PRIVACY POLICY

CLUB 21 ( Thailand) Co., LTD. (the “Company,” “we,” “us,” or “our”) recognizes the importance of the protection of personal data for you of our products and services. We know you care how information about you is collected, used, disclosed, and transferred outside of Thailand. The information you share with us allows us to provide the products and services you need and want appropriately tailored for you, not only from us, but also those within CLUB 21 ( Thailand) Group’s data ecosystem. We appreciate your trust that we will carefully and sensibly handle your personal data while giving you the very best personalized experience and customer services.
This privacy policy (this “Privacy Policy”) applies to our retail stores, websites, mobile applications, call center, social networking sites, online communication channels, and other locations where we collect your personal data. However, please read this Privacy Policy in conjunction with the terms and conditions of particular service that you use.
For the purpose of this Privacy Policy, “Personal Data” means “any information relating to an identified or identifiable natural person as listed below”.
We reserve the right to modify this Privacy Policy from time to time, so please review it frequently to see when this Privacy Policy was last revised. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website or application. We will provide additional notice of significant updates. In case any modification deprives your rights of sensitive data in relation to this Privacy Policy, the Company will first obtain your consent, except as otherwise permitted by law.

1. What Personal Data we collect

We may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through companies in CLUB 21 ( Thailand) Group, our affiliates, subsidiaries, business partners or other companies. The specific type of Personal Data collected will depend on the context of your interactions with us, and the services or products you need or want from us and within CLUB 21 ( Thailand) Group.

1.1. Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, nationality, country of residence, date of birth, marital status, number of family members and children, ages of children, information on government-issued cards (e.g., national identification number, social security number, passport number, tax identification number, driver’s license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, facial features for recognition, CCTV records, work place, education, insurance details, license plate details, house registration, household income, salary and personal income, any other personal details you provided to us;
1.7. Behaviour details, such as information about your purchasing behavior and data supplied through the use of our products and services;
1.10. Marketing and communication details, such as your preference in receiving marketing from us, companies in CLUB 21 ( Thailand) Group, affiliates, subsidiaries, business partners or other companies, your communication preferences, and any other marketing and communication details; and/or

2. Why we collect, use or disclose your Personal Data
2.1. The purpose for which your consent would be required
Marketing and Communications: We collect, use and disclose your Personal Data to provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, CLUB 21 ( Thailand) Group, affiliates, subsidiaries and business partners which we cannot rely on other legal bases.
2.2. The purposes we may rely on and other legal grounds for processing your Personal Data We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of the legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or

suppressing a danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.
We may collect, use and disclose your Personal Data for the following purposes
1) To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete and manage bookings and to carry out financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process your orders, delivery, and collections and returns; refund and exchange of products or services; to provide updates and on the delivery of the products, and to perform warehouse internal activities, including picking, packing, and labelling of packages; to verify warranty period; to provide aftersales services, including maintenance and facility reservation;

2) Marketing and Communications: To provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, CLUB 21 ( Thailand) Group, affiliates, subsidiaries and business partners.

3) Registration and Authentication: To register, verify, identify and authenticate you or your identity; 4) To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, CLUB 21 ( Thailand) Group, affiliates, subsidiaries and business partners; to handle customer service-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services;

5) Personalization, profiling and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, market research, surveys, assessments, behaviour, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. For this purpose, we will collect, use and disclose your Personal Data for your interest and benefit and for legitimate interest and businesses of CLUB 21 ( Thailand) Group, affiliates, subsidiaries and our business partners where such interests and businesses are not overridden by your fundamental rights to personal data. We will request your consent where consent is required from time to time;

6) To improve business operations, products, and services: To evaluate, develop, manage, and improve, research and develop the services, products, system, and business operations for you and all of our customers, CLUB 21 ( Thailand) Group, affiliates, subsidiaries and business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, and marketing campaigns;

7) Functioning of the sites and platform: To administer, operate, track, monitor, and manage the sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the sites and platform; improve layout, and content of the sites and platform;

8) IT Management: For business management purpose including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
9) Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide and handle VAT refund service; issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;

10) Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;

3. To whom we may disclose or transfer your Personal Data

We may disclose or transfer your Personal Data to the following third parties who collect, use and disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy policies to learn more details on how they collect, use and disclose your personal data as you could also be subject to their privacy policies.

3.1. Our service providers

We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) infrastructure, internet, infrastructure technical, software, website developer and IT service providers; (2) warehouse and logistic service providers; (3) payment service providers; (4) research agencies; (5) analytics service providers; (6) survey agencies; (7) auditors; (8) marketing, advertising media, and communications agencies; (9) call center; (10) campaign and event organizers; (11) sale representative agencies; (12) telecommunications and communication service providers; ; (13) outsourced administrative service providers; (14) data storage and cloud service providers; (15) verifying and data checking (Netbay and Department of Provincial Administration) service providers; (16) dispatchers; and/or (17) printing service providers.

In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. 3.2. Third parties required by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.
3.3. Professional advisors
This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.

4. How long do we keep your Personal Data

We retain your Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.

5. Security of your Personal Data

The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavours to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of personal data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.

6. Cookies and How they are used

If you visit our websites, we will gather certain information automatically from you by using cookies. Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends,

administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise the site is unable to function properly. Other Cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient: they remember your username in a secure way, as well as your language preferences.

Most Internet browsers allow you to control whether or not to accept cookies. If you reject, remove or block Cookies can affect your user experience and without cookies, your ability to use some or all of the features or areas of our websites may be limited.
In addition, some third parties may issue Cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the Personal Data you previously submitted on our website.

7. Your rights as a data subject

Subject to applicable laws and exceptions thereof, you may have the following rights to:
1) Access: You may have the right to access or request a copy of the Personal Data we are collecting, using or disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
2) Rectification: You may have the right to have incomplete, inaccurate, misleading, or or not up-to- date Personal Data that we collect, use or disclose about you rectified.
3) Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.
4) Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.
5) Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
6) Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.
7) Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
8) Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.

8. Our Contact Details

If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact us at:
• CLUB 21 ( Thailand) Co., LTD.
• Address: 21st Floor Park Vantures Ecoplex, 57 Wireless Road, Lupini, Patumwan, Bangkok 10330 • Call Center: 0-2123-1234, Email: contact@aaa.co.th