Privacy Notice

1. About True Internet Data Center Co., Ltd.

True Internet Data Center Co., Ltd. (True IDC) ( “True IDC” or “Company”) recognizes the importance of protecting personal data and privacy and respects the rights to privacy under applicable laws. The Company is committed to the lawful collection, use, and disclosure of your Personal Data pursuant to the Personal Data Protection Act B.E. 2562 (2019) and all related legislation. This Notice is prepared to ensure that Data Subjects understand the Company's guidelines for the collection, use, and disclosure of Personal Data, as well as the rights of the Data Subjects under the law. The Company shall notify the Data Subject of the details of Personal Data collection as set out in this Notice prior to or at the time of collecting the Personal Data, as required by law.

Contact address: True Internet Data Center Co., Ltd. 18th Floor, True Tower, Ratchadaphisek Road, Huai Khwang, Bangkok 10310 Thailand
Contact Channel: Email [email protected] and Call Center 0 2494 8300

When we receive your questions or concerns, our representative will contact you within a reasonable timeframe to provide a response.

2. What is personal data?

“Personal Data” means any information relating to a natural person who can be identified, directly or indirectly, but excludes information of deceased persons or information that has been rendered non-identifiable (anonymized data).

“Sensitive Personal Data” means Personal Data relating to matters such as religion, criminal records, health information (e.g., blood type, medical history), and biometric data (e.g., fingerprints, facial recognition).

3. What personal data we will collect

The Company shall collect your Personal Data in connection with the provision of services, administrative operations, or various transactions with the Company, strictly to the extent necessary to achieve the Company’s business objectives and in compliance with all relevant laws. The Company shall collect Personal Data only as is necessary and directly related to the purposes explicitly notified to the Data Subject prior to or at the time of such collection.

The Company shall not collect Personal Data without the Consent of the Data Subject, unless otherwise permitted by law to proceed without obtaining consent.

Category Examples of Personal Data
Identification Personal Details Full name, age, date of birth, gender, height, nationality, photograph, national identification number, passport number, identification code, education background, employment history, signature, and vehicle registration number
Contact Details Residential address, office address, telephone number, mobile number, email address, and social media contact information
Service Data Device information used for website access, computer traffic data (Log Data), contact and communication data between you and other users, and usage record data such as device identifier, computer IP address, device ID, mobile network information, connection data, geographical location data, browser type, website entry/exit records (Referring Website), Cookies, website usage history records, login log, customer behaviour, website visit statistics, access time, your search queries, usage of various website functions, and data collected by the Company through Cookies or similar technologies. This also includes access data to areas and buildings, and still or moving images from closed-circuit television (CCTV) for security purposes.
Employment Details Licenses, certifications, welfare and benefit information, work performance data, disciplinary records, information of related individuals (e.g., family members, guarantors, referees, emergency contacts), social security data, and bank account information
Sensitive Personal Data Religion, criminal records, health-related information (blood type, health records), biometric data (fingerprints, facial recognition data). The Company shall collect and process Sensitive Personal Data only upon receiving Explicit Consent from the Data Subject, or when permitted by law.
Other Data Marital status, interests, feedback or comments, CCTV photos or recordings, travel-related information, and requests to exercise rights under the PDPA

4. Purposes of Personal Data Processing and Legal Bases

The Company may obtain your Personal Data through various channels, both directly from you and from other relevant sources, for the purpose of processing Personal Data as necessary for the Company's operations under the Legal Bases stipulated in the Personal Data Protection Act B.E. 2562 (2019).

4.1 Categories of Data Subjects and Personal Data Processing

The categories of Personal Data that the Company collects, uses, and/or discloses, along with the purposes and legal bases for such processing:

Category of Data Subject Source of Data Activities/Purposes for Collection, Use, and/or Disclosure of Personal Data and Legal Bases
Customers
  1. When you contact, inquire, or submit a complaint via website, application, phone, email, in-person meeting, or by any other method.
  2. When you use the Company's services and enter into a contract with the Company.
  3. When you register or submit various applications related to the Company's services.
  4. When you participate in marketing activities, lucky draws, events, or other activities, and data collection from the Company's various service providers, such as application service providers and product/service promotion and recommendation providers.
  5. When you voluntarily participate in a survey or communication via email or other channels between the Company and you.
  6. In some cases, the Company may collect your Personal Data from public sources, whether you disclosed the Personal Data yourself or consented to its disclosure by another party.
 Contractual Basis:
  1. For the provision of services under a contract to which you are a party, or for taking steps at your request prior to entering into such a contract.
  2. To facilitate the notification or payment of service fees.
  3. For the payment of service fees and related charges.
  4. To provide after-sales service as requested by you, including usage support, answering questions, handling complaints, processing compensation, and resolving various issues.
Consent Basis:
  1. For the purposes of creating, improving, managing, analyzing, and planning marketing activities, including the Company’s and/or the Company's business partners' products and services; and to upload photos of activities in which you appear or your feedback on the Company's websites and social media platforms to serve the objective of publicizing activities and supporting the Company's image.
  2. To inform and offer benefits, information, news, promotional programmes, and various offers regarding applications or the use of services by the Company or the Company's business partners.
  3. For the proof and verification of the applicant's identity and registration for the Company's services.
Legitimate Interest Basis:
  1. To answer questions, provide information, and coordinate with parties expressing interest in the Company's products or services.
  2. To improve and develop service efficiency, including user experience.
  3. For the security of the Company's data and service network, including system and user activity monitoring, to track any harmful activities toward you, others, and the Company.
  4. To conduct business under the contract between the Company and your affiliated entity, in cases where you are acting on behalf of that entity.
  5. For the security of the Company's premises and assets, including the installation of closed-circuit television (CCTV) systems to prevent criminal acts and various emergencies.
Legal Obligation Basis:
  1. For compliance with the laws, requirements, and regulations of government agencies or competent regulatory bodies, including any actions necessary for compliance with applicable laws in Thailand or abroad that are binding upon the Company.
Business Partners/Vendors
  1. When you intend to enter into a contract for the sale of goods or provision of services with the Company by submitting a request or providing Personal Data to the Company.
  2. When you intend to register as a business partner.
  3. When you complete various forms for the Company to access the Company's premises, including for any other activities in providing services to the Company.
  4. When you enter into a contract with the Company and submit documents containing your Personal Data to the Company. In some cases, the Company may collect your Personal Data from public sources, whether you disclosed the Personal Data yourself or consented to its disclosure by another party.
 Contractual Basis:
  1. To enter into a contract for the purchase or provision of services with the Company.
Legitimate Interest Basis:
  1. For the security of the Company's data and service network, including system and user activity monitoring, to track any harmful activities toward you, others, and the Company.
  2. For the security of the Company's premises and assets, including the installation of closed-circuit television (CCTV) systems to prevent criminal acts and various emergencies.
  3. To conduct business operations pursuant to the contract between the Company and your affiliated legal entity, in the event you are acting on behalf of the said legal entity.
  4. For the security of the Company's premises and assets, including the installation of CCTV systems to prevent criminal acts and various emergencies.
Company’s employee
  1. When you enter into an employment contract or any other contract of a similar nature with the Company.
  2. When you submit various documents containing Personal Data to the Company for use as evidence in entering into contracts or various juristic acts with the Company.
  3. When you are considered for area access, necessitating the collection of Sensitive Data to verify your identity for access to the Company's internal premises.
  4. For the purpose of complying with laws related to human resource management and lawful orders issued by government agencies and relevant officials.
  5. In certain cases, the Company may collect your Personal Data in your capacity as a family member, emergency contact person, beneficiary, or guarantor for the Company's personnel.
 Contractual Basis:
  1. For the purpose of considering job applications, selecting candidates, conducting interviews, and performing activities related to the job process.
  2. For the performance of the hiring contract, employment contract, and other activities related to the engagement and employment between you and the Company.
  3. For the proof and verification of the applicant's identity and registration for the Company's services.
Consent Basis:
  1. To inform and offer benefits, information, news, promotional programmes, and various offers regarding applications or the use of services by the Company or the Company's business partners.
  2. To verify your identity for accessing the Company's premises and buildings.
Vital Interest Basis:
  1. To contact in cases of emergency that affect the health or safety of the Data Subject while working or using services with the Company, including the disclosure of data to medical units, rescue units, or relevant agencies in such situations.
Legitimate Interest Basis:
  1. For the security of the Company's data and service network, including system and user activity monitoring, to track any harmful activities toward you, others, and the Company.
  2. For the security of the Company's premises and assets, including the installation of Closed-Circuit Television (CCTV) systems to prevent criminal acts and various emergencies.
Legal Obligation Basis:
  1. For compliance with the laws, requirements, and regulations of government agencies or competent regulatory bodies, including any actions necessary for compliance with applicable laws in Thailand or abroad that are binding upon the Company.
Job applicants
  1. When you enter into an employment contract or any other contract of a similar nature with the Company.
  2. When you submit a job application and supporting documents to the Company, whether by walk-in, application at a recruitment booth, or application through the Company's website.
  3. When you submit various documents containing Personal Data to the Company for use as evidence in entering into contracts or various juristic acts with the Company.
  4. When you are considered for area access, necessitating the collection of Sensitive Data to verify your identity for access to the Company's internal premises.
  5. In certain cases, the Company may collect your Personal Data in your capacity as a family member, emergency contact person, beneficiary, or guarantor for the Company's personnel.
  6. For the purpose of complying with laws related to human resource management and lawful orders issued by government agencies and relevant officials.
  7. When you submit a job application and supporting documents to the Company, whether by walk-in, application at a recruitment booth, or application through the Company's website.
  8. When you attend a job interview with the Company.
 Contractual Basis:
  1. For the purpose of considering job or internship applications, selecting candidates, conducting interviews, and performing activities related to the job application process.
  2. For the performance of the hiring contract, employment contract, and other activities related to the engagement and employment between you and the Company.
  3. For the proof and verification of the applicant's identity and registration for the Company's services.
Vital Interest Basis:
  1. To contact in cases of emergency that affect the health or safety of the Data Subject while working or using services with the Company, including the disclosure of data to medical units, rescue units, or relevant agencies in such situations.
Legitimate Interest Basis:
  1. For the security of the Company's data and service network, including system and user activity monitoring, to track any harmful activities toward you, others, and the Company.
  2. or the security of the Company's premises and assets, including the installation of Closed-Circuit Television (CCTV) systems to prevent criminal acts and various emergencies.
F Legal Obligation Basis:
  1. For compliance with the laws, requirements, and regulations of government agencies or competent regulatory bodies, including any actions necessary for compliance with applicable laws in Thailand or abroad that are binding upon the Company.
Intern Students
  1. When you enter into an employment contract or any other contract of a similar nature with the Company.
  2. When you submit an internship application and supporting documents to the Company, whether by walk-in, application at an internship booth, or application through the Company's website.
  3. When you submit various documents containing Personal Data to the Company for use as evidence in entering into contracts or various juristic acts with the Company.
  4. When you are considered for area access, necessitating the collection of Sensitive Data to verify your identity for access to the Company's internal premises.
  5. In certain cases, the Company may collect your Personal Data in your capacity as a family member, emergency contact person, beneficiary, or guarantor for the Company's personnel.
  6. For the purpose of complying with laws related to human resource management and lawful orders issued by government agencies and relevant officials.
 Contractual Basis:
  1. For the purpose of considering internship applications, selecting candidates, conducting interviews, and performing activities related to the internship application process.
Legitimate Interest Basis:
  1. To consider and select internship applicants, such as verifying qualifications, educational history, and supporting documents for the internship application.
  2. For the security of the Company's premises and assets, including the installation of Closed-Circuit Television (CCTV) systems to prevent criminal acts and various emergencies.
Consent Basis:
  1. To verify your identity for accessing the Company's premises and buildings.
Legal Obligation Basis:
  1. For compliance with the laws, requirements, and regulations of government agencies or competent regulatory bodies, including any actions necessary for compliance with applicable laws in Thailand or abroad that are binding upon the Company.
  2. To process documents related to the payment of stipends.
General Public
  1. When you access the Company's website through your Browser's cookies.
  2. When you visit and provide information through the Company's website and social media platforms.
  3. When you participate in marketing activities, visit booths, or attend any activities, including workshops, exhibitions, surveys, prize draws, or other marketing promotions.
 Legitimate Interest Basis:
  1. To answer questions, provide information, and coordinate with parties expressing interest in the Company's products or services.
  2. To manage activities and verify eligibility for participation in marketing activities.
  3. To deliver prizes or benefits.
  4. To publicize the Company's activities through various channels (e.g., social media, website).
  5. To analyst and improve future marketing activities.
  6. For the security of the Company's premises and assets, including the installation of Closed-Circuit Television (CCTV) systems to prevent criminal acts and various emergencies.

The Company shall collect, use, and/or disclose Personal Data for each category of Data Subject strictly according to the purposes notified in the table above and shall not conduct any additional Personal Data Processing unless Explicit Consent is obtained from the Data Subject or a Legal Basis is otherwise provided for by law.

4.2 The Company may receive your Personal Data from external entities or third parties to whom you have lawfully consented to disclose your data. The Company shall use such data strictly for the purposes previously notified and to the extent permitted by law, such as for the purpose of promoting the Company's news, products, services, or activities through appropriate channels. The Company shall process your Personal Data under the principles stipulated by law and as specified in the Company's Personal Data Protection Notice, and shall not collect, use, or disclose Personal Data from third parties without a clear Legal Basis or the Consent of the Data Subject.

4.3 Upon the collection of your Personal Data, you will be notified of various details as specified in this Notice, including but not limited to the purpose and legal basis for the collection, use, disclosure, and/or processing of Personal Data. Should the Personal Data Protection Law stipulate that any Personal Data Processing must receive your consent, the Company shall request your Explicit Consent. The Company shall provide a separate consent form from other text to ensure that the Data Subject can grant or refuse consent freely and clearly.

4.4Since your Personal Data to be processed by the Company for the purposes set out in Clause 4.1 above is necessary for compliance with law or a contract or is required for entering into a contract with you, such data is essential to achieving those purposes. If you do not wish to provide such Personal Data to the Company, this may result in legal consequences or may render the Company unable to perform its obligations under a contract already entered into with you or unable to enter into a contract with you (as the case may be). For instance, the Company may be unable to provide services, process payments, or deliver related benefits. In such instances, the Company may be compelled to refuse to enter into a contract with you or cancel the sale or related services, or refuse to grant related welfare or benefits to you, whether in whole or in part.

5. Processing and Disclosure of Personal Data

Upon receiving Personal Data from the source of data, the Company shall proceed to collect, use, or disclose your Personal Data for the purposes that have been notified, and shall process your Personal Data only to the extent permitted by law, namely, based on a Legal Basis for data processing.

The Company may disclose your Personal Data (as specified in Clause 3 above) to the Company's business partners or government agencies as required by law, customer support service providers, marketing and advertising management service providers, business consultants, as well as any legal entity or person with whom the Company and/or you have entered into a contract or have a legal relationship. Such disclosure shall be made only to the extent necessary to achieve the notified purposes and under appropriate Personal Data protection measures as prescribed by law.

Furthermore, the Company may need to disclose such data to government agencies or competent regulatory bodies as required by law, for the benefit of inspection, or for the prevention of illegal acts such as fraud. The Company may also transfer your Personal Data to external individuals or legal entities outside the group of companies in the event of a transfer of business, sale, or merger of the Company, whether in whole or in part. Such disclosure shall be made only to the extent necessary to achieve the notified purposes and under appropriate Personal Data protection measures as prescribed by law.

In the event the Company engages another party to act as a Personal Data Processor, the Company shall audit the Personal Data protection measures and arrange for the execution of an agreement to control and appropriately protect Personal Data in accordance with the criteria prescribed by law.

The Company may be required to transfer your Personal Data to foreign individuals, agencies, or international organizations that do not have adequate Personal Data protection standards (Appropriate safeguards) as determined by the Personal Data Protection Committee. In such cases, the Company shall ensure that the data transfer is lawful. The Company shall conduct regular internal and external audits for the protection of Personal Data.

6. How we keep your personal data and for how long

The Company maintains security assurance measures and specifies the retention period for your Personal Data as follows:

  • Storage: Personal Data shall be stored both in hard copy (document format) and electronic format (soft copy). The Company implements effective security assurance measures to prevent the loss, unauthorized access, use, alteration, modification, or unlawful disclosure of Personal Data. This includes restricting access rights to only necessary personnel who are bound by confidentiality obligations, and utilizing data encryption to enhance Personal Data security.
  • The Company maintains procedures for managing potential Personal Data breaches, including instances where a complaint regarding privacy violation or data leakage is made. The security unit shall promptly investigate and respond, and the Company shall notify the Office of the Personal Data Protection Committee and/or the Data Subject of the data breach within the period prescribed by law, should the breach pose a risk to the rights and freedoms of the Data Subject.
  • Data Retention Period : The Company shall retain your Personal Data only for the period necessary to fulfil the purpose for which the data was collected, or for the duration of a contract or legal relationship between you and the Company, or within the statutory limitation period for the exercise of legal claims by the contracting parties (The Company generally retains Personal Data for a period not exceeding ten (10) years from the date the relationship between you and the Company ends, unless otherwise required by law) or for a longer period as required by relevant law or regulatory authorities.
  • Upon expiration of the retention period, or when the Company no longer has the right or ability to invoke a Legal Basis for Personal Data Processing, the Company shall proceed to delete or destroy the Personal Data or render the Personal Data into a format that no longer identifies the Data Subject, within a reasonable period of time. A record of the deletion or destruction shall be maintained as evidence, and verification shall be made to ensure that such deletion or destruction is complete and irreversible.

7. Your rights as a data subject

When the provisions of the Chapter on the Rights of the Data Subject under the Personal Data Protection Act B.E. 2562 (2019) come into force, you, as the Data Subject, shall have the following rights regarding your Personal Data:

(These rights are subject to the conditions, exceptions, and time frames prescribed by law, including the necessity for the reasonable proof and verification of the identity of the requester.)

7.1 Right to withdraw consent

  • You have the right to withdraw your consent at any time, unless such withdrawal is restricted by law or affects contractual obligations that are for your benefit.
  • You may withdraw your consent to the processing of your Personal Data at any time while the Company continues to retain such data.
  • If withdrawal of your consent render the Company unable to provide certain services to you, the Company shall inform you of the potential consequences arising from such withdrawal of consent so that you can make a well-informed decision. Furthermore, the Company may still process Personal Data based on other relevant Legal Bases (if any).

7.2 Right to access

  • You have the right to request access to and obtain a copy of your Personal Data that is being processed by the Company.

7.3 Right to data portability

  • You have the right to request the Company to transfer your Personal Data that you have provided to us to another data controller, or to receive such Personal Data directly from us, where technically feasible. This right applies only to Personal Data that was provided with your consent or collected for the purpose of fulfilling a contract with you.

7.4 Right to object

  • You have the right to object to the processing of your Personal Data in certain cases as prescribed by law, including the right to object to processing for direct marketing purposes at any time.

7.5 Right to erasure

  • You have the right to request the Company to delete or destroy your Personal Data based on the grounds prescribed by law, such as when the data is no longer necessary for the purpose of processing, or when you withdraw your consent, or when the data is unlawfully processed. Notwithstanding the foregoing, the Company may not be able to delete the data immediately if there is another Legal Basis or legitimate reason requiring its retention.

7.6 Right to restriction of processing

  • You have the right to request the Company to restrict the processing of your Personal Data in certain cases, such as while the accuracy of the data is being verified, or while the objection to processing is under consideration, or when the processing is unlawful, but you wish to limit its use instead of requesting data deletion.

7.7 Right to rectification

  • You have the right to request that the Company correct any inaccurate or outdated Personal Data, and complete any incomplete data. The Company will investigate and rectify the data accordingly.
  • In the event the Company deems that the correction of data necessitates the verification of your identity, the Company may reasonably request additional documents or information from you and may keep a record of the actions taken as necessary.

7.8 Right to make a complaint

  • You have the right to lodge a complaint with the Personal Data Protection Committee or the Office of the Personal Data Protection Committee if the Company fails to comply with the Personal Data Protection Act.

You may contact the Company’s official channels to submit a request to exercise the rights according to the details provided in Clause 1 or through the channels designated by the Company. You will not be charged a fee for exercising your rights, unless the request is unfounded, repetitive, or excessive, in which case the Company may charge a reasonable fee. The Company reserves the right to reject requests to exercise rights that are not made in good faith, lack reasonable justification, violate the law, or cannot be practically executed due to factual circumstances or technical limitations. Furthermore, the Company has the right to refuse any request subject to the conditions and exceptions prescribed by law. The Company may request additional information to verify the identity of the requester or to understand the scope of the request before acting on such requests.

If you have any complaints or enquiries regarding the processing of Personal Data, you may contact the Company at the email address [email protected]

The Company may prescribe procedures, request forms, and supporting documentation to prove and verify identity before acting upon a request to exercise a right. The Company shall consider and act within a reasonable period as prescribed by law and may reject the request in whole or in part if the request violates the law, impacts the rights and freedoms of others, or is subject to relevant technical or legal limitations.

8. Your refusal to give us your personal data

In the event you refuse to provide Personal Data, the Company may still be required to collect your Personal Data pursuant to legal requirements or for the purposes of entering into and performing a contract between the Company and you.

Should you choose not to provide the necessary Personal Data, the Company may be unable to provide services or carry out the purposes related to such data, particularly in cases where the Company must use the data to comply with a contract or law (e.g., identity verification for service access, billing and payment processing, or compliance with orders from competent government agencies). In such an event, the Company may be required to refuse to enter into a contract, suspend, or terminate related services in whole or in part, as appropriate and to the extent permitted by law.

However, if you withhold consent for the use of Personal Data for certain purposes that are not required by law or contract, you may still be able to use some of the Company's services. Nonetheless, the Company may be unable to provide full service efficiency or customize the services to meet your needs. The Company may also continue to collect or use some categories of data based on other relevant Legal Bases (such as the Legal Obligation Basis or the Legitimate Interest Basis) without relying on your consent. The refusal to provide data or the withdrawal of your consent will not affect the lawfulness of any processing that occurred prior to such refusal or withdrawal of consent. Furthermore, the Company shall not be liable for any damages resulting from the inability to provide services or deliver benefits caused by your failure to provide the necessary data, to the extent permitted by law.

9.Cookies Policy

The Company uses cookies and/or similar technologies on its website to remember user usage patterns, help users gain a better experience from visiting the website, and to improve the quality of services to better meet user needs.

Cookies that are not strictly necessary for the operation of the website (such as analytics or marketing cookies) will be used only upon receiving your prior consent, and you can withdraw such consent at any time.

You can manage your cookie settings through the Cookie Preferences Center displayed on the website's cookie banner to manually select and enable/disable each type of cookie. However, refusing certain types of cookies may result in some website functions not performing optimally.

The Company's website may utilize Third-party Cookies for statistical analysis of usage or for displaying marketing content. Such third parties shall process the data within the scope defined by the Company and in compliance with applicable law. You can find further details regarding the Company's use of cookies in the Cookie Policy. https://www.trueidc.com/th/cookies-policy.

10. Collection and use of personal data for the original purpose

The Company shall process Personal Data in accordance with the laws currently in effect. The Company retains the right to collect and use Personal Data that the Company collected before the effective date of the sections of the Personal Data Protection Act B.E. 2562 (2019) relating to the collection, use, and disclosure of Personal Data, provided such processing is for the original purposes that are compliant, appropriate, and not contrary to the applicable law. Should you not wish the Company to continue collecting or using such Personal Data, you may notify the withdrawal of consent through the channels designated and published by the Company. The Company shall not use such data for new purposes that differ from the original purposes unless new consent is obtained from you or a Legal Basis is otherwise provided for by law. Regarding Sensitive Personal Data, the Company shall process it only when there is a clear Legal Basis or Explicit Consent. The withdrawal of your consent shall not affect the lawfulness of any processing that occurred prior to such withdrawal.

11. Privacy policy/notice of other websites

This Personal Data Protection Notice applies exclusively to the services and the usage of the Company's website. If you connect to other websites through the Company's channels, you should study and comply with the Personal Data Protection Policy/Notice of that website, which may differ from the Company’s Notice.

Any reference, link, or plug-in of a third party shall not be deemed an endorsement by the Company, and the Company shall not be responsible for the privacy practices, content, or Personal Data Processing activities of such third parties. Accessing and using the services of third parties is your sole responsibility under the terms and policies of those respective service providers.

12. Changes to our Privacy Notice

The Company shall periodically review the Personal Data Protection Notice to ensure compliance with business practices, relevant laws, and regulations. The Company reserves the right to change or update this Personal Data Protection Notice and may publish the changes on the Company's website without prior notification to you.

However, if there is a material change that affects your rights or the methods of Personal Data Processing, the Company shall notify you in advance or at the time of the change through appropriate channels, and shall seek additional consent from you in cases where such consent is required by law.

The Company shall record the version and effective date of the Notice for transparency and shall allow you to request a copy of previous versions as appropriate.

13. Processing of Data from Closed-Circuit Television (CCTV) Systems

For the safety and security of life, body, and property, the Company may install and process image data from CCTV systems within the Company’s premises. This data will be collected, used, and disclosed only as necessary for the purposes of security, the investigation of unusual incidents, or for compliance with law.

The Company may issue further details in a separate Personal Data Protection Notice for CCTV, and such separate notice shall prevail.

14. Language Discrepancy

The Thai and English versions of this Notice share the same intent. In the event of any discrepancy in wording, the Thai version shall prevail.

15.Contact Channel for the Data Protection Officer (DPO)

In addition to the contact details in Clause 1, the Company requests that you contact the Data Protection Officer (DPO) via email [email protected] for issues concerning Data Subject rights, reporting Personal Data breaches, and Personal Data protection questions. The Company shall respond within a reasonable period prescribed by law.

16. Governing Law and Interpretation

This Personal Data Protection Notice shall be governed by and interpreted in accordance with Thai law. References to the law shall include subordinate legislation, regulations, orders, guidelines, and related rulings as are in effect at that time.

This Privacy Notice was issued on and effective from 17 October 2025 (Version 4.0)