Personal Data Protection Center
Personal Data Protection Notice for External Parties
Group 5
Stakeholders
including the Company's directors and former directors, shareholders, investors, analysts, members of the mass media, community leaders, and participants in the Company's CSR activities and other activities
Data Processing
The Company will collect, use, disclose, and/or cross-border transfer the following Personal Data of the stakeholders.
1.1 The Company's directors and former directors
General Personal Data, such as the first name, last name, job position, address, date of birth, telephone number, email address, information on the national identification card or passport, signature, height, weight, photographs, motion images from video recording or closed-circuit television (CCTV), audio recordings from meetings, social media account information (such as the LINE ID), car information (such as the car plate number, brand, model, and color), and other Personal Data you provide to the Company;
Sensitive Personal Data, including religion, blood type, health data (such as chronic diseases, disability information, history of medicine and food allergies, body temperature, and symptoms), for the purpose of disease (including the COVID-19) screening, and biometric data (such as facial recognition data), which the Company has obtained consent from you or as necessary and permitted by laws;
Work-related information, such as job position, workplace, the date of work commencement as a PTTEP director, remuneration information, remuneration deduction, tax payments, and other work-related Personal Data you provide to the Company;
Payment information, such as bank account number and details;
Technical data, such as the username and password used to access the system, IP address, Media Access Control data, log files, cookies data, historical system usage data, website usage data, operating systems and platforms, and other technologies on devices used to access the platform, as well as other Personal Data regarding the use of the Company's system; and
Personal Data of a third party, including the first name, last name, addresses, telephone numbers, information on the national identification cards, ages, securities holding information (if any) of the spouse, child, father, mother and sibling, and other Personal Data of a third party you provide to the Company.
If you provide the Personal Data of a third party as mentioned above to the Company, you must ensure that you are authorized to do so, and are authorized to allow the Company to process such Personal Data under this Notice. You are also responsible to inform the third party of this Notice, and/or obtain consent from such person, if required by law, or rely on other legal basis.
If the Company needs to collect, use, disclose, and/or cross-border transfer your Personal Data to use as the database of your performance of duties as a director, the refusal to provide necessary Personal Data may prevent the Company from performing its obligations or fulfilling your requests, restrict your eligibility for some benefits, affect the Company's or your performance of legal obligations, and prevent the Company from wholly and partially performing the duties or obligations it has with you.
1.2 Other stakeholders, including shareholders, investors, analysts, members of the mass media, community leaders, and participants in the Company's CSR activities and other activities
General Personal Data, such as the first name, last name, job position, address, date of birth, telephone number, email address, photographs, motion images from video recording or closed-circuit television (CCTV), audio recordings from meetings and/or lectures, information on the national identification card or passport, securities holder registration number, signature, first or last name change certificate, social media account information (such as the LINE ID, WhatsApp profile, or Facebook profile), car information (such as the car plate number, brand, model, and color), weight, height, clothing and apparel sizes, and other Personal Data you provide to the Company;
Sensitive Personal Data, including religion, health data (such as chronic diseases, disability information, history of medicine and food allergies, body temperature, and symptoms), for the purpose of disease (including the COVID-19) screening, which the Company has obtained consent from you or as necessary and permitted by laws;
Payment information, such as bank account number and details;
Technical data, such as the username and password used to access the system, IP address, Media Access Control data, log files, cookies data, historical system usage data, website usage data, operating systems and platforms, and other technologies on devices used to access the platform, as well as other Personal Data regarding the use of the Company's system; and
Personal Data of a third party, including the first name, last name, address, and telephone number of the contact person, and other Personal Data of a third party you provide to the Company.
Remarks: In the case that you are asked to provide supporting documents that contain Sensitive Personal Data, such as race and religion, for the purpose of identity verification, and such data are unnecessary for the operation, you may redact your Sensitive Personal Data before delivering these documents to the Company. If the Sensitive Personal Data contained in the documents received by the Company is not redacted, the Company reserves the right to redact it. In this case, no Sensitive Personal Data will be deemed to be collected by the Company from you.
If you provide the Personal Data of a third party as mentioned above to the Company, you must ensure that you are authorized to do so, and are authorized to allow the Company to process such Personal Data under this Notice. You are also responsible to inform the third party of this Notice, and/or obtain consent from such person, if required by law, or rely on other legal basis.
If you are a minor under the age of 10 or a quasi-incompetent person or an incompetent person, the Company will ask your legal guardian or curator to perform acts on your behalf, and to give consent to the Company to perform such acts.
If the Company finds that your Personal Data is collected without legal consent from your guardian or curator, it may have to reject your request and delete your Personal Data, unless it can be other legal basis which is an exception to consent can be relied on.
2. Sources of Personal Data2.1 The Company's directors and former directors
The Company may collect your Personal Data from the following sources.
1) The Company collects the Personal Data provided directly by you in photocopies, photographs, motion images, and electronic data, such as email address, telephone number, LINE ID, and through registration on, or the use of, the Company's information technology systems, and access to, or the use of the Company's websites and applications.
2) Company collects your Personal Data from other sources, such as your secretary, officials of government agencies or state enterprises, and affiliated companies or PTT group companies, or the data is obtained from other third parties or available in the public websites, such as the website of a government agency.
2.2 Other stakeholders, including shareholders, investors, analysts, members of the mass media, community leaders, and participants in the Company's CSR activities and other activities
The Company may collect your Personal Data from the following sources.
3.1 The Company's directors and former directors
The Company collects, uses, discloses, and/or cross-border transfers your Personal Data for the following purposes:
For Sensitive Personal Data, the Company collects, uses, discloses, and/or cross-border transfer your Sensitive Personal Data for the following purposes:
3.2 Other stakeholders, including shareholders, investors, analysts, members of the mass media, community leaders, and participants in the Company's CSR activities and other activities
The Company collects, uses, discloses, and/or cross-border transfer your Personal Data for the following purposes:
For Sensitive Personal Data, the Company collects, uses, discloses, and/or cross-border transfers your Sensitive Personal Data for the following purposes:
4. Legal bases for the collection, use, and disclosure of personal data
The Company generally collects, uses, and discloses your Personal Data on the following legal bases:
Only in the case of the collection, use, and disclosure of your Sensitive Personal Data, the Company relies on the following legal bases:
5. Types of persons or organizations to whom or to which the Company discloses your Personal Data
The Company may disclose your Personal Data (only as necessary) to the following external parties or organizations for the purposes indicated in this Notice, who or which may be located in or outside Thailand.
The Company may share your Personal Data with its affiliated companies, PTT group companies, and partner companies, including but not limited to PTT Public Company Limited, PTT Global LNG Company Limited, Energy Complex Company Limited, and PTT Digital Solutions Company Limited, for the purpose of human resource management at the group level, risk management, information exchanges, and internal audit within group companies.
The Company may disclose your Personal Data to these persons, who may act as the data controller or data processor, such as payroll service providers, banks, mass media, information technology solution providers, cloud solution providers, data or document storage providers, application service providers, facial recognition solution providers, hospitals, space and car parking providers, producers of the Company's advertisements, videos, and publications, organizers, including public relations activity and exhibition organizers, hotels and/or accommodation providers, airlines, survey service providers, and data analysts.
3) Relevant government agencies
The Company may disclose your Personal Data to government officials and government agencies which have the legal authority, or for the purpose of protecting the rights of the Company or third parties, or for your own interests, such as the Stock Exchange of Thailand, the Securities and Exchange Commission, the Office of the National Anti-Corruption Commission, the Ministry of Commerce's Department of Business Development, the State Audit Office, the Comptroller General's Department, the Department of Disease Control, the Royal Thai Police, the Court of Justice, the Revenue Department, the Department of Mineral Fuels, the Department of Consular Affairs, embassies, and the Legal Execution Department.
4) Other external parties or organizations
The Company may disclose your Personal Data to external parties or organization, or allow them to access your Personal Data, such as professional advisors (including legal advisors and external auditors) and external organizations to which the Company would like to carry out public relations for the purposes indicated above.