Privacy Notice

For Job Applicants, Internship Applicants, and Interns

Magic Software (Thailand) Co., Ltd.

            Magic Software (Thailand) Co., Ltd. (hereinafter referred to as the “Company”) respects the privacy rights of job applicants, internship applicants, and interns (hereinafter collectively referred to as “You”). To ensure that your personal data is protected, the Company has prepared this Privacy Notice to serve as a guideline and standard for personal data management. The Company has considered the collection, use, and disclosure (collectively referred to as “Processing”), as well as the retention, deletion, and destruction of your personal data through online and other channels, in accordance with the Personal Data Protection Laws, as follows:

1.   Objectives of Personal Data Processing

The Company processes your personal data for the following objectives:

1.1   Recruitment and Contractual Basis: To proceed with your request to apply for a job with the Company, such as conducting the recruitment process, verifying qualifications, and selecting candidates prior to entering into an employment contract. This also includes complying with internship agreements, payment of internship allowances, and providing various benefits arising from the internship.

1.2   Legitimate Interests: For the legitimate interests of the Company or third parties, such as analyzing and creating databases, managing and improving the recruitment and selection process, evaluating internship performance, preparing internship or employment contracts in case you pass the selection process, and exercising legal claims.

1.3   Vital Interests: To prevent or suppress a danger to a person’s life, body, or health, such as contacting you in case of emergency, or for communicable disease control and prevention.

1.4   Legal Obligation: To comply with laws, regulations, and orders of persons having legal authority.

1.5   Public Task: To perform duties in the public interest of the Company only in cases relating to internship programs, cooperation programs with educational institutions, or programs conducted in accordance with government policies, which aim to promote education, skills development, or workforce readiness for students.

2.   Personal Data Collected

The Company collects the following personal data:

2.1   Application Data: Information specified in the application form.

• Preliminary Information: e.g., date of application, position applied for or area of interest, expected salary, available start date.
• General Information: e.g., title, first name, last name (Thai and English), nickname (Thai and English), date of birth, age, photograph, nationality, religion, national ID card number, military service status, passport number, work permit number.
• Contact Information: e.g., address according to house registration, current address, telephone number, email, type of residence (parents’ house, own house, rented house/dormitory, etc.).
• Family Information: e.g., marital status, details of family members (parents, spouse), number of siblings, number of children.
• Education and Skills: e.g., educational background and transcripts, training and seminar history, language proficiency, driving ability, and various skills.
• Work History: e.g., company names, periods of employment, positions, salary, reasons for leaving, internship experience.
• Third-Party References: e.g., emergency contacts (first name, last name, relationship, contact number), and persons from whom the Company can verify your background (first name, last name, position, company name, contact number).

2.2    Identity Verification Documents: e.g., resume / curriculum vitae (CV), copy of transcript, copies of educational certificates, copy of degree certificate, copies of certificates received, certificate of employment, copy of national ID card, copy of driving license, copy of passport, copy of work permit.

2.3   Data Collected from You: e.g., information you specify or provide to the Company, test results, interview evaluation forms, and information you provide to the Company during job interviews.

2.4   For Interns, additional data is collected as follows:

• Copy of Student ID Card.
• Copy of bank account book (for payment of internship allowance).
• Images and moving images (photographs and videos).
• Characteristics of the intern and data from the internship, e.g., discipline, behavior, attitude, thoughts, ability to work with others, or other characteristics used for internship evaluation.

3.   Sources of Personal Data

The Company may obtain your personal data from various sources as follows:

3.1   Personal Data Obtained Directly from You through channels such as:

• The Company’s website (www.magicsoftware.co.th).
• The Company’s HR email (hr@magicsoftware.co.th) or other communication channels between the Company and you
• Walk-in applications.

3.2   Personal Data Obtained via Job Platforms or Service Providers Such as job search websites including JobsDB, Jobtopgun, or other similar platforms (where you submit your information through such platforms and the Company receives the data via the platform’s system)

3.3   Personal Data Obtained from Third Parties Such as:

• Your curriculum vitae (CV) received from recruitment agencies (headhunters / recruiting agencies)
• Information from persons who referred you.

4.   Use of Cookies

       The Company uses cookies to collect personal data as set out in the Cookie Policy.

5.   Request for Consent and Potential Impact of Withdrawal

5.1   In cases where the Company collects and processes your personal data based on your consent, you have the right to withdraw your consent given to the Company at any time. Withdrawal of consent will not affect any processing carried out before the withdrawal.

5.2   If you withdraw your consent given to the Company or refuse to provide certain information, the Company may be unable to carry out some or all of the purposes specified in this Privacy Notice.

5.3   In cases where the Company requires consent from other persons (e.g., your references), you represent and warrant that you have the authority to act on behalf of such data subjects in acknowledging this Privacy Notice and in granting consent to the Company for the processing of their personal data.

6.   Retention Period of Personal Data

The Company will retain your personal data for the period necessary to achieve the purposes of collection, unless a longer retention period is required or permitted by law. Where the retention period cannot be clearly specified, the Company will retain the personal data for a period that is reasonably expected based on standard retention practices (e.g., up to 10 years in line with the general statutory limitation period).

6.1   For Applicants: The Company will retain the personal data of job applicants and internship applicants for a period of 1 year from the date of receipt of the application.

6.2   For Talent Pool: The Company may retain your personal data after completion of the consideration for that position in order to consider and contact you if there are other positions that the Company deems may be suitable for you. This will be for a period necessary to achieve the purposes of applying for employment or internship. If you do not wish the Company to retain your data for consideration for other positions, you can contact the Company via the channels specified in this Privacy Notice.

6.3   For Hired Employees/Interns: If you pass the selection process and become an employee or intern, the Company will continue to retain your personal data for the period necessary to achieve the purposes of your employment or internship.

6.4   In cases where the Company uses your personal data based on your consent, the Company will process such personal data until you request to withdraw your consent and the Company has completed your request. However, the Company will retain your personal data as necessary to record that you have withdrawn your consent so that the Company can respond to your requests in the future.

6.5   The Company has a system to review and delete or destroy personal data once the retention period has expired, or when such data is no longer relevant or necessary for the purposes of collection.

7.   Disclosure of Personal Data to Third Parties

7.1   The Company may need to disclose and share your personal data with other individuals and legal entities (“Third Parties”) to achieve the purposes of collection and processing of personal data as specified in this Privacy Notice, such as:

• Service providers related to recruitment and personnel selection processes.
• Employment services, security services, background check service providers.
• Qualification and capability testing providers.
• Information technology systems, financial institutions, and government agencies.
• Other persons necessary for the Company to conduct its business and provide services to you, and to take actions in accordance with the purposes specified in this Privacy Notice.

7.2   The Company will require recipients of personal data to implement appropriate data protection measures, to process such personal data only as necessary, and to take steps to prevent unauthorized or unlawful use or disclosure of personal data.

8.   Transfer of Personal Data to Foreign Countries

8.1   The Company may store your personal data on servers or cloud services operated by third-party service providers and may use third-party Software as a Service (SaaS) and Platform as a Service (PaaS) solutions to process your personal data. The Company will not allow unauthorized persons to access your personal data and will require those service providers to maintain appropriate security measures in accordance with applicable Personal Data Protection Laws.

8.2   If your personal data is transferred to a foreign country, the Company will comply with the Personal Data Protection Laws and use appropriate measures to ensure that your personal data is protected and that you can exercise your rights related to your personal data in accordance with the law.

9. Security Measures for Personal Data

9.1    The security of your personal data is important to the Company. The Company has adopted appropriate technical and administrative security measures to protect personal data from loss, unauthorized access, use or disclosure, misuse, modification, and destruction. The Company uses technologies and security procedures such as encryption and access restrictions to ensure that only authorized personnel can access your personal data, and that such personnel are trained on the importance of personal data protection.

9.2    The Company has appropriate security measures to prevent the loss, unauthorized access, use, modification, correction, or disclosure of personal data by persons who have no rights or duties related to that personal data. The Company will review and update these measures when necessary or when technology changes to ensure that they remain effective.

10.   Your Rights Regarding Personal Data
You have rights under the Personal Data Protection Laws as follows:

10.1.   Right to withdraw consent: You have the right to withdraw your consent for the processing of your personal data that you have given to the Company at any time while your personal data is with the Company.

10.2.   Right to be informed: You have the right to be informed about the details of the collection, use, or disclosure of your personal data, including the purposes, retention period, and information about the data controller.

10.3.   Right of access: You have the right to access your personal data and request the Company to provide a copy of such personal data to you, including requesting the Company to disclose the source of personal data that was collected without your consent.

10.4.   Right to rectification: You have the right to request the Company to correct inaccurate personal data or to complete incomplete personal data. Such correction must be made in good faith and not contrary to legal principles.

10.5.   Right to erasure: You have the right to request the Company to delete or destroy your personal data, or to make it anonymized so that it can no longer identify you.

10.6.   Right to restriction of processing: You have the right to restrict the processing of your personal data.

10.7.   Right to data portability: You have the right to obtain your personal data provided to the Company in an electronic format, and to request the Company to transfer such personal data to another data controller where applicable.

10.8.   Right to object: You have the right to object to the processing of your personal data on certain grounds.

The Company will consider and notify you of the result of your request to exercise your rights within 30 days from the date the Company receives such request. The rights mentioned above are in accordance with the Personal Data Protection Laws.

11.   Information on Data Controller and Data Protection Officer

11.1.   Data Controller : Magic Software (Thailand) Co., Ltd.
Contact Address : 9/68 Soi Ratchapacha, Chatuchak Subdistrict, Chatuchak, Bangkok 10900

11.2.   If you have any inquiries regarding personal data protection or wish to exercise your rights regarding your personal data, you may do so via the Data Subject Rights Request Form or contact the Company at Tel: 0-2911-9988 or E-mail: pdpa@magicsoftware.co.th

In the event of any changes to this Privacy Notice, the Company will announce the updated Privacy Notice on the Company’s website at www.magicsoftware.co.th. You should check this Privacy Notice from time to time. The updated Privacy Notice will be effective immediately from the date of announcement.

Last Announced on: 5 January 2026