EASTERN POLYMER GROUP POLICY COMPANY LIMITED
PRIVACY NOTICE
( FOR SHAREHOLDER )
Eastern Polymer Group Public Company Limited (“the Company”) respects the privacy rights of Shareholders (“you”) and the importance of personal data and adequate protection of personal data that must be provided. To prevent infringement of the privacy rights of the owner of personal data, whom are our responsibility, therefore; the Company hereby prescribes and notifies the privacy for processing personal data to the personal data owner for their acknowledgement regarding the details related to the collection, use or disclosure of personal data as follows:
1. The purpose for collecting, using, or disclosing personal information
The Company may store, collect, use, or disclose personal information as necessary based on the legal basis for the following purposes:
1.1 To comply with laws, regulations and orders of legal authorities such as management of the shareholder register, company management (e.g. capital increase, capital reduction, reorganisation change of registration transaction), shareholders’ meeting, management of rights and duties of shareholders, dividend payment, accounting and reporting, delivery of documents to shareholders or any other actions, which complies with the law on public limited companies or the law on securities and exchange including other relevant laws.
1.2 For the legitimate benefits of the Company, such as company management, recording of the meetings and preparing minutes of meetings to send to relevant agencies such as the Stock Exchange of Thailand, including publishing details on the Company’s website and other communication channels, recording video and/or audio of the meeting security, sending any news or offers for the benefits of shareholders including for the exercise of legal claims.
1.3 To prevent and suppress harm to the body, life or health of the shareholders such as emergency contacts and communicable disease control and prevention.
2. Personal Data Processing Base
The Company will process personal data based on lawful data processing basis as follows:
2.1 Legal compliance basis
2.2 The Company’s legitimate benefits basis
2.3 Data subject consent basis
2.4 Other lawful basis
3. Types and Sources of Personal Data
The Company collects your personal information directly from you in document format or electronic data. You may be asked to fill in the documents that the Company has prepared or fill in the information in the online platform designated by the Company and/or any other methods. However, the Company needs to process some of your data. This may be your personal information that the Company receives from other sources in order to achieve the objectives in clause 1, such as the securities registrar by your personal information that the Company has collected as follows:
3.1 General of Personal Data
(1) Personal identification information includes first name, last name, national identification number, Passport number, date of birth, gender, age, nationality, signature, name-surname change, photograph, etc.
(2) Contact information such as an address, telephone number, fax numbers, email addresses, etc.
(3) Financial information such as bank account numbers (In the case of receiving benefits from dividend payments)
(4) Information about participation in activities organised by the Company and/or contact information with the Company including recording images, audio, video or moving images through CCTV.
3.2 Sensitive Personal Data
The Company has no intention of keeping, collecting, and using the religious and blood group information that appears on the page of your ID card. If you give a copy of your ID card to the Company, the Company asks you to conceal such information before delivering it to the Company. If you do not conceal the above information, you are deemed to have consented to the Company’s concealment of such information, and it is deemed that the documents to be concealed are complete and enforceable in all respects by law.
However, in some activities, the Company must process your personal data. The Company may also collect and use some additional sensitive personal data such as health information to facilitate the organisation of such activities for the fulfilment of the purposes as stated explicitly by the Company in the consent documents, and the Company will proceed to obtain your explicit consent before the collection of such sensitive personal data.
4. Storage Period of Information
The Company will retain personal data for the period necessary to achieve the stated purpose. By considering the necessity of each type of data practice and after the expiration of such period. The Company will further destroy or delete personal data by appropriate means as determined by the Company. The Company will consider the criteria used to determine the period to keep your personal information, such as the length of time the Company still has a relationship with you or the length of time the Company still has benefits for you and may continue to be retained for the period necessary for legal compliance or legal statute of limitations.
5. Disclosure of Information
To achieve the objectives stated in this notice, the Company may disclose your information to third parties as follows:
5.1 Subsidiaries and affiliates to take action to achieve the objectives stated above.
5.2 Government agencies, regulators, or an agency prescribed by law, including officials who exercise legal powers such as the courts, the police, the Securities and Exchange Commission, the Revenue Department, etc.
5.3 Agents, contractors, subcontractors and/or service providers for any operations such as service providers to facilitate shareholders, auditors, lawyers, legal advisors, Thailand Securities Depository Company Limited (TSD), financial advisors, etc.
5.4 Banks that are responsible for payment to shareholders
5.5 Shareholder Registrar
5.6 Shareholders’ Representative
6. Your Rights as the Owner of Personal Data
6.1 The right to withdraw consent
If the Company asks for consent to collect, use or disclose your personal information, you have the right to withdraw your consent to the processing of personal data that you have given us throughout the period that your personal data is with us.
6.2 The right to access personal data
You have the right to access your personal data and to request the Company to make a copy of that personal data, including asking the Company to disclose the acquisition of personal information that you did not give consent to us.
6.3 The right to correct personal data
If you see that your personal information collected by the Company is inaccurate, you have the right to request the Company to correct the inaccurate information or add the incomplete information.
6.4 The right to delete personal data
You have the right to request the Company to delete your personal data for any reason.
6.5 The right to suspend the use of personal data
You have the right to withhold the use of your personal data for any reason.
6.6 The right to transfer personal data
You have the right to transfer personal data you have provided to the Company to another data controller or yourself.
6.7 The right to object to the processing of personal data
You have the right to object to the processing of information about you in the event of the collection, use or disclosure of personal data about you as required by law.
6.8 The right to complain
You have the right to complain to a competent official under the Personal Data Protection Act B.E. 2562 (2019) if the Company violates or fails to comply with the said Act.
7. Measurement to Maintain the Security of Personal Data
The Company has provided a system for collecting personal information to maintain security and prevent the loss, access, use, alteration or disclosure of personal information without authority or abuse. There is an access control mechanism, and security and security measures are in place. The Company will arrange for regular reviews of the measures to be effective in maintaining physical, administrative and technical security.
8. Ways to contact the Company and the Personal Data Protection Officer
If you have any questions about this Privacy Notice for Shareholders or want to exercise the rights shown in clause 6, please use the contact form on the Company’s website. https://epg.co.th/ or contact via the Personal Data Controller or Personal Data Protection Officer, Eastern Polymer Group Public Company Limited, as follows:
8.1 Personal Data Controller: Eastern Polymer Group Public Company Limited: Human Resources and Administration Department
- No. 770 Thepharak Road, Thepharak Subdistrict, Mueang District, Samut Prakan Province 10270
- Tel. 02 383 6599
8.2 Personal Data Protection Officer:
- No. 770 Thepharak Road, Thepharak Subdistrict, Mueang District, Samut Prakan Province 10270
- Email dpooffice@EPG.co.th
- Tel. 02 383 6599
You can contact the Personal Protection Officer to submit a claim for rights action using the contact details above. You do not need to pay any fees for processing. The Company will consider and notify the result of consideration according to the request within 30 days from the date the Company receives the said request.