Personal Data Protection Policy

Energy Absolute Public Company Limited and its affiliates (collectively referred to as the "Company") respect the rights to privacy of our suppliers, directors of our suppliers, including the officers and staffs of our suppliers (hereinafter referred to as "You"). To ensure that personal data is protected, the Company has created this privacy policy to inform you the details regarding the collection, use, disclosure, deletion, and destruction (collectively referred to as the "Processing") of personal data in every channels in accordance with the personal data protection law as follows:

1. Purpose of Personal Data Processing

   1. To perform the request of our suppliers prior to entering into a contract or to perform a contract with our suppliers.
   2. For the legitimate interests of the Company as necessary as follows:
      1. For the performance of a contract made between our suppliers, the Company will process your personal data for procurement, inspection, payment of goods and services, relationship management, evaluate the services according to the agreements specified in the purchase order, contract, or other documents relevant to the procurement process with you;
      2. For the legitimate interests of the Company such as for internal management of the Company, manage, develop, and conduct our business operations which include administration and development of goods and/or services (include websites and applications), research e.g. questionnaire, interview, fraud investigation, and prevention of other crime and maintenance of information technology systems;
      3. For the security protection such as security measures provision including information technology systems e.g. access control, log in to website or application;
      4. For sending the newsletters and privileges notification via emails, SMSs, applications, social media, telephone, and direct mails;
      5. To exercise the right of legal claims.
   3. For preventing and suppressing a danger to your or other person’s life in case of emergency, disease prevention and control.
   4. For compliance with the laws such as complying with the provisions of the law, rules, and orders of the legal authority.
   5. For the performance of a task carried out in the public interest or for the exercising of official authority vested in the Company.
   6. With your consent, the Company will process your personal data according to the purpose for each consent as follows:
      1. You will be informed, in case by case basis, for any other activities requirements than the above-mentioned purpose if the Company collects additional personal data.

   Please find more information with regard to the consent specified in item 4 of this privacy policy.

2. Personal Data to be collected

   1. the Company may collect the following personal data when you contact, sell the goods, or provide services to the Company:
      1. Contact details on your business card such as name, position, phone number, email address; z
      2. Information to verify your identity such as name, ID cards, photograph, identification information;
      3. Information related to your work such as employment, information related to safety and health, hygiene, your work environment, including your account and financial data such as income and bank account number.
   2. When you visit the Company’s premises, the Company may record your photos by CCTV without audio record.
   3. When you contact the Company or participate in any events of the Company, the Company may collect the following personal data:
      1. Personal information such as name, date of birth, photograph, identification card number, driving license number, or passport number;
      2. Contact details such as email, telephone number, address, or social network data; and
      3. The Company’s events record such as the history record of your former participations.
   4. The Company may collect and process a special category of your personal data, as defined by the personal data protection law to fulfill the purpose of this privacy policy such as:
      1. For the Company’s security protection such biological data (e.g. facial recognition or finger print) to verify your identity when necessary;
      2. In some cases, the Company may collect a special category of your personal data through ID card that contains your religious information in order to verify your identity and tax purpose.
      3. Health information such as food allergy for various activities.
   5. Where necessary, the Company will process a special category of your personal data when you consent only or as required by law. The Company will use our best effort and provide adequate security measures to ensure that a special category of your personal data is protected.

3. Cookies Technology

   The Company use cookies and similar technology to collect personal data as specified in the Cookies Policy.

4. Consent, Withdrawal and Consequences

   1. In case the Company will collect and process your personal data under your consent, you are entitled, at any time, to withdraw the consent given to the Company. Such withdrawal will not affect the validity of the collection, use, disclosure, or processing of your personal data made prior to the previous consent.
   2. In case you withdraw your previous consent or refuse to provide some certain information, it may result in unfulfilled some or all of the purpose stated in this privacy policy.

5. Retention Period

   1. The Company will retain your personal data for a necessary period to meet the purpose unless the law requires longer retention period. In the event that such period is not specified, the Company will retain the data for a customary expected period in accordance with retention standard and prescriptive period under the applicable laws.
   2. The Company has established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of the personal data collection.

6. Disclosure of Personal Data

   1. The Company may disclose and share your personal data with:
      1. Our affiliates or group companies; and
      2. Individuals and other entities which are not the Company’s affiliates ("third parties") for the purpose of collecting and processing personal data where necessary as described in this privacy policy such as government agencies (such as the Ministry of Commerce, the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, court or person involved in the litigation), the service provider involved (e.g. meeting service providers, financial institutions, insurers, agents or brokers of the insurer, securities companies, alliances and business partners, consultants, professional service providers, and other persons who are necessary to perform the purpose of personal data collection and processing as described in this privacy policy.
   2. The Company will require the receiving party who received your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent the unauthorized use or disclosure of your personal data.
7. Export Personal Data Overseas
   1. The Company may send or transfer your personal data to affiliates or other persons in a foreign country where necessary in order to enable the Company to perform obligations in a contract to which you are the counterparty or contract between the Company and third party, pre-contractual request, for safety and health, to comply with applicable law, or to perform a task for the public interest where necessary.
   2. The Company may store your personal data information on a computer, server, or cloud services provided by a third party, and may use third-party programs, applications and platforms in processing personal data. However, the Company will not allow unrelated parties to access into personal data and will require such parties to have appropriate security protection measures.
   3. In the event that your personal data is transferred to a foreign country, the Company will comply with applicable personal data protection law and take appropriate measures to ensure that your personal data is protected and you can exercise your right in accordance with the laws. Moreover, the Company will require those who received the personal data to have appropriate protection measures for your personal data to process such personal data only as necessary and to take steps to prevent unauthorized use or disclosure of your personal data.

8. Security Measures

   1. The security of your personal data is treated as important. The Company has implemented appropriate technical and administrative standards to protect your personal data from the loss, misuse, and unauthorized access use, disclose, or destruction. The Company uses technology and security procedures such as encryption and access restriction to ensure that only authorized people will have access to your personal data, and that they are trained about the importance of protecting personal data.
   2. The Company provides appropriate security measures to prevent the loss, access, use, change, and disclosure of personal data from those who do not have rights or duties related to that personal data. The Company will review the above-mentioned measures when necessary or when the technology changes to ensure that the security measures are effective.

9. Rights of Your Personal Data

   1. You have the rights under the personal data protection law summarized as follows:
      • Withdraw the consent given to the Company;
      • Request to access, review, copy your personal data, or disclose the source where the Company obtained your personal data
      • Request to send or transfer personal data that is in an electronic form as required by personal data protection law to other personal data controller
      • Object the collection, use, or disclosure of personal data concerning you
      • Request to delete, destroy, or make personal data as non-personally identifiable (anonymous)
      • Request to suspend the use of personal data
      • Request to amend personal date to be accurate, current, complete, and not cause misunderstanding.
      • Complain to the Personal Data Protection Committee in the event that the Company, the Company’s data processor, employees, or contractors violate or do not comply with the personal data protection laws.

      In this regard, the Company will promptly consider your request and notify the result of the consideration within 30 days from the date of receiving the request in accordance with your personal data rights and the personal data protection law.

   2. You can exercise the rights above by submitting your request via email.

      (These rights can be exercised when the personal data protection law takes effect on the data controller).

10. Information about Data Controller and Data Protection Officer

    1. The data controller is: Energy Absolute Public Company Limited.

       Address: 89 AIA Capital Center Building, 16th Floor, Ratchadaphisek Road, Dindaeng, Bangkok 10400

    2. The data controller of affiliates or group companies is classified for each company.
    3. If you have a question regarding personal data protection, please contact email address at dpo@energyabsolute.co.th

    Any changes to this privacy policy, the Company will post a revised privacy policy through this website. You should visit this privacy policy from time to time. The new privacy policy will be effective immediately on the date of the announcement.

Energy Absolute Public Company Limited and its affiliates (collectively referred to as the "Company") respect the rights to privacy of our shareholders, debenture holders, and directors of the Company (hereinafter referred to as "You"). To ensure that personal data is protected, the Company has created this privacy policy to inform you the details regarding the collection, use, disclosure, deletion, and destruction (collectively referred to as the "Processing") of personal data in every channels in accordance with the personal data protection law as follows

1. Purpose of Personal Data Processing

   1. For compliance with a legal obligation e.g. the Company management (e.g. company formation, capital increase or decrease, business restructuring, and change of registration items), shareholders meeting, nomination of a director of the Company, board of directors meetings, management of rights and duties of the shareholders or debenture holders, dividend payment, interest payment of debentures, accounting and auditing reports, filing of accounting documents or books, including duties under the laws governing a limited company, public company limited, or companies listed on the Stock Exchange of Thailand (whichever applies).
   2. For legitimate interest of the Company or other persons such as the Company management, recording of video or audio of the meeting, security measures, the Company’s events or announcements or offers for the benefit of shareholders, debenture holders, and directors of the Company including to exercise legal rights.
   3. For preventing and suppressing a danger to your or other person’s life in case of emergency, disease prevention and control.

2. Personal Data to be collected

   1. In case you are a shareholder or debenture holder,

      The Company may collect the personal data of the shareholders, debenture holders including attorney-in-fact or proxy holder when you subscribe for shares, being a shareholder or debenture holders. The Company will collect personal data from you directly or through broker or securities registrar such as name, surname, address, telephone number, email, contact channel, nationality, occupation, date of birth, tax identification number, national identification number, tax registration number, juristic person registration number, bank account, or number of shares.

   2. In case you are a director,

      The Company may collect personal data of the directors and those nominated as directors from you directly including from government agencies, regulatory agencies, and the information that is disclosed to the public as follows:

      1. In a recruiting process, the Company will collect personal data from your ID card or government issued documents that can be used to verify identity, such as name, surname, gender, ID card number, passport number, photo, date of birth, nationality, place of birth, or height.
      2. For a director, the Company will collect additional personal information such as compensation payments, training activities, marital status, spouse information or those who live together as husband, wife, child, father, mother, relative, blood group, bank account number, email, education history, occupation, work history, director position or holding a position in other company or other business, attending meetings of the board of directors or committees, being a shareholder position, director's remuneration, securities holding information, performance information of directors and other information as required by law or good corporate governance principles.
   3. When you participate in any events of the Company, the Company may collect the additional personal data under your consent.
   4. The Company may require to collect and process special personal data (sensitive information) as required by the personal data protection law such as health information, food allergy information, drug allergy information, for proceeding with the activities you attend or meetings. The Company will seek your consent on a case-by-case basis and will use best efforts to provide adequate security measures to make sure that special personal data is protected.

3. Cookies Technology

   The Company use cookies and similar technology to collect personal data as specified in the Cookies Policy

4. Consent, Withdrawal and Consequences

   1. In case the Company collects and process your personal data under your consent, you are entitled, at any time, to withdraw the consent given to the Company. Such withdrawal will not affect the validity of the collection, use, disclosure, or processing of your personal data made prior to the previous consent.
   2. In case you withdraw your previous consent or refuse to provide some certain information, it may result in unfulfilled some or all of the purpose stated in this privacy policy.

5. Retention Period

   1. The Company will retain your personal data for a necessary period to meet the purpose unless the law requires longer retention period. In the event that such period is not specified, the Company will retain the data for a customary expected period in accordance with retention standard and prescriptive period under the applicable laws.
   2. The Company has established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of the personal data collection.

6. Disclosure of Personal Data

   1. The Company may disclose and share your personal data with:
      1. Our affiliates or group companies; and
      2. Individuals and other entities which are not the Company’s affiliates ("third parties") for the purpose of collecting and processing personal data where necessary as described in this privacy policy such as government agencies (such as the Ministry of Commerce, the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, court or person involved in the litigation), the service provider involved (e.g. meeting service providers, financial institutions, insurers, agents or brokers of the insurer, securities companies, alliances and business partners, consultants, professional service providers, and other persons who are necessary to perform the purpose of personal data collection and processing as described in this privacy policy.
   2. The Company will require the receiving party who received your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent the unauthorized use or disclosure of your personal data

7. Export Personal Data Overseas

   1. The Company may send or transfer your personal data to affiliates or other persons in a foreign country where necessary in order to enable the Company to perform obligations in a contract to which you are the counterparty or contract between the Company and third party, pre-contractual request, for safety and health, to comply with applicable law, or to perform a task for the public interest where necessary.
   2. The Company may store your personal data information on a computer, server, or cloud services provided by a third party, and may use third-party programs, applications and platforms in processing personal data. However, the Company will not allow unrelated parties to access into personal data and will require such parties to have appropriate security protection measures.
   3. In the event that your personal data is transferred to a foreign country, the Company will comply with applicable personal data protection law and take appropriate measures to ensure that your personal data is protected and you can exercise your right in accordance with the laws. Moreover, the Company will require those who received the personal data to have appropriate protection measures for your personal data to process such personal data only as necessary and to take steps to prevent unauthorized use or disclosure of your personal data.

8. Security Measures

   1. The security of your personal data is treated as important. The Company has implemented appropriate technical and administrative standards to protect your personal data from the loss, misuse, and unauthorized access use, disclose, or destruction. The Company uses technology and security procedures such as encryption and access restriction to ensure that only authorized people will have access to your personal data, and that they are trained about the importance of protecting personal data.
   2. The Company provides appropriate security measures to prevent the loss, access, use, change, and disclosure of personal data from those who do not have rights or duties related to that personal data. The Company will review the above-mentioned measures when necessary or when the technology changes to ensure that the security measures are effective.

9. Rights of Your Personal Data

   1. You have the rights under the personal data protection law summarized as follows:
      • Withdraw the consent given to the Company;
      • Request to access, review, copy your personal data, or disclose the source where the Company obtained your personal data
      • Request to send or transfer personal data that is in an electronic form as required by personal data protection law to other personal data controller
      • Object the collection, use, or disclosure of personal data concerning you
      • Request to delete, destroy, or make personal data as non-personally identifiable (anonymous)
      • Request to suspend the use of personal data
      • Request to amend personal date to be accurate, current, complete, and not cause misunderstanding.
      • Complain to the Personal Data Protection Committee in the event that the Company, the Company’s data processor, employees, or contractors violate or do not comply with the personal data protection laws.

      In this regard, the Company will promptly consider your request and notify the result of the consideration within 30 days from the date of receiving the request in accordance with your personal data rights and the personal data protection law.

   2. You can exercise the rights above by submitting your request via email. (These rights can be exercised when the personal data protection law takes effect on the data controller).

10. Information about Data Controller and Data Protection Officer

    1. The data controller is: Energy Absolute Public Company Limited. Address: 89 AIA Capital Center Building, 16th Floor, Ratchadaphisek Road, Dindaeng, Bangkok 10400

    2. The data controller of affiliates or group companies is classified for each company.
    3. If you have a question regarding personal data protection, please contact email address at dpo@energyabsolute.co.th.

    Any changes to this privacy policy, the Company will post a revised privacy policy through this website. You should visit this privacy policy from time to time. The new privacy policy will be effective immediately on the date of the announcement.

Updated on 26/05/2022

Energy Absolute Public Company Limited and its affiliates (collectively referred to as the "Company") respect the rights to privacy of our employees (hereinafter referred to as the "Employee"). To ensure that personal data is protected, the Company has created this privacy policy to inform our Employee the details regarding the collection, use, disclosure, deletion, and destruction (collectively referred to as the "Processing") of personal data in every channels in accordance with the personal data protection law as follows:

1. Purpose of Personal Data Processing

   1. To perform a contract between the Company and Employee which includes your employment contract, preparation of the employment contract, compliance with the employment contract, compliance with the rules and regulations of our personnel management, code of conduct, staff transfer, secondment, training, performance appraisal, consideration of positions, compensation administration, and management of health and safety of our Employees.
   2. For compliance with the laws such as complying with the laws where necessary subject to this purpose such as legal obligations the provisions of the laws, rules, and orders of the legal authority e.g. labor protection law, labor relations law, social security law, occupational safety, health, and environment law, law regulating occupations and diseases from environment, contagious disease control law.
   3. For the purposes of the legitimate interests pursued by the Company or by a third party e.g. human resource management, study, analysis, and allocation of manpower, employee development, provision of medical welfare, insurance welfare, and other welfare such as hospital, employee activities, financial and budget management, internal and external interaction with third parties, operations through registration, authorization, and certification, publication of documents, report preparation, sending information to government agencies or regulatory agencies, identification and verification of the information provided by employees, analyzing and creating a database about work history, communication, sending newsletter and public relations, improving the working environment, providing facilities, information security, creating user accounts; identification to access the work system and access to information systems, security, accident and crime prevention, investigation and handling of complaints and fraud, cases, or any disputes.
   4. For preventing and suppressing a danger to your or other person’s life in case of emergency, disease prevention and control.
   5. For the performance of a task carried out in the public interest or for the exercising of official authority vested in the Company.
   6. To achieve the objectives of the Employee’s consent provided from time to time.

2. Personal Data to be collected

   1. Information and documents related to staff recruitment processes such as resume, curriculum vitae (CV), job application letter, and recruiter’s comment for job applicate;
   2. Employee’s contact information such as first name, last name, address, telephone number, email, social media information;
   3. Employee’s personal information such as date of birth, age, gender, marital status, interests, opinions;
   4. Information about family members or those in the care of Employees who are eligible to receive benefits in accordance with the regulations and personnel administration of the Company such as information about spouses, children, parents, beneficiaries. However, the Employee should inform those persons of this privacy policy before providing information to the Company
   5. Photos and motion pictures
   6. Information about competency, education, capacity development, and other qualifications of our staff such as educational level, educational institution or university educational background, training activities, educational results, test results, rights to work, professional qualifications, language ability, capabilities, and information from references that Employees have given to the Company
   7. Information about work experience and information about past employment such as positions, employer details, previous salaries and compensation
   8. Information about workable locations
   9. Information about military obligations
   10. Information about characteristics of the Employee such as habits, behaviors, attitudes, aptitude, skills, leadership, ability to work with others, emotional intelligence, commitment to the organization. This information may be derived from the Company observations and analyzes of our Employees during the operation or participation in our activities
   11. Information necessary for reporting to regulatory agencies such as the Ministry of Labor, the Stock Exchange of Thailand, the Securities and Exchange Commission (SEC)
   12. Financial data such as information about wage, salary, income, tax, provident fund, bank account, loans, tax deductions or exemptions, holding of securities of the Company, names of security issuers
   13. Information relating to social security, labor protection, benefits, welfare, and compensation that the Employees receive or are entitled to receive in accordance with the regulations and personnel management regulations of the Company
   14. Time attendance records, duration of work, overtime, absence, and leave
   15. Information about work history, positions, meeting attendance, opinions, and in case that Employee is appointed as a director of the Company, the Company will also collect additional information about the Employee profiles and directorship registration
   16. Information about usage and access to the Company computers, information systems, website systems, applications, network systems, electronic devices, email systems, etc. to comply with our information technology policies and relevant laws
   17. Information collected from the Employee’s participation in the Company’s activities as well as responses in surveys and assessments
   18. Information that the Employee chooses to share and disclose through the Company’s application systems, tools, questionnaires, assessments and various documents
   19. Copy of documents that can be used to identify the Employee such as an ID card, passport, household registration, driver’s license and other documents issued by government agencies
   20. Information about the Employee’s emergency contact person
   21. Information about the Employees ability to drive vehicles, vehicles information. If vehicle is provided by the Company, the Company will also collect information about driving behavior of that vehicle
   22. Other information necessary for investigating conflicts of interest, such as stock holding information and relationships with the Company business partners
   23. Information about accidents whether the accident is related to work or not
   24. Other information necessary to comply with employment contract, welfare, benefits, our analysis and administration, caring for the Employee after retirement, and compliance with applicable laws
   25. Information regarding whistleblowing, complaints, and disciplinary investigations.

   However, if the Employee does not provide the personal information that is required to comply with the law or the contract or to enter into a contract with the Company, the Company may not be able to perform some of contractual obligations and or provide the Employee with benefits or services that the Company usually offers to employees.

3. Special Personal Data (Sensitive Data)

   The Company may need to collect and process special personal data for the purposes stated in this privacy policy.

   1. The Company may need to process the Employee’s special personal data in the following circumstances:
   2. The Company may need to process the Employee’s special personal data in the following circumstances:
      • Health information such as weight, height, medical conditions, color blindness, physical examination results, food allergies information, drug allergy data, blood group, doctor's certificate, medical history, dispensing history, medical bills for the purposes of labor protection, provision of medical care, work capability assessment, compliance with relevant laws, and study and analysis of health information for appropriate management
      • Biometric data such as fingerprint and face image data in order to identify and confirm identity to prevent crime and safeguard legitimate interests of the Company or other persons
      • Information about criminal records to consider suitability with the Company operations and protect legitimate interests of the Company or other persons
      • Religious, philosophy, race, nationality, disability, trade union information, genetic data, and biometric data to provide facilities, activities and welfare that are suitable for the Employee and to make sure that Employee is treated equally, fairly, and in accordance with human rights principles
      • Other special personal data for lawful purposes such as when the information is disclosed to the public with the Employee’s express consent or the processing of the information is necessary to prevent or stop the danger to one's life, body, or health if the Employee is unable to give consent, to exercise legal rights, and to achieve the objectives of labor protection, social security, and employee benefits.
   3. If necessary, the Company will process special personal data with the Employee explicit consent or for other purposes as required by law. The Company will make the best efforts to provide security measures as appropriate to protect special data.
   4. Any criminal records, which will be collected from the evidence provided by the Employee or the Employee consents the Company to acquire from a relevant authority. The Company will impose measures to protect your special personal data as required by law.

4. Cookies Technology

   The Company use cookies and similar technology to collect personal data as specified in the Cookies Policy.

5. Consent, Withdrawal and Consequences

   1. In case the Company collects and process your personal data under your consent, you are entitled, at any time, to withdraw the consent given to the Company. Such withdrawal will not affect the validity of the collection, use, disclosure, or processing of your personal data made prior to the previous consent.
   2. In case you withdraw your previous consent or refuse to provide some certain information, it may result in unfulfilled some or all of the purpose stated in this privacy policy.

6. Retention Period

   1. The Company will retain your personal data for a necessary period to meet the purpose unless the law requires longer retention period. In the event that such period is not specified, the Company will retain the data for a customary expected period in accordance with retention standard and prescriptive period under the applicable laws.
   2. The Company has established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of the personal data collection.

7. Disclosure of Personal Data

   1. The Company may disclose and share your personal data with:
      1. Our affiliates or group companies; and
      2. Individuals and other entities which are not the Company’s affiliates ("third parties") for the purpose of collecting and processing personal data where necessary as described in this privacy policy such as government agencies (such as the Ministry of Commerce, the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, court or person involved in the litigation), the service provider involved (e.g. meeting service providers, financial institutions, insurers, agents or brokers of the insurer, securities companies, alliances and business partners, consultants, professional service providers, and other persons who are necessary to perform the purpose of personal data collection and processing as described in this privacy policy.
   2. The Company will require the receiving party who received your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent the unauthorized use or disclosure of your personal data.

8. Export Personal Data Overseas

   1. The Company may send or transfer your personal data to affiliates or other persons in a foreign country where necessary in order to enable the Company to perform obligations in a contract to which you are the counterparty or contract between the Company and third party, pre-contractual request, for safety and health, to comply with applicable law, or to perform a task for the public interest where necessary.
   2. The Company may store your personal data information on a computer, server, or cloud services provided by a third party, and may use third-party programs, applications and platforms in processing personal data. However, the Company will not allow unrelated parties to access into personal data and will require such parties to have appropriate security protection measures.
   3. In the event that your personal data is transferred to a foreign country, the Company will comply with applicable personal data protection law and take appropriate measures to ensure that your personal data is protected and you can exercise your right in accordance with the laws. Moreover, the Company will require those who received the personal data to have appropriate protection measures for your personal data to process such personal data only as necessary and to take steps to prevent unauthorized use or disclosure of your personal data.

9. Security Measures

   1. The security of your personal data is treated as important. The Company has implemented appropriate technical and administrative standards to protect your personal data from the loss, misuse, and unauthorized access use, disclose, or destruction. The Company uses technology and security procedures such as encryption and access restriction to ensure that only authorized people will have access to your personal data, and that they are trained about the importance of protecting personal data.
   2. The Company provides appropriate security measures to prevent the loss, access, use, change, and disclosure of personal data from those who do not have rights or duties related to that personal data. The Company will review the above-mentioned measures when necessary or when the technology changes to ensure that the security measures are effective.

10. Rights of Your Personal Data

    1. You have the rights under the personal data protection law summarized as follows:
       • Withdraw the consent given to the Company
       • Request to access, review, copy your personal data, or disclose the source where the Company obtained your personal data
       • Request to send or transfer personal data that is in an electronic form as required by personal data protection law to other personal data controller
       • Object the collection, use, or disclosure of personal data concerning you
       • Request to delete, destroy, or make personal data as non-personally identifiable (anonymous)
       • Request to suspend the use of personal data
       • Request to amend personal date to be accurate, current, complete, and not cause misunderstanding.
       • Complain to the Personal Data Protection Committee in the event that the Company, the Company’s data processor, employees, or contractors violate or do not comply with the personal data protection laws.

       In this regard, the Company will promptly consider your request and notify the result of the consideration within 30 days from the date of receiving the request in accordance with your personal data rights and the personal data protection law.

    2. You can exercise the rights above by submitting your request via email. (These rights can be exercised when the personal data protection law takes effect on the data controller).

11. Information about Data Controller and Data Protection Officer

    1. The data controller is: Energy Absolute Public Company Limited.

       Address: 89 AIA Capital Center Building, 16th Floor, Ratchadaphisek Road, Dindaeng, Bangkok 10400

    2. The data controller of affiliates or group companies is classified for each company.
    3. If you have a question regarding personal data protection, please contact email address at dpo@energyabsolute.co.th

    Any changes to this privacy policy, the Company will post a revised privacy policy through this website. You should visit this privacy policy from time to time. The new privacy policy will be effective immediately on the date of the announcement.

Energy Absolute Public Company Limited and its affiliates (collectively referred to as the "Company") respect the rights to privacy of our job applicants, internship applicants, and interns (hereinafter referred to as "You"). To ensure that personal data is protected, the Company has created this privacy policy to inform our Employee the details regarding the collection, use, disclosure, deletion, and destruction (collectively referred to as the "Processing") of personal data in every channels in accordance with the personal data protection law as follows:

1. Purpose of Personal Data Processing

   1. To process the recruitment between the Company and you e.g. recruitment process, qualification verification, selection prior employment, compliance with an internship agreement, paying internship remuneration, and receiving benefits to be provided to interns.
   2. For the purposes of the legitimate interests pursued by the Company or by a third party e.g. analysis and creation of databases, management and improvement of the recruitment and selection process, internship evaluation, sending news about available positions, preparing an internship or employment contract if you are qualified, or to exercise legal rights.
   3. For preventing and suppressing a danger to your or other person’s life in case of emergency, disease prevention and control.
   4. For compliance with the laws such as complying with the provisions of the law, rules, and orders of the legal authority.
   5. For the performance of a task carried out in the public interest or for the exercising of official authority vested in the Company
   6. To achieve the objectives of the consent you have provided, such as consent to submit your application for employment or internship applications to the Company.

2. Personal Data to be collected

   1. The Company may require information contained in your application as follows:
      1. Information on documents you provide to the Company such as resume, curriculum vitae (CV), job application letter, and recruiter’s comment for job applicate
      2. Information about yourself such as your first name, last name, gender, date of birth, weight, height, ID or passport number, blood type, nationality, religion, marital status
      3. Contact details such as address, email address, telephone number, social media information
      4. Working conditions such as ability to work in other provinces or areas that you apply for a job or an internship
      5. Information about your spouse, child, and parents such as name, surname, ID number, date of birth, nationality, blood type, education, address, telephone number
      6. Information about family members or persons in your care
      7. Your photos and videos
      8. Information about education, capability, competency development, and other qualifications such as your educational level, educational background, institution/ university, training history, academic performance, test results, right to work legally, professional qualifications, language abilities, information from references you have given us, and other capabilities
      9. Information about work experience and information about employment record such as job titles, employer details, salary, compensation, and benefits you received
      10. Information about your preferred work location
      11. Information about military obligations
      12. Ability to drive vehicles; and
      13. Details of your reference person and emergency contact person.
   2. Data about your characteristics such as habits, behaviors, attitudes, aptitude, skills, leadership, teamwork, and emotional intelligence. This data can be collected from your assessment or derived from the Company’s observation and analysis while you participate in the Company’s activities.
   3. Information necessary for reporting regulatory agencies such as the Ministry of Labor.
   4. Information collected from you, such as information you provide to us in your application, during a job interview, test, and when you participate in the Company’s activities.
   5. The information you choose to share and disclose through the Company’s online application systems, tools, queries, and other services.
   6. Documents that can be used to identify you, such as a copy of an identification card issued by a government or public agency such as a citizen card, driver's license, passport, house registration, diploma and degree or transcript.
   7. Other information necessary for recruiting and selecting staff or interns, compliance with an internship contract, provision of welfare and benefits, analysis, management, and legal compliance.
   8. If you are an intern, the Company also collects additional data such as:
      1. Information about your parents or guardians such as first name, last name, address, telephone number, and mobile phone number
      2. Bank account for payment of internship allowances
      3. Characteristics and information from the internship program such as behaviors, attitudes, aptitude, skills, leadership, teamwork, emotional intelligence, discipline, and other characteristics including records of your working time to evaluate the internship; and
      4. Other information such as details of your referee
   9. If you are selected to be an employee, the Company will collect additional personal data as set forth in the privacy policy for employees.

3. Special Personal Data (Sensitive data)

   1. The Company may require to collect and process your special personal data for the purposes stated in this privacy policy.
   2. The Company may require to process your special personal data in the following circumstances:
      1. Health information such as weight, height, medical conditions, color blindness, physical examination results, food allergies information, drug allergy data, blood group, doctor's certificate, and medical history for the purposes of labor protection, work capability assessment, and compliance with relevant laws
      2. Biometric data such as fingerprint and face image data in order to identify and confirm your identity to prevent crime and safeguard legitimate interests of us or other persons
      3. Criminal records to consider your suitability with our operations and protect legitimate interests of us or other persons
      4. Religious, philosophy, race, nationality, disability, trade union information, genetic data, and biometric data to provide facilities, activities and welfare that are suitable for you and to make sure that we treat you equally, fairly, and in accordance with human rights principles
      5. Other special personal data for lawful purposes such as when he information is disclosed to the public with your express consent or the processing of the information is necessary for safety and health in the event that you are unable to give consent, to exercise legal claims, and to achieve the objectives of labor protection, social security, and benefits.
   3. If necessary, the Company will process your special category data with your explicit consent or for other purposes as required by law. We will use our best efforts to provide security measures that are appropriate to protect your special category data.
   4. The Company will collect and process your criminal records, which will be collected from the evidence provided by you or you consent us to acquire from a relevant authority. We will impose measures to protect your special category data as required by law.

4. Cookies Technology

   The Company use cookies and similar technology to collect personal data as specified in the Cookies Policy.

5. Consent, Withdrawal and Consequences

   1. In case the Company collects and process your personal data under your consent, you are entitled, at any time, to withdraw the consent given to the Company. Such withdrawal will not affect the validity of the collection, use, disclosure, or processing of your personal data made prior to the previous consent.
   2. In case you withdraw your previous consent or refuse to provide some certain information, it may result in unfulfilled some or all of the purpose stated in this privacy policy.

6. Retention Period

   1. The Company will retain your personal data for a necessary period to meet the purpose unless the law requires longer retention period. In the event that such period is not specified, the Company will retain the data for a customary expected period in accordance with retention standard and prescriptive period under the applicable laws.
   2. The Company has established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of the personal data collection.

7. Disclosure of Personal Data

   1. The Company may disclose and share your personal data with:
      1. Our affiliates or group companies; and
      2. Individuals and other entities which are not the Company’s affiliates ("third parties") for the purpose of collecting and processing personal data where necessary as described in this privacy policy such as government agencies (such as the Ministry of Commerce, the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, court or person involved in the litigation), the service provider involved (e.g. meeting service providers, financial institutions, insurers, agents or brokers of the insurer, securities companies, alliances and business partners, consultants, professional service providers, and other persons who are necessary to perform the purpose of personal data collection and processing as described in this privacy policy.
   2. The Company will require the receiving party who received your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent the unauthorized use or disclosure of your personal data.

8. Export Personal Data Overseas

   1. The Company may send or transfer your personal data to affiliates or other persons in a foreign country where necessary in order to enable the Company to perform obligations in a contract to which you are the counterparty or contract between the Company and third party, pre-contractual request, for safety and health, to comply with applicable law, or to perform a task for the public interest where necessary.
   2. The Company may store your personal data information on a computer, server, or cloud services provided by a third party, and may use third-party programs, applications and platforms in processing personal data. However, the Company will not allow unrelated parties to access into personal data and will require such parties to have appropriate security protection measures.
   3. In the event that your personal data is transferred to a foreign country, the Company will comply with applicable personal data protection law and take appropriate measures to ensure that your personal data is protected and you can exercise your right in accordance with the laws. Moreover, the Company will require those who received the personal data to have appropriate protection measures for your personal data to process such personal data only as necessary and to take steps to prevent unauthorized use or disclosure of your personal data.

9. Security Measures

   1. The security of your personal data is treated as important. The Company has implemented appropriate technical and administrative standards to protect your personal data from the loss, misuse, and unauthorized access use, disclose, or destruction. The Company uses technology and security procedures such as encryption and access restriction to ensure that only authorized people will have access to your personal data, and that they are trained about the importance of protecting personal data.
   2. The Company provides appropriate security measures to prevent the loss, access, use, change, and disclosure of personal data from those who do not have rights or duties related to that personal data. The Company will review the above-mentioned measures when necessary or when the technology changes to ensure that the security measures are effective.

10. Rights of Your Personal Data

    1. You have the rights under the personal data protection law summarized as follows:
       • Withdraw the consent given to the Company
       • Request to access, review, copy your personal data, or disclose the source where the Company obtained your personal data
       • Request to send or transfer personal data that is in an electronic form as required by personal data protection law to other personal data controller
       • Object the collection, use, or disclosure of personal data concerning you
       • Request to delete, destroy, or make personal data as non-personally identifiable (anonymous)
       • Request to suspend the use of personal data
       • Request to amend personal date to be accurate, current, complete, and not cause misunderstanding.
       • Complain to the Personal Data Protection Committee in the event that the Company, the Company’s data processor, employees, or contractors violate or do not comply with the personal data protection laws.

       In this regard, the Company will promptly consider your request and notify the result of the consideration within 30 days from the date of receiving the request in accordance with your personal data rights and the personal data protection law.

    2. You can exercise the rights above by submitting your request via email. (These rights can be exercised when the personal data protection law takes effect on the data controller).

11. Information about Data Controller and Data Protection Officer

    1. The data controller is: Energy Absolute Public Company Limited.

       Address: 89 AIA Capital Center Building, 16th Floor, Ratchadaphisek Road, Dindaeng, Bangkok 10400

    2. The data controller of affiliates or group companies is classified for each company.
    3. If you have a question regarding personal data protection, please contact email address atdpo@energyabsolute.co.th

    Any changes to this privacy policy, the Company will post a revised privacy policy through this website. You should visit this privacy policy from time to time. The new privacy policy will be effective immediately on the date of the announcement.

Energy Absolute Public Company Limited and its affiliates (collectively referred to as the "Company") respect the rights to privacy of our visitors and participants (hereinafter referred to as "You"). To ensure that personal data is protected, the Company has created this privacy policy to inform you the details regarding the collection, use, disclosure, deletion, and destruction (collectively referred to as the "Processing") of personal data in every channels in accordance with the personal data protection law as follows:

1. Purpose of personal data processing

   1. To perform the operation prior to entering into a contract, service, or connecting with the company or comply with contract which you are the party e.g. when you access into the Company for any process.
   2. For the legitimate interests of the Company or a third party such as:
      1. To analyze information for the Company’s development and improvement
      2. For purpose of the building access control including the inside building and internet access. For the interest of security protection, protection and detection of crime, operation of government authorities or other authority which related to legal proceeding.
   3. For preventing and suppressing a danger to your or other person’s life in case of emergency, disease prevention and control.
   4. For compliance with the laws such as complying with the provisions of the law, rules, and orders of the legal authority.
   5. For the performance of a task carried out in the public interest or for the exercising of official authority vested in the Company.
   6. With your consent, the Company will process your personal data according to the purpose for each consent. Please find at the item 4

2. Personal Data to be collected

   1. When you participate in any event of the Company, regardless of whether such event is organized by the Company or the Company’s organizer or an event that the Company participates in organizing the event. The Company will collect personal data when you participate in or entering into the Company’s premises. The personal data that the Company collects are as follows:
      • Information for registration, such as name, surname, age, address, contact number, email address, SMS, online chat, social network data.
      • Photo, audio, and video (recorded in photo and video via conference of the Company's events).
      • Events that you have attended in the past or that have been registered.
      • Details of your payments and transactions in connection with the event.
   2. When you visit the Company’s premisies, the Company will collect personal data by:
      1. CCTV without audio record.
      2. Visitor records:
         • Name, surname, company name, telephone number, email address, ID card information or similar; and
         • If you use a vehicle, the Company may collect information and record the vehicle registration number.
      3. When you use Wi-Fi service of the Company, you must register with your personal data that the Company collects to provide you our Wi-Fi service such as name, surname, telephone number, email address.
   3. The Company may collect and special personal data (sensitive data) as defined by the personal data protection law to fulfill the purpose of this privacy policy such as:
      • ในบางกรณี บริษัทอาจเก็บข้อมูลส่วนบุคคลชนิดพิเศษของท่าน แม้ว่าสินค้าหรือบริการนั้นไม่ได้เกี่ยวข้องกับข้อมูลชนิดพิเศษโดยตรง เช่น บริษัทจำเป็นต้องใช้บัตรประชาชนของท่าน ซึ่งมีข้อมูลศาสนา เพื่อใช้ในการยืนยันตัวตนของท่าน
      • Health information such as food allergy information to carrying out activities.
   4. Where necessary, the Company will process your special personal data only when you consent only or as required by law. The Company will use our best effort and provide adequate security measures to make sure that your special data is protected.

3. Cookies Technology

   The Company use cookies and similar technology to collect personal data as specified in the Cookies Policy.

4. Consent, Withdrawal and Consequences

   1. In case the Company collect and process your personal data under your consent, you are entitled, at any time, to withdraw the consent given to the Company. Such withdrawal will not affect the validity of the collection, use, disclosure, or processing of your personal data made prior to the previous consent.
   2. In case you withdraw your previous consent or refuse to provide some certain information, it may result in unfulfilled some or all of the purpose stated in this privacy policy.

5. Retention Period

   1. The Company will retain your personal data for a necessary period to meet the purpose unless the law requires longer retention period. In the event that such period is not specified, the Company will retain the data for a customary expected period in accordance with retention standard and prescriptive period under the applicable laws.
   2. The Company has established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purpose of the personal data collection.

6. Disclosure of Personal Data

   1. The Company may disclose and share your personal data with:
      1. Our affiliates or group companies; and
      2. Individuals and other entities which are not the Company’s affiliates ("third parties") for the purpose of collecting and processing personal data where necessary as described in this privacy policy such as government agencies (such as the Ministry of Commerce, the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, court or person involved in the litigation), the service provider involved (e.g. meeting service providers, financial institutions, insurers, agents or brokers of the insurer, securities companies, alliances and business partners, consultants, professional service providers, and other persons who are necessary to perform the purpose of personal data collection and processing as described in this privacy policy.
   2. The Company will require the receiving party who received your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent the unauthorized use or disclosure of your personal data.

7. Export Personal Data Overseas

   1. The Company may send or transfer your personal data to affiliates or other persons in a foreign country where necessary in order to enable the Company to perform obligations in a contract to which you are the counterparty or contract between the Company and third party, pre-contractual request, for safety and health, to comply with applicable law, or to perform a task for the public interest where necessary.
   2. The Company may store your personal data information on a computer, server, or cloud services provided by a third party, and may use third-party programs, applications and platforms in processing personal data. However, the Company will not allow unrelated parties to access into personal data and will require such parties to have appropriate security protection measures.
   3. In the event that your personal data is transferred to a foreign country, the Company will comply with applicable personal data protection law and take appropriate measures to ensure that your personal data is protected and you can exercise your right in accordance with the laws. Moreover, the Company will require those who received the personal data to have appropriate protection measures for your personal data to process such personal data only as necessary and to take steps to prevent unauthorized use or disclosure of your personal data.

8. Security Measures

   1. The security of your personal data is treated as important. The Company has implemented appropriate technical and administrative standards to protect your personal data from the loss, misuse, and unauthorized access use, disclose, or destruction. The Company uses technology and security procedures such as encryption and access restriction to ensure that only authorized people will have access to your personal data, and that they are trained about the importance of protecting personal data.
   2. The Company provides appropriate security measures to prevent the loss, access, use, change, and disclosure of personal data from those who do not have rights or duties related to that personal data. The Company will review the above-mentioned measures when necessary or when the technology changes to ensure that the security measures are effective.

9. Rights of Your Personal Data

   1. You have the rights under the personal data protection law summarized as follows:
      • Withdraw the consent given to the Company
      • Request to access, review, copy your personal data, or disclose the source where the Company obtained your personal data
      • Request to send or transfer personal data that is in an electronic form as required by personal data protection law to other personal data controller
      • Object the collection, use, or disclosure of personal data concerning you
      • Request to delete, destroy, or make personal data as non-personally identifiable (anonymous)
      • Request to suspend the use of personal data
      • Request to amend personal date to be accurate, current, complete, and not cause misunderstanding.
      • Complain to the Personal Data Protection Committee in the event that the Company, the Company’s data processor, employees, or contractors violate or do not comply with the personal data protection laws.

      In this regard, the Company will promptly consider your request and notify the result of the consideration within 30 days from the date of receiving the request in accordance with your personal data rights and the personal data protection law.

   2. You can exercise the rights above by submitting your request via email. (These rights can be exercised when the personal data protection law takes effect on the data controller).

10. Information about Data Controller and Data Protection Officer

    1. The data controller is: Energy Absolute Public Company Limited.

       Address: 89 AIA Capital Center Building, 16th Floor, Ratchadaphisek Road, Dindaeng, Bangkok 10400

    2. The data controller of affiliates or group companies is classified for each company.
    3. If you have a question regarding personal data protection, please contact email address at dpo@energyabsolute.co.th

    Any changes to this privacy policy, the Company will post a revised privacy policy through this website. You should visit this privacy policy from time to time. The new privacy policy will be effective immediately on the date of the announcement.