Privacy Notice for Shareholders and Directors

H-DO (THAILAND) Limited ("the Company") respects the privacy rights of shareholders and directors ("you") and, to ensure that you receive protection of your personal data, has prepared this privacy notice to inform you of the details of the collection, use, and disclosure (collectively, "processing"), as well as the deletion and destruction, of your personal data, through online and other channels, as required by the personal data protection law, as follows:

• 1. Purposes of Processing Personal Data

  • To comply with the law, such as company administration (e.g., incorporation, capital increase/reduction, business restructuring, changes to registered particulars), shareholder meetings, the nomination and holding of directorships, board meetings, management of shareholders' rights and duties, dividend payments, preparation of accounts and reports, statutory document audits, dispatch of documents or letters, and the various legal duties of a limited company.
  • For the legitimate interests of the Company or others, such as company administration, recording the image or audio of meetings, security, organizing activities, sending any news or offers for the benefit of shareholders or directors, and exercising legal claims.
  • To prevent and suppress danger to the life, body, or health of you or others, such as emergency contact and the control of communicable diseases.

• 2. Personal Data Collected

  Where you are a shareholder, the Company collects the personal data of shareholders, including proxies or authorized representatives, directly from you or from the securities registrar, such as name, surname, address, phone number, email, contact channel, nationality, occupation, date of birth, taxpayer ID number, national ID number, juristic-person registration number, bank account, and number of shares.

  The Company collects the personal data of directors and persons nominated as directors directly from you, as well as from government agencies, regulators, and publicly disclosed information, as follows:

  • In the nomination process, the Company collects personal data from the national ID card or government-issued documents usable for identity verification, such as name-surname, gender, ID-card number, passport number, photograph, date of birth, nationality, and place of birth.
  • For persons holding the office of director, additional personal data is collected, such as remuneration payments, training and activities, marital status, information on spouse/cohabiting partner, children, parents, and siblings, bank account number, email, educational background, occupation, work history, directorships or positions in other companies or businesses, attendance at board, sub-committee, or shareholder meetings, director remuneration, securities-holding information, securities-company names, directors' performance, and other information as required by law or good corporate-governance principles.
  • When you participate in any of the Company's activities, the Company may collect additional personal data by obtaining your consent on a case-by-case basis.

• 3. Requesting Consent and Possible Effects of Withdrawing Consent

  Where the Company collects and processes personal data based on your consent, you may withdraw the consent you have given the Company at any time. Such withdrawal does not affect the collection, use, disclosure, or processing of personal data to which you have already consented.

  If you withdraw the consent given to the Company or refuse to provide certain data, the Company may be unable to act to achieve some or all of the purposes stated in this privacy notice.

  If you are under 20 years of age, please inform the Company of the details of your legal guardian before giving consent, so that we can also obtain consent from your guardian.

• 4. Retention Period for Personal Data

  The Company will retain your personal data for the period necessary to achieve the purposes for each type of personal data, unless the law permits a longer retention period. Where the retention period cannot be clearly determined, data will be retained for a period that can reasonably be expected according to collection standards (e.g., the general statutory prescription period of up to 10 years).

  The Company maintains an audit system to delete or destroy personal data once the retention period has expired or where the data is no longer relevant to, or exceeds what is necessary for, the purposes of its collection.

• 5. Disclosure of Personal Data to Others

  The Company discloses and shares your personal data with other persons and juristic persons ("others") to achieve the purposes of collecting and processing personal data stated in this privacy notice, such as government agencies (e.g., the Ministry of Commerce, the Bank of Thailand, courts, or persons involved in litigation), relevant service providers (e.g., meeting-management providers, financial institutions, partners and business counterparties, advisers, professional service providers), and others necessary to carry out the stated purposes.

  The Company will require recipients of the data to have appropriate measures to protect your data, to process such personal data only as necessary, and to take action to prevent any unauthorized or unlawful use or disclosure of personal data.

• 6. Security Measures for Personal Data

  The security of your personal data is important. The Company has adopted appropriate security and management standards to protect personal data from loss, unauthorized access, use, or disclosure, misuse, alteration, and destruction, using technologies and security procedures such as encryption and access restriction, to ensure that only authorized persons access your personal data and that such persons are trained on the importance of personal data protection.

  The Company implements appropriate security measures to prevent loss, access, use, alteration, modification, or disclosure of personal data by persons without related rights or duties regarding that personal data, and will review such measures when necessary or when technology changes, to maintain effective and appropriate security.

• 7. Your Rights Regarding Personal Data

  You have the following rights under the personal data protection law (in summary):

  • To withdraw the consent you gave the Company for processing your personal data.
  • To access and copy your personal data, or to request disclosure of the source of your personal data.
  • To send or transfer personal data in electronic form, as provided by the personal data protection law, to another data controller.
  • To object to the collection, use, or disclosure of personal data concerning you.
  • To erase or destroy, or to anonymize, your personal data.
  • To restrict the use of your personal data.
  • To rectify your personal data so that it is accurate, current, complete, and not misleading.
  • To lodge a complaint with the Personal Data Protection Committee where we or a data processor, including our or the processor's employees or contractors, violates or fails to comply with the personal data protection law.

  The Company will consider and notify you of the outcome of your request to exercise rights promptly, within 30 days of the date the Company receives such request. The rights stated above are as provided by the personal data protection law.

• 8. Contact Information

  If you wish to contact us, have questions, or want to inquire about the details of the collection, use, and/or disclosure of your personal data, including your rights under this notice, or wish to cancel the use of your personal data for contact, or if you find that your personal data has been misused, you may contact the Company through the following channel:

  H-DO (THAILAND) Limited
  88/8 Capital Link Building, 6th Floor,
  Sathon Nuea Road, Silom, Bangrak, Bangkok 10500
  Tel: 02-011-1535
  Email (Data Protection Officer / Privacy Inquiries): h-do@housedo.co.jp