Asia Business Alliance Company Limited (hereinafter referred to as the ‘Company’) is a business of plant cultivation, breeding and other plant propagation.

The company would like to inform you that The company recognizes the importance of customer privacy. Person using the service As well as other persons involved in providing the Company’s services, it is well understood that the personal information of each user or service user is extremely important.

The Company would like to inform you of the Company’s personal data protection policy regarding the collection, use, or disclosure of your personal information. The company would like to clarify the details. How to store, collect, use and/or disclose data protection Data access, transfer, and analysis of your personal data are as follows:

“Personal information” means various information. In registering on the company’s website Providing information through the company’s application or other applications, messages sent to the company via the LINE program As well as providing information by sending the company’s various email messages, cookies, transaction information. and usage history

Under the Personal Data Protection Act 2019, the Company has established this personal data protection policy. The company has legal status called ‘Personal Data Controller’ The Company has designated employees assigned by the Company to have specific duties to carry out the collection, use, or disclosure of personal data in accordance with orders or on behalf of the Company. It has legal status called ‘Personal data processors’ and customers and service users as well as other persons involved in providing services are considered ‘Personal data owner’ according to the provisions of this law

Section 1. Personal information that the company collects, uses, and/or discloses.

 The Company collects personal information which is information that enables the identification of customers. Person using the service as well as other persons involved in providing services Whether directly or indirectly, including information that you directly provide from the company’s registration. Providing information through the company’s application or other applications, messages sent to the company via the LINE program As well as providing information by sending the company’s various email messages, cookies, transaction information. and history of use through the website or any other channels including

Contact information such as residence, place of work, telephone number, email address, Line ID

Device or tool information such as IP Address MAC Address Cookie ID

Other information such as website usage, sound, still images, animations and any other information that is considered personal information under personal data protection laws.

Section 2. Purpose of collecting, using and/or disclosing information

 The company will use your information to create Create and improve customer websites or service users, including various online platforms and other social media channels To achieve the success of the work is a website or various online platforms that can be used completely in electronic media. according to customer wishes

If later there are changes, additions, or modifications to the purposes of collecting, using, and/or disclosing information from the original notification. The company will inform you. to request consent again and provide a record of additional amendments as evidence

The Company will not collect, use or disclose your personal information. for other benefits that is other than the purpose that was informed to you before or at the time of collection

Article 3. Protection of personal information

 The company will ask for your consent first. In collecting information, using or disclosing your information by requesting your consent, the Company will do so expressly. By doing it in writing or electronically.

The company has a policy to protect personal information as follows.

 3.1 The company has put in place appropriate security measures. To prevent loss, access, use, change, modification, or disclosure of personal information without authority or wrongdoing. The Company will review such measures when necessary or as technology changes in order to provide effective treatment. Appropriate security, in accordance with the minimum standards set by law.

 3.2 In the case where personal data must be provided to a person or juristic person other than the personal data controller. The Company will take steps to prevent that person from using or disclosing personal information without authority or wrongfully.

 3.3 The Company has established a verification system to delete or destroy personal information after the expiration of the deadline. Storage period or that is not relevant or beyond necessity for the purpose of collecting that personal information. or as requested by the owner of personal data or the owner of personal information Withdrew consent unless kept for the purpose of exercising freedom of expression Retention for the purpose of Personal Data Protection Act under Section 24 (1) or (4) or Section 26 (5) (a) or (b) Use for the establishment of legal claims. Complying with or exercising legal claims or raising legal claims to fight or for compliance with the law. In this regard, the provisions of Section 33, paragraph five, shall apply mutatis mutandis to the deletion or destruction of personal information.

 3.4 The Company will report the incident of personal data breach to the Office of the Personal Data Protection Commission without delay within seventy-two hours. From knowing the cause as far as possible unless such violation has no risk of having an impact on Individual rights and freedoms In cases where the violation has a high risk of affecting the rights and freedoms of individuals, the Company will notify the owner of the personal data of the violation along with remedies without delay. In this regard, such notification and exceptions shall be According to the criteria and methods announced by the Personal Data Protection Board.

The Company does not specify conditions for giving consent to collect, use, or disclose personal information that is not necessary or relevant for entering into a contract or accessing services. And you can withdraw your consent at any time. However, withdrawing consent does not affect the collection, use, or disclosure of personal information for which you have duly consented.

In the case where the owner of personal data is a minor who has not yet attained legal age by marriage. or does not have the same status as a person who has reached the age of majority according to Section 27 of the Civil and Commercial Code. The Company will proceed to request consent from the owner of such personal data as follows.

(1) In the case where the consent of the minor is not any matter to which the minor may give consent. alone as provided in Section 22, Section 23 or Section 24 of the Civil and Commercial Code, the company must first obtain consent from the person with parental authority who has the authority to act on behalf of the minor.

 (2) In the case where the minor is not more than ten years of age The Company will request consent from the authorized user of parental authority. Acting on behalf of a minor In the case where the owner of personal data is an incapacitated person Requesting consent from the owner of such personal data The company will request consent from the guardian who has authority to act on behalf of the incapacitated person. In the case where the owner of personal data is a quasi-incompetent person Requesting consent from the owner of such personal data The company will request consent from the guardian who has the authority to act on behalf of the quasi-incapacitated person.

The Company will ensure that your information is accurate, current, complete and not misleading.

Section 4. Exceptions to collection, use, or disclosure of personal information.

4.1.The company will not collect personal information. without your consent, except

4.1.1 To achieve the objectives related to the preparation of historical documents or archives. for public benefit or concerning research studies or statistics for which appropriate protection measures have been put in place. To protect the rights and freedoms of the owners of personal data as specified by law.

4.1.2 To prevent or stop danger to a person’s life, body, or health.

4.1.3 It is necessary for the performance of a contract to which the owner of personal data is a party or To be used to carry out the request of the owner of personal data before entering into the contract.

4.1.4 It is necessary for the performance of duties in carrying out missions in the public interest of the controller. Personal information or performing duties in the exercise of state power granted to the Personal Data Controller

4.1.5 It is necessary for the legitimate interests of the Personal Data Controller. or of persons or legal entities other than the data controller. unless such benefit is less important than the basic right to personal data of the personal data owner.

4.1.6 It is the personal data controller’s compliance with the law.

4.2 The Company will not collect personal information regarding race, ethnicity, political opinions, religious beliefs. Religion or philosophy sexual behavior Criminal history, health information, disability, union information genetic information, biological information, or any other information which affects the owner of personal data in the same way as specified by law without the express consent of the owner of personal data, except

4.2.1 To prevent or stop danger to the life, body, or health of the person who is the owner of the information. Individuals cannot give consent. Whatever the reason

4.2.2 It is a lawful activity with appropriate protection of a foundation, association or non-profit organization with political, religious, philosophical or trade union objectives for members, former members. or who has regular contact with a foundation, association, or non-profit organization for such purposes without disclosing that personal information outside of the foundation, association, or non-profit organization.

4.2.3 It is information that is disclosed to the public with the express consent of the owner of the personal data.

4.2.4 It is necessary for the establishment of legal claims. Compliance or exercise of rights Legal claim or raising legal claims to fight

4.2.5 It is necessary to comply with the law in order to achieve the objectives regarding

(a) Preventive medicine or occupational medicine Evaluation of employees’ working ability medical diagnosis Providing health or social services medical treatment health management or the system and provision of social welfare services, in cases where it is not practice According to the law, personal information is the responsibility of the professional or professional person or person with duties. Keep that personal information confidential according to law. It must be in accordance with the contract between the owners. Personal information with medical professionals

(b) public health benefits such as health protection from communicable diseases; Dangers or epidemics that may be transmitted or spread into the Kingdom or controlling the standards or quality of drugs, medical supplies, or medical devices. which has provided appropriate and specific measures to protect rights and freedom of the owner of personal data, especially maintaining the confidentiality of personal data according to duty or According to professional ethics

(c) Labor protection Social Security National health insurance welfare about Medical treatment of persons with legal rights Protection for car accident victims or social protection The collection of personal data is necessary to comply with the rights or duties of the data controller. Personal data or owners of personal data By providing appropriate measures to protect basic rights. and benefits of the owner of personal data

(d) Scientific research studies history or statistics or other public benefits. However, this must be done to achieve such objectives only to the extent necessary. and appropriate measures have been put in place to protect the basic rights and interests of personal data owners. As specified by law

(e) Important public benefits By providing appropriate measures to protect Basic rights and benefits of personal data owners

Biometric data, as mentioned above, refers to personal data obtained through the use of techniques or technology. That involves using the physical or behavioral characteristics of a person to be able to confirm that person’s identity that is different from other people, such as facial image data. Iris simulation data or fingerprint simulation data

4.3 The Company will not collect personal information from sources other than directly from the owner of the personal information, except

4.3.1 Notification of the collection of personal data from other sources to the owner of personal data without delay. But it must not exceed thirty days from the date of collection and consent from the owner of personal data.

4.3.2 It is a collection of personal data that is exempt from requesting consent as required by law.

Section 5. Period for collecting, using, or disclosing personal information.

The Company will collect your information for a period of 3 years from the date the contract is terminated or the contract or service is completed according to the objectives of the contracting party.

The Company will notify you of cases in which the owner of personal data must provide personal data in order to perform the following duties:

Section 5. Period for collecting, using, or disclosing personal information.

The Company will collect your information for a period of 3 years from the date the contract is terminated or the contract or service is completed according to the objectives of the contracting party.

The Company will notify you of cases in which the owner of personal data must provide personal data in order to proceed. According to law or contract, or it is necessary to provide personal information in order to enter into a contract. Including informing about the possible consequences of not providing personal information required by contract or providing services to the company.

The company has notified information about the personal data controller. Contact location and how to contact you. At the end of this Personal Data Protection Policy

Section 6. Use or disclosure of personal information

6.1 The Company will not disclose personal information without the consent of the owner of the personal information. unless it is personal information that can be collected with an exemption There is no need to ask for consent as required by law. Individuals or legal entities who received personal information from the above disclosure. Must not be used? Disclose personal information for purposes other than the purposes notified to the company in requesting such personal information. In the case where the company uses or discloses personal information that is exempt from requesting Consent above The company will record such use or disclosure in a list. As specified by law

6.2 In the case that the company sends or transfers personal information abroad. Destination country or international organization receiving personal data The company will first check that the recipient of the information must have adequate personal data protection standards. By adhering to the principles of personal data protection set forth by law, except

(1) Compliance with the law

(2) Obtain consent from the owner of personal data by informing the owner of personal data about Inadequate personal data protection standards of the destination country or international organization. that has received personal information

(3) It is necessary for the performance of a contract to which the owner of personal data is a party or To be used to carry out the request of the owner of personal data before entering into the contract.

(4) It is an action based on a contract between the company and another person or juristic person. For the benefit of the owner of personal data

(5) To prevent or stop danger to the life, body, or health of the owner of personal data. or another person When the owner of personal data is unable to give consent at that time

(6) It is necessary for carrying out a mission for important public benefits. In the event that there is a problem with the adequate personal data protection standards of the destination country or international organizations that receive personal data

6.3 The company which is headquartered in the Kingdom has established a policy to protect personal information for the transmission or transfer of personal information. To the personal data controller or personal data processor who is abroad and is affiliated with the business. or the same business group for joint operations or business If the policy for data protection Such personal information has been inspected and certified by the Office of the Personal Data Protection Commission. Sending or transferring personal information to Foreign countries that comply with the personal data protection policy that has been verified and certified as such.

This can be done without having to conduct an inspection first according to Section 6.2.

The company has employees specifically assigned to supervise data collection and use. To prevent the use, disclosure, display, or appearance of your personal information in any other manner. In addition to the objective Under the criteria that the law allows disclosure to the extent that you have given your consent. or relevant areas in this policy

Section 7. Rights of the owner of personal data

The rights of the owner of personal data according to the Personal Data Protection Act 2019 have stipulated that the company must inform you as follows:

7.1 The owner of personal data may withdraw consent at any time and consent must be easily withdrawn. The same applies to consent. Unless there is a restriction on the right to withdraw consent by law or A contract that benefits the owner of personal data. Withdrawal of consent will not affect Collection, use, or disclosure of personal data that the owner of personal data has given consent to

7.2 The owner of personal data has the right to request access and obtain a copy of personal data. related to oneself which is under the responsibility of the company or request disclosure of the acquisition of such personal information to which he or she has not given consent.

7.3 The owner of personal data has the right to request personal data concerning him or her from the company. If the company has made the personal information in a format that can be read or used by the general public with a tool or device that works automatically and can be used or disclose personal information by automatic means Including the following rights

(1) Request the company to send or transfer personal data in such form to another data controller when this can be done by automatic means.

(2) Request personal information sent or transferred by the company in the form Such information will be sent directly to other personal data controllers. Unless due to technical conditions this cannot be done.

7.4 The owner of personal data has the right to object to the collection, use or disclosure of information. Personal information related to oneself at any time as follows

(1) In the case of personal data collected without the need for consent as required by law. unless the company can prove that

(a) Collection, use, or disclosure of that personal information The company has demonstrated more important legitimate grounds.

(b) The collection, use, or disclosure of personal data is in order to establish legal claims, comply with or exercise legal claims. or raising a claim in accordance with the law

(2) In the case of collecting, using, or disclosing personal information for purposes related to: direct marketing

(3) In the case of collecting, using, or disclosing personal information for purposes related to: scientific research study History or statistics, unless necessary for carrying out the mission For the public interest of the personal data controller

7.5 The owner of personal data has the right to request the personal data controller to delete or destroy or make the personal data non-identifiable to the person who owns the personal data in the following cases:

(1) When personal information is no longer necessary for retention in accordance with the purpose for collecting, using, or disclosing personal information.

(2) When the owner of personal data withdraws consent to collect, use, or disclose information. Individuals and companies do not have legal authority to collect, use, or disclose information. That personal can continue.

(3) When the owner of personal data objects to the collection, use, or disclosure of personal data. and the company cannot refuse the request. or objecting to the collection, use, or disclosure of personal information for purposes related to direct marketing

(4) When personal information has been collected, used, or disclosed unlawfully.

7.6 The owner of personal data has the right to request the Personal Data Controller to suspend use. personal information In the following cases

(1) When the company is undergoing an investigation according to the owner of personal data. Request to correct personal information to be accurate, current, complete, and not cause misunderstandings. If the Personal Data Controller does not process the request Personal data controller The request of the owner of personal data must be recorded together with reasons in the list as required by law.

(2) When it is personal information that must be deleted or destroyed But the owner of the information Individuals request that use be suspended instead.

(3) When personal information is no longer necessary for retention in accordance with the purpose for which it was collected. Personal information However, the owner of personal data needs to request that it be kept for use in establishing Legal claims Complying with or exercising legal claims or fighting Legal claims

(4) When the Personal Data Controller is undergoing verification according to Section 7.4 (1) or inspection according to Section 7.4 (3), to reject the objection of the Personal Data Owner in the event that the Personal Data Controller refuses the selection. For reasons according to Section 7.4 (1) (a) or (b) or (3), the Personal Data Controller shall record the rejection of the objection together with the reasons in the list.

7.7 The owner of personal data requests the company to take action. Correct personal information so that it is correct, current, complete and not causing misunderstandings. If the company does not proceed with the request The Company will record the request of the owner of personal data together with the reasons in the list.

7.8 The owner of personal data has the right to complain in the case that the company or personal data processor including employees or contractors of the company or personal data processors Violates or fails to comply with the Personal Data Protection Act or announcements issued under this Act.

Section 8. Changes Adding or amending the Personal Data Protection Policy

The company may make changes. Additions or amendments to this Personal Data Protection Policy To comply with laws, regulations, government announcements that will be amended in the future. and to change the company’s policy to keep up with new technology and innovations in providing the company’s services. Company operations The company will notify you of any changes, additions, or amendments to the policy before proceeding.

Section 9. What are cookies?

Cookies are files created by websites you visit. which helps you do things Get online more easily by recording your browsing data. The website uses cookies to keep you logged in. Remember website preferences and provide you with relevant content.

Section 10. How do we use cookies?

We collect website visiting information from every visitor through cookies or Similar technology To improve the efficiency of using the platform and accessing our services via the internet. It will be used for the following cases.

1. To allow you to log into your account on our platform continuously and securely.

2. To record usage information on your platform Information content Including the platform format that you have set up.

3. To study your behavior in using and visiting the platform. To develop and improve the website to best meet your needs

4. To study the behavior of visitors to the platform as a whole and use it to develop a website that is easier to use, faster and more efficient.

Section 11. Types of cookies we use

Our website contains the following cookies.

1. Platform Operation Cookies: Used to remember what you have selected or set on the platform. Including presenting information tailored to individual needs, such as user account name, language, and platform format.

2. Cookies for advertising Used to remember things you have visited. including your usage characteristics To present products, services or advertising media that are relevant and relevant to your interests. and evaluate the effectiveness of various advertising campaigns.

3. Technical cookies It is a type of cookie that is necessary for the use of the platform. So that you can access information thoroughly and safely.

4. Cookies to measure the performance of the platform Used to store anonymous information about visitors to the platform. and used to analyze the number and behavior of visitors To improve the platform to be more efficient and meet the needs of users.

5. Third-party Cookies: This type of cookie is set by a third-party service provider, such as Google Analytics.

Section 12. Cookie settings

In the event that you do not wish for the collection of user information through cookies, software, and measurement tools. You can delete or reject cookies. or some measuring software through the browser. If you remove cookies You will be logged out of the website. And your saved preferences may be deleted. In the following way

• Cookie settings in Chrome.

• Cookie settings in Safari and iOS.

• Cookie settings in Internet Explorer.

• Cookie settings in Firefox.

Section 13. How can you contact the company?

If you have any suggestions or want to inquire about details of collection, use, and/or disclosure of personal information Including requesting to exercise rights according to this policy. You can contact the company through the following channels:

• Email: info@thailandtreefarm.com

• Tel: 02 069 4445

• Contact location: Asia Business Alliance Co.,Ltd. 99/305 Khumklao 11 Ladkrabang Bangkok 10520 Thailand

When you agree to accept this Personal Data Protection Policy. The company will assume that you accept that any use of the service of the company is considered acceptance of all terms and conditions of service use. and such acceptance is fully effective.