Personal Data Protection Center

Group 1 
Company's clients

(This  includes only the Personal Data of employees, personnel, officers, representatives, agents, any persons authorized to act on behalf of the juristic persons, directors, and other natural persons acting on behalf of the Company's corporate clients)

Data Processing

The Company will collect, use, disclose, and/or cross-border transfer the following Personal Data of external parties who are the Company's clients:

General Personal Data, such as first name, last name, job position, date of birth, address, telephone/fax number, email address, photographs, motion images from video recording or closed-circuit television (CCTV), audio recordings from meetings, information on the national identification card or passport, household registration documents, signature, social media account information (such as the LINE ID), car information (such as the car plate number, brand, model, and color), and other Personal Data you provide to the Company;

Sensitive Personal Data, including health data for the purpose of disease screening (including the COVID-19) upon your visit or entry into the Company's buildings or operating areas, disability information, which the Company has obtained consent from you or as necessary and permitted by laws;

Payment information, such as bank account number and details; and

Technical data, such as the username and password used to access the system, IP address, Media Access Control data, log files, cookies data, system usage data, website usage data, operating systems and platforms, and other technologies on devices used to access the platform, as well as other Personal Data regarding the use of the Company's system.

Remarks: In the case that you are asked to provide supporting documents that contain sensitive Personal Data, such as race and religion, for the purpose of identity verification, and such data are unnecessary for the operation, you may redact such Sensitive Personal Data before delivering these documents to the Company. If the Sensitive Personal Data contained in the documents received by the Company is not redacted, the Company reserves the right to redact it. In this case, no Sensitive Personal Data will be deemed to be collected by the Company from you.

2. Sources of Personal Data

The Company may collect your Personal Data from the following sources.

2) The Company collects your Personal Data from other sources, such as its clients, partners, business alliances, or the data available in the public websites, or obtained from affiliated companies or PTT group companies, or other third parties.

3. Purposes of the collection, use, disclosure, and/or cross-border transfers of Personal Data

The Company collects, uses, discloses, and/or cross-border transfers your Personal Data for the following purposes:

1) To support internal and external communications that are necessary for the Company's operations;
2) To perform contractual obligations, including payments processes;
3) To manage risks, and exchange information among the Company, affiliated companies, and the PTT Group companies;
4) To establish legal claims, to use as evidence in the initiation and defense of legal claims, and to comply with court orders or orders from government agencies with legal authority as necessary;
5) To make business assessment, improvement, planning, and forecast, including to analyze data for the purpose of improving the Company's products or services;
6) To conduct internal audit in the Company and affiliated companies, and prevent wrongdoing, to investigate complaints or claims in order to prevent fraud or improper behavior, and to prevent wrong or illegal acts; and
7) To maintain security of the buildings or operating areas using closed-circuit television (CCTV) recordings.

For Sensitive Personal Data, the Company collects, uses, discloses, and/or cross-border transfer your Sensitive Personal Data for the following purposes.

1) To screen diseases and assess risks of communicable diseases before visits or entry into the Company's buildings or operating areas, and to evaluate physical readiness to work on offshore production platforms; and
2) To produce reports in compliance with the reporting procedures established by the Company, or as regulators or agencies order as specified by laws.

4. Legal bases for the collection, use, and disclosure of Personal Data
The Company generally collects, uses, discloses, and processes your Personal Data on any of the following legal bases:

1) Where it is for the performance of a contract, or in order to take steps, at your request, prior to entering into an agreement with the Company;
2) Where it is for legitimate interests of the Company or a third party to the extent that these interests do not override the fundamental rights in your Personal Data;
3) Where it is necessary for compliance with a law;
4) Upon your consent obtained by the Company upon written request for your consent to the collection, use, and disclosure of your Personal Data; and/or
5) Other cases permissible by laws.

Only in the case of the collection, use, and disclosure of your Sensitive Personal Data, the Company relies on the following legal bases:

1) Upon explicit consent obtained by the Company from the consent form requesting for your consent to the collection, use, disclosure, and processing of your Personal Data;
2) Where it is for vital interests to prevent or suppress any harm to the life, body, or health of a person;
3) Where it is necessary for the establishment of a legal claim, compliance with, or exercise of a legal claim, or to defend a legal claim; and/or
4) Other cases permissible by laws.

5. Types of persons or organizations to whom or to which the Company discloses your Personal Data

1) Affiliated companies, partners, and PTT group companies
The Company may share your Personal Data with its affiliated companies, PTT group companies, and partner companies, including but not limited to, PTT Public Company Limited, PTT Global LNG Company Limited, Energy Complex Company Limited, and PTT Digital Solutions Company Limited, for the purpose of risk management, information exchanges, and internal audit within group companies.