Trans.Ad Solutions Company Limited (the “Company”, “we”, “us”, or “our”) recognizes the importance of the protection of personal data. We follow security measures when collecting, using, and/or disclosing Personal Data (as defined below).

In operating our business, we may have to collect, use, and/or disclose the Personal Data of our past, current, and potential customers, including any other individuals who we receive Personal Data from (e.g. visitors, a complainant, general public, press, corporate social responsibility (CSR) related persons, shareholders, and securities holders) (“you” or “your”) for certain purposes in relation to the business operation of the Company and the Companies under BTS Group.

This privacy policy (“Privacy Policy”) applies to our business operation via websites, telephone, email, call center, activity or press release registration, post, online social media, online communication channels and other channels or places where we receive your Personal Data.

From time to time, we may change and/or update this Privacy Policy. We will notify you in addition if any significant update has been made. We will specify the date of our Privacy Policy’s latest update at the top of the Privacy Policy. We encourage you to carefully read this Privacy Policy and regularly check the Privacy Policy to review any changes we might take in accordance with the terms of this Privacy Policy.

For the purposes of this Privacy Policy, “Personal Data” means any directly or indirectly identified or identifiable information as listed below.

We may collect your Personal Data directly or indirectly from other sources, such as the BTS Group Companies, their affiliates, subsidiaries, the Company’s service providers (e.g., survey service providers, independent advisors, project advisors, financial advisors, legal advisors or accounting advisors), the Company’s business partners who are third parties, other third parties (e.g. reference persons, employers, investors), public domain (e.g. online social media), and third-party website or the relevant government agencies. The specific type of Personal Data which we collect will depend on the context of your relationship with us or the BTS Group Companies, affiliates or subsidiaries, and the services or products you wish to receive from us or the BTS Group Companies. The followings are examples of Personal Data which we may collect:

1) Personal information, such as title, name-surname, gender, age, occupation, date of birth, identifiable information on documents issued by government agencies (e.g., national identification card, passport, house registration, work permit), signature, photograph and/or information relating to shareholding/securities (if any) (e.g., shareholder/ securities holder registration number, number of shares/securities and dividend amount); 2) Contact information, such as postal address, house registration address, national identification card address, workplace address, phone number, facsimile number, email address, LINE user account, Facebook account, and other information related to online social media; 3) Financial information, such as bank account information; 4) Transaction information, such as information in the documents related to such transaction (e.g. contract, land deed, receipt); 5) Technical information, such as Internet Protocol (IP) address, web beacon, log, device model and type, hardware-based identifiers such as universal device identifier (UDID), media access control information, software-based identifier such as identifier for advertisers for iOS operation system (IDFA), or identifier for advertisers for Android operation system (AAID), connection information, access information, single sign-on (SSO) information, login log, access time, time spent on our webpage, cookies, login data, search history, browsing detail, browser type and version, time zone setting and location, plug-in browser types and versions, operating system and platform, and other technology on devices used to access the platform; 6) Information related to customer relationship management, such as opening of customer account, management, operation, payment, dispute resolution, processing and reporting on behalf of the customer, such Personal Data may also include communication records with us; 7) CCTV details, please see our “CCTV Privacy Policy” for more details on how we collect, use and/or disclose Personal Data;

If you provide Personal Data of any third party (such as emergency contact or other party) to us, e.g. their name, family name, address, relationship and contact information, you represent and warrant that you have the authority to do so by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents (where required by laws or necessary) to permit the Company to use the Personal Data in accordance with this Privacy Policy.

We do not intentionally collect your sensitive data (“Sensitive Data”) such as the Sensitive Data as appeared in the government issued documents (e.g. religion information on the national identification card). However, in case that we do, we will only collect, use, and/or disclose Sensitive Data on the basis of your explicit consent or where permitted by law.

We only collect the Personal Data of children, quasi-incompetent person and incompetent person where their parent or guardian has given their consent. We do not knowingly collect Personal Data from persons under the age of 20 without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent. In the event that we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required or from quasi-incompetent person and incompetent person without their legal guardians, we will delete it immediately or collect, use and/or disclose if we can rely on other legal basis apart from consent or where permitted by law.

We collect, use and/or disclose Personal Data for the following purposes:

2.1 THE PURPOSES OF WHICH WE RELY ON CONSENT:

We rely on consent for the collection, use, and/or disclosure of your Personal Data to provide you with certain marketing communications in which we cannot rely on other legal bases: such as to provide you with marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications via online and offline channels about products and services provided by the Company, Companies under BTS Group, our affiliates, subsidiaries, and appropriate business partners. Where the Company relies on consent as our legal basis for the collection, use and/or disclosure of Personal Data, you have the right to withdraw consent by contacting the Company (at the address set out in Section 9 below). The withdrawal of consent will not affect the collection, use and/or disclosure of Personal Data and/or Sensitive Data that was previously consented before the withdrawal. If you do not give consent to the Company or subsequently withdraw your consent, the Company may not be able to provide our services to you.

2.2 THE PURPOSE THAT WE MAY RELY ON OTHER LEGAL BASES FOR COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA

We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and your interest, fundamental rights and freedoms in relation to the protection of your Personal Data; (4) for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the state authorities (6) for establishment and raising of potential legal claims or other legal bases permitted under applicable laws relating to personal data protection (as the case may be). Depending on the context of the relationship with us, we may collect, use and/ or disclose Personal Data for the following purposes:

1) To operate our business: such as to facilitate (e.g. social function arrangement or observational study in the country or abroad), to provide souvenirs and privileges, to request necessary details, to use as evidence, to manage the accounting, to support and conduct other activities relating to services or products of the BTS Group Companies, and to proceed financial transaction;

2) To register and verify: such as to register, record, and examine the information, authenticate, and verify;

3) To contact and communicate: such as, to use for any contact and news/information delivery, to inform and invite to activities, to arrange activities (e.g. CSR activities, press release, events, and exhibitions);

4) To provide marketing communications: such as, to provide marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications via online and offline channels about products and services provided by the Company, Companies under BTS Group, our affiliates, subsidiaries, and appropriate business partners;

5) To manage relationship: such as, to consider the complaints in relation to the products and services obtained from us and the Companies under BTS Group, to resolve the issues in the complaints and improve the services, and to coordinate with the relevant agencies in solving problems and improving the services;

6) To select and provide products or services which might be of an individual’s interest and tailored to individual’s needs: such as, to allow the Company, Companies under BTS Group, our affiliates, subsidiaries, and business partners to use the result from data cleansing and matching, data profiling and data analytics to recommend products and services that might be of an individual’s interest; to identify individual’s preferences, and customize the experience; and to develop website content and platforms to meet individual’s interests in the future;

7) To improve business operation, products and services: such as, to analyse, evaluate, and prepare a report for the Company and the Companies under BTS Group, to oversee operation, coordinate, monitor, examine, and control the operation within the group companies in order to comply with the policies, rules, and standards, to evaluate the reliability and completeness of internal operation, to lay out the plans and strategies in relation to the public relations operation and organizational policies, and to improve the business operation or advance other lines of businesses;

8) To ensure the function of our websites, mobile applications, and platforms: such as, to administer, operate, track, monitor and manage our websites and platforms to facilitate and ensure that they function properly, efficiently and securely; to facilitate and enhance users experience on our websites, and platforms; and to improve layout and content of our websites and platforms;

9) To manage IT-related matter: such as, for IT management, management of communication system, IT security system and to control access to data and system and to conduct IT security audit; internal business management for internal compliance requirements, policies and procedures; and to revise and update our database;

10) To comply with legal obligations and orders from the government agencies: such as, where the Company or the Companies under BTS Group has a reasonable ground to believe that they shall comply with the laws and/or orders or provide cooperation to such cases, to follow the legal proceedings or government authorities’ orders which include government authorities outside Thailand and/or cooperate with court, regulators, government authority and law enforcement bodies. We may have to disclose Personal Data to comply with the said legal provisions, proceedings or government orders. This includes internal investigation proceedings or crime/fraud prevention and/or establishment of legal claims;

11) To protect our interests: such as to protect the security and integrity of our business and the businesses of the Companies under BTS Group or other relevant entities; to exercise our rights and protect the interests of the Company and the Companies under BTS Group or other relevant entities where it is necessary and lawful to do so, for example, to detect, prevent and proceed with matters in relation to any corruptions, intellectual property infringement claims or violations of law; to manage and prevent loss of our assets; to detect and prevent misconduct within the premises of the Company or the Companies under BTS Group, to secure the compliance of the terms and conditions of the Company, Companies under BTS Group, or other relevant entities, to detect and prevent internal misconduct, to monitor incidents, to prevent and report criminal offences and to protect the security and confidence in the businesses of the Company and Companies under BTS Group;

12) Business transfer or merger: in case of sale, transfer, merger, organizational restructuring, or other event of the same nature, the Company may transfer your Personal Data to one or many other third party(ies) as part of such transaction;

13) To manage risks: such as, to perform risk management, performance monitoring and risk assessments; and/or

14) To provide security: such as, to prevent or suppress a danger to a person’s life, body, health, or asset, or for disease/epidemic control.

In case the Personal Data we collect from you is needed to meet our legal or contractual obligations or enter into an agreement with you, if we do not receive the Personal Data when requested, we may not be able to achieve the abovementioned purposes.

We may disclose or transfer your Personal Data to the following third parties who collect, use, and/or disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located inside or outside Thailand. You can read their privacy policy to learn more on how they collect, use and/or disclose Personal Data since you will be subject to their privacy policies.

3.1 Companies under BTS Group

As the Company is part of the BTS Group Companies which all, including their affiliates and subsidiaries, may collaborate and partially share customer services and systems, e.g. service system and website-related systems, we may need to transfer your Personal Data to, or otherwise allow such Personal Data to be accessible by the BTS Group Companies, affiliates or subsidiaries, for the purposes set out above. In this regard, the BTS Group Companies, their affiliates and subsidiaries could also rely on the consent obtained by us to use your Personal Data.

3.2 Our service providers

We may engage other companies, agents or contractors to perform services on our behalf or to accommodate the provision of services. We may disclose Personal Data to the third-party service providers, including, but not limited to, (1) infrastructure, software, internet and website developers and IT service providers; (2) data storage and cloud service providers; (3) data storage and/or document destruction service providers; (4) warehousing and logistics service providers; (5) travel agencies/ travel companies and/or (6) event organizers.

In the course of providing such services, the service providers may have access to Personal Data. However, we will provide the Personal Data only that is necessary for them to perform the services, and we ask them not to use your Personal Data for any other purposes. We will ensure that all service providers we work with will keep your Personal Data secure.

3.3 Our business partners

We may transfer your Personal Data to our business partners to operate our business and provide services including, but not limited to, project owners, manufacturers or service providers for CSR projects, banks, financial institutes, securities companies, insurance companies, provided that the receiving business partner shall agree to treat Personal Data in a manner consistent with this Privacy Policy.

3.4 Third parties permitted by law

In certain circumstances, we may be required to disclose or share your Personal Data to third parties in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, embassy, consulate, regulator, or other government authorities, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety; or to detect, prevent, or otherwise address fraud, security or safety issues.

3.5 Professional advisors

We may have to disclose Personal Data to our expert advisors including, but not limited to, (1) independent advisors, project advisors, financial advisors; (2) legal advisors who assist us in our business operations and provide litigation services such as defending or initiating legal actions; and/or (3) auditors who provide accounting services or conduct financial audit for the Company.

3.6 Other third parties

We may be required to disclose Personal Data based on the legal bases in accordance with the purposes as specified in this Privacy Policy to other third parties, such as the public, complainants or other third parties that we receive a request to access our CCTV records etc.

3.7 Third parties connected with business transfer

We may disclose or transfer your Personal Data to our business partners, investors, major shareholders, assignees or transferees in the event of any reorganization, restructuring, amalgamation, merger, acquisition, business transfer, in whole or in part, sale, purchase, joint venture, assignment, or any similar event involving transfer or other disposition of all or any portion of our business, assets or stock. If any of the above events occurs, the receiving party will comply with this Privacy Policy to respect your Personal Data.

We may disclose or transfer Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards as Thailand’s. We take steps and measures to ensure that Personal Data is securely transferred, the receiving parties have in place suitable data protection standard and the transfer is legal or lawfully permitted under the applicable laws.

We retain Personal Data for as long as is reasonably and appropriately necessary to fulfil purposes for which we obtained them and to comply with the relevant legal and regulatory obligations. However, we may have to retain Personal Data for a longer duration, as required by the applicable laws.

If you visit our websites, cookies will gather or track certain information in relation to your use of our websites which will be used to analyze trends, administer our websites, track users’ movements around the websites, or to remember users’ settings.

Some of the cookies are necessary because without them, the site would not be able to function properly. Other cookies will help us to improve your experience on our websites and adjust the content to suit your needs which would make your browsing more convenient as the cookies remember the users (in a secure manner) as well as your language preferences.

Usually, most internet browsers allow you to control whether or not to accept cookies. If you reject cookies, it might affect your use of the websites and your ability to use some or all of the features or areas of our websites may be limited. Please see our Cookies Policy for more details.

As a mean to protects personal privacy of your Personal Data, we maintain appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

In particular, we have implemented access control measures which are secured and suitable for our collection, use, and disclosure of Personal Data. We restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user, access management to limit access to Personal Data to only authorized persons, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of Personal Data or theft of device used to store and process Personal Data. This also includes measures that enables the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of collecting, using and/or disclosing of Personal Data.

Subject to applicable laws and exceptions thereof, a data subject may have the following rights to:

1) Access: Data subjects may have the right to access or request a copy of the Personal Data we are collecting, using and/or disclosing. For privacy and security, we may require proof of the data subject's identity before providing the requested Personal Data;

2) Rectification: Data subjects may have the right to have incomplete, inaccurate, misleading or not up to date Personal Data that we collect, use and/or disclose rectified;

3) Data Portability: Data subjects may have the right to obtain Personal Data relating to them in a structured, electronic format, and to transmit such data to another data controller, where this is (a) Personal Data which you have provided to us, or (b) if we are collecting, using and/or disclosing that data on the basis of data subject's consent or to perform a contract with the data subject;

4) Objection: Data subjects may have the right to object to certain collection, use and/or disclosure of Personal Data;

5) Restriction: Data subjects may have the right to restrict our use of Personal Data where the data subject believes such Personal Data to be inaccurate, that our collection, use and/or disclosure is unlawful, or that we no longer need such Personal Data for a particular purpose;

6) Withdraw Consent: For the purposes the data subjects have consented to our collection, use and/or disclosure of Personal Data, data subjects may have the right to withdraw consent at any time;

7) Deletion: Data subjects may have the right to request that we delete, destroy or anonymize Personal Data that we collect, use, and/or disclose, except we are not obligated to do so if we need to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims; and

8) Lodge a complaint: Data subjects may have the right to lodge a complaint to the competent authority where the data subject believe our collection, use and/or disclosure of Personal Data is non-compliance with applicable data protection laws.

If you wish to contact us to exercise the rights relating to Personal Data or if there is any queries about your Personal Data under this Privacy Policy, please contact our Data Protection Officer (DPO) at:

Trans.Ad Solutions Company Limited 21 TST Tower,21st floor, Viphavadi-Rangsit Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900 Thailand E-mail: dpo@transad.co.th Tel: 02 001 9900-2 Ext. 110 This notice was last updated on 1 November 2022