We recognize the importance of protecting your personal data in order to obtain our products and services. We need to process personal data of service users, so we have the purpose of announcing this privacy policy to notify about our rights and obligations. including various conditions in connection with the collection use and disclosure personal at company will operate for service users As a service user, acknowledge We give confidence to You that all your personal information is the information that we value. We guarantee to protect and process Personal data with the best appropriate security measures. And all your information will be kept confidential. We encourage you to read and understand this privacy policy. To know the purposes for which we have collected, used or disclosed your personal data. as well as the right of the data subject to you with details as follows

1. Scope of application.

Privacy Policy According to the Personal Data Protection Act B.E. 2562, the scope of application covers all personal data processing by us. including any person who know personal information as it relates to our operations Which must comply with this Privacy Policy. and in accordance with the framework prescribed by law For personal data that has been collected before the Personal Data Protection Act B.E. By disclosing and taking actions other than the collection and use of the above personal information, we shall comply with the Personal Data Protection Act B.E. 2562.

2. Definitions

“Personal Data Protection Policy” means The policy we establish to inform data subjects about our processing. and details as defined by the Personal Data Protection Act B.E. 2562.

“personal information” means Information about an individual that makes it possible to identify that individual. either directly or indirectly but does not include the information of the deceased in particular.

/However The following information is not personal information, such as information for business contacts that does not identify an individual, such as the name of the company, the address of the company. Company registration number Work phone number E-mail used for work, such as info@company.co.th, anonymous data or anonymous data that can no longer be identified. by technical means (Pseudonymous Data), deceased person information, etc.

“Sensitive personal information” (Sensitive Data) means personal information about race, ethnicity, political opinions doctrine religion or philosophy sexual behavior Criminal record Health information Disability union information genetic information, biological information or any other information which affects the data subject in the same way as announced/prescribed by the Personal Data Protection Committee, further in this policy If not specifically mentioned, it will be called. “personal information” and “Sensitive Personal Data” relating to the above service users shall be collectively referred to as “personal information”

“processing” means any action with personal data such as collecting, recording, organizing, structuring, keeping, updating, changing, recovering, using, disclosing, forwarding, publishing, transferring, merging, deleting, destroying

Personal Data Owner” (Data Subject) means a natural person who owns personal data.

“Controller of personal data” (Data Controller) means another person or juristic person who has the power Duty to make decisions about the collection, use or disclosure of personal data

“Personal Data Processor” (Data Processor) means a person or juristic person that operates Regarding the collection, use or disclosure of personal data in accordance with the instructions or on behalf of the data controller, the person or juristic person doing so is not the data controller.

“use of cookies” (Cookies) means small computer files. to collect personal information temporarily as necessary into the personal data owner's computer For convenience and speed in accessing the website

3. Personal Information We Collect

  • 3.1 We may collect the following personal information:
    • 3.1.1 Personal information, including title, full name, gender, age, occupation, qualifications, job title, position or status, type of business, nationality, country of residence. date of birth Marital status Information on government-issued cards (e.g. national ID number social security number Passport number 3 Taxpayer identification number Driver's license information or identity documents of the same nature, etc.), household registration, signature, voice, voice recording, picture, photograph, video record, video clip, identity verification information (KYC/e-KYC), immigration details, including date of arrival. Arrival and Departure verification information bankrupt Household income Salary Personal income and other personal information that you have given to us, etc.
    • 3.1.2 Contact details, including address, delivery details. billing details billing address phone number mobile phone number Fax number, work phone number, email address, LINE account name (LINE ID), Facebook account name (Facebook ID), Google account (Google ID), Twitter account (Twitter ID), and social media website accounts. Other
    • 3.1.3 Financial information, including credit/debit card information or bank information, credit/debit card number, type of credit card. Card issuance date/expiry date Billing cycle Account details details and payment history Your information relating to the risk profile for business partners Rating Credit Rating and Solvency, Information in Accordance with the Declaration of Suitability, and Other Financial Information
    • 3.1.4 Marketing and communications information, such as your preference to receive information. marketing from business partner or other companies and the desired form of communication, a list of items of interest Save notifications about product or service promotions. and other marketing information and communications. including website usage data product platform and services of employees Q&A record
    • 3.1.5 Profile details such as username and password, profile, spending, details about products or services (order history Past purchases Purchase history Customer order cancellation Orders through the website Order ID) Financial record Personally Identifiable Number (PIN) Information about your interests, preferences, responses and survey results. Satisfaction Survey use of social media Activity participation details Use of discount and promotional codes for customers Customer order details customer service, etc.
  • 3.2 We do not have a policy to collect Sensitive Data from you. We will obtain your explicit consent before proceeding with the collection of such personal data. or unless there is a legal reason to collect Such data can be collected without consent.
  • 3.3 You agree not to submit any information. that is inaccurate and/or misleading to us and you agree to notify us of any inaccuracies or changes in that information We reserve the right to request delivery of any additional documents. to verify the information you have provided to us as we see fit
  • 3.4 If you have provided us with personal data of third parties (e.g. property owners, beneficiary emergency contact reference person and referrer) such as name, surname, address, telephone number Family income and other personal and contact information for emergency contact. Fill out an application or complete your 4 transactions with us. You certify that such information is legal information. Please notify those people of This Personal Data Protection Policy and/or obtain their consent.

4. Collection of personal information of minors. incompetent person incompetent quasi

We collect information about minors. incompetent quasi Incompetent person only with the consent of Only a parent who has authority to act on behalf of a minor, guardian or guardian. We do not collect information from customers who we expressly know are under twenty years of age. or from quasi-incompetent and incompetent people Ability without consent From the parent who has the authority to act on behalf of the minor, guardian or guardian in case consent is required. In case we know We collect personal information without intention from any person under twenty years old incompetent quasi or an incompetent person without Consent from the parent who has the authority to act on behalf of the minor, guardian or guardian We will delete the data. immediately or only processing the data we can do on other legal bases In addition to obtaining consent

5. Sources of Personal Data We Collect

We collect or acquire different types of personal data. from the following sources

  • 5.1 Collecting personal information directly from you Personal information that we collect from personal information owners directly in various service channels such as
    • (1) when you access and/or use our services or platforms; or register for an account with us
    • (2) When you submit the form including but not limited to Application form or other form Related with our products and services Either online or in hard copy
    • (3) When you enter into any agreement or provide any other documents or information related to your contact with us. or when you use our products and services
    • (4) When you communicate with us, for example by telephone. (which will be recorded), letters, faxes, face-to-face meetings, social media platforms and e-mail address including when you interact with customer service agents.
    • (5) When you use electronic services or contact us through our platform, website, application or service, including but not limited to through cookies. which we may apply when you use or access the Application or Website
    • (6) When you have given permission through your device. to disclose any information to our application or platform
    • (7) When you link your account through our Platform to your social media account or other user account. Or use other social media features (Social Media Features) under the service policy of the feature provider.
    • (8) When You Transact Through Our Service
    • (9) When you give us comments or complaints
    • (10) Information we collect from personal data subjects accessing the website Other products or services according to the contract or according to the mission, such as tracking the behavior of website users our products or services by using cookies or from software on the device of the personal data subject, etc.
    • (11) When you submit your personal data to us for any reason, etc.
  • 5.2 Collection of personal data from other sources
    • 5.2.1 Collecting personal information from other sources, such as public information and/or parent companies and affiliates (such as obtaining information from service providers we hire to collect personal information on our behalf). our business entities to which we provide services (including websites and social network usernames of such agencies) Official data sources Government agencies that have reliable databases about individuals Government agencies (such as the Bank of Thailand, the Revenue Department, the Anti-Money Laundering Office, the Office of the Securities and Exchange Commission Insurance, Department of Legal Execution, Ministry of Commerce, Office of the Securities and Exchange Commission, Department of Lands, courts) and from any other third parties (such as referrals, your representative, dealer or any other person authorized by you)
    • 5.2.2 Our Platform uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, which are text files stored on your computer, to: Help web platforms analyze how users use them. Information generated by cookies about your use of the web platform. The information (including your IP address) will be transmitted to and stored on servers by Google in the United States. Google will use this information to evaluate your use of the web platform. Gather reports on the activities that occur on the web platform. for web platform providers and provide other services relating to the activities of the web platform and use of Google may also transfer this information to third parties where required by law, or when such third parties process the information on Google's behalf, will not associate your IP address with any other information held by Google.

6. Data quality.

We collect your personal information. To be used for the benefit of operating according to our objectives and mission between you and us. The information that has been collected. We have taken into account the accuracy, completeness and up-to-date information.

7. Purpose of processing personal data

The Company uses methods to collect, use, disclose personal information through lawful and fair means, by storing personal information as necessary. for use in contacting the service public relations or provide news information Including a survey of the opinions of the owners of personal data on the business or activities of the company. under the objectives of the Company's operation only or as required by law If there is a change in purpose Will notify the owner of the personal information and save it as evidence. Including complying with personal data protection laws.

8. Processing of personal data.

We will process your personal data. It will be done with objectives, scope and methods. Legitimate, transparent and fair under the processing base. as follows

  • 8.1 Collection of personal data
    Collection of Personal Information to be able to do so under the objectives and only as necessary according to the framework, purpose or for the benefit directly related to the purpose of collection with notice The owner of the personal data knows before or at the time of collecting the personal data. to the following details:
    • (1) Purpose of Collection
    • (2) Personal Data Collected
    • (3) In the event that the subject of personal data must provide personal data to comply with a law or contract or to enter into a contract It must inform the possible consequences of not providing the personal data to the personal data subject.
    • (4) Categories of persons or entities to whom personal data collected may be disclosed
    • (5) Rights of Personal Data Subject
  • 8.2 Use of personal data
    We will only use personal information in the event that we consider it to be of interest to you. conducting our business In order for you to receive good service from our business operations, we will use personal information in accordance with various laws and regulations. related or to improve the service to be more efficient Including according to the objectives Notify you according to this Privacy Policy. to develop security standards Information on risk management Detects and prevents activities that are likely to violate the law Terms of use at related or agreement Terms of use of our website or application Including to contact you via telephone, text message (SMS), e-mail or post or through any means to inquire or notify you or verify and confirm information. or poll or notify any other information related to our products and services as necessary.
  • 8.3 Disclosure of personal information
    • 8.3.1 We will disclose your personal information to third parties. for the benefit of adding Efficiency of providing services in various fields to you or providing any other facilities to you correctly and continuously so that you can successfully complete the transactions you wish. and maximize benefits By disclosing personal information according to the objectives or it is necessary for the benefit that is directly related to the objectives of collection And must obtain the consent of the owner of the information provided before or at that time. except in the following cases Consent is not required.
      • (1) For the purpose of planning or statistical or various census. of government agencies
      • (2) to prevent or suppress life-threatening a person's body or health
      • (3) is legally publicly available information
      • (4) For the benefit of investigations by law enforcement officials or in the adjudication of court cases
      • (5) is required by law. or by court order
    • 8.3.2 We may disclose your personal information to third parties. regardless of being a juristic person or individual To the extent necessary for the purposes set out in this Privacy Policy, which may include
      • (1) Affiliates, partners, business partners, subsidiaries and/or external service providers to provide benefits and other services. of our data subjects Including the development, improvement of our products or services, such as data analysis. data processing credit card processing; information technology services and related infrastructure arrangements; development of customer service platforms; Email/SMS sending website development Mobile application development and reinsurance. Satisfaction surveys and research. Customer relationship management with contracts Keep personal information confidential In the case of a juristic person, there must be standards for the protection of personal data that are available. The standard is acceptable.
      • (2) Government agencies, governments or other legal entities. To comply with the law, order, request, to coordinate with other agencies on matters related to legal compliance.

In this regard, we will require the recipient of the information to take appropriate measures to protect your information and process it. Such personal data only as necessary. and take steps to prevent the use or disclosure of personal information by without unlawful authority

Clause 9. Restrictions on the use and/or disclosure of personal information.

  • 9.1 We will use and disclose your personal information. According to your consent, it must be used according to Purpose of collection, storage of our information only. We will supervise the staff. officer or Our operators do not use and/or disclose Your personal information is in addition to the purpose for which it is collected. collect personal information or disclose it to third parties unless
    • 9.1.1 Compliance with laws such as the Personal Data Protection Act. Electronic Transactions Act Telecommunications Business Act Anti-Money Laundering Act Civil and Criminal Code code of law consider civil and criminal matters, etc.
    • 9.1.2 It is for the benefit of investigation by investigators. or the adjudication of court cases
    • 9.1.3 For your benefit and consent cannot be obtained at that time.
    • 9.1.4 It is necessary for our legitimate interests. or of individuals or juristic persons other than us
    • 9.1.5 It is necessary to prevent or suppress a danger to a person's life, body or health.
    • 9.1.6 It is necessary for the performance of a contract to which the personal data subject is a party or for Used to process the request of the data subject before entering into that contract.
    • 9.1.7 To achieve the objectives related to the preparation of historical documents or archives for the public benefit. or for education, research, statistical preparation which has provided appropriate preventive measures.
  • 9.2 We may use information services of third party service providers to process personal data storage, which service providers must have security measures. By prohibiting the collection, use or disclosure of personal information other than those specified by us.

10. Services provided by third parties or subservices.

We may assign or procure third parties. (Personal Data Processor) to process personal data on our behalf or on our behalf. Such third parties may offer services in various ways such as hosting, subcontracting. (Outsourcing) or as a cloud service provider (Cloud Services Provider) or as a job in the form of outsourcing in other forms In entrusting a third party to process personal data as a personal data processor, we will provide an agreement stipulating our rights and obligations as a data controller of personal data and that of the individuals. We designate you as a personal data processor. This includes detailing the types of personal data we hold. assigned to process including objectives Scope of processing of personal data and other agreements Related where the personal data processor is obligated to process personal data to the extent specified in the agreement and on our instructions only without being able to process it for other purposes Where a personal data processor has assigned a subprocessor (subprocessor) to process personal data on behalf or on behalf of the personal data processor as follows: Personal Data provides a documented agreement between Personal Data Processors and Subprocessors in a format and standard that is not inferior to the agreement between us and the Personal Data Processor.

11. Sending or transferring personal data abroad.

It may be necessary for us to send or transfer your personal information to our affiliates or other third parties overseas, or to other recipients as part of our normal business operations, such as sending or Transfer 9 personal data to be stored on Server/Cloud in different countries. where it is necessary for the performance of a contract to which you are a contracting party or for the performance of a contract between us and another person or entity for your benefit or for To take action at your request before entering into a contract or to prevent or suppress a danger to your life, body or health or to others. to comply with the law or it is necessary to perform a mission for the benefit important public

In cases where the destination country has insufficient standards regarding personal data protection We will take care of the transmission or transfer of personal data in accordance with the law. and will implement measures to protect personal data Persons deemed necessary and appropriate to comply with confidentiality standards, such as having a confidentiality agreement with Recipients in such countries or in the event that recipients are affiliated companies/businesses We may choose to use How to implement a policy Protection of personal information that has been audited and certified by the authority in accordance with relevant laws and will proceed to send or transfer personal information to affiliated companies / same business Overseas address may be subject to such personal data protection policy in lieu of processing as required by law.

12. Retention and retention period of personal data.

We will retain your personal data for as long as necessary while you are a customer or continue to use our services, or as long as may be necessary to fulfill the relevant purposes in this policy. Must continue to be preserved after that if required or permitted by law, such as stored according to the law with the prevention and suppression of money laundering Keep it for the purpose of verifying in case of a possible dispute within the statute of limitations specified by law for a period of not more than 10 years.

We will delete or destroy personal information. or make it anonymous to you when it is no longer needed or at the end of that period.

13. Security measures for personal data.

The security of your personal information is important to us and we have put in place security measures. Appropriate technical and administrative security measures are in place to protect personal data from loss. access to Unauthorized Use or Disclosure misuse alteration and destruction using Security technologies and procedures such as encryption and access restrictions to ensure that Only authorized persons have access to your personal information and these persons have been trained on the importance of protection of personal information We put in place appropriate security measures. To prevent loss, access, use, change, correction, disclosure of personal data from those who do not have rights or obligations related to that personal data. and will arrange to review such measures when necessary or As technology changes to provide optimum security performance.

We will not be liable for any damages. arising from the use or disclosure Personal data to third parties Including neglecting or ignoring logging out of the system (Log out) that the data owner can access by the action of the data subject or other persons with the permission of the data subject

14. Rights of data subjects.

You have the right (1) the right to revoke your consent for the Company to process your personal data (2) the right to access and receive a copy of the personal data that the company has collected, used and disclosed (3) the right to request for portability Your privacy (4) Right to object Processing of your personal data (5) The right to request erasure, destruction or anonymization of your personal data (6) The right to suspend the use of your personal data (7) Rights (8) the right to make a complaint in the event that you believe that The rights of the Company or its officers or representatives have been infringed under Personal Data Protection Act B.E. 2562. Any request for the exercise of your rights as mentioned above must be done in writing and the Company will use its best efforts to do so within a reasonable time. and not exceeding the period specified by law The Company will comply with legal requirements relating to your rights as a data subject. Exercising your rights under clause

  • 14.1 may be restricted under applicable law. and there are some cases where it is necessary to We may refuse or be unable to process your request to exercise any of the above rights, for example to comply with a law or a court order in the public interest. Exercising rights may infringe on the rights or freedoms of other persons, for example. We will also inform you of the reason for the refusal. The company reserves the right to charge any fees. relevant and necessary for data processing personal as you request

15. Use of Cookies

“Cookie” (Cookies) is information that we send to a computer or device through a web browser of the owner of the personal data. In the event that the owner of the personal information accesses the website or our other online channels and install such information. in the system of the owner of the personal data If cookies are used, our website will be able to record or remember the data of the personal data subject until the data subject leaves the web browser or until the data subject deletes the cookie. is broken Or do not allow that cookie to function anymore.

The use of cookies will make the personal data subject more comfortable to use the service through our website because cookies will help remember the websites that the personal data subject has visited or visited. from you in using the information that cookies have recorded or collected for use in the event as follows

  • (1) for statistical analysis of website usage or in our other activities
  • (2) To develop the website, content and other content within the website to meet the needs of users

We will use cookies to improve or optimize the website. Will be collected upon the consent of the visitor to the Company's website. And does not store marketing information, tracking the interests of website visitors. for any marketing per website visitor

Clause 16. Changes to the Personal Data Protection Policy.

We will review the Personal Data Protection Policy on a regular basis to ensure compliance with the guidelines, practices and relevant laws and regulations. We will inform you of Any significant changes to this privacy policy together with the revised version of the Policy through appropriate channels. We encourage you to review the Policy for changes. periodically.

17. Right to link to third party websites.

In using the service of our website. There may be links to other social networks, platforms and websites operated by third parties. We endeavor to only link to websites that meet privacy standards. However, we cannot be held responsible for their content or standards. Protection of personal information of other websites unless otherwise specified any personal data you Any contributions to third party websites are collected by such parties and are subject to notices/policies. regarding the protection of such third party's personal information (if any). We cannot control and cannot be held responsible for the use of your personal information by such third parties.

18. Governing Law.

You acknowledge and agree to this Privacy Policy. It is governed by and construed in accordance with the laws of Thailand. and the courts of Thailand have jurisdiction over any disputes that may arise.

19. Compliance with the Personal Data Protection Policy and contact channels.

If you have any questions or suggestions about the privacy protection policy or its practices, According to this Personal Data Protection Policy We are happy to answer any questions. and listen to your suggestions You can contact the company at admin@index.co.th or at the address below

Index International Group Public Company Limited 1/814 Moo 17, Soi Amphon, Khu Khot Sub-district, Lam Luk Ka District, Pathum Thani Province 12130 Telephone number : 02-532-3623-33

Announced on November 1, 2022