Privacy Notice - Customer

Eventthai Company Limited

Event Thai Company Limited (“Company”) recognizes theimportance and responsibilities under the Personal DataProtection Act 2019 (2562 B.E by giving utmost importance torespecting your privacy rights. The company is dedicated to safeguarding your personal data to ensure its security and compliance with data protection law and other related regulations.

The Company has prepared this Privacy Notice to inform you of details related to the collection, use, or disclosure of personal data (referred to as "processing"), including your legal rights as the owner of personal data. The details are as follows.

Clause 1. Definition

1.1 “Application” refers to the EventPass Application, created by the Company to provide customers with information about events, promotions, and interestingtourist destinations. It allows users to register for events or various tourist locations, purchase tickets for tourist destinations, and participate in various activities at events.

1.2 “Customer” are individuals targeted for the sale of the Company's products or services. This term encompasses participants in the company's campaigns or marketing activities, individuals interested in the company'sproducts or services through various channels, and usersof the company's online and electronic media, includingindividuals legally authorized to act on behalf of customers as per applicable law, such as legal guardians for minors or caretakers for individuals with disabilities.

1.3 “Personal Data” refers to:

1.3.1 Personal Data means data related to an individual that directly or indirectly identifies that person. This includes but is not limited to data such as name, surname, telephone number, email, gender, address, location information, interests in promotions and events, purchase history, and participation history in event activities.

1.3.2 Sensitive Datameans "Sensitive Data" meanspersonal data related to race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disabilities, laborunion membership, genetic information, biometric data, or any other data that impacts the individual in a similarmanner, as specified by the Data Protection Committee'sregulations. The Company handles sensitive data with special caution and will only process it with explicit consent from customers or as required by applicable law. Throughout this privacy notice, unless specifically defined, the terms "Personal Data" and "Sensitive Data" regarding the service users mentioned above are collectively referred to as "Personal Data" .

Clause 2. Applicability of this Privacy Notice

This Privacy Notice applies exclusively to your personal data registered for the use of the Company's application.

Clause 3. Personal Data Collected by the Company

The Company collects personal data only to the extent necessary for the purposes outlined in Clause 5, which includes the following information: name, surname, phone number, email, gender, address, location data, interests related to promotions and events, purchase history, and participation history in event activities.

Clause 4. Sources of Personal Data

The Company collects customer personal data through various registration channels, primarily via the Company's application, irrespective of the method of access, whether through a mobile phone application or a website.

Clause 5. Purposes of Data Collection, Use, and Disclosure of Personal Data

The Company collects, uses, or discloses personal data with the following objectives:

5.1 Contractual Obligations:

- To send notifications, order confirmations, and communication to you.

- To verify your identity and protect against spam, unauthorized activities, or violations of the law.

- To customize the information, we may send or display to you, make recommendations, customize your location settings, send notifications and alerts, process your orders, and provide customer support while using the service.

5.2 Consent:

The Company will seek your consent in cases where it is required by law or when the Company has no legitimate grounds to process personal data. The purposes include:

- Marketing to target groups, advertising to target groups, improving and modernizing services according to your preferences, and making promotions based on your communication preferences.

5.3 Legitimate Interests:

- To better understand how you access and use the Company's services, both collectively and individually, in order to improve the Company's services, meet customer demands, enhance customer satisfaction, and pursue purposes related to research and analysis concerning the use of the Company's application.

Clause 6. Disclosure of Customer Personal Data

To fulfill the purposes as specified in this Privacy Notice, your personal data may be disclosed or transmitted to various units within the Company and individuals or external units as follows:

6.1 Within the Company:

Your personal data may be disclosed or transmitted to units within the Company that are relevant and have a role in accordance with necessity and appropriateness. These individuals or teams within the Company will be authorized to access customer personal data, based on their responsibilities and roles, including but not limited to:

- Sales personnel or other relevant personnel.

- Company executives or those directly in charge of the Company's management or decision-making

- Various support teams such as Information Technology,Administrative, Accounting, Procurement, Finance, and more. Access to personal data is granted as per necessity and suitability.

6.2 Outside the Company:

Your personal data may be disclosed or transferred to external organizations, including but not limited to:

(1) Business partners of the company, such as event organizers who use the company's applications, sponsors, and participating stores in company events.

(2) Individuals associated with the company's service provision, such as providers of computer data storage, servers, or cloud services, communication service providers, event organizers, and various other service providers.

(3) Websites and various online social media platforms such as Facebook, Google, or Instagram.

(4) External individuals as required by law, including compliance with law enforcement agencies, courts, regulatory authorities, government agencies, or other external individuals, as the company deems necessary for legal compliance or to protect the company's rights, the rights of other individuals, or for personal safety, to investigate, prevent, or manage fraudulent activities, or in matters related to security or safety.

(5) Professional consultants from various fields, such as legal advisors, accountants, and other business-related consultants, or for litigation and legal claims.

(6) External individuals in the capacity of rights transfer and/or responsibilities, in cases of organizational restructuring, business consolidation, or business transfers, whether partially or entirely. Recipients of rights and/or responsibilities from the company will comply with this privacy notice to respect your personal data.

(7) Other external individuals under a legal basis, as specified in this privacy notice. The company stipulates that data recipients must have appropriate data protection measures in place and process personal data only to the extent necessary. They will act to prevent unauthorized use or disclosure by other individuals.

Clause 7. Data Retention and Retention Period for Customer Personal Data

7.1 The Company will retain your personal data for as long as necessary, considering necessity and the purposes for which the Company is required to collect, use, and process it, including compliance with applicable legal requirements.

7.2 The Company will periodically review and take action to delete or anonymize personal data to a point where the data is no longer identifiable or relevant or exceeds the necessity for the specified purposes for data collection, or when the Company is required to do so by customer requests.

Clause 8. Data Owner's Rights

8.1 You have the following rights :

(1) Right to Withdraw Consent:

If you have provided consent for the Company to collect, use, and/or disclose your personal data, you have the right to withdraw your consent at any time during the period when your customer personal data is with the Company, unless legal limitations exist, or there is a contractual benefit to you. Please note that withdrawing your consent may impact your use of products and/or services, including potential loss of benefits, promotions, new offers, better product or service matching your needs, or useful information.

(2) Right to Access Personal Data:

You have the right to access your personal data and request the Company to provide a copy of such personal data. You also have the right to request the Company to disclose how your personal data is obtained, held, and used. The Company may deny your request for access or provision of a copy if doing so may impact the rights and freedoms of other individuals or if the Company is required to comply with legal or court orders that prohibits such disclosure.

(3) Right to Data Portability:

You have the right to request the data in a structured, commonly used, and machine-readable format when the Company processes your personal data by automated means. You also have the right to request the Company to transfer or transmit this data directly to another data controller where technically feasible. This applies to personal data that you have provided consent to collect, use, and disclose for the purposes of using the Company's products and/or services or for processing your requests before using the Company's products and/or services or to other personal data as required by law.

Please note that the personal data mentioned above must be the data that you have consented to the Company for collection, use, and disclosure, or the data that is necessary for you to use the Company's products and/or services in accordance with the agreement between you and the Company, or other personal data as authorized by applicable law.

(4) Right to Object to Data Processing:

You have the right to object to the collection, use, and/or disclosure of your personal data at any time. If the collection, use, and/or disclosure of your personal data is carried out for essential business purposes under the legal framework of the Company or other individuals or legal entities, and does not exceed what you can reasonably anticipate, or for tasks related to public interest, you have the right to object. If you object, the Company will continue to collect, use, and/or disclose your personal data only where the Company can demonstrate compelling legitimate grounds under the law that outweigh your fundamental rights or in order to assert, exercise, or defend legal claims as the case may be.

You also have the right to object to the collection, use, and/or disclosure of your personal data when it is processed for marketing purposes or for scientific research, history, or statistics.

(5) Right to Erase Personal Data:

You have the right to request the deletion or destruction of your customer personal data or to make the personal data non-identifiable if you believe your customer personal data is collected, used, and/or disclosed unlawfully or you believe that the Company no longer has a need to retain it for the purposes related to this Privacy Notice, or when you have exercised your right to withdraw consent or object as stated above, except where the Company must comply with legal obligations, or to exercise rights as mandated by the relevant data protection law.

(6) Right to Suspend Data Usage:

You have the right to request a temporary suspension of the use of personal data in cases where the Company is reviewing your request to exercise your right to rectify your personal data or your objection, or other cases where it is no longer necessary, and you have requested a suspension.

(7) Right to Rectify Personal Data:

You have the right to request the Company to correct your personal data to be accurate, up-to-date, complete, and not misleading.

(8) Right to File Complaints:

You have the right to file complaints with the relevant authorities if you believe that the collection, use, and/or disclosure of your personal data is contrary to or does not comply with the relevant data protection law.In cases where customers are concerned or have questions about the Company's practices related to customer personal data, please contact the Company using the contact details provided in Clause 11 of this Privacy Notice.

In cases where the Company is believed to have violated the data protection law, customers have the right to file a complaint with the committee of experts appointed by the Personal Data Protection Committee in accordance with the regulations and procedures prescribed by personal data protection law, when the Company receives such a request as mentioned above, the Company will process it within the timeframe stipulated by law. However, the Company reserves the right to refuse or not act on the requests stated above if the Company is required to comply with the law or to protect the rights or freedom of others.

8.2 The company has the sole and absolute right to accept or reject customer requests.The use of customer rights under section 8.1 may be subject to relevant law and, in some cases, there may be compelling reasons why the company may refuse or be unable to comply with the above customer rights, such as compliance with the law or court orders, for the public interest, to protect the rights or freedoms of other individuals, and so on. If the company refuses such requests, it will provide the reasons for the rejection of the customer.

Clause 9. Personal Data Security Measures

The Company has established measures to ensure the constantand up-to-date security of the Company's personal data. These measures are designed to maintain the appropriate level of security for personal data, protect the confidentiality, integrity, availability, and processing readiness of personal data, and safeguard against loss, unauthorized access, use, alteration, correction, or disclosure of personal data without authorization. The Company will apply various security measures to all types of personal data processing, whether electronic or document-based.

Clause 10. Changes to Customer Privacy Notice

The Company will regularly review the Customer Privacy Notice to ensure compliance with best practices and relevant regulations. If any changes are made to the Customer Privacy Notice, the Company will inform you of significant amendments along with the updated Privacy Notice through appropriate channels. The Company recommends that you periodically review this Privacy Notice for updates.

Clause 11. Contact Information

If you believe that the processing of customer personal data is not in accordance with the Personal Data Protection Act of 2019, you have the right to lodge a complaint with the Company's data protection officer. The contact details are as follows:

Contact Information :Eventthai Company Limited, No. 47/313 Kai TakBuilding, 5th Floor, Popular Road, Pak Kret District, Nonthaburi 1112

Clause 12. Applicable Law

This Privacy Statement is subject to the enforcement and interpretation of Thai law, and Thai courts have jurisdiction to adjudicate any disputes that may arise.

Before expressing your intent, you have read this Privacy Statement entirely and consent or refuse to consent to the terms in this document voluntarily, free from coercion. You are aware that you can withdraw this consent at any time unless there are legal restrictions or contractual obligations between you and the company.

Furthermore, you acknowledge that withdrawing such consent does not affect the processing of personal data that has alreadybeen completed.