Privacy Policy

Chao Phraya Estate Residences Company Limited, and its group companies, including without limitation to its ultimate shareholder (collectively, “CPER Group”) respect and value the privacy of anyone interacting, communicating and providing Personal Data to CPER Group (“Data Subjects”), and CPER Group commit to treat all Personal Data with security and confidentiality.

This Privacy Policy sets out CPER Group’s practices and security measures with respect to the Personal Data and applies to all personal data of any individuals whom CPER Group engages with, including the employees, customers, vendors and stakeholders of CPER Group.

Data Subjects may review this Privacy Policy together with other privacy statements which CPER Group may additionally provide on this website or on specific occasions when CPER Group collects the personal data of the Data Subjects (“Privacy Statements”). This Privacy Policy supplements to the other Privacy Statements and is not intended to override them.

1.Key Summary of this Privacy Policy

CPER Group has engaged with the Data Subjects for several purposes, and therefore has numbers of the personal data under the collection. In this regard, CPER Group ensures that the personnel, business operations, and performances of CPER Group shall be complied with this Privacy Policy, the Privacy Statements (if applicable) and the Personal Data Protection Act B.E 2562 (“PDPA”) and other applicable laws, in order to protect the privacy and security of the Data Subjects, including to avoid unauthorized or unlawful acts, to prevent violation of laws, and to mitigate any potential risks from penalty imposed by the PDPA and applicable laws.

2.Types of Personal Data

Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly excluding the data of a deceased individual.

CPER Group may collect the Personal Data in relation to the Data Subjects as follows:

Identity data such as name, title, gender, age, nationality, country of residence, marital status, date of birth, occupation, identification card, passport, other government-issued identification data and any other identity data with the similar nature

Sensitive data such as religion, ethnicity, dietary, sexual preference, allergy data, health data, and criminal records.

Contact details such as address, phone number, email, messaging application accounts, such as Line, WhatsApp and other social media accounts, such as Facebook and Instagram.

Financial data such as credit/debit card information, bank account details, source of fund and assets list.

Employee data such as social security information, tax information, educational background, work experience, salary rate, work performance, working hours and leaves.

Preference and lifestyle information, such as interest, hobby, likes and dislikes

Transactional data such as information of services or products sold or provided to the Data Subjects, correspondence information, enquiries, feedback and purchase history.

Technical information such as cookies, IP address, log files, location, mobile network data, hardware model, operation system

Security & loss prevention data such as security camera footage and license plate data.

Stakeholders information such as shareholding details, information in proxy, bond, debenture, and B/E details.

Data publicly available on both online and offline channels such as social media data, photos, posts, locations, friend list and liked pages.

If the Data Subjects would like to use any service or product of CPER Group, work with CPER Group or otherwise engage in any business arrangement with CPER Group, CPER Group will need the Data Subjects’ Personal Data in order to provide such service or product, enter into a contract with the Data Subjects, perform any obligation thereunder, or meet any of the Data Subjects’ requests, which CPER Group may not be able to do so without the Personal Data of the Data Subjects.

If you provide the Personal Data about other persons to CPER Group, you affirm that this Privacy Policy and the Privacy Statements (if applicable) have been reviewed by such persons and that such persons have given their consent regarding the processing of their Personal Data.

3.Collection of the Personal Data

CPER Group may collect the Personal Data provided by the Data Subjects from any engagements or interactions with the Data Subjects either via online or offline means, such as through the websites or applications owned or controlled by CPER Group (“CPER Group’s Websites & Applications”), phone call, email, messaging applications, including when the Data Subjects use CPER Group’s services or products, apply for a position at CPER Group, engage in any transactions or business arrangement with CPER Group, or invest in CPER Group.

CPER Group may also collect the Personal Data from other sources as well, such as from family member or related persons of the Data Subjects, referrers, marketing companies, recruitment agencies and other publicly available sources in either online or offline database. In this regard, the Data Subjects affirm that the Data Subjects have reviewed this Privacy Policy and the Privacy Statements (if applicable) and have given the consent regarding the processing of the Data Subjects’ Personal Data to such persons above.

4.Retention Period

CPER Group will retain the Personal Data for no longer than 10 (ten) years after the last contact between CPER Group or termination of contractual relationship with the Data Subjects. However, CPER Group may continue to retain the Personal Data as long as (a) it is permitted by PDPA and/or any applicable laws, (b) CPER Group is under the certain contracts with the Data Subjects, (c) CPER Group is under legal obligation to retain the Personal Data, (d) CPER Group has received the consent from the Data Subjects, and (e) it is deemed necessary to complete the objective of this Privacy Policy and the Privacy Statements.

5.Purpose of Personal Data Processing

The Personal Data shall be collected and used only for the purposes stated below, including any purposes stated in the Privacy Statements, any other purposes that the Data Subjects have given their consent CPER Group from time to time, and any other purposes as permitted or required in PDPA and/or any applicable laws.

To enter into any agreement and fulfil the obligations thereunder.

To maintain contractual relationship and communicate with the Data Subjects.

To comply with legal requirements, court orders and/or orders from governmental authorities.

To provide any personalized services, goods and products to the Data Subjects.

To offer services, products, and marketing messages.

To process payment, refund, or issue invoices and receipts.

To protect the security of CPER Group’s business and operation.

To allow CPER Group to conduct its business operation and ensure security of CPER Group’s business.

To prevent any loss, crime, fraud or any unlawful acts.

To improve CPER Group’s business and internal operations.

To perform of any actions required to fulfil the above purpose

6.To Whom Personal Data is Disclosed

CPER Group may be required to disclose the Personal Data in relation to the Data Subjects to the third parties, including without limitation to the companies within CPER Group, governmental authorities, financial institutions, service providers, suppliers, business partners, stakeholders and professional advisors. In this regard, the disclosure shall be conducted for the purposes as stated in the Privacy Policy, the Privacy Statements and the consent given by the Data Subjects and/or other purposes as required or permitted by PDPA and/or any applicable laws.

7.Cross-Border Transfer

CPER Group may disclose or transfer the Personal Data in relation to the Data Subjects to the parties located overseas, in which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. In any case, CPER Group takes steps and measures to ensure that the Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or other derogations as allowed by applicable laws.

8.Cookies

Cookies are software which is stored in the CPER Group’s Websites & Applications and sent to the Data Subjects’ browser when using the CPER Group’s Websites Applications. The Cookies on the CPER Group’s Websites & Applications are used to identify and distinguish the users who have visited the CPER Group’s Websites & Applications and track their personal preference, which the data of the users shall be automatically collected by Cookies. These Cookies do not

cause any harmful effects to the computer or transmit any viruses, Cookies otherwise help CPER Group to serve the users with personalized service or support, provided that its purposes of using are:

to increase effectiveness of the CPER Group’s Websites & Applications in operating online service or interactive applications;

to enhance the visitation to the CPER Group’s Websites & Applications, such as to recognize a name, account, password or previous interest, in order to serve those who repeatedly use the CPER Group’s Websites & Applications or services; and

to analyze the performance, including update and improve the operation of the CPER Group’s Websites & Applications. Cookies have a lifetime of 712 days, after such period the data will be automatically and permanently deleted.

If the users, as the Data Subjects, disagree to the use of Cookies in automatically collecting the data while browsing the CPER Group’s Websites & Applications, the users can choose not to accept Cookies by visiting [www.aboutcookies.org].

9.Log Files

CPER Group may record log files from the Data Subjects visiting CPER Group’s Websites & Applications. Log files include IP address, browser type, internet service provider name, entry and exit pages, platform type, date/time stamp, and number of clicks.

10.Surveillance camera

CPER Group uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of CPER Group for safety purposes including the prevention and detection of crimes. The surveillance cameras of CPER Group will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of CPER Group, which is accessible by the people throughout 24 hours. The surveillance system does not use sound recording. CPER Group ensures that live feeds and captures from the surveillance cameras will be observed by authorized person of CPER Group only.

11.Minors

The minor means any person under the age of 20 years. CPER Group may not know the age of the Data Subjects visiting CPER Group’s Websites & Applications. The parents of the minors providing the Personal Data through CPER Group’s Websites & Applications, may request CPER Group to delete the Personal Data of such minors. If CPER Group is aware that the Data Subjects are minors, CPER group will, and without delay, proceed to obtain consent from the parents, if required by the PDPA and/or other applicable laws.

12.Personal Data Security Measure

CPER Group recognizes the importance of maintaining the security of the Data Subjects’ Personal Data. Therefore, CPER Group has implemented reasonable technical and organizational security measures to protect the Data Subjects’ Personal Data collected by CPER Group against unauthorized access, misuse, loss or destruction, which include [control access, encrypted storage and storage with lock.]

13.Data Subjects’ Rights

Where permitted by the PDPA or applicable laws, the Data Subjects have the rights with respect to their Personal Data to:

Access: The Data Subjects may have the right to access or request a copy of the Personal Data, which CPER Group is collecting, using or disclosing about the Data Subjects. For the Data Subjects’ own privacy and security, CPER Group may require the Data Subjects to prove their identity before providing the requested Personal Data.

Data Portability: The Data Subjects may have the right to obtain Personal Data of them, which CPER Group holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) Personal Data of the Data Subjects and (b) if CPER Group is collecting, using or disclosing such Personal Data on the basis of the Data Subjects’ consent or to perform a contract with the Data Subjects.

Rectification: The Data Subjects may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data which CPER Group collects, uses or discloses about the Data Subjects rectified.

Withdraw Consent: For the purposes of consent, which the Data Subjects have given to CPER Group for the collecting, using or disclosing of the Data Subjects’ Personal Data, the Data Subjects have the right to withdraw such consent at any time.

File a complaint: The Data Subjects have the right to file a complaint with CPER Group and/or the Personal Data Protection Committee if the Data Subjects believe that there is violation of the PDPA.

Objection: The Data Subjects may have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where Personal Data is being processed for direct marketing.

Restriction: The Data Subjects may have the right to restrict the processing of the Personal Data in circumstances where the Data Subjects have contested the accuracy of the Personal Data, for the period enabling CPER Group to verify its accuracy.

Deletion (‘right to be forgotten’): The Data Subjects may have the right to request that CPER Group delete or de- identify Personal Data which CPER Group collects, uses or discloses about the Data Subjects, unless CPER Group is not obligated to do so, or if CPER Group needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.

The Data Subjects may exercise these rights by changing privacy preference, unsubscribing, or contacting CPER Group or the Data Protection Officer as detailed in paragraph 16 below.

The Data Subjects’ withdrawal of any previously given consent, request to delete or anonymize the Personal Data, request to restrict or object to the processing of the Personal Data could mean that CPER Group is unable to perform its obligations under an existing contract and unable to provide the Data Subjects with the services and products and/or to acts on the Data Subjects’ request.

CPER Group may refuse to comply with the request if (a) there are legal restrictions, (b) CPER Group has compelling legitimate grounds for the processing of the Personal Data as required or permitted by the PDPA and/or any applicable laws, (c) the Personal Data has been made anonymous, (d) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request, or (e) the person submitting the request does not have legal grounds to exercise the rights or Personal Data in the possession of CPER Group.

14.Privacy Policy of other Websites

The CPER Group’s Websites & Applications contain address links to other websites. This Privacy Policy applies only to the CPER Group’s Websites & Applications and CPER Group shall be solely responsible subject to the scope of this Privacy Policy. CPER Group shall not be responsible for any collection, storage, process, or disclosure of Personal Data, or the use of Cookies conducted by other websites which the Data Subjects access from the CPER Group’s Websites & Applications. Therefore, CPER Group would kindly suggest the Data Subjects carefully review the privacy policies of other websites before submitting any Personal Data.

15.Amendment and Review

CPER Group shall regularly review this Privacy Policy and the Privacy Statements from time to time to be in accordance with any amendments made to the PDPA and applicable laws. Changes or amendments to this Privacy Policy and the Privacy Statements shall be publicly announced on the CPER Group’s Websites & Applications to inform the Data Subjects; however, if the amendments are considered specifically causing significant effect to the Data Subjects, such amendment shall be directly notified to the Data Subjects.

16.Miscellaneous

This Privacy Policy and the Privacy Statements are governed by and shall be construed in compliance with the PDPA and the laws of Thailand. This Privacy Policy the Privacy Statements are written in English and Thai language. In the event of any inconsistency between the English versions and Thai versions, the English versions shall prevail.

17.Contact Us

Regarding all queries or awareness with respect to the Personal Data arising from this Privacy Policy, the Privacy Statements, or the activities of CPER Group, including the exercise of any right as set out in this Privacy Policy, CPER Group and the Data Protection Officer can be contacted at the below address:

Attention:

Administrator

Email:

info@chaopharyaestate.com

Website:

https://chaophrayaestate.com/