Thai Asia Pacific Brewery Company Limited and/or TAP Trading Company Limited, (the "Company", "TAP","we", "us", or "our") are committed to protecting your personal dataas our business partner. This Business Partner Privacy Notice("Privacy Notice") describes how we collect, use, disclose, and/or transfer personal dataof authorized persons, directors, and other contact persons ("you" or "your") of our business partner, which includes but is not limited to,suppliers, vendors, service providers and customers (the"Business Partner"), and tells you about data protection rights.

Your personal data is collected, used, disclosed, and/or transferred by us because we have an existing or potential business relationship with you or the Business Partner you work for, act for,or represent. For example, the Business Partner which provides products or services to us, or works to gether with us to provide products or services to our customers, or otherwise communicates with us in relation to any business that may involve you.

  1. What Personal Data we collect

    "Personal Data" means any information relating to you, which enables the identification of you, whether directly or indirectly (but excluding data of a deceased person).

    We may collect your Personal Data directly from you, or from the Business Partner that you work for or represent,our affiliates, other Business Partners, publicly available sources or other sources. The specific type of data collected will depend on communication and interaction between you and us, and with in TAP. The following are example of Personal Data that may be collected:

    • Personal Details: such as title, fullname, gender, age, nationality, photograph, work-related information (e.g. position, function, occupation, job title, companyand/or department you work forand etc.), informationon government-issued documents (e.g.national identification card, passport, work permit, house registration and etc.), signature, namecard, CCTV records, vehicle details (e.g.copy of vehicle registration book,license plate number, brand, and color), financial details ( account name and number) and other identifiers.
    • Contact Details: such as phone number, fax number, address, e-mail address, and other similar information.
    • Sensitive Data: such as sensitive data derived from identification documents(e.g.race and religion).
    • Other information collected, used and/or disclosed inconnection with the relationship between us and the Business Partner, such as information you give us in contracts, forms, ors urveys.
  2. How we use your Personal Data

    Depending on the nature of our relationship with you, we collect, use and/or disclose your Personal Data on the legal basis of legitimate interests, entering or performance of contract, legal compliance, consent, or any other basis as permitted by applicable laws, as the case maybe, for the following purposes:

    • Business Partner selection: such as to verify your identity and/or the Business Partner's status; to evaluate your and/or the Business Partner's suitability and qualifications; to issue request for quotation; or to execute contract with you and/or the Business Partner.
    • Business purposes: such as to manage the contractual relationship with the Business Partner; to communicate with you and the Business Partner about products, services, and projects between us; to proceed with or perform the transaction made with you or the Business Partner (e.g. delivery, exchange and return of products, payment processing, invoice, and receipt issuance); or to perform any obligations and/or request made by you or the Business Partner.
    • Relationship management: such asto create a vendor code; to register, maintain and update the lists/directories of the Business Partner; to provide support services and keep tracks and records; to grant you accessto our premises; or to invite the Business Partner to participate in events/activities.
    • Registration and authentication: such as to register, verify, identify, and authenticate your or the Business Partner's identity
    • Complying with reasonable business requirements: including but not limited to internal management, training, survey, service quality, auditing, reporting, submissions or filings, data processing, or other related or similar activities.
    • Security monitoring: such as to monitor access control system, devices, and internet; to ensure security, risk management, fraud prevention and solving crimes, or to record and handling offences and disputes.
    • Compliance with internal policies and applicable laws: including regulations, directives, and regulatory guidelines; to handle tax payment, VAT refund and other fees, as well as liaising and interacting with and responding to government authorities or courts.
    • Marketing: such as to inform you about news and publications which may be useful, including activities, events, offers of new products and services, or surveys.
    • Dispute management: such as to resolve dispute, enforce agreements, establish, exercise, or defend legal claims.

    Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with you or the Business Partner and you fail to provide such data when requested, we may not be able to fulfill the relevant purposes as listed above.

    We will only collect, use, and/or disclose sensitive data on the basis of your explicit consent or where permitted by law.

  3. To whom we may disclose or transfer your Personal Data

    We may have to disclose or transfer your Personal Data to third parties who process Personal Data in accordance with the purposes under this Privacy Notice, which include but are not limited to:

    1. Our affiliates

      We may disclose or allow access to Personal Data by other companies, affiliates and subsidiaries within our group companies, including their staff, employees, directors, managers or personnel for the purposes described in this Privacy Notice

    2. Our service providers

      We may engage other service providers, agents, or contractors to perform services on behalf of or to assist with our business relationship with you. We may share Personal Data including, but not limited to (1) banks and financial institutions; (2) logistics and courier service providers; (3) auditors; (4) telecommunications and communication service providers; (5) outsourced administrative service providers; (6) data storage and cloud service providers; (7) insurance company; (8) travel agencies, and/or (9) IT system service providers and IT support companies.

      In the course of managing our business relationship, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we will ask them not to use your information for any purposes other than those set out in this Privacy Notice and as applicable. We will ensure that all the service providers we work with will keep your Personal Data secure.

    3. Our Business Partners

      We may transfer your Personal Data to our Business Partners in order to conduct our business and provide our services, provided that the receiving Business Partner agrees to treat your Personal Data in a manner consistent with applicable laws and purposes set out in this Privacy Notice.

    4. Third parties permitted by law

      In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.

    5. Professional advisors

      We may disclose your Personal Data to our advisors including, but not limited to, lawyers, auditors and other consultants who assist in running our business and defending or bringing any legal claims.

    6. Assignee of rights and/or obligations

      In the event of a business reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of our business, assets or stocks or any similar transaction, whether in whole or in part, we may disclose your Personal Data to the assignee(s) of our rights and/or obligations. In any case, we will comply with this Privacy Notice to respect your Personal Data.

  4. Internationaltransfers

    When it is necessary to transfer your Personal Data to another country with a level of data protection standards lower than in Thailand, we will ensure an adequate degree of protection is afforded to the transferred Personal Data, or that the transfer is otherwise permitted in accordance with the applicable data protection law.

  5. How long do we keep your Personal Data

    We shall retain your Personal Data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.

  6. Your rights as a data subject

    Subject to applicable laws and exceptions thereof, you may have the rights as set out below. These rights may be limited by applicable laws and we may legitimately and appropriately deny your request in certain circumstances. Likewise, for your own privacy and security, we may require you to prove your identity upon your exercise any of the rights.

    • Access: You may have the right to access or request a copy of your Personal Data, or request that we disclose how we obtained your Personal Data without your consent.
    • Rectification: You may have the right to rectify your Personal Data which is inaccurate, misleading, or not up to date.
    • Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to transmit such data to another data controller.
    • Objection: You may have the right to object to certain processing of your Personal Data.
    • Restriction: You may have the right to restrict our processing of your Personal Data where you believe such data to be inaccurate, our processing to be unlawful or that we no longer need to process such data for a particular purpose.
    • Withdraw Consent: For the purposes you have consented to our processing of your Personal Data, you have the right to withdraw your consent at any time.
    • Deletion: You may have the right to request that we delete, destroy, or anonymize Personal Data that we process about you.
    • Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our processing of your Personal Data is unlawful or noncompliant with applicable data protection law.
  7. Security Measures

    We maintain appropriate security measures for Personal Data, which cover administrative, technical,and physical safeguards in relation to access control to protect the confidentiality, integrity, and availability of Personal Data against any accidental loss or unlawful or unauthorized access, use, alteration, correction,or disclosure of Personal Data, in compliance with the applicable laws.

    We have implemented measures on controlling access and use of devices for storing and processing Personal Data whichare secured and suitable for our collection, use and disclosure of Personal Data. We also have measures on restricting access to Personal Data and the use of storage and processing equipment by imposing users' access rights, users' permission rights to the authorized personnel, and users' duties and responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data, or theft of device used to store and process Personal Data. This includes measures on the re-examination in relation to access, alteration, erasure, or transfer of Personal Data which are in accordance with methods and channels used to collect, use,or disclose Personal Data.

  8. Amendment and Review

    We may review and amend this Privacy Notice from time to timeas our data protection practices change, due to various reasons such as technological changes or changes of the law. The amendments to this Privacy Notice will be effective upon being published by us on our websiteand wemaynotify you through appropriate means.

  9. Contact us

    If you wish to contactus to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Notice, please contact our Data Protection Officer at