M Technologies (Thailand) Ltd. (hereinafter referred to as “the Company”) are aware of the importance of Personal Data (defined below) protection of the Company’s customers and trading and business partners (collectively referred to as “you” or “Data Subject”). The collection, use and/or disclosure (collectively referred to as “Processing” or “Data Processing”) of Personal Data shall act in accordance with the Personal Data Protection Act B.E. 2562 as the Personal Data protection is a social responsibility so as to build trust and strong business relations between the Company and its customers and trading and business partners. The Company hereby announces this Privacy Notice in order to inform you of your rights and legal duties, as well as terms and conditions concerning the collection, use, or disclosure of your Personal Data.

  1. PERSONAL DATA
    The term “Personal Data” means any information relating to a person which enables the identification of such person, whether directly or indirectly, but not including the information of deceased persons in particular. The term “Sensitive Personal Data” means any information relating to a particular person which is sensitive and presents significant risks to the Person’s fundamental rights and freedoms, which includes data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behaviour, criminal records, health data, disabilities, trade union information, genetic data and biometric data.
  2. COLLECTION OF PERSONAL DATA The Company shall collect Personal Data within the purpose, scope, and lawful and fair methods as is necessary which is defined in the scope of Company’s Personal Data Protection Policies. The Personal Data that the Company collects shall include:
    1. Personal Data, including but not limited to given name, family name, date of birth, age, gender, nationality, and signature;
    2. Contact information, including but not limited to home address, phone number and email address;
    In this regard, the Company shall request consent from Data Subject before such collecting, except for where:
  1. Government documents, including but not limited to copy of national identification card, copy of civil registration from the Government registration database, and copy of travel document;
  2. Financial information, including but not limited to bank account information and credit card number; and
  3. Data obtained by the Company or automated methods from other devices, including but not limited to username, password, MAC address, IP Address, photo, photo of Data Subject’s face, audio file, and video.
1. It is necessary for the performance of a contract where the collection, use, or disclosure of Personal Data is
required to provide service or for performance of a contract between Data Subject and the Company; It is to prevent or suppress a danger to a Person’s life, body or health; It is necessary for compliance with the law; It is necessary for legitimate interests of the Company so as to fulfill its operational objectives in which suitable measures to safeguard Data Subject’s rights and freedoms are put in place, including but not limited to fraud prevention, network security and safeguards for Data Subject’s rights and freedoms; It is for the achievement of the purpose relating to the preparation of the historical documents or the archives for public interest, or for other purposes relating to research or statistics, in which suitable measures to safeguard Data Subject’s rights and freedoms are put in place; and It is necessary for the performance of a task carried out in the public interest, or it is necessary for the exercising of official authority.

Page 1 of 4

M Technologies (Thailand) Ltd.

3. SENSITIVE PERSONAL DATA

PRIVACY NOTICE (EXTERNAL USE)

The Company may be required to collect Sensitive Personal Data from Data Subject, including but not limited to medical data. By doing so, the Company shall request for explicit consent from Data Subject upon each collecting, using and/or disclosing of such Sensitive Personal Data accordingly, except for where:

  1. It is to prevent or suppress a danger to a person’s life, body or health;
  2. It is carried out in the course of legitimate activities with appropriate safeguards by the foundations, associations or any other not-for-profit bodies with a political, religious, philosophical, or trade union purposes for their members, former members of the bodies, or persons having regular contact with such foundations, associations or not-for-profit bodies in connection with their purposes, without disclosing the personal data outside of such foundations, associations or not-for-profit bodies;
  3. It is information that is disclosed to the public with the explicit consent of data subject;
  4. It is necessary for the establishment, compliance, exercise or defense of legal claims; and
  5. It is necessary for compliance with the law so as to achieve the purposes with respect to:
  1. 5.1  Preventive medicine or occupational medicine, the assessment of working capacity of employee, medical diagnosis, the provision of health or social care, medical treatment, the management of health or social care systems and services
  2. 5.2  Public interest in public health, such as protecting against cross-border dangerous contagious disease or epidemics which may be contagious or pestilent;
  3. 5.3  Employment protection, social security, national health security, social health welfare of the entitled person by law;
  4. 5.4  The scientific, historical, or statistic research purposes, or other public interests; and
  5. 5.5  The substantial public interest.
  1. SOURCE OF PERSONAL DATA
    1. Personal Data can be directly obtained from Data Subject through any activities, including but not limited to membership sign-up, newsletter sign-up, and marketing activities;
    2. Data can be obtained from automated system, including but not limited to recordings from CCTV; and
    3. Personal Data can be obtained from other sources, including but not limited to public data and partners of the Company.
  2. PURPOSES OF PROCESSING PERSONAL DATA The Company may use Personal Data for the following purposes or for other purposes notified at the time of collecting Personal Data or for which Data Subject has given consent after the Company has collected such Personal Data. Reasons for collecting, using or disclosing are provided below:
  1. It is to enter into a contract or for the performance of a contract between the Company and Data Subject or third party for Data Subject’s interests;
  2. It is to respond to Data Subject’s enquiry and assist Data Subject;
  3. It is to improve the quality of goods, products and services of the Company so as to satisfy Data Subject’s demand or needs;
  4. It is to inform and recommend Data Subject about goods, products and services or to publish marketing and promotional materials or other benefits to contact details given by Data Subject upon the consent of Data Subject;
  5. It is to survey feedbacks, analyse, research, and gather statistical data for marketing purposes or in order to develop and improve the Company’s corporate operations upon the consent of Data Subject;

Page 2 of 4

M Technologies (Thailand) Ltd.

PRIVACY NOTICE (EXTERNAL USE)

  1. It is for the Company’s internal corporate operations and business practices required for the Company’s legitimate interests;
  2. It is to inspect, supervise and secure the safety in the Company’s sites;
  3. It is for the company’s corporate operations, including but not limited to tax withholding;
  4. It is required to give or disclose Personal Data to it is required by law to authorized official organisations, including but not limited to the Royal Thai Police Headquarters, the Anti-Money Laundering Office, the Revenue Department and courts;
  1. It is to carry out any accounting and financial activities; including but not limited to auditing, debt notification and collection, tax operations and transactions as prescribed by law;
  2. It is for the Company’s legitimate interests, including but not limited to recordings obtained from CCTV;
  3. It is for compliance with law, investigation process, relevant regulations and the Company’s legal duties; and
  4. It is for other purposes upon the explicit consent from Data Subject.

6. TRANSFERRING AND DISCLOSING OF PERSONAL DATA

The Company shall not disclose and transfer Personal Data to third party unless explicit consent is given, or except for where:

  1. The Company is subject to disclosing or sharing Personal Data with partner, service provider or third party if necessary, in order to fulfill and achieve the purposes contemplated in this Privacy Notice; by doing so, the Company shall create a Data Processing Agreement in accordance with the law;
  2. Party A may disclose or share Personal Data to the Company’s affiliates; in this regard, the Processing of Personal Data shall merely be in keeping with the purposes contemplated in this Privacy Notice; and
  3. It is required to disclose Personal Data by law or legal procedures or to disclose Personal Data to officers, authorities or authorized organizations in order to comply with lawful order or request.
  1. INTERNATIONAL TRANSFERS OF PERSONAL DATA The Company may send or transfer Personal Data to a foreign country. In this regard, the Company shall ascertain that the destination country or international organization that receives such Personal Data shall have adequate data protection standards and measures.
  2. PERSONAL DATA PROTECTION The Company has provided and adopted Personal Data storage system equipped with appropriate mechanism and technical features by encrypting the transferring of Personal Data via internet network, as well as safeguard measures in accordance with the law concerning the protection of Personal Data and relevant relegations. The Company also restricts its employees, contractors and representatives from accessing to the use, disclosure, destroying or unauthorized access of Personal Data.
  3. RETENTION PERIOD OF PERSONAL DATA The Company shall retain and use Personal Data as long as necessary for the purposes of Processing Personal Data contemplated in this Privacy Notice or as prescribed by law, except for where it is necessary to retain such Personal Data for other reasons, including but not limited to acting in accordance with the law, to fulfilling the Company’s legal duties and obligations or to inspecting in case where any disputes arise. Under such circumstances, the Company may retain Personal Data longer than the abovementioned period.

Page 3 of 4

M Technologies (Thailand) Ltd.

10. CHANGES TO PRIVACY NOTICE

PRIVACY NOTICE (EXTERNAL USE)

The Company may amend this Privacy Notice or parts of it and will inform you of the respective amendments or changes to this Privacy Notice as well as the recent date of such amending on our web site <www.meinhardt.net>. The Company suggests you regularly check this Privacy Notice. By using products or service on the Company’s website after the amending of this Privacy Notice, you are deemed to acknowledge such amending or changes.

11. DATA SUBJECT RIGHTS

Data Subject may exercise Data Subject Rights with respect to the law and as contemplated in this Privacy Notice, details as specified below:

  1. Right to access and obtain copy of Data Subject’s Personal Data;
  2. Right to have inaccurate Personal Data rectified, or completed if it is incomplete;
  3. Right to Data Portability in case where the Company has made such Personal Data publicly accessible in the format readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated methods;
  4. Right to erase, destroy or anonymize Personal Data, should such Personal Data be no longer necessary or unless there are certain circumstances where the Company has legal grounds to reject Data Subject’s request;
  5. Right to restrict the use of Personal Data under circumstances where Personal Data is subject to erasure or is no longer necessary;
  6. Right to object the Processing of Personal Data at any time; and
  7. Right to withdraw consent given by Data Subject.

Should you have any questions or wish to rectify or erase your Personal Data or to exercise the aforementioned rights or contact the Company regarding Personal Data issues or the Company’s Personal Data protection practices, please contact the Company.

12. CONTACT DETAILS

Data Protection Officer
E-mail: dpo@mtechthailand.com
Address: M Technologies (Thailand) Ltd
6th Floor, Thanapoom Tower, 1550 New Phetchaburi Road, Makkasan, Ratchatevee, Bangkok 10400 Telephone: +66 2652 – 8883 – 4

Announced on 30 May 2022.