Personal Data Protection Policy

B.Grimm Power Public Company Limited and Subsidiary

1. Introduction

B.Grimm Power Public Company Limited and Subsidiaries (referred to as “B.Grimm Power) recognizes the importance of personal data protection and respects the privacy rights of the data subject. For the purpose of statutory compliance and business objective of B. Grimm Power in relation to the collection, usage and disclosure of personal data to be protected as comply by the law and regulations, B.Grimm Power establishes the Personal Data Protection Policy (“Privacy Policy”) under the Personal Data Protection Act B.E. 2562 (2019) (as amended) and other applicable laws and regulations (“PDPA”).

2. Scope

In order to inform the data subject of the Privacy Policy, B.Grimm Power establishes the procedures and guidelines on the personal data protection under the PDPA (“Procedures”). The Procedures is to ensure the protection and security of personal data collection of each category.

3. Description

Subsidiary Company refers to the company or juristic persona that B.Grimm Power has control over or under the control of B.Grimm Power. B.Grimm Power holds more than 50 percent of the voting rights, either from the direct or indirect vote throughout the vote rights.

Personal Data refers to personal information that, directly or indirectly, is able to identify the data subject, but the information of the deceased is excluded.

Sensitive Personal Data refers to, under Section 26 of the PDPA, Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual orientation, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.

Data Processing refers to the collection, use, or disclosure of personal data.

4. Personal Data Collection

Under the PDPA, B.Grimm Power statutorily collects the Personal Data as necessary, within the relevant company’s objectives and scope only. In regard, B.Grimm Power makes the data subject aware of and consent such in writing or electronically, in accordance with the requirements of the PDPA, subject to PDPA with regard to the collection of the Personal Data.

4.1 Types of Personal Data

The types of personal data that may be collected by B.Grimm Power are under the characteristics of the activities, locations and method of collection, which may include the followings:

(1) the identifiable Personal Data such as name, surname, photograph, identification card number, passport number, driver’s license number, date of birth, occupation, position, name of workplace, nationality, gender, marital status, vehicle license plate, CCTV footage of the area under B.Grimm Power’s control, username and password in the system;

(2) the Sensitive personal data as define in clause Error! Reference source not found.

(3) personal contact information i.e. home address or work place, phone number, E-mail, or social applications such as LINE, Whatsapp, or Facebook;

(4) personal financial information such as bank accounts details or personal income tax information;

(5) employment information such as job interviews, performance appraisals, positions, salaries, employment benefits, social security, provident fund;

(6) other information i.e. technical information from the usage of B.Grimm Power’s websites or applications, activity usage and access to Log files, IP address, Cookies.

4.2 Source of Personal Data Collection

Basically, B.Grimm Power collects the Personal Data directly from the data subject. Nevertheless, B.Grimm Power may collect the Personal Data from other sources, rather than directly from the data, i.e.:

(1) public sources;

(2) share or securities registrar;

(3) any communication method, either face-to-face or via any communication tools;

(4) related persons of the data subject.

If, however, B.Grimm Power has to collect the Personal Data from other sources, it will do so in compliance with the PDPA.

5. Objectives of Personal Data Protection

B.Grimm Power collects, uses or discloses the Personal Data for the following purposes:

  • for the benefit of B.Grimm Power’s business operations under the statutory, contractual obligations and the legitimate interest;
  • for the improvement and enhancement of business efficiency such as database preparation, analysis, and development of operating processes;
  • for verification or identification when accessing digital systems;
  • for legal verification of the data subject;
  • for the fulfillment of purposes that has been informed to the data subject and consented by the data subject;
  • for other purposes, which are not prohibited by the law, and/or for compliance with the laws, rules, announcements, or regulations relevant to the operation of B.Grimm Power;
  • for the purpose of storing, recording, backing up, or destroying of the Personal Data.

B.Grimm Power will not act in contrary to the above purposes; provided that:

(1) it notifies the new purposes to the data subject and consent is obtained accordingly;

(2) it is for the purpose of PDPA or relevant laws compliance.

6. Consent

B.Grimm Power collects, uses, discloses and processes the Personal Data upon the prior or simultaneously express consent of the data subject in writing, or via electronic means, save it is not possible to obtain the consent accordingly.

In the case B.Grimm Power collects, uses, or discloses the Sensitive Personal Data, it will obtain an explicit consent from the data subject, unless otherwise specified by laws.

The consent of the data subject refers to the data subject’s consent to B.Grimm Power to collect, use, disclose, or keep the Personal Data of the data subject by any person residing or juristic persons locating, either domestically and internationally as herein stated, unless otherwise specified by laws.

7. Objection of Consent

The consent of the Personal Data is a voluntary action of the data subject. The data subject may object to a consent requested by B.Grimm Power. As a result, such objection may cause B.Grimm Power unable to enter into an agreement, obligation, or to give welfare, to grant to or accept any products or services from, the data subject, to proceed with the data subject’s requests, or to perform any contractual obligations, terms and conditions.

8. The Usage and Disclosure of Personal Data

B.Grimm Power will neither use nor disclose the Personal Data to a third party without the data subject’s consent. The Personal Data is disclosed for the purpose(s) the data subject has been informed prior to or at the time of collecting such Personal Data, unless exempted by the PDPA, or statutorily required to disclosure. However, for the purpose of B.Grimm Power’s operations and rendering of services to the data subject, B.Grimm Power may disclose the Personal Data of the data subject, in and outside the country, to the following person:

(1) B.Grimm Power’s subsidiaries;

(2) shareholders or stakeholders;

(3) parties to the contracts, subcontractors, or service providers related to the operation of B.Grimm Power;

(4) any person consented by the data subject to use or be disclosed the data subject’s Personal Data;

(5) person or government agency according to the law, or by the court order, or any other competent authority.

In addition, B.Grimm Power procures that the abovementioned person treats the Personal Data as confidential and will not use it for any other purposes than stipulated herein.

9. Security Measures

B.Grimm Power establishes the Personal Data collection, use or disclosure measures, as well as the security measures, which are in accordance with the PDPA, related regulations and guidelines, with which B.Grimm Power’s employees and other related person have to comply so that the protection of Personal Data is efficient and of security standard required by laws. The standard of security measures is the compliance to the Personal Data Protection Act, regulations, rules, laws, and practices on the protection of data for B.Grimm Power employees and related persons. In order to provide an effective and safe protection of personal data in accordance with the legal standards.

10. Retention Period of Personal Data

B.Grimm Power will retain the Personal Data only for the necessary duration, and will collect, use and disclose the Personal Data, as defined in this Policy, in accordance with the duration criteria, namely the period during which the data subject is still related to B.Grimm Power, and may still retain the Personal Data within 10 years from the date on which the data subject terminates the relationship with B.Grimm Power accordance with policies and the internal regulations of B.Grimm Power.

B.Grimm Power will delete, destroy, or destruct the personal data after the expiration of the period of time.

11. Data Subject Rights

The data subject has the following rights under the laws:

(1) The right to access, request a copy, or request of disclosure on unconsented data;

(2) The right to correct the Personal Data;

(3) The right to request for deletion, destroying, or anonymization of the Personal Data;

(4) The right to withdraw the consent;

(5) The right to obtain or transfer the Personal Data;

(6) The right to request the suspension of the use of Personal Data;

(7) The right to object to the collection, use, or disclosure of the Personal Data;

(8) The right to complain to official or the regulatory authority for the protection of the Personal Data.

The request of any rights shall neither affect the processing of Personal Data for which the data subject has lawfully consented, nor violate any statutory requirements to be complied by B.Grimm Power.

12. Contact Information

In case the data subject has any questions about the Personal Data Protection Policy, or wish to exercise the rights as specified in Article 11, please contact us:

• E-mail: dpo@bgrimmpower.com

13. Review and Update of Personal Data Protection Policy

B.Grimm Power may review and update the Personal Data Protection Policy for the purpose of compliance with the applicable laws and regulations, and any comments or suggestions from any agencies, including personal data protection practices, and for the development of B.Grimm Power’s Personal Data protection procedures, which should be in accordance with the change of operations and technology so as to provide effective security measures. In this respect, B.Grimm Power will announce any changes in advance.

This Policy is effective from 25 March 2021 onwards.