Last Updated: 04 February 2026
This Data Protection Policy (“Policy”) explains how CGP Group Companies (“we”, “us”, or “our”) collect, use, disclose, and process personal data of individuals (hereinafter referred to as “Users”) applying for job positions with us as well as website visitors who submit any enquiry or feedback. It complies with applicable data protection laws, including Thailand’s Personal Data Protection Act (PDPA).
This Policy applies to personal data in our possession or under our control, including data handled by third-party organisations we engage for recruitment-related purposes.
This Policy is an addendum to our data collection forms (job applications, contact, service enquiry, etc.) and should be kept as part of the complete application documentation.
This Policy applies to Cornerstone Global Partners Pte. Ltd. (“CGP”) and its related corporations, including but not limited to:
THAILAND
CGP Recruitment (Thailand) Co., Ltd
No. 1 Park Silom Building, Room 30.18, 30th Floor, Convent Rd, Silom, Bangrak, Bangkok 10500, Thailand
https://www.cgpthailand.com/about-us/privacy-policy/
SINGAPORE
Cornerstone Global Partners Pte Ltd
79 Anson Road #17-01 Singapore 079906
EA Licence Number: 19C9859
https://www.cgp.sg/privacy-policy/
MALAYSIA
Agensi Pekerjaan Cornerstone Global Partners (Malaysia) Sdn. Bhd
Suite 44, Menara UOA, Tower B, Level 9, Jalan Bangsar Utama 1 59000 Kuala Lumpur
JTKSM 1253
https://www.cgpmalaysia.com/privacy-policy/
VIETNAM
Cornerstone Global Partners (Vietnam) Company Limited
25A/1 + 25A1 Nguyen Binh Khiem, Ben Nghe Ward, District 1, Ho Chi Minh City, Vietnam
https://www.cgpvietnam.com/privacy-policy/
This Policy applies to all individuals (hereinafter referred to as “Users”) who apply for any job position with us (“Job Applicants”) as well as website visitors (“Clients/Employers/Enquirers”) who submit any enquiry or feedback.
We collect candidate personal data, including contact details, CV information, work and education history, skills, remuneration details, and any information provided during applications or interviews to assess suitability for current and future roles, manage the recruitment process, communicate on application status, and present profiles to potential employers. We may retain candidate data for a reasonable period to maintain our talent pool, comply with legal or regulatory requirements, and manage any queries or disputes. Your data will be used only for purposes notified to you and in accordance with consent obtained under the PDPA.
We collect personal data from employers and clients, including key contact persons’ names, business contact details, job requirements, hiring preferences, and feedback to deliver recruitment and related services, understand hiring needs, recommend suitable candidates, manage our commercial relationship, and perform administrative functions such as billing, reporting, and compliance obligations. Your data will only be used for these business purposes or other purposes you have been notified of or consented to, in line with PDPA requirements.
We collect personal data from website visitors and enquirers including names, contact details, enquiry content, and limited technical information such as IP address or cookies where applicable to respond to enquiries, provide information on our services, manage subscriptions or alerts, maintain and improve website performance and security, and analyse site usage on an aggregated basis. Where required, we obtain consent for the use of cookies, analytics tools, or marketing communications. Your data will only be used for the purposes notified to you or for purposes reasonably related to them, in compliance with the PDPA.
“Personal data” refers to any information that can identify any User, either on its own or when combined with other data we have or are likely to have access to.
We may collect the following personal data from Users:
In certain countries where we operate, we may also collect sensitive personal data if required for recruitment purposes. This may include:
Where sensitive data is collected, we will obtain your explicit consent and apply appropriate safeguards to protect it in line with legal requirements.
We generally collect personal data in the following ways:
We will always seek your consent before collecting additional personal data or using your data for purposes not previously notified—unless permitted by the relevant laws.
As a User, your personal data may be collected, used, and disclosed for the following purposes:
If you provide us with personal data of another individual (e.g., a referee), you must obtain their consent before disclosing their data to us.
Your consent for the collection, use, and disclosure of your personal data remains valid until you withdraw it in writing via email.
To withdraw your consent, please email your request to our Data Protection Officer at the contact details provided. We may require reasonable time to process your request, depending on its complexity and impact on our relationship with you.
Depending on the nature of your request, we may not be able to proceed with your application or continue our engagement with you. If so, we will inform you before completing the withdrawal process.
If you change your mind, you may cancel your withdrawal by informing us in writing via email.
Withdrawal of consent does not affect our right to continue collecting, using, or disclosing your personal data where permitted or required by law.
If you wish to request access to a copy of the personal data we hold about you, or to understand how your personal data is being used or disclosed, please submit your request in writing via email to our Data Protection Officer at the contact details provided below.
If exceptional circumstances prevent us from meeting the required timeline, we will notify you via email, explain the reason for the delay, and outline the steps being taken to address it—always in accordance with applicable laws. For individuals located in jurisdictions with extraterritorial data protection laws, we will respond in accordance with those local laws. Where applicable, we also comply with Thailand’s PDPA, which requires a response within 30 calendar days.
If we are unable to provide the requested personal data, we will generally inform you of the reasons—unless we are not required to do so under applicable data protection laws or jurisdictions’ laws.
Depending on your request, we may only be required to provide access to the personal data contained in relevant documents, not the documents in full. In such cases, we may provide a summary or confirmation of the personal data we have on record, especially where your data forms only a minor part of the document.
If you wish to correct or update any personal data we hold about you, please submit your request in writing via email to our Data Protection Officer.
Our internal target of 10 business days applies unless a shorter response time is required by law. Statutory timelines include:
For individuals in jurisdictions with extraterritorial data protection laws, we will respond in accordance with those laws. Where applicable, we also comply with Thailand’s PDPA, which requires a response within 30 calendar days.
If we are unable to make the requested correction, we will generally inform you of the reasons—unless we are not required to do so under applicable data protection laws or jurisdictions’ laws.
To protect your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal, or similar risks, we have implemented appropriate administrative, physical, and technical safeguards. These include:
Access to personal data is restricted internally and to authorised third-party service providers and agents on a strict need-to-know basis.
Please note that while we strive to maintain the highest standards of security, no method of transmission over the Internet or electronic storage is completely secure. We are committed to continuously reviewing and enhancing our security measures to protect your personal data.
We rely on the personal data provided by you (or your authorised representative). To ensure your data remains current, complete, and accurate, please notify us of any changes by contacting our Data Protection Officer in writing via email.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable laws.
We are committed to protecting your personal data and ensuring transparency in how it is shared and transferred across borders.
We may share your personal data with contracted third-party service providers, some of whom may be located outside your country of residence. These providers support various business functions, including but not limited to:
All third-party engagements are governed by contractual obligations and internal policies to ensure your data is handled securely and lawfully.
As we operate across multiple jurisdictions, it may be necessary to transfer your personal data overseas in connection with our business activities and service delivery. These transfers may occur to, but are not limited to, the following countries or regions:
Singapore, Malaysia, Thailand, Vietnam, Mainland China, Hong Kong SAR, Japan, USA, and other jurisdictions where we operate from time to time.
We ensure that any personal data transferred overseas is protected to a standard comparable to the data protection laws of the originating jurisdiction, such as the Thailand PDPA or other applicable data protection laws.
We are committed to complying with applicable data protection laws in all jurisdictions where we operate or receive job applications. This includes:
We ensure that personal and sensitive data collected from Users is processed lawfully, fairly, and transparently.
Where personal data is transferred across borders—including to jurisdictions with extraterritorial data protection laws—we implement appropriate contractual, technical, and organisational safeguards to protect data integrity, confidentiality, and security. These safeguards are designed to ensure compliance with local legal requirements and maintain a level of protection comparable to that of the originating jurisdiction.
As part of our recruitment operations, we may use AI-powered tools to assist in organizing, analyzing, and supporting the processing of job application materials. These tools may process personal data such as:
The use of AI tools is strictly limited to supporting internal recruitment functions, including:
These tools do not make automated decisions about your suitability for employment. All evaluations and selections are made by qualified recruitment professionals, with human oversight at every stage of the decision-making process.
The processing of personal data through AI tools is conducted in accordance with applicable data protection laws in the jurisdictions where we operate. Legal bases for processing may include:
Where required, we implement balancing tests, data protection impact assessments, and appropriate safeguards to ensure fairness, transparency, and protection of your personal data.
Depending on your jurisdiction, you may have additional rights under applicable data protection laws. These may include:
If you have any enquiries or feedback regarding our personal data protection policies and procedures, or if you wish to make a request, please contact:
Data Protection Officer: DPO Office
Email: dpo.th@cornerstoneglobalpartners.com
This Policy applies in conjunction with any other policies, notices, contractual clauses, and consent clauses that relate to the collection, use, and disclosure of your personal data by us.
We may revise this Policy from time to time without prior notice. You can check for updates by referring to the “Last Updated” date at the top of this document. Your continued participation in our recruitment process or employment with us constitutes your acknowledgement and acceptance of any changes.
If you are a minor under the minimum age defined by applicable privacy laws, you represent and warrant that your parent or legal guardian has been informed of and has agreed to this Data Protection Policy.
Where legally required, you are responsible for obtaining valid parental consent before providing us with your personal data.
We may request evidence of such consent and reserve the right to delete any personal data collected from you if we cannot verify that the necessary consent has been obtained. We are not liable for any failure to obtain parental consent as required by law.
In most cases, we do not require sensitive personal data during the job application process. You should avoid submitting such data unless it is necessary or relevant.
However, we may collect and handle sensitive personal data—including health information, financial details, criminal history, or other data considered sensitive under applicable laws—under the following conditions:
We may request confirmation of your explicit consent where required and reserve the right to delete any sensitive personal data submitted without a valid legal basis or necessary consent. In situations where explicit consent is required by law, we will be contacting you separately.
By submitting forms via website, you acknowledge and agree to the following:
Disclaimer:
This mailbox is designated for matters related to the Data Protection. For enquiries unrelated to data protection, submit your request via our Official Contact Form. Kindly note that non-DPO-related queries sent to this mailbox may not receive a response.