PRIVACY POLICY

1. INTRODUCTION

1.1 Thantawan Industry Public Limited Company (hereinafter referred to as “the Company”, “we”) is seriously committed to respecting the privacy rights and concerns of all users of our website who are registered or not registered to become a membership (hereinafter referred to as “you”) under Personal Date Protection Act B.E. 2562 (2019) and other applicable privacy laws and regulations.

1.2 “Personal Data” means data, whether direct or indirect, about an individual who can be identified from that data such as name, family name, phone number, e-mail, identification numbers, genders, date of birth and contact information, etc.

1.3 This Privacy Policy (hereinafter referred to as “Policy”) is designed to assist you in understanding how the Company collect, use, limit and/or process the personal data you have provided to us and/or possess about you (Disclosure of privacy information in accordance with this Privacy Policy only) and this Policy will be part of your decision making before giving any information to the Company. Please carefully read the Policy. If there is any questions about the information provided in this policy, please contact the Company. Contact details for inquiries are at the end of this Policy.

1.4 By visiting the website, registering to the website or clicking “I AGREE TO THANTAWAN’S POLICY” or “similar statements available at the Thantawan registration page or other related part of the website’s pages. You acknowledge that you have been notified of and understood the terms and this Privacy Policy and that you have agreed and consented to the collection, use and/or processing of your personal date as described and under the terms herein. If you do not consent to the processing of your personal date as described in this Privacy Policy, please DO NOT VISIT AND/OR ACCESS THE SITE. We may update our Privacy Policy from time to time. Any changes to this Privacy Policy we will post it on our webpage or other appropriate pages or notify to you via an e-mail, whereupon your continued use of the website, including placing orders on the website, shall constitute your acknowledgment and acceptance of the changes we make to this Privacy Policy.

1.5 This Privacy Policy applies in conjunction with other notices, contractual clauses and consent clauses that apply in relation to collect, storage, use, process and disclosure your personal data by us and is not intended to cancel unless we state expressly otherwise.

1.6 You can visit the website and browse without having to provide personal data. However, you will be required to sign up for an account if you wish to use the services, placing an order. If you have any suggestion, advices

or complaint regarding your personal information, please contact the Human Resource department of the Company.

2. WHEN WILL THANTAWAN COLLECT PERSONAL DATA?

2.1 When you create an account and/or purchase any products with the Company (There will be a message, in any part on the website, asking you to accept this policy before doing so)

2.2 When you submit any form, including application forms or other forms relating to any of our job posting whether online application form or hard copy document.

2.3 When you make any agreement or provide documents or other information relating to the contact between you and the Company.

2.4 When you interact with the Company, such as via cellphone calls (which may be recorded), letter, fax, social media and e-mail etc.

2.5 When you make any transaction with the Company.

2.6 When you provide any feedback or complaint to the Company.

2.7 When you use or request to use the provided service by external service providers of the Company on the website such as making a payment or logistic services etc.

2.8 When you submit your personal data to the Company for any reason.

The Company will only be able to collect your personal data if you voluntarily submit the personal data to the Company. However, if you choose not to submit your personal data to the Company or subsequently withdraw your consent to our use of your personal data, the Company may not be able to provide you with the services or let you placing an order.

3. THANTAWAN WILL COLLECT THESE PERSONAL DATA

3.1 Identity data, such as name, genders, date of birth etc.

3.2 Contact data, such as address, receipt delivery address, shipping address, address for tax invoice, e- mail and phone number etc.

3.3 Account data, such as bank account and/or payment detail etc.

3.4 Transaction data, such as payment detail to and from you and product detail which you purchase from our company.

3.5 Technical data, such as IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other information and technology on the device you use.

3.6 Usage data, such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

3.7 Marketing and communications data, such as your preferences in receiving marketing from us and our third parties and your communication preferences.

4. You must only submit personal data which is accurate and not misleading and you must keep it up to date. The Company have the right to request for documentation to verify the personal data provided by you as part of our customer verification processes.

5. HOW DO THANTAWAN USE THE INFORMATION YOU PROVIDE US?

5.1 The Company may collect, use, disclose and/or process your personal data for one or more of the following purpose:

(1) To manage, operate, provide, facilitate your use of and/or access to the service, placing an order via the website.

(2) To verify and carry out an account that you register to the website.

(3) To manage, operate, serve and procure goods or products that suitable for you including facilitating the preparation of the Company’s products in order to meet your requirements such as remembering your requirements etc.

(4) To customize your experience through the website service, showing content based on your interests and needs.

(5) When you visit the website or other services of third parties that use or link to the services of the Company. The third parties may receive information you have entered or provided to our website.

(6) To respond, manage or complete your transactions and/or fulfill the request regarding your order and notify you about service issues and account operations that you have registered with the Company in case of abnormalities.

(7) To enforce our Terms of Service or any applicable end user license agreements.

(8) To protect personal safety and the rights, property or safety of others.

(9) Identification and/or verification.

(10) To maintain and administer any software update and/or other updates and support that may be required from time to time to ensure the smooth running of the website.

(11) To manage or facilitate customer service in order to comply with your order, to deal with or respond to any enquiries from (or purported to be from) you.

(12) To contact you or communicate with you via voice mail, text message and/or tax message, email and/or postal mail or otherwise for the purposes of administering and/or managing the website, such as communicating administrative information to you relating to the website. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain personal data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages.

(13) To conduct research, analysis and development activities (including data analytics, surveys, technology development and/or profiling), to analyze how you use the website for improving service or product of the Company and/or improve the interests of customers in the future.

(14) To allow for audits and surveys to, among other things, validate the size and composition of our target audience.

(15) To respond to legal processes or to comply with or as required by any applicable law, government or regulatory requirements of any relevant jurisdiction, including meeting the requirements to make disclosure under the requirements of any law.

(16) To produce statistics and research for internal and statutory reporting and/or record-keeping requirements.

(17) To carry out background check, due diligence or other screening activities in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by the Company.

(18) To prevent or investigate any fraud, unlawful activity, omission or misconduct, whether relating to your use of the website or any other matter arising from your relationship with the Company.

(19) To store, host, back up of your personal data (whether for disaster recovery or otherwise)

(20) manage and/or facilitate transactions relating to business assets or transactions concerning company assets means buying, selling, leasing, merging, acquisitions or any other acquisitions, distribution, transfer or

granting of funds to the organization or any part of the organization or business or any other assets of the organization

(21) To achieve any purpose relating to the documentation of history or archives for the public interest or relating to research or statistical study that has provided appropriate safeguards to protect your rights and freedoms.

(22) to prevent or suppress harm to life, body or health of a person

(23) To comply with the contract that you are a counterparty or to process your request before you enter into the contract with the company.

(24) To perform the functions of the company’s public interest, or perform the duty with using the state power granted to the company.

(25) For the legitimate interests of the company or of a person or entity other than the company, unless such benefit is less important than the basic rights of your personal information.

(26) To comply with all laws and/or policies of the company.

(27) Any other purposes which the Company notify you of at the time of obtaining your consent (collectively, the “Purpose”)
5.2 As the purposes for which we will collect, use, disclose or process your personal data depend on the circumstance at hand, such purpose may not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless processing of the applicable data without your consent is permitted by the Privacy Laws.

6. VISITING, DOWNLOADING CONTENTS AND ADVERTISING

When you visit the website through your device and also view contents and advertisements and accessing other software on the Company’s website. Such information that you have visited will be transmitted to the Company (including, but not limit to, IP address or operation system) which the system will send information about content, advertising that you visit, time and/or software installed to the Company.

7. COMMUNITIES AND SUPPORTING

The Company supports customer services via e-mail, telephone, SMS and feedback. The Company may ask you for an e-mail address and contact number which the Company only use such information received from you.

8. SURVEYS

The Company may receive personal data from you through various surveys. Participating in these surveys depends entirely on your consent. Therefore, you can choose whether to share your personal date with the Company. These personal data may include contact information (such as an e-mail address) and demographic data (such as interest or age). The received data from the survey will be used for investigating and improving monitor and improve usability and satisfaction in service and selling and it will not be sent to third parties.

9. HOW DOES THANTAWAN PROTECT CUSTOMER INFORMATION?

The Company implement a variety of security measures to ensure the security of your personal data on our systems. User personal data is contained behind secured networks and is only accessible by a limited number of employees who have special access rights to such systems. The Company will retain personal data in accordance with the Privacy Laws and/or other applicable laws. The Company will destroy or anonymize your personal data when we have reasonably determined that (1) the purpose for which that personal data was collected is no longer being served by the retention of such personal data; (2) retention is no longer necessary for any legal or business purposes. If you cease using the website, or your permission to access or use the website is terminated, the Company may continue storing, using and/or disclosing your personal data in accordance with this Privacy Policy and our obligations under the Privacy Laws. Subject to applicable law, we may securely dispose of your personal data without prior notice to you.

10. DOES THANTAWAN DISCLOSE THE INFORMATION IT COLLECTS FROM ITS VISITORS TO OUTSIDE PARTIES?

10.1 In conducting our business, we may need to disclose your personal data to our third-party service providers, agents and/or our affiliated or related corporations, and/or other third parties, whether sited in Thailand or outside Thailand. Such third-party service providers, agents and/or affiliates or related corporations and/or other third parties would be processing your personal data either on our behalf or otherwise, for one or more of the above-stated purposes clause 5. Such third parties include, without limitation:

(A) Our subsidiaries, affiliates and related corporations;

(B) Contractors, agents, service providers and other third parties the Company use to support our business. These include but are not limited to those which provide administrative or other services to the Company such as mailing houses, telecommunication companies, information technology companies and data centers

(C) Buyer, assignee or heir, such as merging enterprise, reconstruct and reorganize the organization, liquidate, sell or transfer some or all of the Company’s assets. Your personal data held by the Company are also part of

the transferred assets to the counterparty in business transaction of assets in which the company or its affiliates or related companies of the company are involved and/or Third parties to whom disclosure by the Company is for one or more of the Purposes and such third parties would in turn be collecting and processing your personal data for one or more of the Purpose.

10.2 The Company may share statistical and demographic information about you and your use of the website. This would not include anything that could be used to identify you specifically or to discover individual information about you.

10.3 In the event that Privacy Laws or other application laws permit an organization such as the Company to collect, use or disclose your personal data without your consent, such permission granted by the laws shall continue to apply.

10.4 Third parties may unlawfully intercept, or access personal data transmitted to or contained on the website, technologies may malfunction or not work as anticipated, or someone might access, abuse or misuse information through no fault of ours. We will nevertheless deploy reasonable security arrangements to protect your personal data as required by the Privacy Laws; however, there can inevitably be no guarantee of absolute security such as when unauthorized disclosure arises from malicious and sophisticated hacking by malcontents through no fault of the Company.

11. INFORMATION ON UNDERAGE

The Company do not knowingly collect or maintain any personal data or non-personally-identifiable information from underage under laws of Thailand, if there is any part of our website directed to the underage, the Company will remove and/or delete any personal data the Company believe was submitted by any underage.

12. DISCLAIMER REGARDING SECURITY AND THIRD-PARTY SITES

12.1 The Company do not guarantee the security of personal data and/or other information that you provide on third party sites. The Company do implement a variety of security measures to maintain the safety of your personal data that is in our possession or under our control. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the personal data confidential. When you access your personal data, we offer the use of a secure server.

12.2 The Company may choose various third-party websites to link to, and frame within the website. The Company may also participate in brand development or other relationships in order to offer e-commerce transactions and/or services and other features for you. These linked websites have separate and independent

privacy policies as well as security arrangements. Even if the third party is affiliated with us, the Company have no control over these linked sites, each of which has separate privacy and data collection practices independent of us.

12.3 The Company therefore have no responsibility or liability for the content, security arrangements (or lack thereof) and activities of those linked websites. These linked websites are only for your convenience and you therefore access them at your own risk.

13. HOW CAN YOU WITHDRAW CONSENT, REQUEST ACCESS TO OR CORRECT INFORMATION YOU HAVE PROVIDED TO US?

13.1 Withdrawing Consent

13.1.1 If you need to change your subscription by email, please notify the Company by sending an email to the Company personal data protection staff (the address shown below). Please remember that since the Company has a schedule for creating emails, you may still receive emails that are already in progress.

13.1.2 You may withdraw your consent regarding to collect, use and/or disclosure of your personal date that is in the possession or under control of the Company by sending an email to the Company personal data protection staff (the email address listed below in clause 14.1).

13.1.3 Once the Company has received a written withdrawal request from you and verified your identity. The company will process the request to withdraw consent. After that, the Company will not collect, use and/or disclose your personal information in the manner specified in your request. If the Company is unable to verify your credentials or doesn’t understand your order, the Company will contact for an explanation regarding the request.

13.1.4 However, the withdrawing consent may result from the withdrawal. In this situation, it depends on the extent of the withdrawal of consent for the Company to process your personal data. It means that the Company will not be able to continuously provide services to you. The Company may therefore have to terminate your existing relationships and/or contracts with the Company, etc., depending on which is the case. The Company will inform you about this.

13.2 Requesting Access and/or Correction of Personal Data

13.2.1 If you have an account with the Company, you may access and/or modify your personal data that is in your possession or under control of the Company by yourself through the account settings page on the website.

13.2.2 For requests to access personal data, once the Company has prepared enough information for you to proceed your request, the Company will provide you with relevant personal date within 30 days. If the Company is unable to respond your request within that 30 days, the Company will inform you about the fastest period that the Company can provide the data you requested. Please be aware that Privacy Law may exclude certain types of personal data from your requests.

13.2.3 For requests to correct personal data, once the Company has enough information to process. The Company will proceed as follows:

(A) Correcting your personal data within 30 days, if the Company is unable to correct it within the said period, the Company will notify you about the fastest resolution period. Please be aware that Privacy Law may exclude certain types of personal information from correction requests including specifying times that need to be resolved from the Company in the various situation, even if you request it and

(B) The Company will send the correct personal data to every organization in which the Company has disclosed the personal data within one year before the date of correction unless the organization does not need the personal data that has been corrected for legal or business purposes.

13.2.5 To the extent permitted by law, the Company may charge a reasonable fee for processing and handling of your requests to access your personal data.

13.2.6 The Company reserve the right to refuse to correct your personal data in accordance with the provisions as set out in Privacy Law, where they require and/or entitle an organization to refuse to correct personal data in stated circumstances.

14. CONTRACT INFORMATION

14.1 If you have any questions or concerns about our privacy practices, the Company welcome you to contract us immediately:

Data Protection Authority (Managing Director)
Email: Monchai@thantawan.com
Tel : 02-273-8333 ext. 3240

14.2 In the event that you use an email or letter to submit your complaint, please specify at the heading that it is a complaint regarding Privacy Law. This will help the Company process your complaint urgently by forwarding it to the relevant staff of the organization for further action. For instance, you may insert text “Complaint about privacy” in the subject head line.

The Company will ensure and try to handle any complaints or concerns that you are experiencing by fairness and as soon as possible.

15. TERMS AND CONDITIONS

Please read the terms of service, which specify usage, announcements, other terms, restrictions, and other related policies.