PRIVACY POLICY FOR SHAREHOLDERS’ MEETING
VGI PUBLIC COMPANY LIMITED

Updated as of 16 July 2021

This Privacy Policy (“Privacy Policy”) describes how VGI Public Company Limited (the “Company”) collects, uses and/or discloses your personal data as a shareholder, proxy, custodian or the authorized person to act on behalf of a corporate shareholder for the Company’s meeting of the shareholders /securities holders.

1. WHAT PERSONAL DATA WE COLLECT

The Company may collect your following personal data from you directly:

1) Personal details: such as name, last name, sex, nationality, occupation, date of birth, status, photograph, picture,
voice recording, signature, identification number, passport number, taxpayer identification number, government official identification number, company registration certificate, business certificate (such as custodian) including information
on driving license or information on any other cards issued by government authorities, details regarding shares/securities holding (such as securities issuing company, number of share/securities held, share/securities number, category, shareholding ratio), details on proxy (name, address of the proxy, name of the Company’s independent director), information regarding voting at the meeting (such as your voting at each agenda whether you agree, disagree or abstain etc.) and/or dividend amount.

2) Contact details: such as address, phone number, mobile phone number and/or e-mail

3) Financial details: such as information regarding bank account (such as account name, account number, name of the bank, swift code, account location) and/or information on the relevant contracts such as Share Purchase Agreement

4) Sensitive data: such as health information (for the purpose of screening and control of communicable or epidemic disease)

The Company will not collect, use and/or disclose sensitive personal data unless the Company has obtained an explicit consent from you or otherwise permitted by applicable laws.

2. PURPOSES AND LEGAL GROUND ON WHICH THE COMPANY RELIES FOR THE COLLECTION, USE AND/OR DISCLOSURE OF YOUR PERSONAL DATA

Apart from obtaining your consent in the case that it is legally required, to collect, use and/or disclose your personal data for the following purposes, the Company may rely on or hold to (1) contractual basis, for our initiation or fulfilment of
a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities or other legal grounds as permissible under the law concerning personal data protection (as the case may be):

1) identity check and verification and proceeding as you requested;

2) holding the meeting of shareholders/securities holders and proceeding regarding voting and vote counting at the meeting of shareholders/securities holders;

3) preparing the register book of shareholders/securities holders or preparing title documents for holding or transferring, issuing of new share/securities certificates and/or splitting share/securities certificates for any sale and purchase and/or exchange of share/securities;

4) dividend payment to the shareholders/securities holders;

5) security and maintaining security for the Company’s business;

6) compliance with rules, regulations and articles of association of the Company, including laws and/or legitimate orders of the courts, competent authorities, government agencies, and/or state organizations;

7) exercising of rights or protecting the legitimate interest of the Company as necessary, such as auditing and protecting fraud, crime or non-compliance with laws;

8) public interest for protecting third parties who are in the premises or places under the Company’s supervision; and

9) protecting or preventing harm against your life, body, health, or properties or those of third parties (as the case may be).

If you cannot provide the personal data as requested by the Company, the Company may not authorize your participation in the meetings held by the Company.

3. DISCLOSURE OR TRANSFER OF YOUR PERSONAL DATA TO THIRD PARTIES

The Company may disclose your personal data to Companies under BTS Group, the Company’s business partners, securities depository, service providers (such as the company providing services on registration and vote counting system), consultants, law enforcing agencies, courts, state officials, state agencies, and competent authorities.

Please see the list of Companies under BTS Group

4. CROSS-BORDER TRANSFERS OF PERSONAL DATA

The Company may disclose or transfer your personal data to oversea countries with a personal data protection standard that is higher or lower than that of Thailand. In such case, the Company shall ensure that the appropriate procedures required by the law shall be undertaken. 

5. HOW LONG DO WE KEEP PERSONAL DATA

The Company retains your personal data for as long as it is necessary to fulfil the purposes for which the Company collected it. The Company may retain your personal data longer if it is necessary for the Company’s compliance with applicable laws.

6. YOUR RIGHTS AS A DATA SUBJECT

Subject to the applicable laws and legal exemptions thereunder, you may have the rights to access to, to obtain a copy
of your personal data, to request the Company to disclose how your personal data is acquired without your consent, to transfer, amend, erase, destroy, and anonymize your personal data, including to object and suspend the collection, use and/or disclosure of your personal data in certain cases. You may withdraw your consent in the case that the Company is relying on such consent. In addition, if you consider that the Company violates the laws concerning personal data protection, you may lodge a complaint to the relevant authority as prescribed by law. 

7. DATA SECURITY

The Company maintains appropriate security measures, which include administrative, technical and physical safeguards
in relation to access control, to protect the confidentiality, integrity, and availability of personal data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

For the details regarding the Company’s data security, please visit our Customer Privacy Policy.

8. OUR CONTACT DETAILS

Should you have any questions, inquiries, or requests to exercise the rights in relation to your personal data, please kindly contact our Data Protection Officer (DPO) at

VGI Public Company Limited
21 TST Tower, 9th Floor, Vibhavadi Rangsit Rd.,
Chom Phon, Chatuchak, Bangkok 10900
Thailand

Email: dpo@vgi.co.th Tel: 02 273 8884 Ext. 147