This Privacy Policy is issued by Tidlor Public Company Limited (referred to as "the Company" or "our Company") to inform external parties that the Company contacts, including customers, users of websites, platforms, applications, and other service recipients of the Company (collectively referred to as "you" or "your") about the Company's purposes regarding the collection, use, disclosure, and/or transfer of your personal data.

1. Personal Data Collected

   The Company may receive your personal data directly from you (as a customer, service user, or service recipient of the Company) or indirectly from other sources and/or through affiliated companies, other companies, business partners, or third parties (such as dealers, agents, brokers, and other references).

   The Company will collect, use, or disclose your personal data based on legal grounds, including: (1) to perform a contract for providing services or conducting transactions with you; (2) to comply with the Company's legal obligations; (3) for the legitimate interests of the Company or for the legitimate interests of other persons; (4) vital interests to prevent or suppress danger to life, body, or health of a person; and/or (5) public interest to carry out public tasks or to exercise state authority. In cases where consent is required for certain activities in collecting, using, or disclosing your personal data, the Company will separately request your consent for such activities.

   The data that the Company collects depends on what you have contacted the Company for and the services or products you need from the Company. The Company may collect your personal data as follows:

   1. General Information
      • Identity Information such as title, first name-last name, initials from first name, nickname, alias, age, date of birth, gender, height, weight, marital status, nationality, country of birth, citizenship and status, military service details, signature, personal phone number, work phone number, Line ID, email, address, postal code, map drawing or location of address, current address status (such as homeowner, tenant in landlord's name, welfare housing, rental, monthly rental rate, monthly house installment, and duration of residence), education level, government-issued identification (such as ID card, ID card number, driver's license, passport, civil servant card, and house registration), occupation, employment status, job position, and years of service
      • Financial Details such as primary source of income, financial documents issued by employer, other sources of income, bank account details, bank statement, loan application, payment records and financial credibility (such as National Credit Bureau status, information about financial liquidity, and similar information)
      • Vehicle Details Related to Loans Information about vehicle registration, such as registration province, registration date, mileage, vehicle, brand, model, transmission type, vehicle type, color, engine size, engine number, chassis number, ownership period, vehicle net weight, date of renewal of compulsory motor vehicle insurance (Act)
      • Settings and Interests such as your interests, various settings (including contact channels with login procedures and/or methods to transfer your interests), website usage history, and HTTP cookies
      • Product/Service Details such as types of products provided (regulated personal loan products, regulated microfinance for occupation, motorcycle title loans, car and pickup truck title loans, vehicle title loans, truck trading loans (C2C), truck trading loans (Dealer), truck trading loans through brokers, vehicle hire purchase loans, car insurance, accident insurance, cancer insurance, credit life insurance (PPI), motor vehicle accident victim insurance (Act), your contract number, your insurance policy number, insurance company details, insurance premium payment method, insurance policy period (from insurance start date and end date), insurance premium details, reason for policy cancellation, number of installments, installment payment amount, final installment payment amount, VAT, vehicle tax, first installment payment date, each payment date, transfer fee, and/or vehicle registration fee, tax renewal fee, loan purpose, loan details (such as car/pickup title loan, cash price, down payment, number of installments, total loan amount, and interest rate and fees on reducing balance basis), collateral value, collateral details, debt payment method, closing balance/adjustment/refinancing, total debt payment, and loan receipt method (such as direct cash receipt or deposit into bank account)
      • Communication Information such as your voice data recorded at the call center, your inquiry records, and details or content of communication between you and the Company
      • Marketing Information such as your marketing preferences, product or service information that the Company expects you may be interested in, and references/inferences from your interactions with the Company, affiliated companies, other companies, or Company partners
      • Internet Usage History such as cookie files and internet usage behavior, login information, search type, search history, search language, IP address, information about usage and interaction with online services or Company advertisements (including visited web pages, viewed content, clicked links, and used features), time spent and frequency of using Company's online services, web page you clicked to access Company's online services (such as URL reference), and error reports. It is possible to merge any data with your personal data, or use other data to create your profile. The Company will consider such other data and merged data as personal data as well
      • Other Information According to FATCA such as whether you have nationality or place of birth related to the United States, whether you hold American nationality (Green Card), whether you have obligations to pay taxes to the US Internal Revenue Service
      • Personal Data of Other Persons The Company may collect personal data of other persons that you have provided to the Company (such as your family members, references, guarantors, and persons to contact for debt collection, witnesses, authorized representatives, and/or beneficiaries), including information you provide to the Company in referral programs for product provision or service provision by the Company. If you have provided personal data of other persons to the Company, please ensure that you have the authority to disclose such information by (a) informing other persons about this policy, and (b) obtaining consent where required or necessary, so that the Company can use such personal data as specified in this policy
      • Social Relationships such as political status, relationships with directors, management, and controlling persons of the Company, relationships with other legal entities (such as directors, management, and shareholders), and other relationships
      • Views and Opinions Information about your views and opinions, such as preferences about Company services or any other information you choose to send to the Company (including sending information through social media or online surveys), comments, feedback, complaints, suggestions, survey responses, inquiries, and information you voluntarily provide during marketing communications or customer service communications, including your personal data disclosed on your social media profiles, and
      • Other Details You Provide to the Company Information provided to the Company as part of initiating a new relationship or your current relationship with the Company, your application for Company products and/or services, or Company providing services to you, including other cases
   2. Sensitive Data

      • Sensitive information, such as criminal history, religious information, health information, disability information, biometric data (such as fingerprint data, facial recognition data). The Company will collect, use, and/or disclose such sensitive personal data based on your explicit consent or legal exceptions that do not require consent.

        In cases where the Company collects, uses, or discloses data of minors, incapacitated persons, and quasi-incompetent persons, and consent is required from such persons, the Company will request consent only from guardians with authority to act on behalf of minors, guardians, or conservators, respectively, unless the Company can cite other legal grounds. If the Company later learns that it has collected personal data of persons under 20 years of age without consent from guardians with authority to act on behalf of minors, or cases of incapacitated persons or quasi-incompetent persons without consent from guardians or conservators, respectively, without the Company knowing such facts, the Company will delete such data immediately, or will collect, use, disclose, and/or transfer such data only when the Company can cite other legal grounds besides consent.

2. Channels for Collecting Your Personal Data

   The Company may collect personal data through various channels, including:

   1. Service channels: The Company may store your personal data through service channels, whether at Company service locations, offline or online services, or remote services (such as by phone, mobile applications, including sales promotion and marketing channels)
   2. Other channels besides services: In addition, the Company may also collect your personal data through other channels besides services, such as when you contact the Company, before transactions, apply for services, request work proposals or various proposals from the Company, or participate in transactions or contract signing (whether contacting and providing personal data through any channels, such as through Company branches, electronic platforms, Company social media, Company official LINE account), or information received from Data Room related to transactions
   3. From other sources: The Company may receive your personal data from other sources, such as public information, official sources (such as government agencies with reliable personal databases), your employer, organizations that the Company provides services to (including their websites and social networks), service providers that the Company hires to collect personal data on behalf of the Company, Company affiliates, Company partners (such as insurance companies for insurance purposes, business partner platforms of the Company, Company partners where you work or act as representatives), and other external parties
3. Purposes for Collecting, Using, or Disclosing Your Personal Data

   The Company may collect, use, and disclose your personal data for various purposes, depending on what you have contacted the Company for, as follows:

   • To provide services to you, such as to allow you to apply for and receive Company products or services, to process loan approval procedures, to support and conduct other activities related to services or products, to provide customer service (including but not limited to answering inquiries), to transfer vehicle ownership, to process loan disbursement, prepare quotations, and process your application to allow third parties to arrange suitable insurance for you, to deliver and receive insurance policy books, to facilitate applications for third-party products and services, such as in insurance approval processes and insurance policy issuance, to process insurance claims and cancel insurance policies, to manage your account, to process applications, contract agreements, or any contact with you, to maintain and improve records of products or services provided to you, in some cases to terminate any contracts the Company has with you, to make or assist in decisions about your credit, to assess risks in loan disbursement and insurance, and to verify details you have provided to the Company and Company service providers
   • To verify your identity, such as to conduct activities related to service provision according to processes that require knowing customers and identifying or verifying identity correctly (KYC), or in due diligence processes to know facts about customers (CDD), to verify your information from blacklists and money laundering, to access your account from registration, verification, identification, and authentication of you or your identity and signing, to verify position, and to store security questions used to verify identity later for online or mobile channels
   • To use transaction and/or payment information, such as processing payments or transactions, billing, processing, debiting, refunds, or various account reconciliation activities (compromise activities), including all financial activities, both transactions or related payment records, issuing invoices, tax invoices, payment receipts, and delivery of such documents
   • To communicate and manage Company relationships with you, such as to notify results of your product or service applications, SMS communications to send letters or documents (such as welcome letters, card codes and credit cards, insurance policies, insurance renewal notification letters, invoices or other due date notifications, or collection letters), and postal delivery tracking, to notify about remaining deposit amounts to process refund requests, to provide technical assistance and handle technical issues, to use and update your information to be current, to facilitate use of Company services, to process your complaints, to respond and comply with your requests regarding products or services the Company offers or provides, to manage accounts and Company relationships
   • To track and collect debts, to conduct debt tracking and collection by the Company and debt collection service providers, to recover money, to track assets back, or to receive assets from you, and manage your account appropriately according to your situation (which may include filing lawsuits against defaulting customers)
   • For advertising and marketing, such as sending promotional offers, special offers, and other offers/promotions (including but not limited to discounts), to organize prize draw activities or other activities in cooperation/partnership, and all related advertising services for direct marketing and personalized marketing, to display online advertisements, to provide targeted offers or promotions, to process and manage account registrations and your activities, to conduct digital strategy and marketing, to conduct social media-related relationship activities, to analyze data for marketing purposes, to conduct marketing research, and evaluate or improve Company marketing performance, to conduct social media activities to inform you about Company marketing, communications, announcements, news, and information about other products and services, including advertising services and prizes from the Company or Company affiliates and business partners, other related marketing communications through agencies
   • Recommendations and personalization: The Company has collected information about your preferences, such as what types of products you tend to be interested in, to adjust advertisements and provide recommendations about products or services that best match your interests, by customizing your experience. In addition, the Company also uses social media services to display advertisements and special offers through social media, which in some cases will target you based on interests and online web browsing (including Company websites)
   • Improving Company products and services, such as analyzing data to improve marketing performance and sales proposals for Company products and services, to analyze data to improve systems (such as developing customer segmentation models to provide better services), analyzing data to increase business opportunities, to randomly check invoices and welcome letters to improve accuracy, to improve existing products and services and develop new products and services, to survey customer satisfaction to improve service provision, to check which parts of Company websites you visit, or which parts of websites you find most useful, evaluating user interface and experience parts, testing various features or functions to fix and improve bugs in programs (Debug) and fix errors, to analyze use of Company online services, to customize and optimize websites and your platform usage experience, to recognize you in browsers and various devices you use, to identify and fix issues with existing products and services, and to develop qualitative data
   • Risk analysis, such as assessing risks based on your information and received information, to assess qualifications for receiving Company products or services, to assess your application or qualifications for receiving products or services (such as to assess credit scores for car/pickup title loan applications, to consider car/pickup title loan approval, to understand loan purposes and transactions, use of vehicles under loans, and sources of debt payments, as well as to assess customer ability to fulfill obligations timely), to continuously assess risks, to analyze data for risk prevention (such as developing models to predict probability of non-performing loans, or forecasting probability of accidents), to control Company risks, inspections and inspection records, credit risk analysis
   • Business purpose operations, such as to further improve and correct your information, to maintain accurate information, to keep business records and others, to perform work, manage, and maintain Company business operations, and to oversee internal business management for internal operational requirements, policies, and Company procedures
   • Protecting Company interests, such as to protect Company security and stability, exercising rights and protecting Company interests when necessary, such as to detect, prevent, and comply with fraud complaints, and to assess fraud risks, and identify fraudulent transactions, claiming intellectual property or legal violations, to manage and prevent loss of Company property and assets, to conduct sanction list checks, risk management, internal inspections and records, asset management, systems and other business controls, to prevent or suppress dangers that may occur to life, body, or health of persons, to verify compliance with subject to the company's conditions, event tracking, to prevent and report criminal offenses, and to create security and stability for the Company for reference and evidence related to claims or legal proceedings
   • To comply with legal purposes, such as complying with laws, legal proceedings, or orders from government officials, which may include orders from government agencies outside Thailand, and/or cooperating with courts, regulatory agencies, government agencies, and law enforcement agencies, when the Company deems it necessary to disclose your personal data to cooperate according to laws, actions, orders from government officials, ethical principles, and Company internal policies, exercising rights and responding to legal claims (which include debt tracking and collection, foreclosure sales to pay debts, recovery from defaulting accounts), to maintain records and resolve complaints and disputes, to use activity operation data, to use activity result data for credit reporting, and regulatory and tax reporting, disclosure for inspection purposes
   • For Company website and platform operations, such as to oversee Company information technology operations, communication system management, information technology security operations and information technology security inspections, administration, operations, work tracking, inspections, and managing Company websites and platforms, to facilitate and ensure they work correctly, efficiently, and securely, to facilitate various things for you on Company websites and platforms, improve formats and content on Company websites and platforms, to allow you to access existing systems and provide technical assistance
   • Corporate transactions: In cases of sales, transfers, mergers, restructuring, or similar events, the Company may transfer your data to at least one third party as part of such transactions
   • To prioritize life: To prevent or suppress dangers that may occur to life, body, or health of persons
   • To prevent security risks, such as checking network activity logs, to check security events, to conduct security inspections, and to prevent dangers that may occur to data, fraud, deception, or illegal activities and other activities that may be related to data maintenance
   • Purposes related to sensitive data

   • For the purpose of submitting a copy of your ID card in operations with relevant agencies: Religious information (as appearing on ID card)

     Note: The Company would like to inform that the Company has no purpose to collect and use and does not record sensitive personal data appearing on your ID card in the Company's data system

   • For the purpose of conducting background checks and underwriting processes to apply to Company products and services: Criminal history
   • For the purpose of requesting insurance policy quotations, and for the purpose of claiming compensation, or compensation claim consideration processes, compensation claim operations, and compensation payments on behalf of insured persons beyond the scope permitted by law: Health information
   • For the purpose of requesting insurance policy quotations, and for the purpose of claiming compensation, or compensation claim consideration processes, compensation claim operations, and compensation payments on behalf of insured persons beyond the scope permitted by law: Disability information

   • For the purpose of authentication and identity verification, and conducting electronic identity verification processes according to Electronic Know Your Customer (E-KYC) processes, and for the purpose of creating electronic signatures: Biometric data (such as fingerprint data, facial recognition data)

     Note: In cases where the Company needs to collect your personal data as required by law, or cases where the Company must enter into contracts, or comply with contracts with you, or comply with activity conditions with you, or conduct any actions for you according to purposes stated above, and you do not provide such data when requested, the Company may not achieve related purposes as stated above

4. Persons to Whom the Company Will Disclose Your Personal Data

   The Company may disclose your personal data to the following third parties according to the purposes stated above:

   • Financial business group and Krungsri affiliates: The Company may disclose your personal data to the financial business group and Krungsri affiliates

     *You can check the list of data recipients from the Krungsri Bank website under the heading List of Financial Business Groups of Bank of Ayudhya Public Company Limited through this link: https://www.krungsri.com/getmedia/3cf230ad-438f-4701-8f85-d6c06ec28bb9/ks-one-privacy-notice-full-th.pdf.aspx

   • Business partners: The Company may disclose your personal data to other companies that jointly present or develop products or services for customers or potential future customers, such as insurance companies, payment service providers, analytics providers, research agents, survey service agents, marketing service agents, advertising media and communications, marketing agents and promotional activity service agents
   • Service providers: The Company may hire other companies as service providers on behalf of the Company, and to support the Company in conducting business. The Company may disclose your personal data to these service provider companies, or such service provider companies may collect your personal data on behalf of the Company, for various business purposes, such as data storage service providers, cloud service providers, information technology service providers and infrastructure, software and website developers, risk management service providers, information service providers, automated chat program service providers, answering questions through platforms, websites, various applications, call center service providers, SMS service providers, platform network service providers used for support, general management service providers, debt collection and tracking service providers, audit consultants, legal consultants, printing and transportation service providers, journalists and public relations
   • Third parties: The Company may disclose your personal data to persons who perform duties on your behalf, or are related to the provision of products or services you receive from the Company, including brokers, agents, and dealers who have submitted your loan applications to the Company, intermediaries providing payment management services for you, and card payment service providers of the Company, guarantors, compensation claimants, fund providers in asset securitization cases, and to assess Company asset values, debt collection and asset seizure agents
   • Third parties you authorize or request us to disclose your personal data to: The Company may disclose your personal data with consent or according to your request
   • Credit bureaus: The Company may disclose your personal data to credit rating institutions, including the National Credit Bureau Company, to report or verify about your financial situation, and for other legal purposes
   • Potential buyers (including agents and advisors): In cases where the Company intends to sell any part of the business or Company assets, or if a third party acquires all Company assets, your personal data may be part of the assets the Company sells. The Company will inform buyers that they must use your personal data only for purposes as described in this policy

   • Government agencies and other agencies that the Company must disclose personal data to comply with laws or as necessary

     The Company may disclose your personal data to government agencies, law enforcement agencies, courts, regulatory agencies, or other third parties according to laws and necessary purposes, such as:

     • To comply with requests from regulatory agencies, or to comply with court orders, government inspections or investigations, law enforcement requests, Department of Special Investigation, legal orders, or other legal processes
     • For other legal purposes, such as enforcing subject to the company's conditions, exercising or protecting legal rights, or cases where the Company deems that disclosure is necessary or appropriate, to protect Company rights, rights to protect the safety of third parties or other persons' lives, personal property safety, or to detect, prevent, or manage fraud
5. Transfer of Your Personal Data Abroad

   Your personal data will be processed according to personal data protection laws applicable in Thailand, and may be transferred to other countries outside Thailand. The Company may disclose or transfer your personal data to cloud platforms or servers located abroad, to support information technology systems, or to third parties for lawful purposes, such as for credit score analysis and risk analysis purposes. Some recipients of your personal data may be in other countries that do not yet have adequate personal data protection measures as specified by the Office of the Personal Data Protection Committee under the Personal Data Protection Act B.E. 2562. In such cases, the Company will provide appropriate protection according to the Company's legal obligations, to ensure that your personal data is adequately protected regardless of which country

6. Retention Period for Your Personal Data

   The Company will retain your personal data only as necessary, to use according to collection purposes, and to comply with legal obligations and Company regulations as detailed in this policy and applicable laws. The Company will retain your personal data for no more than 10 years, counting from the date you end your relationship or have your last contact with the Company. However, the Company may retain your personal data longer as necessary and/or as permitted by law

7. Your Rights

   Under the provisions of personal data protection laws and exceptions according to related laws, you may have the following rights:

   • Right of access: You have the right to inspect data that has been collected, used, disclosed, your personal data, or request copies of your personal data, or request to know the source of personal data that you did not provide directly to the Company
   • Right to request correction of your personal data: If you see that your personal data is incorrect, not current, or incomplete, you may request correction of such personal data
   • Right to deletion or destruction: You have the right to request deletion, destruction, or anonymization of your data that the Company has collected, but this must not affect others' rights, security, existing contracts with the Company, including being contrary to law
   • Right to suspend use: You may have the right to request suspension of use of your personal data in cases where you see that your data is incorrect or inappropriate, or request suspension of deletion/destruction of your personal data
   • Right to request personal data: If the law grants such right, you have the right to request your personal data from the Company in a readable electronic format, and to send or transfer such data to other data controllers, provided that it is (a) personal data that you have provided to the Company, and (b) cases where the Company has received your consent or to comply with contracts with you
   • Right to object: You have the right to object to collection, use, disclosure of your personal data, such as objecting to direct marketing
   • Right to withdraw consent: If you have consented to collection, use, disclosure of your personal data, you have the right to cancel consent at any time

   • Right to complain

     You have the right to complain to agencies responsible for collection, use, disclosure of your personal data, both where the Company is the operator or cases where other persons operate on behalf of the Company. However, the Company requests an opportunity to address your concerns before you contact the authorities. The Company requests that you contact the Company first, to discuss and resolve your concerns

     However, exercising your rights as specified may have legal limitations, and in some cases the Company can reject your request with reasonable reasons. You can exercise the above rights as stated in the "Contact" section

8. Changes to Privacy Policy

   The Company may amend or update this policy from time to time according to changes in Company practices or privacy protection policies for various reasons, such as technological changes, legal changes, etc. Amendments or updates to this policy will take effect when the Company announces on the website. The Company will notify you, or request your consent again, if this Privacy Policy has been significantly updated, or if the Company needs to comply with laws

9. Links to Other Third-Party Websites

   For users of Company websites, platforms, applications, and other service recipients, you may find links to other websites, which are third parties. The Company is committed to linking only to websites with standards and good protection systems that respect your privacy. In this case, the Company is not involved with content or practices regarding privacy of other websites, unless the Company clearly specifies. Any personal data you provide to third-party websites will be collected by such third parties, not the Company, and will be subject to the privacy notices/policies of those websites (if any), in addition to this Company policy. In this case, the Company may not be able to control and be responsible if your personal data is used, which is data you have provided to third-party websites

10. Contact

    The Company values protecting customer personal data and is committed to complying with all provisions of the Personal Data Protection Act B.E. 2562. You can contact the Data Protection Officer to complain about personal data management at email [email protected], or if you have questions about such matters, please contact:

This Privacy Policy (referred to as "Policy" or "Notice") is issued by Tidlor Public Company Limited (referred to as "the Company" or "our Company") to inform business partners, partners, and contacts that the Company deals with, who are owners of personal data that the Company must use in conducting its business, including (1) business partners or partners who are natural persons, (2) merchants, suppliers, or service providers who are natural persons, (3) persons who contact, and (4) persons with authority to act, representatives of persons authorized to contact business or conduct transactions occasionally, shareholders, agents, employees, personnel, and any other persons with similar status (all referred to as "Representatives") of (a) business partners or partners, (b) merchants, suppliers, or service providers (all referred to as "Business Partners"). All natural persons and all persons mentioned above, in this Notice the Company will use the term "you" or "your" to know the Company's purposes regarding collection, use, disclosure, and/or transfer of your personal data, including rights and choices regarding personal data as you are the data owner, and we have informed you of how to contact the Company if you have any questions.

1. Personal Data Collected by the Company

   "Personal data" means data about you as specified below, which can identify a person or be used to identify a person. However, if other data has been combined with your personal data, or other data has been used to create personal history data, the Company will consider such other data and combined data as personal data.

   The Company may collect, use, and/or disclose your personal data received directly from you, or indirectly from other data sources, or received from affiliates and other companies, depending on the context of operations between you and the Company, based on legal requirements, namely: (1) to comply with a contract for providing services or conducting transactions with you, (2) to perform the Company's legal duties, (3) for the legitimate interests of the Company or for the legitimate interests of others, (4) the principle of importance to prevent or stop harm to life, body, or health of a person, and/or (5) public interest, to carry out public benefits or to perform duties in exercising state power, or where it is necessary to obtain consent for certain activities in collecting, using, or disclosing your personal data. The Company will separately obtain your consent for such activities. The Company may collect your personal data as follows

   1. General Personal Data
      1. If you are a natural person

         Type of Personal Data	Details and Examples
         Name and Initials	Data that is a name used to call or refer to you, such as title, first name/initials of first name, middle name/initials of middle name, last name, alias, or previously used name, including signature
         Personal Characteristics	Details about your personal characteristics, such as age, date of birth, gender, height, nationality, country of birth, citizenship and status, photograph
         Contact Information	Details that will be used to contact you, such as postal code, delivery address, phone number, email, personal mobile phone number, history or username used on social media, workplace, work phone and fax number, work email, mobile phone number used for work contact
         Employment	Details about employment, employment status, and your employment history, including occupation/rank, employer registration number, job code, work permit status/details, authorization details, reference person verification data and background (excluding criminal history), drug test results, tax ID number, employment history, including details about employment rates, service fees, and various benefits, date hired to work, termination, assets acquired from employment, various evaluation results (work performance evaluation and feasibility), including evaluation from your technology usage, such as internet use, email
         Education Information	Information about your education and work, such as educational qualifications and enrollment, licenses, professional organization membership, academic results
         Government-Issued Identification Data	Numbers or codes issued by government officials to identify you, such as ID card number, any other identification numbers issued by the government, driver's license number, business license number, professional license number, government-supported health plan number, passport number, alien registration number, and social security card number
         Financial and Transaction Information	Financial information, status, and your financial history, including information about background checks, account numbers used with financial institutions, financial transaction history, credit history, bank details used, investments, deposits, financial assistance (such as benefits, assistance, grants, funding), your purchase history (such as products, rent, benefits)
         Other Details You Provide to the Company	Information you provide to the Company as part of establishing a new relationship or an existing relationship the Company has with you, from you providing services to our Company, or our Company providing services to you

      2. If you are a representative of a business partner

         Type of Personal Data	Details and Examples
         Identification Data	Personal details about you, including first name, middle name, last name, age, employment information, government-issued identification numbers (such as ID card number, driver's license number, professional license number, passport number, alien registration number, tax ID number, social security card number), work-related information (such as position, job duties, occupation, job title, company where you work, or where you are employed, or where you hold shares), nationality, signature
         Contact Information	Contact information, including personal contact details (such as phone number, address, email, social media accounts)
         Other Information	Information collected, used, or disclosed as a relationship between the Company and other related legal entities, or where you work, such as documents containing your personal data attached to contracts you have made with the Company

      3. Personal Data of Others

         If you have provided personal data of others to the Company or the Company's service providers, such as personal data of members of your company's board of directors, officers, employees, or contacts, or you request the Company to disclose personal data of others mentioned above to third parties, you are responsible for informing such persons about the details of this Notice, and must obtain consent from such third parties (where consent is required). In addition, you have a duty to act so that the Company can legally collect, use, or disclose personal data of such persons as specified in this Notice

      4. Personal Data of Minors, Incapacitated Persons, and Quasi-Incapacitated Persons

         In cases where the Company collects, uses, discloses data of minors, incapacitated persons, and quasi-incapacitated persons and requires consent from such persons, the Company will only obtain consent from the guardian with authority to act on behalf of the minor, the curator, or the guardian, respectively, unless the Company can cite other legal reasons. If the Company later becomes aware that it has collected personal data of a person under 20 years of age without the consent of the guardian with authority to act on behalf of the minor, or in the case of an incapacitated person or quasi-incapacitated person without the consent of the curator or guardian, respectively, and the Company was unaware of such fact, the Company will immediately delete such data, or will collect, use, disclose, and/or transfer such data only if the Company can cite other legal reasons besides consent

      5. Cookie Files

         The Company may use and store cookie files and other systems on your devices, which are part of the security system from the Company's service provision, and to provide users with a good experience from using the Company's general services. Data collected from cookie usage will not be linked to data that may identify a person (such as your name or email). However, if the Company needs to link personal data with cookies or connect with other data about your service usage, the Company will consider such cookies and combined data as personal data as well

   2. Sensitive Personal Data

      The Company may collect, use, or disclose your sensitive personal data only when it has received your explicit consent through appropriate methods, to comply with employment contracts, establish legal claims, defend, comply with or exercise legal claims, perform duties that are important public benefits according to law, or other matters as specified by law

      Type of Sensitive Personal Data	Data Stored
      Religious Data	Generally, when entering into a business partnership or partnership with you, the Company will not request religious information from you. However, in practice, the Company may receive religious information from you when the Company scans your ID card to use as supporting documents for contract execution, which is an unavoidable case. In such cases, the Company will maintain the security of your religious data according to applicable laws, based on appropriate legal grounds
      Criminal History Data	The Company may collect and use your criminal history records to detect and prevent illegal acts and fraud, and to prosecute when such events occur
      Biometric Data	The Company may collect and use physical data, such as fingerprints and facial recognition

2. Channels for Collecting Your Personal Data

   The Company collects personal data through various channels, including:

   1. Company business channels: The Company may store your personal data through business channels between you and the Company, whether offline, online, or remote business operations (such as by phone, website, email, or mail)

   2. Other channels: The Company may collect your personal data through other channels, such as through service providers that the Company hires to collect personal data on behalf of the Company, affiliates, public databases, government data sources (such as government agencies with reliable personal databases), your representatives, or other persons authorized by you and from other persons acting on your behalf

3. Purposes of Collecting, Using, or Disclosing Your Personal Data

   The Company may collect, use, disclose, and/or transfer your personal data that has been collected for various purposes, depending on what you have contacted the Company about, as follows. However, the various purposes specified below are only the main scope of the Company's data usage practices, and only certain purposes related to you will affect the use of your personal data

   1. Purposes for Your General Personal Data

      Purpose	Details
      Performance of Contractual Obligations with You	Performance of duties due to relationships according to contracts with you or contracts with companies where you work, where you are employed, or where you hold shares, including your contractual obligations, performance of various transactions, payments, product and/or service offerings, accounting, auditing, billing, and debt collection, support services and other business duties, support when issues arise, and contract termination with you
      Identity Verification	Verification of background and identity
      Communication	Communication with you or companies where you work, where you are employed, or where you hold shares regarding products and services, operations, marketing, or business support of the Company, and answering inquiries or responding to product or service requests
      Data Analysis and Maintenance	Detection of risks related to fraud, fraudulent transactions, and various fraudulent activities, including security risks
      Improving Product and Service Quality	Improving the quality of existing products and services, and developing new products and services
      Legal Compliance and Business Purposes	Compliance with applicable laws, defending civil or criminal cases or regulatory compliance litigation, actions when subpoenas or investigations occur, exercising Company rights when there are legal claims (including debt collection and recovery for overdue accounts), resolving complaints and disputes, audits, reviews regarding corporate governance and insurance, credit risk analysis, credit reporting, legal reporting, institutional risk control, updating customer data, keeping records about business operations, any other actions to operate, manage, and maintain the Company's business

   2. Purposes for Sensitive Personal Data

      The Company will collect, use, or disclose sensitive personal data only when the Company has received your proper consent, or to exercise legal claims, defend legal claims, comply with or exercise legal claims, to perform legal duties, create overall benefits, or other cases as specified by law. In cases where the Company must obtain consent from you, the Company will request consent from you using appropriate methods

      Type of Sensitive Personal Data	Details
      Religious Data	To use as supporting documents for contract execution, to verify the identity of authorized signatory directors of the company, and to send copies of ID cards to relevant agencies in doing business with you
      Criminal History Data	To detect and prevent illegal acts and fraud, and to prosecute when events occur
      Biometric Data	To authenticate and verify identity, and to conduct electronic identity verification, and to create electronic signatures

4. Persons to Whom the Company Discloses Your Personal Data

   The Company may disclose your personal data to the following persons, depending on what you have contacted the Company about and the nature of business operations with the Company

   Recipients of Your Personal Data	Details
   Affiliates	The Company may disclose your personal data to other companies in the Krungsri Group, including companies in the financial business group and affiliates, and including The Bank of Tokyo-Mitsubishi UFJ (MUFG Bank, Ltd.) and companies in the MUFG Group located in Thailand and other countries, including Japan, Singapore, United States, United Kingdom, and other countries
   Service Providers	The Company may hire other companies as service providers on behalf of the Company and support the Company's business operations. The Company may need to disclose your personal data to these service provider companies, or such service provider companies may collect your personal data on behalf of the Company, for various business purposes, such as companies, software and website developers, information technology service providers, delivery/courier service providers
   Professional Advisors	The Company may need to disclose your personal data to professional advisors in auditing, law, accounting, and tax services, who will assist in the Company's business operations, help defend cases for the Company, or help prosecute legal cases, initiate and manage auctions, or conduct any other legal matters
   Third Parties Related to Corporate Transactions	The Company may need to disclose or transfer your personal data to business partners, investors, significant shareholders, assignees, persons who will receive assignments, transferees, or persons who will be transferees in cases of corporate restructuring or debt restructuring, mergers, acquisitions, sales, purchases, joint ventures, transfers, liquidations, or any other similar events involving transfer or sale of all or part of the business, assets, or company shares
   Government Agencies and Other Agencies that the Company Must Disclose Personal Data to Comply with Laws or as Necessary	The Company may need to disclose your personal data to government agencies and regulatory agencies (such as the Revenue Department, law enforcement agencies, regulatory agencies and courts) and other agencies according to legal processes, regulation and other important purposes, and may disclose personal data when regulatory agencies or government agencies request according to legal regulations, compliance with legal orders, inspections, or legal/litigation processes

5. Transfer of Your Personal Data Abroad (if any)

   The Company may disclose or transfer your personal data to affiliates, third parties, or servers located abroad (such as Japan, Singapore, United States, and United Kingdom) to carry out various operations according to law. Some recipients of your personal data may be in other countries, which the Office of the Committee under the Act has not yet declared as destination countries with adequate personal data protection standards. When the Company needs to transfer your personal data to countries without personal data protection standards equivalent to Thailand, the Company will take action to ensure adequate protection of your personal data for transferred data, or to ensure that such transfer is conducted according to applicable personal data protection laws, such as the Company may request third parties authorized to access transferred personal data to agree with the Company to provide assurance that such data will be protected according to personal data protection standards equivalent to requirements in Thailand

6. Retention Period for Your Personal Data

   The Company may retain your personal data for as long as necessary, to use according to personal data collection purposes, in accordance with details in the Notice and applicable laws. The Company may retain your personal data for no more than 10 years, counting from the date you end your relationship or have your last contact with the Company. However, the Company may retain your personal data longer to comply with applicable laws and regulations, or according to Company policies, or according to Company operational requirements, such as appropriate accounting data retention, facilitating customer relationship management, and to carry out legal claims, or when regulatory agencies request

7. Your Rights

   Under the provisions of personal data protection laws and exceptions according to related laws, you may have the following rights:

   1. Right of access: You have the right to inspect data that has been collected, used, disclosed, your personal data, or request copies of your personal data, or request to know the source of personal data that you did not provide directly to the Company
   2. Right to request correction of your personal data: If you see that your personal data is incorrect, not current, or incomplete, you may request correction of such personal data
   3. Right to deletion or destruction: You have the right to request deletion, destruction, or anonymization of your data that the Company has collected, but this must not affect others' rights, security, existing contracts with the Company, including being contrary to law
   4. Right to suspend use: You may have the right to request suspension of use of your personal data in cases where you see that your data is incorrect or inappropriate, or request suspension of deletion/destruction of your personal data
   5. Right to request personal data: If the law grants such right, you have the right to request your personal data from the Company in a readable electronic format, and to send or transfer such data to other data controllers, provided that it is (a) personal data that you have provided to the Company, and (b) cases where the Company has received your consent or to comply with contracts with you
   6. Right to object: You have the right to object to collection, use, disclosure of your personal data, such as objecting to direct marketing
   7. Right to withdraw consent: If you have consented to collection, use, disclosure of your personal data, you have the right to cancel consent at any time
   8. Right to complain: You have the right to complain to agencies responsible for collection, use, disclosure of your personal data, both where the Company is the operator or cases where other persons operate on behalf of the Company. However, the Company requests an opportunity to address your concerns before you contact the authorities. The Company requests that you contact the Company first, to discuss and resolve your concerns

   However, exercising your rights as specified may have legal limitations, and in some cases the Company can reject your request when there are reasonable and lawful reasons. You can exercise the above rights as stated in the "Contact" section

8. Changes to Privacy Policy

   The Company may amend, supplement, or update this Notice to be current from time to time. In cases where Company practices or policies regarding collection, use, disclosure of personal data, or applicable laws change, the Company will notify you so that you receive complete updated information. In addition, the Company requests that you read this Notice carefully, and regularly check what information the Company will change in this Notice

9. Contact

   The Company values protecting personal data of partners, business partners, including contacts, and is committed to complying with all provisions of the Personal Data Protection Act B.E. 2562. You can contact the Data Protection Officer to complain about personal data management at email [email protected], or if you have questions about such matters, please contact: