Vendor Privacy Notice

In order for Jubilee Enterprise Public Company Limited (the “Company”) to proceed with the procurement process and enter into a sale agreement or engage you as a vendor (the “Vendor”). Prior to submitting any proposal and any Personal Data of the Vendor or the related person of the Vendor to the Company, the Vendor shall thoroughly study this Vendor Privacy Notice (the “Privacy Notice”).

The processing of the Vendor’s Personal Data under this Privacy Notice includes the processing of the individual vendor’s Personal Data, as well as the processing of Personal Data of authorized directors and/ or the authorized representatives of the Vendor (that may be a juristic person). In case the Vendor provides the Personal Data of the Vendor’s subordinates to the Company, the Company will deem that the Vendor warrants the Vendor’s rights to share the Personal Data of data subject to the company for the processing as specified under this Privacy Notice.

Personal Data being Processed

During the procurement process between the Company and the Vendor, the Company may directly receive the Vendor’s personal data from the quotation, conversation or interview, or indirectly from any other person (including but not limited to affiliate companies or other business partners) referring the Vendor to the Company. The Company needs to process the personal data of the Vendor and other data subjects who are the Vendor’s subordinates, which may include the following information:

1. All of the Personal data included in the quotation or the portfolio used for the Company’s consideration regarding vendor selection;
2. Full name, identification card information of an individual Vendor or of the Vendor’s authorized directors or representatives (the “Vendor Representative”), including contact information such as address, contact address, telephone number, email, and identification documentation of the Vendor or such Corporate Representative (i.e., the copy of the identification card or passport);
3. Payment information for an individual Vendor i.e., bank account, disbursement history of such Vendor;
4. Work experience information and performance assessments and other evaluations, including any other personal data that the Vendor may submit or disclose to the Company as a part of the Vendor’s obligations under the scope of the agreement executed between the Company and the Vendor; and
5. In some case, the Company may need to collect, store, and use the personal data of the vendor’s employees, in particular the employees who would request to provide any services and perform any obligations in the Company’s premise, including but not limited to the full name, contact information, and vehicle registration information. Upon receipt of such personal data, the Company shall deem that the Vendor, as an employer, warrants the Vendor’s rights to transfer and disclose the personal data of any related persons to the Company. The Company shall be entitled to process the personal data of those persons rightfully under this Privacy Notice;
6. Other personal data that the Vendor may transfer or disclose to the Company during the procurement process, the documentation process, and during the performance of any obligations under the relevant agreement, including transaction information and disbursement

Purposes for the Personal Data Processing and Retention Period

The Company would need to process the Vendor’s personal data for the following purposes:

1. To coordinate with the Vendor in order to gather additional information and details relating to the vendor as necessary for the Company to proceed with the procurement process;
2. To verify the information that the Vendor has submitted to the Company; to assess the suitability and the qualification of the Vendor for the procured work, including the coordination with the Vendor during the procurement process until the execution of the agreement. In the event that the Vendor is not the selected, the Company reserves the right to retain the Vendor’s personal data for the procurement audit purpose or for the communication with the registered Vendor on the future procurement work;
3. To perform the Company’s contractual rights and obligations under the agreement entered into between the Vendor and the Company, including the assessment of the deliverables and the Vendor’s work efficiency in order to calculate and pay the remuneration, as well as to enforce other rights and obligations under the agreement;
4. To perform the Company’s statutory duties, in particular for the accounting and tax payment in case of an individual Vendor;
5. To protect the Company’s legitimate interests in case the Company may need to enforce its rights against the Vendor for the violation or the non-compliance of the Vendor’s duties as specified under the relevant agreements, including the right to file a lawsuit, or to conduct an internal audit on the business operation of the Company and the Vendor, as well as to enhance the Company’s security and the limitation on the right to access the Company’ s premises or to effectively monitor the performance of the relevant employees.

For the aforementioned purposes to process the personal data, the Company need to store all personal data of the Vendor submitted to the Company throughout the term of the agreement that the Company may have with each Vendor. In addition, in order to protect the Company’s rights under the relevant agreements, the Company reserves the right to retain the Vendor’s personal data for the same period as required for accounting and tax purposes. In case the Company has the statutory duties to process any personal data, the Company need to retain the Vendor’s personal data for the period of time as stipulated in such laws.

Disclosure of the Personal Data

If necessary, the Company may need to disclose and/or transfer the Vendor’s personal data to the following third parties: (1) the Company’s other customers or vendors to which the Company needs to disclose your personal data for the performance the Company’s obligations and the provision of services to the customer or such vendors on the necessary basis; (2) the third-party service providers that has been engaged by the Company to support the Company in fulfilling its obligations, including without limitation the Company’s affiliates, consulting company or accounting audit company; provided that the Company shall disclose the personal data only on the necessary basis under the scope of a data processing agreement entered into between the Company and such third parties; and (3) any government authorities that the Company is obliged under the relevant laws or the judgement or government order to disclose such personal data; provided that the Company shall only disclose personal data on the necessary to perform such statutory duties. 

Information Security of the Personal Data

The Company guarantees to implement the appropriate data security measures to protect the Vendor’s and/or Vendor subordinate’s personal data pursuant to the applicable laws to prevent the unauthorized and unlawful access, use, change, modification or disclosure of the personal data. The Company shall review and revise the relevant data security measures on a regular basis to ensure the compliance with the industry standard practices and relevant laws.

Data Subject Rights.

The Company respects Vendor’s statutory rights as a data subject under the relevant laws. The Vendor may request to exercise the Vendor’s rights under the applicable laws as follows: right to withdraw consent, right to access and request for copy of personal data, right to rectification,  right to obtain personal data in case the Company has anonymized such personal data to be in a structured and machine-readable format, right to data portability, right to objection, right to deletion or destruction or de-identification when the processing of such personal data is no longer necessary, right to suspension, or right to compliant in case of the violation of personal data. Please contact: DPO@jubileediamond.co.th for the request to exercise the aforementioned rights.