal data will be protected by KTAM’s standard personal data protection measures.
2.1 To carry out the contractual obligations between you and KTAM (Contract).
2.2 To protect or prevent fatal bodily harm or threat to personal health (Vital Interest).
2.3 To carry out tasks for the public interest or tasks that government authorities require KTAM to handle (Public Task).
2.4 For legitimate benefits to yourself, KTAM, and/or third party, except if the legitimate interest is of lesser significance than your privacy rights (Legitimate Interest).
2.5 To comply with the law (Legal Obligation).
If you are appointed or employed as a chairman of the board, director, chief executive officer, advisor, expert, specialist, staff, temporary staff, outsourced staff or student intern, the company shall handle your personal data in accordance with Section 2.1-2.5 of the law for the following purposes:
- Tasks that you perform for the company in accordance with your employment contract, job contract, or contract between KTAM and your employer (for outsourced work).
- Calculation and payment of your wages, incentives, meeting remunerations, welfare (i.e. provident fund and any other benefits).
- Internal company processes such as job performance evaluation, staff development plans, career growth plans, employee engagement programs, remuneration structure, communication and interactions with you, reporting of your benefits, changes to your job description, enquiries and notifications about updates, etc.
- Human resources management of the company, such as preparation of internal reports, system maintenance and upkeep to maintain operating performance, handling of tax requirements, risk management, securities holdings reporting, directorship positions and/or authorized directorship positions, disciplinary management and action.
- Preparation of notices, agreements, contracts, or applications for KTAM to procure the services from an outside vendor/contractor.
- Compliance with labor laws, regulations applicable to the fund management business, the Personal Data Protection Act, and/or any other laws currently applicable as well as future updates, such as the Labour Protection Act B.E. 2541, Empowerment of Persons with Disabilities Act B.E. 2550, Securities and Exchange Act B.E.2535, U.S Foreign Account Tax Compliance Act of 2010 (FATCA), Common Reporting Standard (CRS) regulations, and other laws applicable to KTAM which the company is required to submit data or respond to a summon/seizure notice issued by government authorities or court of law (i.e. penal code, civil procedure code, bankruptcy law, etc.)
- Internal audits/investigations to follow up on a complaint, misconduct, anti-corruption, action potentially damaging to the company or others, the protection/handling/mitigation of risks of a legal violation, investigations into unethical behavior (Code of Conduct) as carried out by the company’s risk management / audit / internal control work in accordance to the company’s data protection / privacy policy.
- Image recordings, either taken outside or inside the office, for security purposes to oversee work operations and protect or prevent fatal bodily harm or threat to health, colleagues and others.
- To establish contractual or legal claims involving KTAM, or to raise a defense against a legal claim.
If you are a job candidate, the company shall handle your personal data in accordance with Section 2.1-2.5 of the law in these circumstances:
- To verify your identity
- To enable the company to assess your suitability to be employed to the job position that is open to candidates.
- To contact, respond to enquiries, notify about any updates the job position you are applying for.
- To comply with labor laws, regulations applicable to the fund management business, Personal Data Protection Act, and/or any other laws currently applicable as well as future updates, such as the Labour Protection Act B.E. 2541, Empowerment of Persons with Disabilities Act B.E. 2550, Standard Qualifications Of State Enterprise Directors And Officials Act B.E. 2518, the Securities and Exchange Act B.E. 2535, Trust for Transactions in Capital Market Act B.E. 2550, Provident Fund Act B.E. 2530, Derivatives Act B.E. 2546, etc. This also includes laws applicable to the asset management business such as the Anti-Money Laundering Act B.E. 2542, Exchange Control Act B.E. 2485, U.S. Foreign Account Tax Compliance Act of 2010 (FATCA), Common Reporting Standard (CRS) regulations, guidelines/notifications of the Securities and Exchange Commission, Capital Market Supervisory Board, and other general laws such as the civil code and penal code which allow the court of law to demand parties to submit documents/data.
- To protect and halt threat to fatal injury, health, colleagues and others.
- To enable the company to establish a claim in accordance with a contract made with the company or the law, or to raise a defense against a legal claim.
If you are an independent investment advisor candidate, appointed as an independent investment advisor servicing KTAM, sales representative for private funds, or referrer of a client to KTAM, the company shall handle your personal data in accordance with Section 2.1-2.5 of the law for the following purposes:
- To allow verification of your qualifications as required by SEC rules and regulations applicable to independent investment advisors / referrers, prior to signing of contract agreement with KTAM and throughout the period during which the contract remains active.
- To support your appointment as our independent investment advisor / referrer, including the assessment of whether to renew/extend or terminate your contract.
- To perform the obligations required by the independent investment advisor / referrer appointment contract made between KTAM and yourself.
- To calculate and pay your commissions, fees, and other benefits as agreed with KTAM for your performance.
- To contact, respond to enquiries, and notify you about any updates regarding your work duties and benefits.
- To send and receive information about the company, investments, investors, including data and documents needed for you to perform your duties as independent investment advisor / referrer for KTAM.
- To perform our legal requirement to supervise your work to ensure that you comply with regulations concerning anti-money laundering and combating of the financing of terrorism and data privacy laws.
- To comply with regulations of the fund management business, regulations covering transactions involving funds, personal data protection laws, and/or any other applicable laws, either currently enforced or to be revised in the future, such as the Securities and Exchange Act B.E. 2535 (1992), Trust for Transactions in Capital Market Act B.E. 2550 (2007), Provident Fund Act B.E. 2530 (1987), Derivatives Act B.E. 2546 (2003), etc. This also includes laws applicable to the asset management business such as the Anti-Money Laundering Act B.E. 2542 (1999), Exchange Control Act B.E. 2485 (1942), U.S. Foreign Account Tax Compliance Act of 2010 (FATCA), Common Reporting Standard (CRS) regulations, and other general laws such as the civil code, penal code, civil procedure code, etc. which KTAM must comply and is legally obligated to submit data.
- To protect and halt threat to fatal injury, health, colleagues and others.
- To enable the company to establish a claim in accordance with a contract made with the company or the law, or to raise a defense against a legal claim.
2.6 Personal data which KTAM handle and process with your consent
If you submit a job application with KTAM directly, or through a recruiting agency, or through a job recruitment platform, the company may use your personal data such as records about your finances, history of being terminated, discharged, or fired from a job, or sensitive data (i.e. criminal records such as being sued and/or being taken to court). Such data may be reviewed to consider whether you are suitable for the job position that is open or will be open to applicants. This is necessary for verification purposes and to mitigate risks to staff and others involved, including the reputation of KTAM. For non new recruits, KTAM will use and disclose sensitive data about yourself such as information about your health condition to facilitate claims from insurance companies, or information about disabilities which must comply with the law according to Section 19 of the Data Protection Act.
If you are a chairman of the board, director, chief executive officer, advisor, expert, specialist, staff, temporary staff, outsourced staff, student intern, independent investment advisor servicing KTAM, sales representative for private funds, or referrer of a client to KTAM:
- Data about health condition, educational background, notes from physicians, or any other supporting documents necessary for the company to file claims from the insurance company on your behalf.
- Information about disabilities to help accommodate and facilitate persons with disabilities as KTAM employs disabled persons in proportions suitable for the nature of jobs positions and workplace in accordance with the laws to accommodate persons with disabilities.
- Sensitive data such as criminal records (i.e. criminal records kept by government authorities, regulatory authorities, lawsuits) to help assess and protect risk of crime that may be inflicted on the company, staff, and other persons involved.
If you are a job candidate
- Information about being terminated, discharged, or fired from a job will be considered when evaluating the job application and decision to hire, as well as to mitigate the risks to the company, its staff, and others involved.
- Sensitive data such as criminal records (i.e. criminal records kept by government authorities, regulatory authorities, lawsuits) to help assess and protect risk of crime that may be inflicted on the company, staff, and other persons involved.
If personal data that requires your consent will be collected, used, disclosed in a foreign country, you may withdraw consent for your personal data to be used. Please inform the company through our contact details shown in Contact Us.
The company may disclose your personal data to a third party as necessary to assess your suitability to the job position, the roles and responsibilities required, or to establish contractual or legal claims involving KTAM or to establish a defense against legal claims involving the job or regulations applicable to data privacy. In such cases, KTAM may reveal your personal data to the following persons:
3.1 Affiliate companies in the same financial group and major shareholder (Krung Thai Bank)
To report on operating performance, request approval, perform data analysis, conduct corporate restructuring, conduct revenue and remuneration analysis, risk management, internal audit, mergers, staff welfare benefits.
3.2 Government and regulatory authorities
Regulatory authorities, government authorities, and supervisory authorities such as the Ministry of Labour, Social Security Office, Revenue Department, Securities Exchange of Thailand, Securities and Exchange Commission, State Audit Office, Legal Execution Department, Ministry of Justice, Royal Thai Police, Office of the National Anti-Corruption Commission, Anti-Money Laundering, others, etc. for whom KTAM is obligated to reveal personal data about yourself in accordance with relevant laws and regulations or other circumstances such as court order.
3.3 Customers, counterparties, and other third parties
Customers and target customers of KTAM, potential investors in KTAM or their representatives who are conducting a due diligence process, either to joint-invest or acquire a stake/assets in part or in whole.
Banks, financial institutions, provident fund managers, representatives, agents, trustees, custodians, auditors, counterparties of funds under management, intermediaries, other product vendors which customers or funds under management appointed, representatives or vendors or service providers who are third parties. This is to enable these persons and/or juristic persons to provide services to the company and/or funds under management and/or KTAM customers (i.e. affiliate companies, selling agents, fund distributors, financial institutions, business counterparts, professionals, specialists and service providers such as IT, insurance companies, travel organizers for seminars, law firms, meeting organizers, media, Thailand Securities Depository, credit card companies, and/or foreign asset management companies used by our feeder funds, and/or foreign transfer agents, and other third parties which are involved in supporting KTAM’s products and services. These persons and/or organizations adopt measures to protect data as required by privacy laws.
Business counterparts, brokers, the Stock Exchange of Thailand, Thailand Securities Depository, and other parties involved as necessary will be provided with your personal data to allow processes and transactions to be accomplished by KTAM.
Certain international agencies or organizations can request to review your personal data such as foreign embassies, foreign training institutions, foreign service providers, etc. in accordance with legal requirements and provided that these agencies or organizations are recognized by Thai regulatory authorities. These international agencies or organizations adopt measures to protect data as required by privacy laws.
If the company processes your personal data in accordance with purposes stated in this policy document, you possess the following rights.
4.1 Right to Withdraw Consent: you are entitled the right to withdraw consent that has previously been granted to the company with regards to the processing of your personal data at any time. However, the withdrawal must not violate legal requirements or contractual benefits to yourself (i.e. you still have business interactions with the company), whereby withdrawal of consent does not affect data collection, use, or disclosure of personal data previously allowed.
4.2 Right to Access: you are entitled to know and obtain copies of your personal data which is collected by the company, regardless of collection methodology. This includes the right to request the company to disclose how personal data which you did not provide consent to receive was obtained. For security and privacy reasons, the company may initially require that you verify your identity before proceeding to comply with your request to access.
4.3 Right to Rectification: you are entitled to amend any personal data that is outdated, incomplete, or incorrect to prevent misinterpretation.
4.4 Right to Data Portability: you are entitled to obtain your personal data which is held by the company if the data resides in an easily readable format through any device and readily able to transmit or revealed through an automated manner. You also have the right to (1) request the company to send or transfer data in such format to another controller through methods the company commonly use, or (2) personally obtain aforementioned data which KTAM has prepared to transfer to another controller, except when technically not possible to arrange.
4.5 Right to Erasure or Right to be Forgotten: you are entitled to request KTAM to erase or destroy one’s personal data or anonymize the data to prevent the data from revealing your identity, under these circumstances:
- the aforementioned personal data is no longer necessary to be collected or processed by the company
- the data subject has withdrawn his/her consent which previously allowed the processing of one’s personal data, hence the company is no longer legally able to process that data.
- the data subject objects to the processing of one’s personal data for purposes beyond what is covered by the company’s data privacy policy.
- the unlawful processing of personal data
- the data subject objects to the processing of one’s personal data and the company has no rightful justifiable reason to process such data.
4.6 Right to Restrict Processing: you are entitled to restrict processing of your personal data under these conditions
- processing of the personal data is no longer necessary for the purposes which they were collected, although the archiving of the personal data will be maintained for the establishment or defense of legal claims.
- the processing of personal data is not based on lawful grounds and the data subject prefers to restrict such processing rather than request erasure or destruction of one’s personal data
- while personal data is being reviewed following a rectification request by the customer or investor.
- while KTAM is proving a higher legitimate justification to do so
4.7 Right to Object: you are entitled to object if your personal data will be processed for these purposes:
- collection, processing and disclosure of your personal data for purposes not covered in the company’s privacy policy.
- processing of personal data for scientific, historical, or statistical research purposes, unless it is a public task conducted by the company.
- collection of personal data by the company where consent from the data subject is not necessary because the company is fulfilling a required public task or meeting its own legitimate interests, unless if the company demonstrates greater legitimate purpose to override the data subject or if the data collection is for the establishment, exercise, or defense of legal claims.
4.8 Right to Raise a Complaint: you are entitled to raise a complaint to the company’s Data Protection Officer or Personal Data Protection Committee if you suspect that your rights have been unlawfully breached by the company or actions do not comply with data privacy laws.
Note that if you wish to exercise your rights according to items 4.1, 4.4, 4.6, or 4.7 above, you must also accept the consequential effects and you may not demand compensation from KTAM for any damages that follow, except for cases where the processing or transfer of such personal data is unlawful or breaches contractual terms and conditions previously agreed with the employee. The exercise of such rights may be restricted by relevant laws, or the company may have legitimate grounds to reject your request, for example if the company must comply with the law or court instruction.
To exert your rights as mentioned above, you must state your intentions in written form. KTAM will try every effort to enact the changes within a reasonable time frame but not more than 30 days after receiving your notice. KTAM will comply with laws relevant to your rights as the data subject.
Note that by exercising your rights to request the company to erase/destroy, to restrict the processing of data, to temporarily halt the processing of data, to convert the data into a format that anonymizes the data, or to withdraw consent to use the data, may result in KTAM’s inability to fully comply with the employment contract formed with you.
When you exercise your aforementioned rights regarding your personal data, the company reserves the rights to charge handling costs to cover any expenses which may occur.
As an appropriate measure regarding retention of your personal data, the company will keep your personal data only for the period that is required for the purpose intended or for the duration required by law.
5.1 On the basis of contractual obligations and legitimate interests, data will be retained for a period of 10 years after formal relationship with the company is over.
5.2 By consent
- If you are a job applicant who was not finally selected, data will be retained for a period of 1 year after the position has closed.
- If you are a job applicant who was selected or assigned to work for the company, personal data which you have provided consent for the company to collect, use, and disclose (process), shall be retained throughout the period while you are working for the company. The data will continue to be retained for a period not more than 1 year after your duties have ended, or until you have notified the company to erase, destroy, temporarily suspend, or anonymize the data to prevent it from revealing identity, or withdraw consent to allow usage, or restrict the processing of your personal data.
After the data retention period has past, the company shall erase or anonymize the data to remove the data subject’s identity.
The company uses appropriate measures to ensure security of data, either through technology or management processes. Data is managed in hardcopy form, electronic form, and through the use of technology to prevent unauthorized access to your personal data. Examples are shown below:
6.1 Access controls are used to control the usage, disclosure, and processing of personal data. Users will also need to identify themselves when accessing database of personal data in strict accordance with the company’s IT policy.
6.2 The company has internal controls and mechanisms to detect and recover data when unwanted incidents occur. Personal data security measures are reviewed and assessed by the IT Department.
6.3 If security measures are penetrated, resulting in personal data breach and causing risk to rights and freedoms, or unwanted disclosure to the public, the company will inform the data subject promptly. The company will also explain action taken to rectify the problem as well as the extent of damage caused by the personal data breach or unwanted disclosure of personal data stemming from the company’s fault.
Note that the company will not be liable for any damages whatsoever arising from the use or disclosure of your personal data to a third party, or from your carelessness or negligence (i.e. failure to log out properly) whereby such action is caused by yourself or a third party whom you provided consent.
This privacy policy may be revised and updated from time to time without prior notice. Whenever there are amendments, the company will display the updated version on our website www.ktam.co.th
If you wish to exercise your rights , or withdraw your consent to allow the use or processing of your personal data, or would like clarification on any specific matter regarding how the company uses your personal data, please contact us below:
Human Resources, Krungthai Asset Management Public Company Limited
Data Protection Officer
Address: 1 Empire Tower, 32nd Fl., South Sathorn Rd., Yannawa, Sathorn, Bangkok 10120
Via: Telephone 0-2686-6100 ext. 6393-6396
Email: Privacy-HR@ktam.co.th Website: www.ktam.co.th
If you suspect that the processing of your personal data does not comply with the Personal Data Protection Act B.E. 2562, you have the right to file a complaint with the regulatory authorities.
Office: Office of the Personal Data Protection Committee
Address: 120 Area 3, The Government Complex Building B (Floors 6-9), Chaengwattana Road, Thung Song Hong, Laksi, Bangkok 10210
Contact via: Telephone: 02-142-1033
Email: pdpc@mdes.go.th Website: http://www.mdes.go.th
This English-language translation is intended for the convenience of users. If any inconsistencies exist, the contents of the original Thai-language version shall prevail.
This English-language translation is intended for the convenience of users. If any inconsistencies exist, the contents of the original Thai-language version shall prevail.