- IRPC PDPA

Guidelines on Personal Data Protection Policy (Revised version 2021) Dated 1 April 2021>
Chapter 4 Personal Data of Customers of Port and Asset Management Business Unit

Guidelines on Personal Data Protection Policy of IRPC Public Company Limited
(Revised version 2021) Dated 1 April 2021

Chapter 4
Personal Data of Customers of Port and Asset Management Business Unit

4.1 Your Personal Data Collected by the Company

Your personal data the Company has collected, used or disclosed shall include but not limited to your personal data of the following types:

Personal data such as name- last name, name title, gender, date of birth, ID card number, passport number, tax ID number, position, nationality, age, asset location, including other sensitive personal data such as religion, race and health data whereby the Company has been granted with your consent according to relevant law or when deemed necessary as required by law.

Contact data such as address, telephone number, mobile phone number, e-mail

Financial data such as savings account number, transaction data, rental fees or collaterals

Other personal data such as data on the use of IT system and other websites of the Company, CCTV recording, voice recordings from meetings

However, the Company has no intention to collect and process data of a minor under 10 years of age. Nonetheless, if you are a minor under 10 years of age or a quasi-incompetent or an incompetent who intends to gain access to the website, make inquiry about any products or services and must provide your personal data to the Company, your legal guardian or curator can proceed on such matters on your behalf and he/she can give his/her consent to the Company to proceed as such. In a case that the Company has found out that your personal data has been collected without the consent of your legal guardian or curator, the Company is entitled to reject any proceedings as per your request and shall delete your personal data except in a case that the processing of your personal data can depend on other legal bases which allow for the exception of the informed consent.

4.2 Sources of Personal Data

The Company may collect your personal data as you directly provide your personal data to the Company such as providing your personal data to the Company via registration on the Company’ s IT system, exchange of name card, request for details of the Company’ s products or services via the Company’ s website or other electronic channels etc. Additionally, the Company may acquire your personal data from other sources such as from sales representatives of other business groups of the Company, business partners or associated companies, customers or representatives referred by the Company, including but not limited to, the Board of Investment ( BOI), Industrial Estate Authority of Thailand or other agencies or representatives providing information on asset investment to the investors etc.

4.3 Objectives of the Collection, Use or Disclosure of Personal Data Under Legal Basis

The Company shall collect, use or disclose your personal data to achieve the following objectives:

Contract basis: To contact or provide details of products or services upon your request and to contact you as you are interested in the Company’ s products or services, to offer products as per your request, to consider on entering into the lease agreement, including the collection of fees or payment

Legal obligation basis: For the necessity to constitute a legal claim to use as an evidence in the defense of legal claim, compliance with the court’ s order or order of the government agency with legal authority, including disclosure or report of your personal data to the government agency with legal authority

Legitimate interest basis: By taking into consideration the proportionality and your expectation whereby the benefits derived must be well balanced with your basic rights concerning personal data protection in order to achieve the following objectives:

For audit and identity authentication purposes relating to any transactions or legal act and contract

For an audit by major shareholders or relevant agencies, investigation, examination, inspection, request for advice to constitute legal claim or legal proof procedures in which your personal data may be disclosed to the lawyer, legal and tax consultant, auditor, including other consultants to achieve such objective

For risk management, audit, internal control and organization management as well as disclosure of personal data to major shareholders for internal audit and prevention of any misconducts or illegal acts

For business analysis or evaluation, improvement, planning and forecast

For the safety of the building areas or facilities from CCTV recording

Consent basis: The Company shall perform activities to achieve the following objectives upon receiving your consent

To inform news and business information and to invite for participation in the customer relations activities via the channel you have already given your permission

To make a satisfactory survey by answering questionnaires from the contractor or vendor of the Company

Upon receiving your legal consent to collect, use or disclose sensitive personal data such as health data, religious data, including other sensitive personal data appeared on the ID card for identity authentication and for your facilitation and safety during your participation in the Company’s activities

4.4 Disclosure of Your Personal Data

The Company shall not disclose your personal data to any external parties unless otherwise informed or upon being granted with your consent or when it deems necessary to disclose or report your personal data to the regulatory bodies, government agencies or any other agencies as stipulated by law relating to the Company’s operation.

The Company may be required to disclose your personal data to relevant external parties according to the objectives mentioned above and to proceed with an audit, request for legal advice, inspection, assessment, legal proceeding and any other proceedings necessary for the Company’ s business operation.