Privacy Notice | Autocorp Holding (ACG)

Privacy Notice for Shareholders

1. About This Privacy Notice

Autocorp Holding Public Company Limited is a holding company that operates through its subsidiaries in the automotive sales and service industry, as well as other related businesses. its subsidiaries includes Honda Maliwan Company Limited (“Subsidiary”), an authorized Honda dealer and service center appointed by Honda Automobile (Thailand) Co., Ltd. (“Honda Automobile”); and Autoclik by ACG Company Limited (“Subsidiary”), which operates a fast-fit business providing spare parts sales, repair and maintenance services for all automobile brands.

The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Therefore, this Privacy Notice has been established to inform you of the details regarding the collection, use, or disclosure of personal data, as follows:

This Privacy Notice covers natural persons associated with the Company's management. This includes potential shareholders, current shareholders, former shareholders, proxies, attorneys-in-fact, and representatives of such persons. It also extends to family members of shareholders and natural persons acting on behalf of legal entities related to the Company's shareholding, such as directors, consultants, executives, employees, agents, or attorneys-in-fact. Collectively, these individuals are referred to as “Data Subjects” or “You”.

2. Definitions

“Privacy Notice” means the Privacy Notice for Shareholders of Autocorp Holding Public Company Limited.

“Personal Data” means information relating to a person which makes it possible to identify such person, whether directly or indirectly, such as name and surname, address, telephone number, identification number, and email address, etc., but excluding the information of deceased persons in particular.

“Sensitive Personal Data” means personal data regarding racial or ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other information which affects the data subject in the same manner as announced by the Personal Data Protection Committee.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Data Processor” means a person or a legal entity who operates in relation to the collection, use, or disclosure of personal data pursuant to the orders given by or on behalf of a Data Controller, whereby such person or legal entity is not the Data Controller.

“Cookies” means small computer files that temporarily store necessary personal data on the data subject's computer for convenience and speed of communication, which are effective only while accessing the website system.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	Shareholder Registration: Such as preparing and maintaining the register of shareholders (Bor.Jor.5), recording share transfers, and updating shareholder registration information in accordance with the Public Limited Companies Act and relevant laws.	Legal Obligation
3.2	Meeting Management: Such as sending invitation letters, verifying rights and identity before meetings, checking quorums, proxies, and preparing minutes of meetings to serve as evidence of the Company's operations.	Legal Obligation
3.3	Legitimate Interests: Such as security, fraud prevention, crime prevention, risk management, governance, business planning, and exercising legal rights, while taking into account the rights and freedoms of the data subject.	Legitimate Interest
3.4	Meeting Recordings: Such as taking minutes and recording video/audio (VDO) during shareholder meetings to serve as evidence and support the preparation of the minutes of the meeting.	Legitimate Interest
3.5	Disclosure to Government or Regulatory Agencies: Such as submitting the list of shareholders to the Department of Business Development (DBD), the Stock Exchange of Thailand (SET), and the Securities and Exchange Commission (SEC), as well as disclosure in the Form 56-1 One Report.	Legal Obligation
3.6	3.6.1 For calculating, verifying, and processing dividend payments.	Contract (Section 3.6.1)
	3.6.2 For withholding tax and preparing related tax documents.	Legal Obligation (Section 3.6.2)
3.7	Communication: To notify news, information, documents, or benefits related to your status as a shareholder.	Contract
3.8	Compliance with Other Relevant Laws: Such as tax laws, computer crime laws, and other related legislation.	Legal Obligation
3.9	Request Handling: To receive requests for agenda proposals, director nominations, complaints, the exercise of rights to inspect documents, or other legal rights.	Legal Obligation
3.10	Corporate Actions: To manage capital increases, issuance and offering of securities, share allocation, exercise of share purchase rights, conversion of securities, determination of the Record Date, verification of eligibility, and compliance with SET and SEC regulations.	Legal Obligation

In cases where the Company is required to request personal data from you to enter into a contract or to comply with the legal obligations, failure to provide such personal data may result in the Company being unable to proceed with your request.

4. Personal Data Collected

The Company collects personal data directly from you, such as during investment, recruitment, contracting, communication, meeting attendance, or usage of the Company's systems. Additionally, the Company collects data from other sources, including the Department of Provincial Administration, the Department of Business Development, the Stock Exchange of Thailand, commercial data sources, social media, and data service providers. The relevant personal data is as follows:

• General Personal Data

a) Basic Personal Data: Such as name-surname, gender, photograph, date of birth, signature, identification card information, house registration information, and passport information.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, and Line ID.
c) Financial Information: Such as bank account information and financial transaction data.
d) Third-Party Information: Such as information regarding coordinators or contact persons.
e) Other Information: Such as cookies, usage behavior data, technological data, and activity participation data.

In cases where the Company receives a copy of your identification card for identity verification and/or any transactions with the Company, the obtained information may include religious data or other Sensitive Data. The Company has no policy to collect or retain such personal data unless your consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guideline.

The Company may receive third-party information provided by you, such as proxies, attorneys-in-fact, or family members. You are requested to inform such third parties of this Privacy Notice and to obtain their consent where required, unless otherwise permitted by law.

5. Disclosure of Personal Data

The Company may disclose your personal data to the following entities:

Government and Regulatory Agencies: Such as the Revenue Department, the Bank of Thailand, the Securities and Exchange Commission (SEC), the Stock Exchange of Thailand (SET), the Department of Business Development (DBD), the Ministry of Commerce, the Legal Execution Department, the Anti-Money Laundering Office (AMLO), courts, or any other agency exercising legal authority.

Securities Registrar: The Company may disclose information to Thailand Securities Depository Co., Ltd. (TSD) in its capacity as the securities registrar to facilitate share registration, share transfers, dividend payments, and the exercise of shareholder rights.

External Service Providers: Such as software and information technology system providers, auditors, legal advisors, meeting organizers, document delivery services, data analytics providers, and corporate governance evaluators. The Company will require these service providers to maintain confidentiality and process data only according to the Company's instructions.

Affiliates or Related Entities: The Company may disclose information to affiliates or related businesses as necessary for management, corporate governance, or normal business operations.

6. Retention Period of Personal Data

The Company will collect and maintain your personal data in your capacity as a shareholder throughout the entire period you hold shareholder status. Furthermore, data will be kept for as long as necessary to fulfill the objectives specified in this Privacy Notice.

Once such a period has passed, the Company may continue to retain the information as required or permitted by law, or as necessary for the exercise of relevant legal claims.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Executives are responsible for monitoring and controlling various departments to ensure compliance with this Privacy Notice. They also promote awareness among employees to make personal data protection an integral part of the Company's operations.

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

When the Company receives a request to exercise these rights, it will act within the timeframe prescribed by law. The Company may refuse or be unable to fulfill a request if it must comply with the law or a court order, if it is for the public interest, or if exercising the right would violate the rights and freedoms of others. In the event of a refusal, the Company will notify you of the reason.

10. Personal Data Security Measures

The Company prioritizes the security of your personal data to ensure that Company personnel and third parties acting on the Company's behalf comply with appropriate personal data protection standards, including the duty to prevent personal data leaks.

The Company will maintain the security of your personal data through Technical Measures, Organizational Measures, and Physical Measures to ensure appropriate security in the processing of personal data and to prevent personal data breaches. In the event of a personal data breach, the Company will notify the Office of the Personal Data Protection Committee without delay and within the timeframe required by personal data protection law, unless such breach is unlikely to result in a risk to the rights and freedoms of individuals. In cases where a breach poses a high risk to the rights and freedoms of individuals, the Company will notify the Data Subject of the breach and provide remedial measures without delay. Such notifications and exceptions shall be in accordance with the rules and methods prescribed by personal data protection law.

The Company regularly reviews and updates its policies, regulations, and data protection measures to remain appropriate to the level of risk. It is a requirement that executives, employees, contractors, agents, consultants, and those who receive data from the Company have a duty to maintain the confidentiality of personal data as specified by the Company to prevent loss, unauthorized access, use, modification, or disclosure, and to ensure continuous security in data processing.

11. Penalties

Any executive, employee, or person responsible for a specific operation within their duties who neglects, omits to order, fails to act, or performs any act in their duty that violates the personal data protection policies and practices, resulting in a legal offense and/or damages, shall be subject to disciplinary action according to Company regulations or held legally responsible for the specific offense committed. Furthermore, if such an offense causes damage to the Company and/or any other person, the Company may consider pursuing further legal proceedings.

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autocorp Holding Public Company Limited

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Business Partners, Vendors and Suppliers

1. About This Privacy Notice

The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been prepared to inform you of the details regarding the collection, use, or disclosure of personal data as follows:

This Privacy Notice applies to natural persons involved in transactions or communications with the Company, or those providing goods and services to the Company. This includes potential vendors, current vendors, former vendors, business partners, and suppliers, whether they are natural persons or individuals acting on behalf of a legal entity, such as directors, consultants, executives, employees, agents, coordinators, or authorized persons. Collectively, these individuals are referred to as “Data Subjects” or “You”.

2. Definitions

“Privacy Notice” means the Privacy Notice for Business Partners, Vendors and Suppliers of Autocorp Holding Public Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For registration and qualification screening prior to entering into a contract: Such as registering new vendors, verifying qualifications or credibility, and checking signing authority, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.2	For procurement and contract performance: Such as issuing Purchase Orders (PO), drafting and signing contracts, delivery of products or services, service provision, and after-sales service, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.3	For payment, accounting, and taxation: Such as fund transfers or receiving payments, issuing withholding tax certificates, issuing tax invoices, and preparing statutory accounting records, etc.	Legal Obligation
3.4	For coordination and relationship management: Such as communication, notification of delivery information, task tracking, and vendor relationship management, etc.	Legitimate Interest
3.5	For handling complaints, disputes, and legal claims: Such as receiving and managing complaints, dispute resolution, and exercising rights through the court system, etc.	Legitimate Interest
3.6	For internal management and data analysis: Such as maintaining vendor databases, preparing service performance reports, and analyzing data to develop procurement systems and processes.	Legitimate Interest
3.7	For vendor evaluation: Such as assessing the quality of goods or services and considering contract renewals.	Legitimate Interest
3.8	For security and area access: Such as Closed-Circuit Television (CCTV) recording.	Legitimate Interest
3.9	For compliance with other relevant laws: Such as tax laws, anti-money laundering laws, and safety laws, etc.	Legal Obligation

In cases where the Company is required to collect your personal data to enter into a contract or to comply with legal obligations, failure to provide such personal data may result in the company being unable to proceed with your request.

4. Personal Data Collected

The Company collects your personal data in your capacity as a vendor, seller, service provider, contractor, agent, or representative of a legal entity partner. This collection occurs both directly from you and from other lawful sources as follows:

4.1 Sources of Personal Data

(1) Direct Collection from You: The Company may collect personal data directly from you during various processes related to entering into or performing business contracts, such as requests for quotations, negotiations, contract preparation, vendor registration, communications, service usage, participation in meetings or business activities, and the use of the Company’s website or information technology systems.

(2) Collection from Other Sources: The Company may collect your personal data from other publicly available sources or third parties with the legal right to disclose such information, as permitted by law. This includes government agencies (such as the Department of Provincial Administration and the Department of Business Development), commercial data sources, social media, business information providers, relevant associations or federations, or from your employer.

4.2 Types of Personal Data Collected

• General Personal Data:

(a) Basic Personal Data: Such as name-surname, title, signature, identification card number, passport number, driver's license number, job position, company affiliation, or any other information that can identify an individual.
(b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or any other contact channels.
(c) Work or Business Relationship Information: Such as work history, qualifications, professional certificates, contract details, or documents supporting vendor selection considerations.
(d) Financial Information: Such as bank account details, payment information, and related financial transaction data.
(e) Third-Party Information: Such as names and contact information of coordinators, representatives, authorized persons, or individuals involved in the transactions.
(f) Other Information: Such as cookies, website or system usage behavior data, device information, and business activity participation data.

In the event that you provide personal data of others to the Company, such as coordinators or representatives, you represent and warrant that you have the authority to do so and have informed such persons of the details regarding personal data processing as specified in this Privacy Notice. You shall also obtain consent from such persons if necessary, unless there are other legal requirements where consent is not required.

The Company will collect, use, and disclose your personal data only as necessary under the relevant legal bases and for lawful purposes in conducting the business relationship between the Company and the vendor.

In cases where the Company receives a copy of your identification card for the purpose of identity verification and/or performing any transactions, the received data may contain religious information or other Sensitive Data. The Company does not have a policy to collect or retain such sensitive data, except where your consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guidelines.

5. Disclosure of Personal Data

The Company may disclose your personal data as a vendor, representative, contact person, or related person to a vendor, as necessary under relevant legal bases and for the purposes specified in this Privacy Notice. Such data may be disclosed to the following persons or entities:

Purpose of Official Disclosure: Such disclosure will be conducted only as necessary to comply with the law, court orders, orders from government agencies, or for the conduct of legal proceedings.

External Service Providers: This includes software and information technology system providers, transportation service providers, data analysis service providers, marketing service providers, organizational management evaluators, and various consultants, such as legal advisors or other professional consultants.

Data Processing Safeguards: The Company will ensure there are personal data processing contracts or agreements as required by law. The Company will supervise these service providers to process data only according to the Company’s instructions and will require appropriate personal data security measures that meet the standards prescribed by law.

Other Third Parties: The Company may disclose personal data to affiliates or companies within the business group only as necessary for internal group management, risk management, internal audits, system support, or for other legitimate business purposes.

Legal Compliance for Disclosure: Such disclosures will be carried out under appropriate legal bases, and the Company will establish personal data protection measures in accordance with the Personal Data Protection Act B.E. 2562 (2019).

6. Retention Period of Personal Data

The Company will retain your personal data for as long as necessary to achieve the objectives specified in this Privacy Notice, and for the entire duration of your business relationship with the Company.

Upon the termination of such business relationship, the Company may find it necessary to continue storing your personal data for the period required or permitted by law, or as necessary for the following purposes:

(1) Compliance with relevant laws and regulations.
(2) The exercise of legal claims, proof of rights, or defense against legal claims.
(3) Dispute prevention and resolution.
(4) Internal audits, risk management, and good corporate governance.

In this regard, the Company may retain personal data for a period not exceeding 10 years from the date the business relationship ends, or in accordance with the statute of limitations prescribed by relevant laws, whichever is longer, unless the law requires a longer retention period.

In determining the data retention period, the Company will consider the nature of the data, the purposes of data processing, and relevant legal obligations. Once the retention period has elapsed, or when the personal data is no longer necessary for the aforementioned purposes, the Company will proceed to delete, destroy, or anonymize the personal data using appropriate methods and security measures in accordance with the law.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autocorp Holding Public Company Limited

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Employees

1. About This Privacy Notice

Autocorp Holding Public Company Limited is a holding company that operates through its subsidiaries in the automotive sales and service industry, as well as other related businesses. its subsidiaries includes Honda Maliwan Company Limited (“Subsidiary”), an authorized Honda dealer and service center appointed by Honda Automobile (Thailand) Co., Ltd. (“Honda Automobile”); and Autoclic by ACG Company Limited (“Subsidiary”), which operates a fast-fit business providing spare parts sales, repair and maintenance services for all automobile brands.

The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been established to inform you of the details regarding the collection, use, or disclosure of personal data, as well as to provide information regarding your rights as a data subject.

This Privacy Notice applies to natural persons associated with the Company's human resource management. This includes directors, consultants, executives, job applicants, permanent employees, independent contractors, interns, and former personnel. It also extends to any individuals related to the Company’s personnel, such as family members of employees and emergency contact persons. Collectively, these individuals are referred to as “Data Subjects” or “You”.

2. Definitions

“Privacy Notice” means the Privacy Notice for Employees of Autocorp Holding Public Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	Personnel Recruitment and Selection: 3.1.1 Application and qualification review 3.1.2 Job interviews 3.1.3 Contacting applicants 3.1.4 Criminal record checks 3.1.5 Pre-employment health checks	Contract (Sections 3.1.1 – 3.1.3) Explicit Consent (Sections 3.1.4 – 3.1.5) *unless specifically required by law
3.2	Employment Contract Administration: 3.2.1 Payment of salary, wages, and bonuses 3.2.2 Attendance recording using biometric data (e.g., fingerprint or facial recognition) 3.2.3 Withholding tax and social security contributions per Revenue and Social Security laws 3.2.4 Employee benefits (e.g., group insurance or provident fund)	Contract (Sections 3.2.1) Consent (Sections 3.2.2) Legal Obligation (Sections 3.2.3) Contract (Sections 3.2.4)
3.3	Development and Evaluation: 3.3.1 Performance evaluation (KPIs) 3.3.2 Promotion or salary adjustment considerations 3.3.3 Training and skill development: (1) Organizational efficiency development for general personnel management (2) Submission of data to the Department of Skill Development or legal reporting	Legitimate Interest (Sections 3.3.1 – 3.3.3 (1)) Legal Obligation (Sections 3.3.3 (2))
3.4	Internal Security: Such as CCTV installation and building access control	Legitimate Interest
3.5	Special Activities and Communication: 3.5.1 Publishing employee photos on Company social media 3.5.2 Emergency contact (Third parties)	Consent (Sections 3.5.1) Legitimate Interest (Sections 3.5.2)
3.6	Disciplinary Management and Disputes: Such as disciplinary investigations, legal proceedings, and recording warnings	Legitimate Interest
3.7	IT and System Administration: Such as company email usage, system access logs, and monitoring company equipment usage	Legitimate Interest

In cases where the Company requires personal data to enter into a contract or comply with the legal obligations, failure to provide such data result in the Company being unable to proceed your request.

The Company may receive third-party information provided by you (e.g., family members, emergency contacts, references, or former employers). You are request to inform such third parties of this privacy notice and obtain their consent where required, unless otherwise permitted by law.

4. Personal Data Collected

The Company collects personal data directly from you through methods such as interviews, contracting, and communications. Additionally, data is collected from other sources, including recruitment agents and third parties. The relevant personal data collected is as follows:

• General Personal Data

(a) Basic Personal Data: Such as name-surname, gender, photograph, date of birth, age, nationality, signature, marital status, military status, educational background, identification card number, house registration data, driver's license data, and employee ID number.
(b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or other contact channels.
(c) Financial Information: Such as bank account details, salary payment information, and benefits data.
(d) Third-Party Information: Such as name-surname and telephone numbers of reference persons, emergency contacts, and family members.
(e) Other Information: Such as educational and work history, job interview results, performance evaluations (KPI), training records, leave records, attendance logs, IT system usage data or access logs, CCTV footage, and disciplinary records or warning letters.

• Sensitive Personal Data

(f) Sensitive Personal Data: Such as criminal records, health data, disability information, biometric data, and religious beliefs.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other Sensitive Data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data accordance with applicable laws and guideline.

5. Disclosure of Personal Data

The Company may disclose the personal data of employees as necessary under the relevant legal bases and for the purposes specified in this Privacy Notice to the following persons or entities:

Government Agencies or Legally Authorized Authorities: The Company may disclose personal data to government agencies, regulatory bodies, or persons with legal authority. This includes, but is not limited to, the Revenue Department, the Social Security Office, the Department of Labour Protection and Welfare, the Legal Execution Department, the Student Loan Fund, and the Department of Skill Development. It also includes the Department for Empowerment of Persons with Disabilities, the Ministry of Commerce, the Ministry of Labour, courts, inquiry officials, or any other agency exercising legal power. Such disclosure will be conducted only as necessary to comply with the law, court orders, or orders from authorized agencies.

External Service Providers: This includes software and information technology system providers, provident fund managers, banks, insurance providers, and training providers. It also encompasses organizational management evaluators, legal advisors, and other professional consultants.

Other Third Parties or Affiliates: The Company may disclose personal data to affiliates or other third parties as necessary for the benefit of human resource management, business operations, internal audits, and risk management. Disclosure may also occur to fulfill the Company’s legal obligations.

6. Retention Period of Personal Data

The Company will retain your personal data for as long as necessary to achieve the purposes specified in this Privacy Notice. This includes the entire duration of your status as an employee or staff member, or while you maintain a contractual or any other relationship with the Company.

Upon the termination of such relationship, the Company may continue to retain your personal data for a necessary period, taking into account the following factors:

Legal Statutes of Limitations: Considering the relevant time limits for legal actions.
Legal Obligations: Fulfilling the Company's duties as required by law.
Exercise or Defense of Legal Claims: For the purpose of establishing, exercising, or defending against legal claims.
Dispute Prevention and Resolution: Handling and settling potential conflicts.
Audits and Regulatory Compliance: Internal auditing and adhering to the regulations of governing authorities.
Lawful Purposes: Any other objectives that are lawful and consistent with the legal bases under the Personal Data Protection Act B.E. 2562.

In determining the specific retention period, the Company considers: (1) the purpose of collection and processing; (2) the type and sensitivity of the personal data; (3) the duration of relevant legal periods and statutes of limitations; and (4) the necessity for the Company's legitimate interests.

Once the retention period has elapsed, or when the personal data is no longer necessary for the aforementioned purposes, the Company will proceed to delete, destroy, or anonymize the data. This will be done using appropriate security methods and measures to ensure compliance with relevant laws and standards.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autocorp Holding Public Company Limited

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Training, Seminars and Other Activities

1. About This Privacy Notice

2. Definitions

“Privacy Notice” means the Privacy Notice for Training, Seminars and Other Activities of Autocorp Holding Public Company Limited.

“Process” or “Processing” means any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate legislation.

“Other Definitions” means that for any terms not specifically defined in this Privacy Notice, the definitions shall be in accordance with the Personal Data Protection Act B.E. 2562 (2019).

3. Scope of Application

This Privacy Notice applies to the following persons:

3.1 Natural Persons: Such as interested persons, potential participants, former participants, or current participants in the Company's training, seminars, and various activities. This includes participation in meetings, talks, training sessions, seminars, live broadcasts, interviews, or participation in questionnaires, surveys, or other forms.
3.2 Natural Persons related to Corporate Customers: Such as employees, personnel, officers, representatives, shareholders, authorized persons, directors, coordinators, reference persons, emergency contacts, or other natural persons associated with the Company's corporate customers who will participate, have participated, or are participating in training, seminars, live broadcasts, interviews, questionnaires, surveys, or other activities organized by the Company.

The persons mentioned in sections 3.1 – 3.2 above shall collectively be referred to as “You” or the “Data Subject”.

4. Sources of Personal Data

The Company collects and gathers your personal data through the following processes:

4.1 Information provided directly to the Company: Such as applying for services or registering for a user account in both online and offline formats, application supporting documents, personal data change requests, or other service requests to the Company.
4.2 Information collected automatically by the Company: When you access services through the Company's systems or visit the website via electronic devices such as mobile phones or computers. The Company may automatically collect personal data through technologies such as cookies or other similar technologies.
4.3 Information from activities participated with the Company: The Company may receive your personal data from your participation in various activities, such as marketing activities, contests, lucky draws, competitions, or events organized by the Company or on behalf of the Company, including activities co-organized with partners or business alliances.

5. Purposes for Processing Personal Data

The Company processes your personal data for the following purposes under the corresponding legal bases:

No.	Purpose	Legal Basis
5.1	To carry out communication, registration, and/or identity verification for participating in the Company's training, seminars, and various activities, categorized as follows: 5.1.1 Participation involving costs or specific entry conditions. 5.1.2 Participation in activities open to the general public.	Contract (Section 5.1.1) Legitimate Interest (Section 5.1.2)
5.2	To provide your information to moderators, MCs, speakers, and relevant parties for the operation of the Company's training, seminars, and activities.	Contract
5.3	5.3.1 To contact, communicate, coordinate, provide services, and update your personal data as a service user of the Company. 5.3.2 To provide news, public relations, and present information about the Company's interesting services for future occasions. 5.3.3 To conduct marketing activities for sending future promotional news or commercial promotions.	Contract (Section 5.3.1) Legitimate Interest (Section 5.3.2) Consent (Section 5.3.3)
5.4	To process data, conduct satisfaction surveys, and improve future event organization.	Legitimate Interest
5.5	To provide assistance and resolve technical issues, such as notifying you of problem resolutions, and surveying your opinions and satisfaction regarding services, training, seminars, or Company activities.	Legitimate Interest
5.6	To record still images, audio, or video of the training, seminars, and activities organized by the Company, categorized as follows: 5.6.1 Photography/Video: Recording the event atmosphere, public relations news, and internal event reporting. 5.6.2 Photography for Advertising: Interviewing for testimonials and using images for media such as signs or brochures.	Legitimate Interest (Section 5.6.1) Consent (Section 5.6.2)
5.7	To operate seminars and various activities in both general and electronic formats, and/or to issue training certificates to you.	Contract
5.8	To prevent or suppress danger to your life, body, or health, or that of others.	Vital Interest
5.9	To comply with Personal Data Protection laws, such as responding to data subject rights requests, including compliance with other relevant laws.	Legal Obligation
5.10	To arrange catering (food allergies/religious requirements) and provide facilities (for persons with disabilities).	Consent

6. Personal Data Collected

• General Personal Data

(a) Basic Personal Data: Such as name-surname, signature, or any other information that can identify the data subject. The Company will collect only the data necessary for the purposes of organizing the activities.
(b) Contact Information: Such as current contactable address, registered house address, email, telephone number, and Line ID.
(c) Third-Party Information: Such as coordinator or contact person details.
(d) Other Information: Such as activity participation data, photographs, moving images, video, and audio recorded during the event. This also includes cookies, website or registration platform access data, and information related to the issuance of receipts or tax invoices.

• Sensitive Personal Data

(e) Sensitive Personal Data: Such as religious beliefs, food allergy information, and health data.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other sensitive data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guildlike.

Furthermore, if the Company receives religious data or special categories of personal data appearing in identity verification documents without your consent or redaction, and the Company has no legal basis for processing, you acknowledge and understand that the Company will protect your data through appropriate management methods, such as blacking out or crossing out the information, to comply with data protection principles.

The Company may receive third-party information provided by you, such as coordinators or contact persons. You are requested to inform such third parties of this Privacy Notice and to obtain their consent where required, unless otherwise permitted by law.

7. Disclosure of Personal Data

The Company may disclose your personal data to the following third parties, who process it according to the purposes specified in this Privacy Notice. You may also be subject to the privacy notices of these third parties; therefore, the Company recommends that you read their respective privacy notices to learn more about how they process your personal data.

Government Agencies: The Company may need to disclose and/or transfer your personal data to government agencies, law enforcement agencies, courts, officials, or other persons. This occurs when the Company has reasonable grounds to believe it is necessary to comply with laws or legal regulations, to protect the rights of the Company or others, to increase safety, or to investigate, prevent, and manage fraud issues.

Third Parties: The Company may hire other companies, agents, or contractors to provide services to the Company. The Company may disclose your personal data to these third-party service providers, including but not limited to:

Audit service providers.
Training and seminar service providers.
Data storage and cloud service providers.
Security system providers for property, buildings, and premises.
Software package providers.
Various consultants.
Affiliates, partners, and business alliances.
Organizers of training, seminars, and activities.
MCs, moderators, speakers, and persons relevant to the Company's training, seminars, and activities.

8. Retention Period of Personal Data

The Company will store your personal data for as long as necessary to achieve the purposes of collection, use, and/or disclosure, taking into account necessity, appropriateness, and compliance with legal criteria. This includes legal obligations, accounting standards, business standards, or any other relevant requirements.

Furthermore, the Company may find it necessary to retain your personal data for an additional period as required by law, such as for a period of 10 years in accordance with the legal statute of limitations, or for durations specified by tax laws, civil and commercial laws, or other related legislation.

In the event that you terminate your relationship with the Company, the Company may continue to store and process your personal data as necessary to comply with the law, for the exercise of legal claims, for the prevention and resolution of disputes, or for the Company's legitimate interests.

Once the data retention period has passed, or when such data is no longer necessary for the processing purposes mentioned above, the Company will proceed to delete, destroy, or anonymize the personal data so that the individual can no longer be identified, either directly or indirectly (e.g., through Anonymization), using appropriate measures and methods.

The Company will periodically review the retention periods for personal data and fulfill data subject rights requests as required by law. Please note that the deletion or destruction of data is subject to the conditions and limitations prescribed by law.

9. Cookies and How They Are Used

When you visit the Company’s website, the Company will automatically collect certain information from you through the use of cookies.

Cookies are specific data files stored on your computer when you visit a website. They store or track information about your website usage and are used to analyze trends, manage the website, track user movements, or remember user preferences. Some types of cookies are Necessary Cookies; without them, the website may not function properly. Other types of cookies allow the Company to improve your user experience, customize content to your needs, and make browsing more convenient by remembering usernames (in a secure manner) and language settings.

Generally, most web browsers allow you to set whether you accept cookies or not. If you choose not to be tracked by cookies or delete them, it may affect your use of the website, and certain functions or parts of the website may be limited.

Additionally, third parties may use cookies through the Company’s website to present advertisements relevant to your interests based on your browsing history. These third parties may collect your history or other information to understand how you access the website and which pages you visit after leaving the Company’s site. This automatically collected information may be linked to personal data you previously provided on the Company’s website. You may also be subject to the privacy or cookie policies of those third parties. Therefore, the Company recommends that you read the privacy or cookie policies of such third parties to further understand how they process your personal data.

10. Legal Duties of the Company

10.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
10.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
10.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
10.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
10.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
10.6 The Company shall implement measures regarding the notification and management of personal data breaches.
10.7 The Company shall enter into personal data processing agreements with Data Processors.
10.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

11. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

12. Rights of the Data Subject

12.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
12.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
12.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
12.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
12.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
12.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
12.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
12.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

13. Personal Data Security Measures

14. Penalties

15. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

16. Contact Information

Data Protection Officer (DPO)

Autocorp Holding Public Company Limited

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

17. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for the Use of Closed-Circuit Television (CCTV)

1. About This Privacy Notice

Autocorp Holding Public Company Limited is a holding company that operates through its subsidiaries in the automotive sales and service industry, as well as other related businesses. Its subsidiaries includes Honda Maliwan Company Limited (“Subsidiary”), an authorized Honda dealer and service center appointed by Honda Automobile (Thailand) Co., Ltd. (“Honda Automobile”); and Autoclic by ACG Company Limited (“Subsidiary”), which operates a fast-fit business providing spare parts sales ,repair and maintenance services for all automobile brands.

The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been established to inform you of the details regarding the collection, use, or disclosure of personal data through closed-circuit television (CCTV) systems within the Company's premises, as follows:

This Privacy Notice applies to natural persons entering the Company's premises, including visitors, personnel, employees, customers, and business partners of the Company. Collectively, these individuals are referred to as “Data Subjects” or “You”.

2. Personal Data Collected

The Company collects personal data directly from you through the Closed-Circuit Television (CCTV) systems, which includes the following related personal data:

(a) Still and moving images, and audio recordings, relating to a natural person.
(b) Still and moving images, and audio recordings, relating to the property and vehicles of a natural person.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For the safety of life and property: To prevent and suppress incidents of theft, intrusion, property damage, or physical altercations.	Legitimate Interest
3.2	To monitor employee work processes and vehicle condition during service: In the event of claims or damages.	Legitimate Interest
3.3	For fire protection and accident surveillance: Such as installing CCTV in flammable material storage areas or operational zones to monitor emergencies and ensure timely response.	Legitimate Interest
3.4	To use as evidence for legal claims or the protection of Company rights: To support complaint consideration, dispute resolution, or civil and criminal proceedings.	Legitimate Interest
3.5	To comply with orders or legal processes: From inquiry officials, courts, or government agencies with legal authority.	Legal Obligation

The Company will install Closed-Circuit Television (CCTV) at key points within its buildings and various areas but will not install them in certain locations, such as restrooms or other areas designated as rest areas with a high level of privacy for employees. Additionally, the Company will post warning signs in locations where CCTV is in use.

In cases where the Company is required to request personal data from you to enter into or perform a contract, or to comply with legal obligations , failure to provide such personal data result in the company being unable to proceed with your request.

4. Disclosure of Personal Data

Government Agencies: Such as the Royal Thai Police, the Department of Labour Protection and Welfare, Courts, inquiry officials, or other regulatory bodies with legal authority.

External Service Providers: Such as software and information technology system providers, security service providers, and various consultants, including legal advisors.

Other Third Parties: Such as affiliates within the business group, customers, parties involved in disputes, legal counsel of opposing parties, or individuals who have suffered damages from an incident.

5. Retention Period of Personal Data

The Company will retain your personal data for the duration necessary to achieve the relevant purposes specified in this Privacy Notice. However, the Company may find it necessary to continue storing the data thereafter if required or permitted by law. For example, personal data may be retained for a period not exceeding 10 years in accordance with the legal statute of limitations.

6. Legal Duties of the Company

6.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
6.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
6.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
6.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
6.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
6.6 The Company shall implement measures regarding the notification and management of personal data breaches.
6.7 The Company shall enter into personal data processing agreements with Data Processors.
6.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

7. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

8. Rights of the Data Subject

8.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
8.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
8.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
8.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
8.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
8.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
8.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
8.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

9. Personal Data Security Measures

10. Penalties

11. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

12. Contact Information

Data Protection Officer (DPO)

Autocorp Holding Public Company Limited

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

13. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Customers

1. About the Privacy Notice

Honda Maliwan Company Limited is an authorized dealer and service center for Honda vehicles, appointed by Honda Automobile (Thailand) Company Limited. The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been established to inform you of the details regarding the collection, use, or disclosure of personal data, as follows:

This Privacy Notice applies to natural persons involved in or associated with the Company’s products or services. including prospective, current, and former customers, as well as natural persons acting on behalf of legal entities, such as directors, consultants, executives, employees, agents, and coordinators. It also extends to service users, campaign participants, and persons with legal authority to act on behalf of customers, such as attorneys-in-fact or guardians. Collectively, these individuals are referred to as "Data Subject", "Customer", or "You".

2. Definitions

“Privacy Notice” means the Privacy Notice for Customers of Honda Maliwan Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For appointments and receiving services, such as repairs, periodic maintenance, insurance claims, and accessory installations.	Contract
3.2	To record maintenance history for quality warranty purposes.	Contract
3.3	To issue tax invoices or receipts in accordance with tax and accounting laws.	Legal Obligation
3.4	To maintain security within the Company's premises.	Legitimate Interest
3.5	To provide reminders for periodic maintenance or product recall campaigns	Legitimate Interest
3.6	For customer satisfaction surveys (CSI) or public relations, such as marketing, organizing activities, campaigns, and promotions.	Consent
3.7	To transfer information to the parent company (Honda Automobile (Thailand) Co., Ltd.) as a Joint Data Controller for: 3.7.1 Warranties or after-sales services. 3.7.2 Service standard control and quality management.	Contract (Sections 3.7.1) Legitimate Interest (Sections 3.7.2)

In cases where the Company is required to request personal data from you to enter into a contract or to comply with the legal obligations, failure to provide such personal data, result in the company being unable to proceed with your request.

4. Personal Data Collected

The Company collects personal data directly from you, such as when applying for services, entering into contracts, communicating, completing surveys, or using the Company's systems. Additionally, the Company collects data from other sources, including the Department of Provincial Administration, the Department of Business Development, commercial data sources, social media, and data service providers. The relevant personal data is as follows:

• General Personal Data

a) Basic Personal Data: Such as name-surname, identification card number or passport number, date of birth, signature, vehicle license plate number, chassis number, and engine number.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or other contact channels.
c) Financial Information: Such as tax identification number, bank account information, financial transaction or credit card data, service payment history, loan or financing transaction data, and insurance claim information.
d) Third-Party Information: Such as the name-surname of an attorney-in-fact, guarantor information (in case of financing), emergency contact information, and company or employer information (in case of issuing documents on behalf of a legal entity).
e) Service and Vehicle Technical Information: Such as maintenance history, spare part replacement details, mileage, warranty history, and recall campaign participation data.
f) Other Information: Such as closed-circuit television (CCTV) footage, Customer Satisfaction Index (CSI) survey data, and service usage behavior.

In cases where the Company receives a copy of your identification card for identity verification and/or any transactions with the Company, the information obtained may include religious data or other sensitive data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guideline.

5. Disclosure of Personal Data

The Company may disclose your personal data to the following entities:

Government Agencies: Such as the Revenue Department, the Office of the Consumer Protection Board (OCPB), the Department of Business Development (DBD), the Ministry of Commerce, the Legal Execution Department, the Anti-Money Laundering Office (AMLO), courts, or any other agency exercising legal authority.

External Service Providers: Such as software and information technology system providers, banks, insurance providers, credit or financing (finance) providers, suppliers involved in service operations, and various consultants, such as legal advisors.

Other Third Parties: Such as affiliates within the business group, etc.

6. Retention Period of Personal Data

The Company will retain your personal data for as long as necessary to achieve the relevant purposes specified in this Privacy Notice. Furthermore, the Company may be required to continue retaining the data thereafter if prescribed or permitted by law. For example, personal data may be stored for a period not exceeding 10 years in accordance with the legal statute of limitations.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Honda Maliwan Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Business Partners, Vendors and Suppliers

1. About This Privacy Notice

Honda Maliwan Company Limited is an authorized dealer and service center for Honda vehicles, appointed by Honda Automobile (Thailand) Company Limited. The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been prepared to inform you of the details regarding the collection, use, or disclosure of personal data as follows:

2. Definitions

“Privacy Notice” means the Privacy Notice for Business Partners, Vendors and Suppliers of Honda Maliwan Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For registration and qualification screening prior to entering into a contract: Such as registering new vendors, verifying qualifications or credibility, and checking signing authority, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.2	For procurement and contract performance: Such as issuing Purchase Orders (PO), drafting and signing contracts, delivery of products or services, service provision, and after-sales service, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.3	For payment, accounting, and taxation: Such as fund transfers or receiving payments, issuing withholding tax certificates, issuing tax invoices, and preparing statutory accounting records, etc.	Legal Obligation
3.4	For coordination and relationship management: Such as communication, notification of delivery information, task tracking, and vendor relationship management, etc.	Legitimate Interest
3.5	For handling complaints, disputes, and legal claims: Such as receiving and managing complaints, dispute resolution, and exercising rights through the court system, etc.	Legitimate Interest
3.6	For internal management and data analysis: Such as maintaining vendor databases, preparing service performance reports, and analyzing data to develop procurement systems and processes.	Legitimate Interest
3.7	For vendor evaluation: Such as assessing the quality of goods or services and considering contract renewals.	Legitimate Interest
3.8	For security and area access: Such as Closed-Circuit Television (CCTV) recording.	Legitimate Interest
3.9	For compliance with other relevant laws: Such as tax laws, anti-money laundering laws, and safety laws, etc.	Legal Obligation

In cases where the Company is required to collect your personal data to enter into a contract or to comply with legal obligations, failure to provide such personal datamay result in the company being unable to proceed with your request.

4. Personal Data Collected

4.1 Sources of Personal Data

(1) Direct Collection from You: The Company may collect personal data directly from you during various processes related to entering into or performing business contracts, such as requests for quotations, negotiations, contract preparation, vendor registration, communications, service usage, participation in meetings or business activities, and the use of the Company’s website or information technology systems.
(2) Collection from Other Sources: The Company may collect your personal data from other publicly available sources or third parties with the legal right to disclose such information, as permitted by law. This includes government agencies (such as the Department of Provincial Administration and the Department of Business Development), commercial data sources, social media, business information providers, relevant associations or federations, or from your employer.

4.2 Types of Personal Data Collected

• General Personal Data:

a) Basic Personal Data: Such as name-surname, title, signature, identification card number, passport number, driver's license number, job position, company affiliation, or any other information that can identify an individual.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or any other contact channels.
c) Work or Business Relationship Information: Such as work history, qualifications, professional certificates, contract details, or documents supporting vendor selection considerations.
d) Financial Information: Such as bank account details, payment information, and related financial transaction data.
e) Third-Party Information: Such as names and contact information of coordinators, representatives, authorized persons, or individuals involved in the transactions.
f) Other Information: Such as cookies, website or system usage behavior data, device information, and business activity participation data.

In cases where the Company receives a copy of your identification card for the purpose of identity verification and/or performing any transactions, the received data may contain religious information or other sensitive Data. The Company does not have a policy to collect or retain such sensitive data, except where your consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guidelines.

5. Disclosure of Personal Data

Purpose of Official Disclosure: Such disclosure will be conducted only as necessary to comply with the law, court orders, orders from government agencies, or for the conduct of legal proceedings.

6. Retention Period of Personal Data

(1) Compliance with relevant laws and regulations.
(2) The exercise of legal claims, proof of rights, or defense against legal claims.
(3) Dispute prevention and resolution.
(4) Internal audits, risk management, and good corporate governance.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Honda Maliwan Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Employees

1. About This Privacy Notice

2. Definitions

“Privacy Notice” means the Privacy Notice for Employees of Honda Maliwan Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	Personnel Recruitment and Selection: 3.1.1 Application and qualification review 3.1.2 Job interviews 3.1.3 Contacting applicants 3.1.4 Criminal record checks 3.1.5 Pre-employment health checks	Contract (Sections 3.1.1 – 3.1.3) Explicit Consent (Sections 3.1.4 – 3.1.5 *unless specifically required by law
3.2	Employment Contract Administration: 3.2.1 Payment of salary, wages, and bonuses 3.2.2 Attendance recording using biometric data (e.g., fingerprint or facial recognition) 3.2.3 Withholding tax and social security contributions per Revenue and Social Security laws 3.2.4 Employee benefits (e.g., group insurance or provident fund)	Contract (Sections 3.2.1) Consent (Sections 3.2.2) Legal Obligation (Sections 3.2.3) Contract (Sections 3.2.4)
3.3	Development and Evaluation: 3.3.1 Performance evaluation (KPIs) 3.3.2 Promotion or salary adjustment considerations 3.3.3 Training and skill development: (1) Organizational efficiency development for general personnel management (2) Submission of data to the Department of Skill Development or legal reporting	Legitimate Interest (Sections 3.3.1 – 3.3.3 (1)) Legal Obligation (Sections 3.3.3 (2))
3.4	Internal Security: Such as CCTV installation and building access control	Legitimate Interest
3.5	Special Activities and Communication: 3.5.1 Publishing employee photos on Company social media 3.5.2 Emergency contact (Third parties)	Consent (Sections 3.5.1) Legitimate Interest (Sections 3.5.2)
3.6	Disciplinary Management and Disputes: Such as disciplinary investigations, legal proceedings, and recording warnings	Legitimate Interest
3.7	IT and System Administration: Such as company email usage, system access logs, and monitoring company equipment usage	Legitimate Interest

4. Personal Data Collected

• General Personal Data

a) Basic Personal Data: Such as name-surname, gender, photograph, date of birth, age, nationality, signature, marital status, military status, educational background, identification card number, house registration data, driver's license data, and employee ID number.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or other contact channels.
c) Financial Information: Such as bank account details, salary payment information, and benefits data.
d) Third-Party Information: Such as name-surname and telephone numbers of reference persons, emergency contacts, and family members.
e) Other Information: Such as educational and work history, job interview results, performance evaluations (KPI), training records, leave records, attendance logs, IT system usage data or access logs, CCTV footage, and disciplinary records or warning letters.

• Sensitive Personal Data

f) Sensitive Personal Data: Such as criminal records, health data, disability information, biometric data, and religious beliefs.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other sensitive Data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data accordance with applicable laws and guideline.

5. Disclosure of Personal Data

The Company may disclose the personal data of employees as necessary under the relevant legal bases and for the purposes specified in this Privacy Notice to the following persons or entities:

6. Retention Period of Personal Data

Upon the termination of such relationship, the Company may continue to retain your personal data for a necessary period, taking into account the following factors:

Legal Statutes of Limitations: Considering the relevant time limits for legal actions.
Legal Obligations: Fulfilling the Company's duties as required by law.
Exercise or Defense of Legal Claims: For the purpose of establishing, exercising, or defending against legal claims.
Dispute Prevention and Resolution: Handling and settling potential conflicts.
Audits and Regulatory Compliance: Internal auditing and adhering to the regulations of governing authorities.
Lawful Purposes: Any other objectives that are lawful and consistent with the legal bases under the Personal Data Protection Act B.E. 2562.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Honda Maliwan Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Training, Seminars and Other Activities

1. About This Privacy Notice

Honda Maliwan Company Limited is an authorized dealer and service center for Honda vehicles, appointed by Honda Automobile (Thailand) Company Limited. The Company recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Therefore, this Privacy Notice has been established to inform you of the details regarding the collection, use, disclosure, and/or processing of personal data, as well as your legal rights as a data subjects, as follows:

2. Definitions

“Privacy Notice” means the Privacy Notice for Training, Seminars and Other Activities of Honda Maliwan Company Limited.

"Process" or "Processing" means any operation performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure, or destruction.

"Personal Data Protection Law" means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate legislation.

"Other Definitions" means that for any terms not specifically defined in this Privacy Notice, the definitions shall be in accordance with the Personal Data Protection Act B.E. 2562 (2019).

3. Scope of Application

This Privacy Notice applies to the following persons:

3.1 Natural Persons: Such as interested persons, potential participants, former participants, or current participants in the Company's training, seminars, and various activities. This includes participation in meetings, talks, training sessions, seminars, live broadcasts, interviews, or participation in questionnaires, surveys, or other forms.
3.2 Natural Persons related to Corporate Customers: Such as employees, personnel, officers, representatives, shareholders, authorized persons, directors, coordinators, reference persons, emergency contacts, or other natural persons associated with the Company's corporate customers who will participate, have participated, or are participating in training, seminars, live broadcasts, interviews, questionnaires, surveys, or other activities organized by the Company.

The persons mentioned in sections 3.1 – 3.2 above shall collectively be referred to as “You” or the “Data Subject”.

4. Sources of Personal Data

The Company collects and gathers your personal data through the following processes:

4.1 Information provided directly to the Company: Such as applying for services or registering for a user account in both online and offline formats, application supporting documents, personal data change requests, or other service requests to the Company.
4.2 Information collected automatically by the Company: When you access services through the Company's systems or visit the website via electronic devices such as mobile phones or computers. The Company may automatically collect personal data through technologies such as cookies or other similar technologies.
4.3 Information from activities participated with the Company: The Company may receive your personal data from your participation in various activities, such as marketing activities, contests, lucky draws, competitions, or events organized by the Company or on behalf of the Company, including activities co-organized with partners or business alliances.

5. Purposes for Processing Personal Data

The Company processes your personal data for the following purposes under the corresponding legal bases:

No.	Purpose	Legal Basis
5.1	To carry out communication, registration, and/or identity verification for participating in the Company's training, seminars, and various activities, categorized as follows: 5.1.1 Participation involving costs or specific entry conditions. 5.1.2 Participation in activities open to the general public.	Contract (Section 5.1.1) Legitimate Interest (Section 5.1.2)
5.2	To provide your information to moderators, MCs, speakers, and relevant parties for the operation of the Company's training, seminars, and activities.	Contract
5.3	5.3.1 To contact, communicate, coordinate, provide services, and update your personal data as a service user of the Company. 5.3.2 To provide news, public relations, and present information about the Company's interesting services for future occasions. 5.3.3 To conduct marketing activities for sending future promotional news or commercial promotions.	Contract (Section 5.3.1) Legitimate Interest (Section 5.3.2) Consent (Section 5.3.3)
5.4	To process data, conduct satisfaction surveys, and improve future event organization.	Legitimate Interest
5.5	To provide assistance and resolve technical issues, such as notifying you of problem resolutions, and surveying your opinions and satisfaction regarding services, training, seminars, or Company activities.	Legitimate Interest
5.6	To record still images, audio, or video of the training, seminars, and activities organized by the Company, categorized as follows: 5.6.1 Photography/Video: Recording the event atmosphere, public relations news, and internal event reporting. 5.6.2 Photography for Advertising: Interviewing for testimonials and using images for media such as signs or brochures.	Legitimate Interest (Section 5.6.1) Consent (Section 5.6.2)
5.7	To operate seminars and various activities in both general and electronic formats, and/or to issue training certificates to you.	Contract
5.8	To prevent or suppress danger to your life, body, or health, or that of others.	Vital Interest
5.9	To comply with Personal Data Protection laws, such as responding to data subject rights requests, including compliance with other relevant laws.	Legal Obligation
5.10	To arrange catering (food allergies/religious requirements) and provide facilities (for persons with disabilities).	Consent

6. Personal Data Collected

• General Personal Data

a) Basic Personal Data: Such as name-surname, signature, or any other information that can identify the data subject. The Company will collect only the data necessary for the purposes of organizing the activities.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, and Line ID.
c) Third-Party Information: Such as coordinator or contact person details.
d) Other Information: Such as activity participation data, photographs, moving images, video, and audio recorded during the event. This also includes cookies, website or registration platform access data, and information related to the issuance of receipts or tax invoices.

• Sensitive Personal Data

e) Sensitive Personal Data: Such as religious beliefs, food allergy information, and health data.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other sensitive data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guildlike.

7. Disclosure of Personal Data

Audit service providers.
Training and seminar service providers.
Data storage and cloud service providers.
Security system providers for property, buildings, and premises.
Software package providers.
Various consultants.
Affiliates, partners, and business alliances.
Organizers of training, seminars, and activities.
MCs, moderators, speakers, and persons relevant to the Company's training, seminars, and activities.

8. Retention Period of Personal Data

9. Cookies and How They Are Used

When you visit the Company’s website, the Company will automatically collect certain information from you through the use of cookies.

10. Legal Duties of the Company

10.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
10.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
10.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
10.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
10.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
10.6 The Company shall implement measures regarding the notification and management of personal data breaches.
10.7 The Company shall enter into personal data processing agreements with Data Processors.
10.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

11. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

12. Rights of the Data Subject

12.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
12.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
12.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
12.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
12.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
12.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
12.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
12.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

13. Personal Data Security Measures

14. Penalties

15. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

16. Contact Information

Data Protection Officer (DPO)

Honda Maliwan Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

17. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for the Use of Closed-Circuit Television (CCTV)

1. About This Privacy Notice

2. Personal Data Collected

The Company collects personal data directly from you through the Closed-Circuit Television (CCTV) systems, which includes the following related personal data:

a) Still and moving images, and audio recordings, relating to a natural person.
b) Still and moving images, and audio recordings, relating to the property and vehicles of a natural person.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For the safety of life and property: To prevent and suppress incidents of theft, intrusion, property damage, or physical altercations.	Legitimate Interest
3.2	To monitor employee work processes and vehicle condition during service: In the event of claims or damages.	Legitimate Interest
3.3	For fire protection and accident surveillance: Such as installing CCTV in flammable material storage areas or operational zones to monitor emergencies and ensure timely response.	Legitimate Interest
3.4	To use as evidence for legal claims or the protection of Company rights: To support complaint consideration, dispute resolution, or civil and criminal proceedings.	Legitimate Interest
3.5	To comply with orders or legal processes: From inquiry officials, courts, or government agencies with legal authority.	Legal Obligation

In cases where the Company is required to request personal data from you to enter into or perform a contract, or to comply with legal obligations, failure to provide such personal data result in the company being unable to proceed with your request.

4. Disclosure of Personal Data

Government Agencies: Such as the Royal Thai Police, the Department of Labour Protection and Welfare, Courts, inquiry officials, or other regulatory bodies with legal authority.

External Service Providers: Such as software and information technology system providers, security service providers, and various consultants, including legal advisors.

5. Retention Period of Personal Data

6. Legal Duties of the Company

6.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
6.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
6.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
6.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
6.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
6.6 The Company shall implement measures regarding the notification and management of personal data breaches.
6.7 The Company shall enter into personal data processing agreements with Data Processors.
6.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

7. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

8. Rights of the Data Subject

8.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
8.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
8.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
8.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
8.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
8.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
8.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
8.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

9. Personal Data Security Measures

10. Penalties

11. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

12. Contact Information

Data Protection Officer (DPO)

Honda Maliwan Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

13. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Customers

1. About the Privacy Notice

Autoclik by ACG Company Limited a provider of automotive spare parts and express repair and maintenance services (FAST FIT) for all vehicle makes, recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been established to inform you of the details regarding the collection, use, or disclosure of personal data, as follows:

2. Definitions

“Privacy Notice” means the Privacy Notice for Customers of Autoclik by ACG Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For appointments and receiving services, such as repairs, periodic maintenance, insurance claims, and accessory installations.	Contract
3.2	To record maintenance history for quality warranty purposes.	Contract
3.3	To issue tax invoices or receipts in accordance with tax and accounting laws.	Legal Obligation
3.4	To maintain security within the Company's premises.	Legitimate Interest
3.5	To provide reminders for periodic maintenance or product recall campaigns	Legitimate Interest
3.6	For customer satisfaction surveys (CSI) or public relations, such as marketing, organizing activities, campaigns, and promotions.	Consent
3.7	To transfer information to the parent company (Honda Automobile (Thailand) Co., Ltd.) as a Joint Data Controller for: 3.7.1 Warranties or after-sales services. 3.7.2 Service standard control and quality management.	Contract (Sections 3.7.1) Legitimate Interest (Sections 3.7.2)

4. Personal Data Collected

• General Personal Data

a) Basic Personal Data: Such as name-surname, identification card number or passport number, date of birth, signature, vehicle license plate number, chassis number, and engine number.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or other contact channels.
c) Financial Information: Such as tax identification number, bank account information, financial transaction or credit card data, service payment history, loan or financing transaction data, and insurance claim information.
d) Third-Party Information: Such as the name-surname of an attorney-in-fact, guarantor information (in case of financing), emergency contact information, and company or employer information (in case of issuing documents on behalf of a legal entity).
e) Service and Vehicle Technical Information: Such as maintenance history, spare part replacement details, mileage, warranty history, and recall campaign participation data.
f) Other Information: Such as closed-circuit television (CCTV) footage, Customer Satisfaction Index (CSI) survey data, and service usage behavior.

The Company may receive third-party information provided by you, such as coordinators or contact persons. You are requested toinform such third parties of this Privacy Notice and to obtain their consent where required, unless otherwise permitted by law.

5. Disclosure of Personal Data

The Company may disclose your personal data to the following entities:

Other Third Parties: Such as affiliates within the business group, etc.

6. Retention Period of Personal Data

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autoclik by ACG Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Business Partners, Vendors and Suppliers

1. About This Privacy Notice

Autoclik by ACG Company Limited a provider of automotive spare parts and express repair and maintenance services (FAST FIT) for all vehicle makes, recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Accordingly, this Privacy Notice has been prepared to inform you of the details regarding the collection, use, or disclosure of personal data as follows:

2. Definitions

“Privacy Notice” means the Privacy Notice for Business Partners, Vendors and Suppliers of Autoclik by ACG Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For registration and qualification screening prior to entering into a contract: Such as registering new vendors, verifying qualifications or credibility, and checking signing authority, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.2	For procurement and contract performance: Such as issuing Purchase Orders (PO), drafting and signing contracts, delivery of products or services, service provision, and after-sales service, etc.	Contract (for natural persons) Legitimate Interest (for representatives of legal entities)
3.3	For payment, accounting, and taxation: Such as fund transfers or receiving payments, issuing withholding tax certificates, issuing tax invoices, and preparing statutory accounting records, etc.	Legal Obligation
3.4	For coordination and relationship management: Such as communication, notification of delivery information, task tracking, and vendor relationship management, etc.	Legitimate Interest
3.5	For handling complaints, disputes, and legal claims: Such as receiving and managing complaints, dispute resolution, and exercising rights through the court system, etc.	Legitimate Interest
3.6	For internal management and data analysis: Such as maintaining vendor databases, preparing service performance reports, and analyzing data to develop procurement systems and processes.	Legitimate Interest
3.7	For vendor evaluation: Such as assessing the quality of goods or services and considering contract renewals.	Legitimate Interest
3.8	For security and area access: Such as Closed-Circuit Television (CCTV) recording.	Legitimate Interest
3.9	For compliance with other relevant laws: Such as tax laws, anti-money laundering laws, and safety laws, etc.	Legal Obligation

In cases where the Company is required to collect your personal data to enter into a contract or to comply with legal obligations, failure to provide such personal datamay result in the company being unable to proceed with your request.

4. Personal Data Collected

4.1 Sources of Personal Data

4.2 Types of Personal Data Collected

• General Personal Data:

a) Basic Personal Data: Such as name-surname, title, signature, identification card number, passport number, driver's license number, job position, company affiliation, or any other information that can identify an individual.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or any other contact channels.
c) Work or Business Relationship Information: Such as work history, qualifications, professional certificates, contract details, or documents supporting vendor selection considerations.
d) Financial Information: Such as bank account details, payment information, and related financial transaction data.
e) Third-Party Information: Such as names and contact information of coordinators, representatives, authorized persons, or individuals involved in the transactions.
f) Other Information: Such as cookies, website or system usage behavior data, device information, and business activity participation data.

In cases where the Company receives a copy of your identification card for the purpose of identity verification and/or performing any transactions, the received data may contain religious information or other sensitive Data. The Company does not have a policy to collect or retain such sensitive data, except where your consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guidelines.

5. Disclosure of Personal Data

Purpose of Official Disclosure: Such disclosure will be conducted only as necessary to comply with the law, court orders, orders from government agencies, or for the conduct of legal proceedings.

6. Retention Period of Personal Data

(1) Compliance with relevant laws and regulations.
(2) The exercise of legal claims, proof of rights, or defense against legal claims.
(3) Dispute prevention and resolution.
(4) Internal audits, risk management, and good corporate governance.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autoclik by ACG Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Employees

1. About This Privacy Notice

2. Definitions

“Privacy Notice” means the Privacy Notice for Employees of Autoclik by ACG Company Limited.

“Data Subject” means a natural person who is the owner of the personal data.

“Data Controller” means a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.

“Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate laws.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	Personnel Recruitment and Selection: 3.1.1 Application and qualification review 3.1.2 Job interviews 3.1.3 Contacting applicants 3.1.4 Criminal record checks 3.1.5 Pre-employment health checks	Contract (Sections 3.1.1 – 3.1.3) Explicit Consent (Sections 3.1.4 – 3.1.5 *unless specifically required by law
3.2	Employment Contract Administration: 3.2.1 Payment of salary, wages, and bonuses 3.2.2 Attendance recording using biometric data (e.g., fingerprint or facial recognition) 3.2.3 Withholding tax and social security contributions per Revenue and Social Security laws 3.2.4 Employee benefits (e.g., group insurance or provident fund)	Contract (Sections 3.2.1) Consent (Sections 3.2.2) Legal Obligation (Sections 3.2.3) Contract (Sections 3.2.4)
3.3	Development and Evaluation: 3.3.1 Performance evaluation (KPIs) 3.3.2 Promotion or salary adjustment considerations 3.3.3 Training and skill development: (1) Organizational efficiency development for general personnel management (2) Submission of data to the Department of Skill Development or legal reporting	Legitimate Interest (Sections 3.3.1 – 3.3.3 (1)) Legal Obligation (Sections 3.3.3 (2))
3.4	Internal Security: Such as CCTV installation and building access control	Legitimate Interest
3.5	Special Activities and Communication: 3.5.1 Publishing employee photos on Company social media 3.5.2 Emergency contact (Third parties)	Consent (Sections 3.5.1) Legitimate Interest (Sections 3.5.2)
3.6	Disciplinary Management and Disputes: Such as disciplinary investigations, legal proceedings, and recording warnings	Legitimate Interest
3.7	IT and System Administration: Such as company email usage, system access logs, and monitoring company equipment usage	Legitimate Interest

4. Personal Data Collected

• General Personal Data

a) Basic Personal Data: Such as name-surname, gender, photograph, date of birth, age, nationality, signature, marital status, military status, educational background, identification card number, house registration data, driver's license data, and employee ID number.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, Line ID, or other contact channels.
c) Financial Information: Such as bank account details, salary payment information, and benefits data.
d) Third-Party Information: Such as name-surname and telephone numbers of reference persons, emergency contacts, and family members.
e) Other Information: Such as educational and work history, job interview results, performance evaluations (KPI), training records, leave records, attendance logs, IT system usage data or access logs, CCTV footage, and disciplinary records or warning letters.

• Sensitive Personal Data

f) Sensitive Personal Data: Such as criminal records, health data, disability information, biometric data, and religious beliefs.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other sensitive Data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data accordance with applicable laws and guideline.

5. Disclosure of Personal Data

The Company may disclose the personal data of employees as necessary under the relevant legal bases and for the purposes specified in this Privacy Notice to the following persons or entities:

6. Retention Period of Personal Data

Upon the termination of such relationship, the Company may continue to retain your personal data for a necessary period, taking into account the following factors:

Legal Statutes of Limitations: Considering the relevant time limits for legal actions.
Legal Obligations: Fulfilling the Company's duties as required by law.
Exercise or Defense of Legal Claims: For the purpose of establishing, exercising, or defending against legal claims.
Dispute Prevention and Resolution: Handling and settling potential conflicts.
Audits and Regulatory Compliance: Internal auditing and adhering to the regulations of governing authorities.
Lawful Purposes: Any other objectives that are lawful and consistent with the legal bases under the Personal Data Protection Act B.E. 2562.

7. Legal Duties of the Company

7.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
7.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
7.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
7.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
7.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
7.6 The Company shall implement measures regarding the notification and management of personal data breaches.
7.7 The Company shall enter into personal data processing agreements with Data Processors.
7.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

8. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

9. Rights of the Data Subject

9.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
9.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
9.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
9.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
9.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
9.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
9.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
9.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

10. Personal Data Security Measures

11. Penalties

12. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

13. Contact Information

Data Protection Officer (DPO)

Autoclik by ACG Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

14. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for Training, Seminars and Other Activities

1. About This Privacy Notice

Autoclik by ACG Company Limited a provider of automotive spare parts and express repair and maintenance services (FAST FIT) for all vehicle makes, recognizes and prioritizes the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). Therefore, this Privacy Notice has been established to inform you of the details regarding the collection, use, disclosure, and/or processing of personal data, as well as your legal rights as a data subjects, as follows:

2. Definitions

“Privacy Notice” means the Privacy Notice for Training, Seminars and Other Activities of Autoclik by ACG Company Limited.

"Personal Data Protection Law" means the Personal Data Protection Act B.E. 2562 (2019) and all relevant subordinate legislation.

"Other Definitions" means that for any terms not specifically defined in this Privacy Notice, the definitions shall be in accordance with the Personal Data Protection Act B.E. 2562 (2019).

3. Scope of Application

This Privacy Notice applies to the following persons:

3.1 Natural Persons: Such as interested persons, potential participants, former participants, or current participants in the Company's training, seminars, and various activities. This includes participation in meetings, talks, training sessions, seminars, live broadcasts, interviews, or participation in questionnaires, surveys, or other forms.
3.2 Natural Persons related to Corporate Customers: Such as employees, personnel, officers, representatives, shareholders, authorized persons, directors, coordinators, reference persons, emergency contacts, or other natural persons associated with the Company's corporate customers who will participate, have participated, or are participating in training, seminars, live broadcasts, interviews, questionnaires, surveys, or other activities organized by the Company.

The persons mentioned in sections 3.1 – 3.2 above shall collectively be referred to as “You” or the “Data Subject”.

4. Sources of Personal Data

The Company collects and gathers your personal data through the following processes:

4.1 Information provided directly to the Company: Such as applying for services or registering for a user account in both online and offline formats, application supporting documents, personal data change requests, or other service requests to the Company.
4.2 Information collected automatically by the Company: When you access services through the Company's systems or visit the website via electronic devices such as mobile phones or computers. The Company may automatically collect personal data through technologies such as cookies or other similar technologies.
4.3 Information from activities participated with the Company: The Company may receive your personal data from your participation in various activities, such as marketing activities, contests, lucky draws, competitions, or events organized by the Company or on behalf of the Company, including activities co-organized with partners or business alliances.

5. Purposes for Processing Personal Data

The Company processes your personal data for the following purposes under the corresponding legal bases:

No.	Purpose	Legal Basis
5.1	To carry out communication, registration, and/or identity verification for participating in the Company's training, seminars, and various activities, categorized as follows: 5.1.1 Participation involving costs or specific entry conditions. 5.1.2 Participation in activities open to the general public.	Contract (Section 5.1.1) Legitimate Interest (Section 5.1.2)
5.2	To provide your information to moderators, MCs, speakers, and relevant parties for the operation of the Company's training, seminars, and activities.	Contract
5.3	5.3.1 To contact, communicate, coordinate, provide services, and update your personal data as a service user of the Company. 5.3.2 To provide news, public relations, and present information about the Company's interesting services for future occasions. 5.3.3 To conduct marketing activities for sending future promotional news or commercial promotions.	Contract (Section 5.3.1) Legitimate Interest (Section 5.3.2) Consent (Section 5.3.3)
5.4	To process data, conduct satisfaction surveys, and improve future event organization.	Legitimate Interest
5.5	To provide assistance and resolve technical issues, such as notifying you of problem resolutions, and surveying your opinions and satisfaction regarding services, training, seminars, or Company activities.	Legitimate Interest
5.6	To record still images, audio, or video of the training, seminars, and activities organized by the Company, categorized as follows: 5.6.1 Photography/Video: Recording the event atmosphere, public relations news, and internal event reporting. 5.6.2 Photography for Advertising: Interviewing for testimonials and using images for media such as signs or brochures.	Legitimate Interest (Section 5.6.1) Consent (Section 5.6.2)
5.7	To operate seminars and various activities in both general and electronic formats, and/or to issue training certificates to you.	Contract
5.8	To prevent or suppress danger to your life, body, or health, or that of others.	Vital Interest
5.9	To comply with Personal Data Protection laws, such as responding to data subject rights requests, including compliance with other relevant laws.	Legal Obligation
5.10	To arrange catering (food allergies/religious requirements) and provide facilities (for persons with disabilities).	Consent

6. Personal Data Collected

• General Personal Data

a) Basic Personal Data: Such as name-surname, signature, or any other information that can identify the data subject. The Company will collect only the data necessary for the purposes of organizing the activities.
b) Contact Information: Such as current contactable address, registered house address, email, telephone number, and Line ID.
c) Third-Party Information: Such as coordinator or contact person details.
d) Other Information: Such as activity participation data, photographs, moving images, video, and audio recorded during the event. This also includes cookies, website or registration platform access data, and information related to the issuance of receipts or tax invoices.

• Sensitive Personal Data

e) Sensitive Personal Data: Such as religious beliefs, food allergy information, and health data.

In cases where the Company receives a copy of your identification card for identity verification or transaction purposes, the information obtained may include religious data or other sensitive data. The Company does not have a policy to collect or retain such sensitive data unless your explicit consent has been obtained. The Company will implement appropriate measures to manage such data in accordance with applicable laws and guildlike.

7. Disclosure of Personal Data

Audit service providers.
Training and seminar service providers.
Data storage and cloud service providers.
Security system providers for property, buildings, and premises.
Software package providers.
Various consultants.
Affiliates, partners, and business alliances.
Organizers of training, seminars, and activities.
MCs, moderators, speakers, and persons relevant to the Company's training, seminars, and activities.

8. Retention Period of Personal Data

9. Cookies and How They Are Used

When you visit the Company’s website, the Company will automatically collect certain information from you through the use of cookies.

10. Legal Duties of the Company

10.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
10.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
10.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
10.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
10.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
10.6 The Company shall implement measures regarding the notification and management of personal data breaches.
10.7 The Company shall enter into personal data processing agreements with Data Processors.
10.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

11. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

12. Rights of the Data Subject

12.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
12.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
12.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
12.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
12.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
12.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
12.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
12.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

13. Personal Data Security Measures

14. Penalties

15. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

16. Contact Information

Data Protection Officer (DPO)

Autoclik by ACG Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

17. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

Privacy Notice for the Use of Closed-Circuit Television (CCTV)

1. About This Privacy Notice

2. Personal Data Collected

The Company collects personal data directly from you through the Closed-Circuit Television (CCTV) systems, which includes the following related personal data:

a) Still and moving images, and audio recordings, relating to a natural person.
b) Still and moving images, and audio recordings, relating to the property and vehicles of a natural person.

3. Purposes for Collection, Use, or Disclosure of Personal Data

The Company processes your personal data for the following purposes and under the following legal bases:

No.	Purpose	Legal Basis
3.1	For the safety of life and property: To prevent and suppress incidents of theft, intrusion, property damage, or physical altercations.	Legitimate Interest
3.2	To monitor employee work processes and vehicle condition during service: In the event of claims or damages.	Legitimate Interest
3.3	For fire protection and accident surveillance: Such as installing CCTV in flammable material storage areas or operational zones to monitor emergencies and ensure timely response.	Legitimate Interest
3.4	To use as evidence for legal claims or the protection of Company rights: To support complaint consideration, dispute resolution, or civil and criminal proceedings.	Legitimate Interest
3.5	To comply with orders or legal processes: From inquiry officials, courts, or government agencies with legal authority.	Legal Obligation

In cases where the Company is required to request personal data from you to enter into or perform a contract, or to comply with legal obligations, failure to provide such personal data result in the company being unable to proceed with your request.

4. Disclosure of Personal Data

Government Agencies: Such as the Royal Thai Police, the Department of Labour Protection and Welfare, Courts, inquiry officials, or other regulatory bodies with legal authority.

External Service Providers: Such as software and information technology system providers, security service providers, and various consultants, including legal advisors.

5. Retention Period of Personal Data

6. Legal Duties of the Company

6.1 The Company shall notify the Data Subject of the Privacy Notice prior to or at the time of personal data collection.
6.2 The Company shall process personal data according to the notified purposes and supported by a lawful legal basis.
6.3 The Company shall provide appropriate security measures to prevent personal data breaches in accordance with the standards prescribed by Personal Data Protection Law.
6.4 The Company shall implement measures to prevent unauthorized or unlawful use or disclosure of personal data by others.
6.5 The Company shall establish an inspection system to delete or destroy personal data once the retention period has expired, or if the data is irrelevant or exceeds the necessity of its processing purpose.
6.6 The Company shall implement measures regarding the notification and management of personal data breaches.
6.7 The Company shall enter into personal data processing agreements with Data Processors.
6.8 The Company shall perform other duties as prescribed by Personal Data Protection Law.

7. Roles and Responsibilities

Employees are responsible for acting in accordance with the policies, work processes, and Personal Data Protection Law.

8. Rights of the Data Subject

8.1 Right of Access: You have the right to access your personal data and request that the Company provide a copy of such data. This includes the right to request disclosure of how the Company acquired personal data in its possession.
8.2 Right to Rectification: Data subjects may notify the Company to correct, update, or complete their personal data to ensure it is accurate, current, and not misleading.
8.3 Right to Erasure: You have the right to request the deletion or destruction of your personal data, or to make it non-identifiable. However, this right must not conflict with the law or affect the Company's fulfillment of its legal duties. If the Company is legally required to retain the data or needs it to establish legal claims, it may be unable to comply with the deletion request.
8.4 Right to Data Portability: You have the right to receive your personal data in a format that is readable or usable by automated tools or devices. You also have the right to request that the Company send or transfer this data directly to another Data Controller when technically feasible.
8.5 Right to Object: You have the right to object to the collection, use, or disclosure of your personal data when processing is based on legitimate interests, public interest tasks, direct marketing purposes, or for scientific, historical, or statistical research.
8.6 Right to Restrict Processing: You have the right to request a temporary suspension of the use of your personal data. This applies while the Company is investigating a rectification or objection request, or in cases where the Company no longer needs the data and must delete it, but you request restriction instead.
8.7 Right to Withdraw Consent: You have the right to withdraw your consent at any time while your personal data is with the Company. Withdrawing consent may affect work considerations, benefits, or the receipt of useful information. You should inquire about the potential impacts before withdrawing consent.
8.8 Right to Lodge a Complaint: You have the right to lodge a complaint with the expert committee under the Personal Data Protection Law if you believe the collection, use, or disclosure of your data violates or fails to comply with the law.

9. Personal Data Security Measures

10. Penalties

11. Changes to the Privacy Notice

If this notice is changed, the Company will notify you through appropriate channels.

12. Contact Information

Data Protection Officer (DPO)

Autoclik by ACG Company Limited.

Address: 1111 Moo 1, Maliwan Road, Ban Thum, Mueang Khon Kaen, Khon Kaen

Email: pdpa@ach.co.th | Tel: 043-306333 Ext. 5

13. Governing Law

This Privacy Notice is governed by and construed in accordance with the laws of Thailand, and the Thai courts shall have exclusive jurisdiction over any disputes arising under this notice.

นโยบายการใช้คุกกี้ (Cookies Policy)

บริษัท ออโตคอร์ป โฮลดิ้ง จำกัด (มหาชน) และบริษัทย่อย รวมเรียก “บริษัท” มีการใช้คุกกี้หรือเทคโนโลยีอื่นใดที่มีลักษณะใกล้เคียงกัน (“คุกกี้”) เพื่อจัดเก็บข้อมูลการเข้าเยี่ยมชมเว็บไซต์จากผู้เข้าเยี่ยมชมทุกราย เพื่อใช้ประโยชน์สำหรับการพัฒนาประสิทธิภาพในการเข้าถึงบริการและการบริการของบริษัท โดยนโยบายคุกกี้นี้จะอธิบายถึงความหมาย การทำงาน วัตถุประสงค์ รวมถึงการลบและการปฏิเสธการเก็บคุกกี้ เพื่อความเป็นส่วนตัวของท่าน โดยการเข้าสู่เว็บไซต์นี้ถือว่าท่านได้อนุญาตให้เราใช้คุกกี้ตามนโยบายคุกกี้ที่มีรายละเอียดดังต่อไปนี้

คุกกี้คืออะไร

คุกกี้ คือ ไฟล์เล็ก ๆ เพื่อจัดเก็บข้อมูลการเข้าใช้งานเว็บไซต์ เช่น วันเวลา ลิงค์ที่คลิก หน้าที่เข้าชม เงื่อนไขการตั้งค่าต่าง ๆ โดยจะบันทึกลงไปในอุปกรณ์คอมพิวเตอร์ และ/หรือ เครื่องมือสื่อสารที่เข้าใช้งานของท่าน เช่น โน๊ตบุ๊ค แท็บเล็ต หรือ สมาร์ทโฟน ผ่านทางเว็บเบราว์เซอร์ในขณะที่ท่านเข้าสู่เว็บไซต์ โดยคุกกี้จะไม่ก่อให้เกิดอันตรายต่ออุปกรณ์คอมพิวเตอร์ และ/หรือ เครื่องมือสื่อสารของท่าน ในกรณีดังต่อไปนี้ ข้อมูลส่วนบุคคลของท่านอาจถูกจัดเก็บเพื่อใช้เพิ่มประสบการณ์การใช้งานบริการทางออนไลน์ โดยจะจำเอกลักษณ์ของภาษาและปรับแต่งข้อมูลการใช้งานตามความต้องการของท่าน เป็นการยืนยันคุณลักษณะเฉพาะตัว ข้อมูลความปลอดภัยของท่าน รวมถึงบริการที่ท่านสนใจ นอกจากนี้คุกกี้ยังถูกใช้เพื่อวัดปริมาณการเข้าใช้งานบริการทางออนไลน์ การปรับเปลี่ยนเนื้อหาตามการใช้งานของท่านโดยพิจารณาจากพฤติกรรมการเข้าใช้งานครั้งก่อน ๆ และ ณ ปัจจุบัน และอาจมีวัตถุประสงค์เพื่อการโฆษณาประชาสัมพันธ์

ทั้งนี้ท่านสามารถค้นหาข้อมูลเพิ่มเติมเกี่ยวกับคุกกี้ได้ที่ www.allaboutcookies.org

การใช้คุ้กกี้ของบริษัท

เพื่อศึกษาพฤติกรรมการใช้งานเว็บไซต์ของผู้ใช้งาน และนำไปพัฒนาให้สามารถใช้งานได้ง่าย รวดเร็ว และมีประสิทธิภาพยิ่งขึ้น
เพื่อให้สมาชิกหรือผู้ใช้งานที่ลงทะเบียนสามารถใช้งานในระบบเว็บไซต์เมื่อ Sign In ได้อย่างต่อเนื่อง
เพื่อช่วยระบุอุปกรณ์ที่ผู้ใช้งานใช้ในการเข้าใช้งาน ร่วมกับข้อมูลอื่นๆ ที่รวบรวมไว้ เพื่อให้สามารถระบุความต้องการส่วนตัวของผู้ใช้งานได้

ประเภทของคุกกี้

บริษัทใช้คุกกี้ดังต่อไปนี้ในเว็บไซต์ของบริษัท

คุกกี้ที่มีความจำเป็นอย่างยิ่ง (Strictly Necessary Cookies): มีความสำคัญต่อการทำงานของเว็บไซต์ ซึ่งช่วยให้ผู้เข้าชมสามารถเข้าถึงข้อมูล และใช้งานในเว็บไซต์ได้อย่างปลอดภัย
คุกกี้สำหรับการวิเคราะห์และวัดผลการทำงาน (Analytical/Performance Cookies): มีหน้าที่จดจำและนับจำนวนผู้เข้าชมเว็บไซต์ ตลอดจนวิเคราะห์พฤติกรรมในการเยี่ยมชมเว็บไซต์ เพื่อปรับปรุงการทำงานของเว็บไซต์
คุกกี้เพื่อการทำงานของเว็บไซต์ (Functionality Cookies): ทำหน้าที่จดจำการตั้งค่าการใช้งานเว็บไซต์ เช่น ภาษาที่ใช้ เป็นต้น
คุกกี้เพื่อการโฆษณา (Advertising Cookies): ทำการบันทึกและจดจำข้อมูลของผู้ใช้งานเว็บไซต์ เพื่อนำเสนอขายสินค้าหรือสื่อโฆษณาที่ตรงกับความสนใจของผู้ใช้งาน

การจัดการคุกกี้

ผู้ใช้งานสามารถตั้งค่าคุ้กกี้ของบริษัทเพื่อยอมรับหรือปฏิเสธการทำงานของคุกกี้ได้ แต่หากผู้ใช้งานปิดการใช้งานคุกกี้นั้นอาจส่งส่งทำให้เว็บไซต์อาจไม่สามารถทำงานตามวัตถุประสงค์ที่คุกกี้ถูกออกแบบไว้ ทั้งนี้ ผู้ใช้งานสามารถตั้งค่าคุกกี้ได้ตามขั้นตอนดังนี้

กรณีใช้ Google Chrome
(https://support.google.com/chrome/answer/95647?hl=en&topic=14666&ctx=topic)
กรณีใช้ Safari
(https://support.apple.com/guide/safari/manage-cookies-and-website-data-sfri11471/mac) and iOS (https://support.apple.com/en-us/HT201265)
กรณีใช้ Internet Explorer
(https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#ie=ie-10 )
กรณีใช้ Firefox
(https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies )

นโยบายส่วนบุคคลของของเว็บไซต์อื่น

นโยบายความเป็นส่วนตัวฉบับนี้ใช้เฉพาะสำหรับการให้บริการและการใช้งานเว็บไซต์ของบริษัทเท่านั้น หากผู้ใช้งานกดลิงค์ไปยังเว็บไซต์อื่น ผู้ใช้งานจะต้องศึกษาและปฏิบัติตามนดยบายความเป็นส่วนตัวที่ปรากฎในเว็บไซต์นั้นๆ แยกต่างหากจากเว็บไซต์ของบริษัท

การเปลี่ยนแปลงประกาศ

ประกาศนี้อาจมีการปรับปรุงให้เหมาะสมและสอดคล้องกับสถานการณ์และตามการให้บริการจริง โดยบริษัทจะมีการแจ้งประกาศที่มีการปรับปรุงใหม่บนเว็บไซต์นี้ ดังนั้นบริษัทขอแนะนำให้ท่านตรวจสอบให้แน่ใจว่าท่านได้เข้าใจการเปลี่ยนแปลงตามข้อกำหนดดังกล่าว

ในกรณีที่ท่านมีคำถามเกี่ยวกับนโยบายคุกกี้ของเรา ท่านสามารถติดต่อสอบถามได้ที่

ส่วนงานควบคุมข้อมูลส่วนบุคคล

บริษัท ออโตคลิกบายเอซีจี จำกัด (สำนักงานใหญ่)

สำนักงานตั้งอยู่เลขที่ 1111 หมู่ที่ 1 ถนนมะลิวัลย์ ตำบลบ้านทุ่ม

อำเภอเมืองขอนแก่น จังหวัดขอนแก่น

อีเมล : pdpa@ach.co.th

โทร : 043-306333 ต่อ 5

แบบฟอร์มคำขอใช้สิทธิ

แบบฟอร์มคำขอใช้สิทธิของเจ้าของข้อมูลส่วนบุคคล

ขนาดไฟล์:

แบบฟอร์มคำขอแก้ไข/เปลี่ยนแปลงข้อมูลส่วนบุคคล (สำหรับลูกค้า)

ขนาดไฟล์:

หากท่านมีความประสงค์จะใช้สิทธิในฐานะเจ้าของข้อมูลส่วนบุคคล ท่านสามารถดาวน์โหลดแบบฟอร์มคำขอใช้สิทธิจากเอกสารที่แนบมานี้ และ ดำเนินการกรอกข้อมูลให้ครบถ้วน จากนั้นส่งแบบฟอร์มมายังอีเมล pdpa@ach.co.th ถึงหน่วยงานคุ้มครองข้อมูลส่วนบุคคล (DPO)

ทั้งนี้ หน่วยงานจะดำเนินการพิจารณาและตอบกลับคำขอของท่านโดยไม่ชักช้า ภายใต้กรอบระยะเวลาที่กฎหมายกำหนด หากท่านมีข้อสงสัยหรือต้องการสอบถามข้อมูลเพิ่มเติม สามารถติดต่อได้ที่หมายเลขโทรศัพท์ 043-306333 ต่อ 5