In compliance with the Personal Data Protection Act (the “PDPA”), Toyota Tsusho Myanmar Co., Ltd. (‘TTMM’) sets out this policy how we collect, use and discloses employees’ personal data.
TTMM collects and maintains employees’ personal data as part of the employee records. These information include the employee’s name, gender, date of birth, citizenship, marital status, address, contact details, educational background, job history, bank details, medical records and any other information voluntarily given or submitted by employee in the course of his/her employment with TTMM as a statement of fact and qualification in support of his/her employment.
During the course of your employment with us, we may also collect information regarding your work performance including performance appraisals etc.
3. Purposes for collection of Employee Data
TTMM will collect, process and use employee data for the following purposes:
- Payroll, compensation and benefits administration;
- Employee relation and discipline;
- Performance review:
- Secondment and transfer;
- Employee development and training;
- Talent management and succession planning such as overseas job posting & deployment;
- IT-systems communication and security;
- Regulatory compliance;
- Governmental and/or agencies, regulatory and/or statutory bodies requirement; and
- Work and business-related requirements.
4. Disclosure of Employee Data
In order to carry out the functions as described in clause 3, TTMM may from time to time, disclose your data;
- Between the Toyota Tsusho Group companies;
- To relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any government bodiesand authorities;
- To companies providing services relating to insurance and consultancy to TTMM;
- To agents, contractors or third party service providers who provide operational services to TTMM such as courier services, telecommunications, information technology, payment, printing, billing, payroll processing, technical services, training, market research, call centre, security or other services to TTMM;
- For the purposes of disaster recovery; and
- Any other purposes with your consent.
5. Deemed Consent
Your continued employment with us is deemed consent for us to collect, process, and store the data in accordance with the above. During TTMM’s trainings, events and activities, photographs and/or videos will be taken, your presence to the event would be deemed to have given consent for their photograph and/or video to be collected, used or disclosed.
6. Withdrawal of Consent
Employee may withdraw their consent to any or all use of their personal data, TTMM may not be in a position to continue to provide employment related service to them such as the functions stated in clauses 3 & 4.
7. Data Accuracy
Employees should ensure that the personal data provided to TTMM is accurate and correct at any point of time. If there are any changes to your Personal Data or that the Personal Data we have about you is inaccurate, incomplete, misleading or not up-to-date, please contact any members from the Administration Group to update your Personal Data.
8. Transfer of Data
In the course of TTMM’s business operation needs, we may transfer your personal data out of Myanmar for the purposes that are limited to the functions stated in clauses 3 & 4.
9. Security of Personal Data
TTMM will take appropriate measures to keep your personal data accurate, complete and updated. We will also take reasonable efforts to take appropriate precautions and preventive measures to ensure that your personal data is adequately protected and secured. Appropriate security arrangements will be taken to prevent any unauthorized access, collection, use, disclosure, copying, modification, leakage, loss, damage and/or alteration of your personal data. However, we cannot assume responsibility for any unauthorized use of your personal data by third parties which are wholly attributable to factors beyond our control.
In any event that TTMM reasonably discovers any breach of the security of your personal data, TTMM will report to the Personal Data Protection Commission of Myanmar without undue delay.
10. Your Responsibilities
As an employee of TTMM, you have a responsibility to ensure that any personal information that you hold, use or share are handled in a secure manner by;
- ensuring all data (in electronic or hard copy form) is kept secure;
- ensuring security of the data you possess;
- ensuring that all data you possess, is not disclosed to anyone who is not entitled to it;
- ensuring that any employee processing personal data under your supervision (if any) observe strict security to protect the data they possess; and
- ensuring that any data that is no longer necessary for any use or purpose, should be destroy and remove. For example, resumes of candidates.
11. Retention of Data
We will retain your personal data for a reasonable period for the purposes such as audit and reference check or until you request for us to delete the personal data, or as required by law.
In the event that retention of your personal data is no longer necessary for legal or business purposes or when the purpose for which your personal data was collected is no longer being served by the retention of your personal data, TTMM will remove, destroy or anonymise your personal data.
12. Changes to this Personal Data Protection Policy
TTMM reserve the right to amend this Personal Data Protection Policy from time to time, for legal or regulatory reasons. A notice of such amendments will be made available to you through the TTMM intranet or through any other mode we view appropriate and suitable.
13. Access, Correction and Queries
If you wish to have access to your personal data on file, correct any personal data, or if you have any queries, please contact any member of the Administration Group.
In addition, you may also reasonably request to have your personal data to be forgotten, erased or ceased to be disseminated or at any time halt the processing of your personal data.
14. Governing Law
This Data Protection Policy shall be governed in all respects by the laws of Myanmar.