Personal Data Storage Policy Letter of Consent for Personal Data Disclosure I, the service user ("Customer" or "User") of BKG Corporate Co., Ltd. (the "Company"), hereby consent to the Company collecting, using, or disclosing my personal data held by the Company under the following terms and conditions: [Read Less] Definitions and Scope of Data Collected The Company means BKG Corporate Co., Ltd. Customer means any individual/company/partnership/shop that purchases goods or uses the Company's services. Supplier means any individual/company/partnership/shop that sells goods or services to the Company. Visitor means any external person who comes to contact the Company for work, visits, or conducts any transactions with the Company other than the purchase and sale of goods and services. Personal Data means: Information that allows for your identification, obtained directly from you or through a third party, including the Personal Data of Customers, Suppliers, and Visitors, when you register or change information in your account, purchase goods or services, complete a survey, sign up for email newsletters, or participate in online courses or other services, including: Name-Surname, Address, Date of Birth, Gender, Age, Photo, Email, Bank Account Number, Credit Card Number (if any), National Identification Number, Tax Identification Number, Telephone Number, etc. Information obtained from your use of services via the website, including: Device Identifier, Computer IP Address, Device ID, Device Type, Mobile Network Information, Connection Information, Geographical Location Data, Browser Type, Website Access Logs, Referring Website Data, Website Usage History Logs, Login Logs, Transaction Logs, Customer Behavior, Website Access Statistics, Access Time, etc. Policy on Storage, Retention, and Use of Personal Data The Company highly respects the privacy rights of the Customer, Supplier, and Visitor. The Company will request Personal Data only as necessary for conducting joint business, or as required by law or by relevant organizations and agencies. The Company shall arrange for the secure, confidential, and private retention of data. The Company clearly defines the duties of the data collector, data processor, data custodian, user, and approver of use, as well as the audit procedures for access, to ensure that the data is kept confidential, secure, and used in good faith. The Customer, Supplier, or Visitor, as the Data Subject, has the right to view, inspect, and access that data immediately at all times during the retention period. They also have the duty to provide additional information in case of changes to Personal Data, or to submit data if the Company or relevant agencies request further information. Foreign Customers, Suppliers, or Visitors shall have their data stored, retained, and used in the same manner as for Thai nationals. Any Personal Data retained by the Company under this policy is considered important business information. The Company will safeguard it as if it were the Company's own assets. Anyone who violates, destroys, damages, or uses it for personal gain will be subject to the highest punishment and/or full legal action, including compensation for damages in the full amount prescribed by law. The collection, retention, use, inspection, review, approval, or any action concerning Personal Data under this policy must be carried out confidentially, in good faith, and the Personal Data must be treated as top-level confidential information, with verification logs maintained as evidence. The Company will have a policy to revise and update these regulations and criteria periodically, as necessary and appropriate. Purposes of Collecting Your Personal Data The Company may use Personal Data for the following purposes: To ensure that the provision of services proceeds smoothly and is in compliance with relevant laws, criteria, and regulations. For the benefit of verifying or identifying your identity when accessing the Company's various services. To improve the efficiency of various services provided to you. To contact you via telephone, message (SMS), email, social media, post, or any other channel to inquire, inform, verify, and confirm your account information, conduct surveys, or communicate any other necessary news related to the Company's services. For any other purpose related to the Company's business operations, such as for study, research, statistics, service development, and targeted marketing or advertising, including the delivery of content, advertisements, activities, and promotions, as well as providing appropriate recommendations to align services with your interests. Disclosure of Personal Data to Third Parties The Company may disclose your Personal Data to others with your consent, within the scope of this policy, or under rules permitted by law. Your information may be transmitted to these entities: Companies/Hiring agencies, subcontractors, partners collaborating with the Company, or other domestic and international third parties designated by the Company. When disclosing Personal Data to such persons, the Company will ensure that they keep your Personal Data confidential and do not use it for purposes other than the defined scope. Government agencies, public sector entities, regulatory bodies overseeing the services, or regulatory bodies supervising you, including cases where disclosure is requested by legal authority, such as requests for information for lawsuits or legal proceedings, or requests from private entities or other third parties involved in legal processes. Personal Data Retention Period The Company will retain Personal Data about you for as long as you are actively transacting or engaging in activities with the Company, or for the necessary period to fulfill the purposes related to this policy. Retention may need to continue thereafter if required or permitted by law, such as storage for evidence in potential disputes within the statute of limitations prescribed by law. As long as the Company retains such Personal Data, reasonable security measures will be maintained to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks. The Company will delete or destroy the Personal Data or render it unidentifiable when it is no longer necessary or when the said period ends. Security of Personal Data Storage The Company has established and/or selected appropriate mechanisms and techniques for the Personal Data storage system, including restricting access to your Personal Data from employees and staff to prevent unauthorized use, disclosure, destruction, or access. However, the Company cannot guarantee that no defects or errors will occur in the implementation of the policy. Therefore, the Company reserves the right to disclaim liability for any damage or loss that occurs in all cases. Your Rights Regarding Personal Data Customers, Suppliers, and Visitors who are Data Subjects whose Personal Data is collected and retained by the Company have the following rights: Right to Access: The right to request access to and inspect the retention and use of their own data during working hours any day, by notifying the coordinator or the relevant departmental manager to liaise with the Company. Right to Certification: The right to request certification or use only their own specific Personal Data. Right to Withdraw Consent: You have the right to withdraw consent at any time throughout the period your Personal Data is held by the Company, unless that right is limited by law or a contract that benefits you. Right to Erasure or Destruction: You have the right to request the deletion or destruction of your Personal Data, or to render it unidentifiable, if you believe the data was collected, used, and/or disclosed unlawfully, or if the Company no longer needs to retain your Personal Data. The exercise of your rights mentioned above may be limited by relevant laws, and there are certain circumstances where the Company may necessarily reject or be unable to proceed with your request, such as when required to comply with the law or a court order, or when the exercise of the right might infringe upon the rights or freedoms of others. Contacting the Company If you have any questions or inquiries regarding the Personal Data Protection Policy, you may contact: Data Protection Officer (DPO) Contact Address: BKG Corporate Co., Ltd., 1188 Moo 12, Sila Subdistrict, Mueang Khon Kaen District, Khon Kaen Province 40000 Email: bkgcorporate@gmail.com