Privacy notices

We will use your personal data to:

• assess your suitability for the role;
• enable shortlisting;
• prepare for any interviews and assessments required;
• contact you to arrange, conduct, evaluate and feedback on assessments and interviews; and
• where successful, to make you an offer/provide you with an employment contract
• Once working at dentsu, we will also use your personal information to assess your suitability for other roles you may apply for or projects that may be assigned to you.

• Full name
• Date of birth and Age
• Gender
• Contact Information (i.e. resident address, phone number and email address)
• Nationality
• Photo
• Copy of Identity card or Passport
• Marital status
• Educational background
• Work experience and employment history
• Other work professions and qualifications (i.e. skills and training)
• Information defining in CV, resume and application form
• Information generated by us and you, through a combination of recruiting activities to further assess suitability for the role

(collectively referred to as the “Application Information”)

Job candidates

• Application Information
• Criminal background result

Referee and any person appeared in the CV

• Full name
• Contact detail
• Job Title and Company Name

Application Information

(1 calendar year and exceptional 3 years)

Legitimate interest

We will maintain and process general records necessary for the management of workers and to operate the employment contract between you and the dentsu organisation, in particular, to:

• enter into an employment contract and establish a legal relationship between you and us;
• facilitate your onboarding to the organisation (for example, when receiving IT equipment, setting you up on our systems and making sure you can access our premise)
• provide support with visa applications (if required)
• provide support for the obtainment of building car park card
• track and approve leaves and overtime
• process information required to help you participate in activities and programmes you are eligible for
• facilitate moves within the company in the event of changes to your role, location, or manager
• running employee surveys, new joiner or leaver surveys
• for some leave requests we will need information that indicates the nature of the time off and duration so we can approve, apply correct policies and redistribute workload as needed.
• for some roles, overtime will need to be tracked.

• Application Information
• Signature on the contract
• Employment contract entered into between you and us
• Employee photograph
• Corporate account (i.e., employee ID, corporate email, password, device information)
• Fingerprint scanned (if you would like us to collect; provided that we will only collect your fingerprint if you give us explicit consent)
• Workdays and presence record
• Leave request, including the medical certificate where we reserve the right to request; provided that the explicit consent will be obtained from you
• Vehicle information for building car park card and other relevant usage information of such card
• Any information defining in the request that you have made
• Any information defining in the request that other third party may request from you

We would need to process your personal data for the purpose of providing and administering payroll including tax and social security deductions and contributions (e.g. provident fund), and any other deductions or garnishments required by law or your contract (including without limitation the deduction according to court or other legal requirements).

It should be noted that we will often utilise third-party suppliers for benefits and recognition systems, and we will make sure we follow the requirements of the law and that your personal information is protected by the appropriate technical and organisational measures.

• Application Information
• Bank account information
• Tax-related information and social security information
• Employment contract entered into between you and us
• Information of the beneficiary (e.g. full name and relationship of such person and you)
• Other information required in the application for the provident fund
• Information defining in the deduction order (e.g. from court judgment or Student Loan)

In addition to the payroll management, we, as the employee, would need to process your personal data for the purpose of providing and administering remuneration, benefits and recognition/incentive scheme to reward good performance.

In particular, we may contact you or send you gifts on special occasions such as your birthday, wedding, baby-delivering, funeral and to recognise ‘length of service’ milestones working for us. We will do this using any personal data you provide us with (either in a HRIS or more generally) but you can always ask for this to not happen by contacting your People Services. Also, we will run pay benchmarking processes and reporting as required by law and ensure we are rewarding our employees appropriately with equal pay.

For reference purposes, the benefit provided by us would include:

• annual health checkup (provided that no health information will be shared back to us);
• outing trip (provided that in case the specific medical information will be needed, we would request for explicit consent from you);
• Joy application benefits (provided that the details of the personal data to be processed for each activity or benefits will be defined separately and in particular where the medical information will be required, the explicit consent will be requested from you on-spot);
• provident fund;
• group insurance;
• family planned insurance (if eligible as defined in the terms and conditions by each dentsu organisation).

It should be noted that this purpose and process may involve us passing appropriate personal information on to the relevant third-party providers so they can contact you, or you may register with them directly. We will also provide the details of any beneficiaries you nominate in case of death or other benefits to the relevant third-party. Also, we may use third-party suppliers for benefits and recognition systems and we’ll make sure we follow the requirements of the law and that your personal information is protected by them appropriately.

• Application Information
• Bank account information
• Employment contract entered into between you and us
• Position, salary base and benefit scheme that you are eligible for
• Any information relating to the request and/or the provision of the remuneration and benefit from us to you (including without limitation the wedding invitation card or photo or other evidence as the Company may require)
• Work performance and employment track record
• Associated Person’s personal data as required for the provision of each benefit (including the full name, identification card information of the family included in the planned insurance).

• Working track record
• Employment contract entered into between you and us
• KPI and other achievement / goals set
• Tracking progress
• Feedback about your work performance from managers, peers, direct reports and others in the organisation
• Any information defining in the grievance or relating to the informal and formal HR or Legal processes undertaken

Where relevant, we will need to process any claim made by or involving you when a party is

seeking compensation in cases of illness, injury or any other damages that you may cause.

• Application Information, in particular your contact information (if required in the process of resolving the claim)
• Any information that we may seem appropriate and necessary to address the claim made

We will process your day-to-day activities in your role with us at dentsu. The type of data processed will depend on the nature of your role, but can include:

• Including your personal data in group / ‘all office’ email distribution lists internally;
• Having the capability to access staff business records such as email, Office 365, Teams and OneDrive;
• Staff time management and scheduling;
• Sharing contact information with clients, including for pitches;
• Booking and invoicing for services;
• Inviting you to and confirming your attendance at internal and external dentsu events;
• Providing knowledge to a central service management system (e.g. ServiceNow) and responding to service downtime;
• Logging IT Service Desk tickets with internal system providers, plus systems permitting IT staff to remotely operate staff systems in order to fix / manage requests (when you have granted access);
• Tracking intranet usage. You will be searchable on the intranet and your information will appear on pages where you have produced the content;
• Meeting room and desk booking systems.

• Staff business records such as email, Office 365, Teams, Workday and other working system used and OneDrive as well as your working calendar
• Corporate contact information
• Working time records and timesheet
• Intranet and other corporate infrastructure usage

Your personal data may be stored to allow dentsu to manage its business operations and plan appropriately for the future. This will include resource planning, project planning, staff cost management, resource allocation, client profitability analysis and timesheet compliance.

It should be noted that Managers are required to assess their direct reports to assess Potential Level, Retention Risk and Impact of Loss. Your information will be processed for this on an ongoing basis.

• Staff business record
• Work performance, assessment and feedback
• Any information collected from your work performance in your role that may affect the business operation of dentsu organisation

Your personal data will be stored for the purpose of managing forecasting, budget / account management and planning for future as well as for the purpose of accounting and auditing process.

It should be noted that from time to time, we will disclose your personal data to third-party service providers (e.g. Microsoft Dynamics 365) to assist in our accounting and auditing processes.

Any information collected from your work performance in your role that may affect the business operation of dentsu organisation

• IT and physical access logs
• CCTV image

We have systems in place to prevent unauthorized access to our computer and electronic

communications systems and preventing the distribution of malicious software. Your personal

data is processed for several reasons, including authenticating legitimate users, contacting you

in the event of an incident, training and testing in phishing awareness, setting up IT alerts, and

restricting where corporate data can be stored.

To further enhance security, we have deployed a secure corporate browser for dentsu-managed devices and for dentsu corporate apps on personal devices. This system monitors user browsing activity to protect against malicious websites, threats, and malware, capturing and storing all browser-related traffic, including (but not limited to) websites visited, data transfers, IP addresses, and dentsu email addresses.

Please note: This system will not: (a) monitor other browsers on your personal device (e.g. Chrome, Edge, Safari etc); the only data we will collect pertains to interactions with corporate applications; (b) collect any inputs or clicks performed by you on a website, including filling in forms, responding to questions, or updating details. We only collect the full URL; or (c) process, correlate, or share any information collected unless it triggers a security event.

• IT and System access and transaction logs
• Browsing activities and other transaction you undertaken using dentsu-managed devices and dentsu corporate apps
• Training records
• Contact information needed for the alert or incident management

We may retain your personal data to review and better understand employee retention and attrition rates, and to understand the success of our systems / programmes.

Also, your information may be gathered for business operational and reporting documentation such as the preparation of annual reports. Your data, if used, will normally be anonymised so

that you would not be personally identified.

In addition, we will also run data mining to assess the success of our systems and analyse how we can help you work more efficiently.

• Employee survey and feedback
• Photographic images and testimonials

• Any information collected from your work performance in your role that may affect the business operation of dentsu organisation
• Application Information

We are required to monitor and document activity as required to demonstrate legal compliance.

This includes conflict of interest records, gifts and hospitality and anti-bribery and corruption

reporting, and mandatory compliance training.

This also includes our obligations in relation to maternity or parental leave legislation, working

time and health and safety legislation, taxation rules, worker consultation requirements, other

employment laws and regulations to which dentsu is subject.

Personal data is also kept enabling us to process data subject rights requests employees may have during or after their employment with dentsu.

Also, we will occasionally need to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities (including without limitation data protection, tax and employment), whether within or outside your country.

• Application Information
• Working track record that may relate to compliance with all these applicable laws
• Information from the Speak Up Scheme and other grievance or whistle-blowing mechanism
• Any other relevant information required to fulfill the data subject rights requests or the public authorities’ request or instruction

Under the Gender Equality Act of 2015, we may need to ask you to share information about you to ensure our compliance with equality and diversity requirements and to help us improve our employment practices.

It should also be noted that at the global level and may be implemented at the market-level, we run D&I and social impact initiatives and ask all employees to sign up to a DEI pledge, for which your personal information will be processed.

• Gender information
• Relevant work position and working conditions for the purpose of the comparison to ensure the equal opportunities

Throughout your employment with dentsu, you will undergo various training programmes to both enhance your skills and also to fulfil mandatory compliance requirements.

This depends on your role and where you are working, but can include: (a) Mandatory Data Protection, Ethics & Compliance, Intellectual Property, Code of Conduct, and Security e-learning courses. Employees' completion of these training courses is recorded and stored. Additional required training courses may be added, and completion is required, based on market-level and global requirements; (b) external coaches will occasionally run sessions. With consent, basic personal information will be shared with those coaches; (c) available learning platforms will track learning content utilization, assessment scores, platform access, learning completions, and attendance in live learning programs.

• Participation record to each assigned training course
• Tracking of the learning content utilization, assessment scores, platform access, learning completions, and attendance in live learning programs

This will include us needing to process your personal data to assess eligibility for incapacity or permanent disability related remuneration or benefits; determine fitness for work; and make management decisions regarding employment or engagement or redeployment, and conduct-related processes

This includes providing support in work related injuries, illness, management of your health and

safety, providing any accessibility support you may need and contacting your emergency contact if ever needed.

We are also required by law to record details of any accident that occurs in the workplace.

• Physical or mental health or conditions
• Information relating to the special request that you may make to get the special support or assistance from us

We may contact you in the event of an emergency or potential threat to you or our business

such as a natural disaster or cyber-attack. Such emergencies or disasters might include a any other case where business is not able to occur under normal conditions (i.e. severe weather, emergency service or security incidents, health emergencies, cyber security or significant technological failures).

To ensure you are promptly informed about such events, we may use any personal data you

provide us with (either in a HRIS or more generally) which may include your private contact

details e.g. private phone number or email.

• Contract information, including your private contact details and your emergency contact
• Personal data in HRIS

Sometimes we may need to gather personal data in relation to any allegations, complaints, investigations and disciplinary processes that occur during your time working at dentsu , whatever your role in the process.

This can include "whistle blowing or speak up now" reports from employees and are handled through third-party services.

Evidence in all cases will need to be gathered and recorded for the duration of any investigation.

We may also need to manage litigation proceedings on behalf of dentsu. Your data may be

processed where required.

• Whistle blowing or speak up now report
• Relevant evidence that may be gathered directly or indirectly during the investigation

In accordance with relevant laws, we reserve the right to monitor and scan electronic

Communications sent using the accounts, network and equipment we provide to you for work purposes. This is to ensure that dentsu IT resources are being used in compliance with the law and are in line with dentsu policies. You can learn more information about using dentsu IT resources in our Acceptable Use Policy on Neon.

When you leave dentsu, we run certain processes involving your personal data to understand why you left us that would help us in business planning.

Your data will be used when we are preparing for your departure, for example when you are returning IT equipment or corporate credit cards.

We will also retain information to manage and administer our related legal obligations, including to prepare the employee registry as required under the Labor Protection law.

• Application Information
• Working information during the employment term
• Leaver’s survey and exit interview
• Personal data entered into and executed on our system and environment (i.e. HRIS)

After you leave, we will retain certain information to understand the decision making in your role and maintain knowledge within the business; for example, this may include your handover notes, document or emails you have sent or accessed to for the purpose of the work transition.

We do this because it is in our interests to use this information to help run our business, or it may be to support a legal obligation we have.

We may also ask if you would like to opt in (give us consent) to our alumni marketing programme whereby you can receive communications about dentsu and information about new job openings.

• Work track record and any knowledge or deliverables made during your employment term
• Your contact information for the purpose of the alumni communication purpose

Dentsu Aegis Network Thailand Co., Ltd.

Dentsu Holdings (Thailand) Ltd.