EXTERNAL PRIVACY POLICY FOR INVESTOR

INTRODUCTION

Siam Makro Public Company Limited (the “Company”) is aware of the importance of the personal information and has always respected for privacy rights of shareholders, their proxies or representatives, investors, analysts or other persons who attend the meetings relating to shareholders or investor relations held by the Company. Your personal information which has been disclosed by you or collected by us under legal relationship between you and the Company, including the contractual relationship, filling information in the application form or online channels access which will be referred to as “personal information” which might be in the forms of documents, files, website www.siammakro.co.th, all applications and online services of the Company (the “Website”). The Company shall use your involved personal information for the purposes that have been stipulated under this privacy policy, hereinafter referred to as “Privacy Policy”.

SCOPE OF PRIVACY POLICY

This Privacy Policy covers the following topics.

  • Methods of collection and collected personal information
  • Purposes of collection, use or disclosure of personal information
  • Disclosure of personal information
  • Sending or transfer of personal information to overseas
  • Retention period of personal information
  • Your rights
  • Updating your personal information
  • Security measures of your personal information
  • Cookies program and technical information
  • Redirecting to other parties’ websites
  • Changes to the Privacy Policy
  • Contact us

METHODS OF COLLECTION AND COLLECTED PERSONAL INFORMATION

Method of Collection Collected Personal Information

Information directly collected from you, for example

  • Procedures for taking steps as per request prior to entering into contract, contract signing, form filling, providing supporting documents, questionnaires, registrations or submission of claims or requests for exercising your rights
  • Your communication with us via our contact channels, e.g. telephone, email, etc.
  • Automatic data storage system, e.g. when you use our website, internal information technology system, or application, etc.
  • Identifiable information such as title, name, surname, birth date, identification number, tax identification number, passport number, national, occupation, photograph, video and/or voice recordings
  • Contact information such as address for sending documents, email, phone number, facsimile number
  • Transaction information such as bank account number
  • Employment information such as information about your employer, job title, department/function that you work for, where you contact us as an analyst
  • Technical information such as username, password, interests, setting preferences, IP address, information of accessing the system, when you login into our website or other online channels
  • Other information such as securities account number, shares information (such as amount and number of shares held), tax information, information required for the Company’s screening process to prevent epidemic (including Corona Virus Disease (COVID-19)) such as information about your health conditions and suspected symptoms, direct contact with the confirmed case, travelling history, social history, self-quarantine history, etc. This may include information of your family or your close contacts as necessary. In some cases, the Company may collect other sensitive personal information such as religion and/or blood type appeared on a copy of your identification card, if necessary. Information collected from other sources, for example:
  • Thailand Securities Depository Company Limited (TSD)
  • Government authorities or other publicly available sources such as company website, information made available on the internet, etc.
  • The company/entity that you are working for. Other cases according to security protection system of the Company such as CCTV.
  • Captured image or footage

The Company will collect your personal information only in compliance with the Personal Data Protection Act B.E. 2562 (the “PDPA”). For those who have provided their personal information to the Company before the PDPA enters into force, we will continue collecting and using your personal information which has been collected by the Company for the original purposes which you allowed us to collect your information.

If necessary, the Company may collect your sensitive personal information such as health information, religion, blood type, etc. only with your explicit consent or when permitted by laws.

PURPOSE OF COLLECTION, USE OR DISCLOSURE OF PERSONAL INFORMATION

Any collection of your personal information by the relevant employees of the Company or other relevant persons or any actions performed on behalf of the Company which is necessary for the use of personal information for any undertakings hereunder may rely on (1) Consent basis (2) Contract (i.e. performance of a contract or taking steps at your request before entering into a contract) (3) Legal obligation basis (4) Legitimate interest basis (5) Legal claims basis and (6) Compliance with relevant laws basis by which the purposes of collection, use or disclosure of personal information will be as follows:

  1. To hold shareholders’ meetings, to prepare for and manage the attendance and voting procedures for shareholders’ meeting, to manage shareholders’ registration under public limited companies law and securities and exchange law, to comply with our internal procedures, including to communicate and to receive/deliver documents between you and the Company, such as notices of meetings and relevant enclosures, and to process any proxies, etc.
  2. To distribute dividends to shareholders.
  3. To record images, video and/or voice during the shareholders’ meetings.
  4. To undertake necessary measures to prevent any epidemics, such as screening process for all meeting attendees according to the measures to prevent Corona Virus Disease (COVID-19), etc.
  5. To communicate and promote the Company’s events relating to investor relations, such as to inform you of investors’ information or investor relations events which may be held by the Company in the future, etc.
  6. To perform satisfaction survey on the events held by the Company and perform data analysis for improving and developing any future events.
  7. To manage risks and undertake audit and internal administration.
  8. To undertake detection and investigation under legal procedures and other regulations, to comply with laws, and to report or disclose information to government authorities as required by laws or upon receiving an order or a writ of attachment from police officers, government authorities, courts, or other competent authorities, including to establish, comply or exercise the rights to legal claims or defend against the rights to legal claims.
  9. To monitor security in our buildings or premises including I.D. card deposit before accessing such areas and to record images of those who contact us at our buildings and premises via Closed-Circuit Television (CCTV).
  10. To assign rights, duties and any benefits under a contract between you and the Company as a contracting party, or as a director, representative, attorney, or person acting on behalf of a juristic person, which have been done legally, for example, merger or transfer of the contract.
  11. To perform any acts to protect the rights or benefits of shareholders in the future.
    In the case where the personal information collected by the Company as stated above is necessary for the Company’s compliance with applicable laws or performance of contract. If you do not provide us with such necessary personal information, the Company may be subject to legal liabilities and/or may not be able to manage or administer the contract or deliver any convenience to you.
    In the case where the Company needs to collect, use, disclose or perform any processes with your personal information, apart from the purposes mentioned in this Privacy Policy, the Company will inform such change in the website or publish the notice at the Company’s branches which may require an additional consent from you.

DISCLOSURE OF PERSONAL INFORMATION

The Company may disclose your personal information to other relevant parties for the purpose that has been stipulated under this Privacy Policy to:

  1. Agencies, contractors/sub-contractors and/or service providers for their implementation and procedures, for example, commercial banks, carriers, document storage and destruction service providers, printing house, event organizers, IT development and maintenance service providers, auditors, lawyers, tax and legal advisors, and any consultants;
  2. Government authorities, supervisory authorities or other authorities as stipulated by laws, including competent officials;
  3. The assignee of the rights, duties, and any benefits from the Company, including any persons who are assigned by the aforesaid assignee to act on its behalf, for example, in the case of organizational restructuring, merger or acquisition, etc. When disclosing your personal information to third parties, the Company will ensure that the company or other organizations that receive your personal information will have an adequate data protection standard in order to prevent any damage that may arises. If any disclosure of personal information requires consent, the Company will proceed with obtaining consent prior to such disclosure.

RETENTION PERIOD OF PERSONAL INFORMATION

We retain your personal information for as long as is considered necessary for the purpose for which it was collected, used or disclosed as set out in this Privacy Policy, i.e. as long as you have legal relationship with us, or for a period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or until you request us to delete your personal information, or to comply with, for any other cause, our internal policies and regulations.

YOUR RIGHTS

You are entitled to the following rights under the PDPA:

Data Subject’s Rights Description

1 Right of access You have a right to get access and obtain a copy of your personal

information that we hold about you, or you may ask us to disclose the sources of where we obtained your information that you haven’t given consent. The Company will send such copy to you within 30 days upon obtaining your request. In certain cases, the Company may request additional information in order to confirm your identity and your rights as part of our security measures.

2 Right to data portability You have a right to request us to automatically transfer your

personal information to other persons, and request to see the personal information that we have transferred to other persons, unless it is impossible due to technical circumstances.

3 Right to object the processing of your information You have a right to object to

collection, use or disclosure of your personal information at any time, for example, if it is under the following circumstances:

  1. It is for the purpose of direct marketing; and/or
  2. It is for the purpose of scientific, historical or statistical research unless it is necessary to performance of a task carried out for reasons of public interest by the data controller.

4 Right to erasure You have a right to request us to delete, destroy or anonymise your personal information in the following circumstances where:

  1. The personal information is no longer necessary for the purpose of which it was collected, used or disclosed;
  2. You have withdrawn your consent to which the collection, use or disclosure is based on;
  3. You have objected to the collection, use or disclosure of the personal information and the Company has no ground to reject such request; and/or
  4. When the personal information has been unlawfully collected, used or disclosed under the PDPA.

5 Right to restrict the processing of your information

You have a right to request us to restrict the processing of your personal information in the following circumstances when:

  1. It is under the pending examination process of checking whether the personal information is accurate, up-to-date and complete or not;
  2. It is the personal information that should be deleted or destroyed as it does not comply with the law and you request to restrict it instead;
  3. The personal information is no longer necessary to retain for the purpose of which it was collected, used or disclosed, but you still have the necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims or the defense of legal claims;
  4. The Company is pending verification in order to reject the objection request of the collection, use or disclosure of personal information.

6 Right to withdraw consent You may withdraw your consent at any time, unless it is restricted by law, or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the processing of personal information you have already given consent legally.

7 Right to rectification You have a right to rectify inaccurate personal information in order to make it accurate, up-to-date, complete and not misleading. If the Company rejects your request, the Company will record such rejection with reasons.

In case of shareholders’ personal information, you can request for rectification of your personal data by contacting Thailand Securities Depository Company Limited (TSD) as the provider of securities registrar service.

8 Right to lodge a complaint You will have the right to make a complaint in the case of where the Company, the data processor including the employees and employers of the Company do not comply with the PDPA or other notifications issued under the PDPA.

Under the PDPA, If you have any questions or would like to exercise any rights relating to your personal information, please submit your request via www.siammakro.co.th on exercising your rights under the PDPA topic or contact the public relation staff at the branch or call center tel. 02-779-9955 every Monday to Friday at 08.00-18.00 hours.

UPDATING YOUR PERSONAL INFORMATION

In the event that the personal information you have provided has changed, you must notify the Company of such update or edit the provided personal information so that your personal information is always accurate and up-to-date. If any of your personal information is incorrect, it may affect the service provision of the Company and the Company will not be responsible for any loss or damage that may occur to you or the third party as a result of your failure to correct or update your personal information to be accurate in any way.

SECURITY MEASURES OF YOUR PERSONAL INFORMATION

The Company certifies that all the personal information collected will be stored safely and strictly with adequate security standards. If you have a reason to believe that your personal information has been breached or if you have any questions regarding this Privacy Policy, please contact the DPO of the Company.

COOKIES PROGRAM AND TEACHNICAL INFORMATION

Cookies program will be sent to your web browser or to your device when you visit the website or check for messages. This program will collect information about website usage behavior. In addition, it includes technical information that is username, password, interests, setting preferences, IP address, login information, browser type, browser version, time and date setting, connection setting, operation and platform system and other technology on your devices where you sign in into our system.

Adherence to such information, the program assists the Company to contact and remember your browser or device, which will facilitate the use of the website. If you have no demand to use the cookies program, you can reject installation of such program. However, refusing to use this cookie program may affect the use of our website or online services from the Company due to insufficient information, or the Company may require time to request for additional information. (if any)

You can learn more about our cookies program in our Cookies Policy at [https://www.siammakro.co.th/cookies-policy.php]

REDIRECTING TO OTHER PARTY’S WEBSITES

The Company’s website may be redirected to other websites for the purpose of facilitating you when you visit other websites. These websites may collect your personal information where the Company is not involved nor responsible for the collection of your personal information or the disclosure of your personal information to other websites of other parties, as well as the privacy policy of these websites in any way. For this reason, the Company recommends that you carefully review the privacy policy of these websites before you use the service on those websites.

CHANGES TO THE PRIVACY POLICY

The Company reserves the right to change, amend or update the Privacy Policy at any time as it deems appropriate by notifying you of the said changes. The Company will notify the changes, amendments or updates on the Company’s website which you can check at any time, or inform you by written document.

INCIDENT AND BREACH

In case of incident and breach of personal data occur, the Company determine the channels to report or direct to DPO promptly at

Tel: 02-067-9700 every Monday to Friday during 08.00-18.00 hours
Email: DPO@siammakro.co.th

CONTACT US

If you have any comments, suggestions, questions or want to make a complaint regarding your personal information, please contact us at:

Siam Makro Public Company Limited Makro

Address: 1468 Phatthanakan Road, Phatthanakan, Suan Luang, Bangkok 10250

Tel: 02-779-9955 every Monday to Friday at 08.00-18.00 hours

Data Protection Officer

Address: 1468 Phatthanakan Road, Phatthanakan, Suan Luang, Bangkok 10250

E-mail: DPO@siammakro.co.th

line