Betagro Public Company Limited and Affiliates (“Company”) recognize the importance of the protection of personal data and need to act in accordance with the laws concerning the data protection and other related regulations. Therefore, we have established and disclosed this Personal Data Protection Policy (“Policy”) as its approach to explain how we collect, use or disclose personal data and how we protect personal data and properly handle such data according to the Personal Data Protection Act B.E. 2562 (“PDPA”).

1. Definition

“Company” means Betagro Public Company Limited and Affiliates, for more details, you can visit the website www.betagro.com http://www.betagro.com
“Personal Data” means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased persons in particular.
“Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any data which may affect the Data Subject in the same manner, as prescribed by the Personal Data Protection Committee.
“Data Controller” means any person having the power and duties to make decisions regarding the collection, use, or disclosure of the personal data
“Data Processor” means any person who operates in relation to the collection, use, or disclosure of the personal data pursuant to the orders given by or on behalf of a data controller
“Data Processing” means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission and dissemination.

2. Personal Data Collected by the Company

We collect several types of personal data, including:

2.1 Personal Data, including

• Identity Data (for example, name, surname, identification card number, passport number, birthdate, gender, age, nationality, marital status, photos)
• Contact Data (for example, address, telephone number, e-mail, social media contact)
• Social Media Contact Data such as LINE ID or Facebook account
• Financial or Transaction Data (for example, bank account number, credit card number.
• Transactions related to our products or services, customer code)
• Communication Data (for example, images or voice recordings when communicating with us)
• Information on participating in activities held by us (for example, static images or videos)
• Technical Information (for example the information of devices you use to access the Website, Computer Traffic Data (Log), contact information and communication between you and other users, and the information from the use of Website such as mobile network information, connection information, type of browser, information recorded from your access to the Website, information of the Website entered by you before and after access to our Website (Referring Website), Website historical record, login log, transaction log, customer behavior, statistic of Website usage, access time, information on your search, use of Website functions, and the information we collect through cookies or other similar technologies)
• Geolocation Data (for example, IP address or GPS Location)
• Other data concerning the additional data collection in accordance with the purpose of data processing.

2.2 Sensitive Data, such as health information, disability information, race, and religion, which will be collected with your explicit consent or as required by laws.
2.3 Personal Data of Minors, Persons of Unsound Mind, or Quasi-Incompetent Persons
The Company does not intend to collect, use, and/or disclose personal data of minors, persons of unsound mind, or quasi-incompetent persons, unless consent has been obtained from the legal guardian, custodian, or curator, or in cases where the minor can provide consent independently under the laws (depending on the case), and/or the Company operates under other legal grounds. If the Company becomes aware that it has collected, used, and/or disclosed personal data of minors, persons of unsound mind, or quasi-incompetent persons without the consent of the legal guardian, custodian, or curator, and there are no other legal grounds, the Company will delete or destroy that personal data.
2.4 Personal data of Third Parties
If you provide personal data of any third party who is a personnel of a legal entity and/or related to you to the Company (e.g., shareholders, directors, authorized persons, family members, referees, partners, guarantors, mortgagors, security providers, beneficiaries, executors, or emergency contacts), you are responsible for informing those individuals about the details in this Policy and obtaining their consent if necessary, or establishing other legal grounds to ensure that the Company can collect, use, and/or disclose their personal data.

3. Sources of Personal Data

We may collect your personal data from various sources as follows:
3.1 Collect information directly from you, for example:

• When you contact us to inquire our products or services information
• Procedures for applications for purchasing our products or using our services, taking steps as per your request prior to entering into a contract, contract signing, form filling, questionnaires, registrations or submission of claims or requests for exercising your rights
• Your communication with us via our contact channels, for example, telephone, e-mail, LINE, Facebook Messenger, etc.
• Information on participating in activities held by us, for example, static images or videos of shareholders’ meeting
• Automatic data storage system, for example, when you use our website or application, etc.

3.2 Collect information from other sources, for example:

• Our customers
• Employee, interns, job applicants, intern applicants
• Agents or service providers
• Subsidiaries and affiliated companies
• Government authorities or other publicly available sources such as company website, information made available on the internet or social media platforms, for example, Facebook, etc.

4. Purposes of Collection, Use or Disclosure of Personal Data

We collect, use or disclose your personal data for various purposes depending on relationship between you and the Company as follows:

4.1 To verify your identity, address, and the accuracy of any information you provide to the company, whether as a contracting party, or in your capacity as a director, representative, authorized person, or employee acting on behalf of a legal entity, and for the purpose of considering and approving a contract between the Company and you or the legal entity for which you are a director, representative, authorized person, or acting employee.
4.2 To process requests relating to the use of products, benefits or services of the Company, to perform contractual obligations, to register for providing services in relation to products and services, payment, to receive or deliver the information or documents between you and the Company including to comply with our internal procedures
4.3 To manage our relationship with customers, for example to communicate with you on any information about our products and services, to manage your complaint, etc.
4.4 To inform any information or notifications to you about products or services that you have with us including other products or services of the Company, to inform benefits, sales promotion, marketing activities, any activity and project invitation of the Company and to communicate about such activity and project including to offer our products or services
4.5 To register activity registrations, campaigns, offers, sales promotions, reward or gift registrations or any benefits which are operated by the Company, affiliates or third parties, for example, lucky draw, prize trivia quizzes, trainings, seminars, or tours, etc., including any procedures relating to the aforesaid activities.
4.6 To survey your satisfaction with our products and services and to analyze your interests including your spending or service using records in order to evaluate, manage, improve, research, conduct planning, and develop our products, services and sales promotions to better suit your needs.
4.7 To maintain security within the Company's premises and buildings, such as requiring an ID exchange before entering the area and recording images of individuals visiting the Company’s buildings and premises through CCTV (Closed-Circuit Television).
4.8 To consider and select candidates for employment contracts between you and the Company.
4.9 To conduct business planning, reporting and forecasting.
4.10 For internal operations of the Company, including auditing, internal controls, risk management, and business continuity management.
4.11 To comply with laws, regulations, orders, legal requirements, and the Company’s legal duties, such as labor laws, partnership laws, public company laws, securities and exchange laws, and other applicable laws, both domestically and internationally. This includes reporting or disclosing information to government agencies as required by laws, such as the Department of Business Development, the Securities and Exchange Commission, the Department of Livestock Development, the Department of Fisheries, the Revenue Department, or in response to subpoenas, warrants, or orders from police officers, government agencies, courts, or other law enforcement authorities for investigations or legal processes. Additionally, this includes establishing legal claims, fulfilling or exercising legal rights, or defending against legal claims.
4.12 To assign any rights, duties, and benefits under the contract between you and the Company as a contracting party, or in your capacity as a director, representative, authorized person, or employee acting on behalf of a legal entity, such as in the case of mergers or contract transfers, as permitted by laws.

5. Additional Privacy Policies

As the Company processes your personal data for various purposes depending on the nature of your relationship with the Company, if you are a partner, customer, employee, intern, job applicant, trainee applicant, or shareholder, you can read the relevant privacy policy to understand the specific purposes for processing your personal data according to your relationship with the Company at https://www.betagro.com/th/privacy-statement
Additionally, when you access the Company’s website and the Company processes your personal data, you can review the Company’s cookie policy at https://www.betagro.com/th/cookie-policy

6. Personal Data Retention Period

We retain your personal data for as long as is considered necessary for the purpose for which it was collected, used or disclosed as set out in this Policy. The criteria used to determine our retention periods include: we retain the personal data for the duration we have an ongoing relationship with you; or we may retain the personal data for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to comply with, for any other cause, our internal policies and regulations. The Company will take appropriate steps to delete or destroy personal data, or to anonymize the data so that it can no longer identify you, once it is no longer necessary or after the specified retention period has ended.

7. Personal Data Disclosure

We may disclose your personal data in certain circumstances, for the purposes set out in this Policy, to
7.1 Subsidiaries, affiliated companies, and business partners for the purposes of conducting business, internal management, and carrying out any other activities as specified in the Policy.
7.2 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedures, for example, carriers, document storage and destruction service providers, printing house, marketing agency, IT development and maintenance service providers, travel agencies, , payment and payment system service providers, call center service providers, and any consultants to support the Company’s operations for the purposes previously communicated to you.
7.3 Government agencies, regulatory bodies, or other entities as required by laws, including officials exercising legal authority, such as the Department of Business Development, the Securities and Exchange Commission, the Department of Livestock Development, the Department of Fisheries, the Revenue Department, or in response to subpoenas, warrants, or orders from law enforcement, government agencies, courts, or other legal authorities.
7.4 External parties based on your consent, contractual requirements, or legal obligations, as applicable.
7.5 Assignees or purchasers of the business and/or their advisors, in the event of a restructuring, sale, or transfer of the Company's business or assets.

8. International Transfer of Personal Data

In some cases, we may transmit or transfer your personal data to the Company databases which are operated and managed on Cloud Servers in foreign countries. In such case, the Company shall provide adequate protection and security measures and comply with the PDPA.

9. Lawful Basis for Processing of Personal Data

The Company will process personal data only to the extent necessary and in accordance with this Privacy Policy, under the following legal bases:

• When we obtain your consent (as required by laws).
• To take steps at your request prior to entering into a contract and to perform contractual obligations between you and the Company.
• When it is necessary for legitimate interests of the Company or any other persons or juristic persons, except when such interests are overridden by fundamental rights of your personal data.
• To comply with laws to which the Company is subjected.
• When it is necessary for preventing or suppressing a danger to a person’s life, body or health.
• To perform the Company’s duties for a task carried out in public interest or to perform duties for the exercising of official authority vested in the Company (if any).
• For research and statistical purposes.

In the case when the Company processes your sensitive personal data, the Company shall duly obtain your explicit consent, unless the explicit consent is not required by laws. In the case when the personal data collected by the Company as stated above is necessary for the Company’s compliance with applicable laws or performance of contract. If you do not provide us with such necessary personal data, the Company may be subject to legal liabilities; and/or may not be able to provide you with our products and services; and/or may not be able to manage or administer the contract or give any convenience for you.

10. Your Rights as a Data Subject

According to the PDPA, you have certain rights relating to your personal data as follows:

10.1 Right to Withdraw Consent
You have the right to withdraw consent given to us for collecting, using or disclosing your personal data at any time, unless there is a restriction of the withdrawal of consent by laws or the contract which gives benefits to you.
However, the withdrawal of consent shall not affect the processing of personal data you have already given consent to the Company legally.
10.2 Right to Access
You have the right to request access to and obtain copy of your personal data, which is under our responsibility, including to request the disclosure of the acquisition of the personal data obtained without your consent.
10.3 Right to Data Portability
When the Company arranges your personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal data and are also entitled to send or transfer your personal data in such formats to other data controllers stipulated by laws.
10.4 Right to Object
You have the right to object to the collection, use or disclosure of your personal data on grounds stipulated by laws.
10.5 Right to Erasure
You have the right to request the Company to erase, destroy or make your personal data become unidentifiable data on grounds stipulated by laws.
10.6 Right to Restriction of Processing
You have the right to request the Company to restrict the use of your personal data on grounds stipulated by laws.
10.7 Right to Rectification
You have the right to request the Company to modify your personal data to be accurate, up-to-date, complete, and not misleading.
10.8 Right to File a Complaint
You have the right to file a complaint to a competent official under the PDPA anytime the Company violates or does not comply with the PDPA.
Data Subject may request these rights by sending an official notice to the Company’s Contact Information or through https://www.betagro.com/th/privacy-statement
The Company shall consider the right request received and inform the Data Subject not exceeding 30 days from the date of receiving such request. However, the Company may deny such right subject to exception to applicable laws.

11. Personal Data Protection Security Measures

The Company has implemented appropriate and strict security measures to protect your personal data from unauthorized or unlawful loss, access, use, alteration, modification, or disclosure.
In the case when the Company assigns any third party to process your personal data pursuant to the instructions given by or on behalf of the Company, the Company shall appropriately supervise such third party to ensure your personal data protection in accordance with the PDPA.

12. Contact Information

If you have any questions or inquiries about the protection of your personal data, collection, use or disclosure of your personal data, or exercise of your rights, or have any claims, please contact us at:
Betagro Public Company Limited
Address: Betagro Tower (North Park), 323, Moo 6, Vibhavadi Rangsit Road, Thung Song Hong, Lak Si District, Bangkok 10210
Tel: 1482
Email: DPOoffice@betagro.com

13. Link to Third Party Websites via our Website

This Policy applies to the sales of products or provision of services and use of our Website only. When you link to third party websites via our Website, the personal data protection shall be in accordance with the Privacy Policy of such third party websites which are not related to the Company.
We regularly review and, if appropriate, update this Policy from time to time to ensure that your personal data is properly protected. In case of any significant update to this Policy, we will inform you through appropriate channel(s).

[Revision No. 03 Published on October 28, 2024]