Privacy Notice for Shareholders, Debenture Holders, and Directors

The Siam Cement Public Company Limited and SCG Companies respect the rights to privacy of our shareholders, debenture holders, and directors. To ensure that your personal data is protected, we have created this privacy notice to provide information on collection, use, disclosure, deletion, and destruction of your personal data, in electronic and other formats, in accordance with the Personal Data Protection Act.

 

1. Definitions

1.1 “We” mean the Siam Cement Public Company Limited and SCG Companies;

1.2 “SCG Companies” mean the Siam Cement Public Company Limited and its affiliates in accordance with the most recent financial report, whose names are listed in the Appendix;

1.3 “You” mean shareholders, debenture holders, directors, and related persons which include but are not limited to attorneys, nominees, agents, associates, spouses, parents, siblings, children, spouses of children, and connected persons under applicable laws;

1.4 “Processing” means collection, use, and disclose of personal data.

 

2. Purposes of the processing

2.1 We process your personal data because it is necessary for compliance with a legal obligation to which we are subject such as laws on corporate matters, public companies, securities and financial markets, and other international and local laws applicable to management (e.g. incorporation, capital increase, capital reduction, business restructuring, change of registration items). To achieve this purpose, we process your personal data to arrange and organize shareholders meeting, select and nominate directors, arrange and organize board meetings, manage rights and duties of our shareholders and debenture holders, pay dividend, make interest payments of debentures, produce, submit, and publicize accounting and legal reports, comply with the laws governing a limited company, public company limited, or companies listed on the Stock Exchange of Thailand (whichever applies), and comply with rules, regulations, and orders of competent authorities.

2.2 We process your personal data because it is necessary for the performance of the contracts between us and you. To achieve this purpose, we process your personal data to pay remuneration, assess your performance, enter into terms and conditions so that you can become members of applications or clubs such as SCG Debenture Club to inform you about news, promotions, and benefits, enable you to participate in membership activities, and manage your user accounts.

2.3 We process your personal data because it is necessary for the purposes of the legitimate interests pursued by us or by a third party. To achieve this purpose, we process your personal data to manage our companies, accommodate you, produce, record, and disclose reports of meetings you attend, record video or audio in meetings, disclose and publicize documents and information about meetings, ensure security, organize events, send news or offers for your benefit, establish legal claims, implement measures to control, prevent, quarantine, and combat disease, verify and authenticate your identities, allow you to log in to our websites or applications, restructure, sell, and transfer our business and assets.

2.4 We process your personal data because it is necessary in order to protect vital interests of you or of another person. To achieve this purpose, we process your personal data to make contact in case of emergency and control and prevent disease.

2.5 We process your personal data because it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

2.6 We process your personal data in accordance with consents given by you, which we will inform you about purposes of the processing when we ask for your consent. You can find more information about your consent and consequences of your consent in the subsequent part of this privacy notice.

 

3. Personal data we collect

3.1 We collect personal data directly from you and indirectly from other reliable sources such as public organizations, companies in SCG, business partners, persons who can legitimately disclose your personal data, and reliable service providers.

3.2 We collect your personal data when you reserve or subscribe to our shares or debentures or become our shareholders or debenture holders. Your personal data is collected directly from you or indirectly from securities brokers or registrars. The personal data we collect includes names, surnames, addresses, telephone numbers, email addresses, contact details, nationalities, occupations, dates of birth, tax ID, identification numbers, passport numbers, blood types, photographs, videos, bank accounts, number of shares, and signatures.

3.3 When you apply to be a member or are offered to be a member of an application and privilege group, such as SCG Debenture Club, we collect additional personal data such as health history, preferences, information about your associates, airline membership numbers, and information of members of your families. You must inform the data subjects of this privacy notice before or at the time when you disclose the information to us.

3.4 If you are nominated or appointed as our director, we will collect personal data from you directly and indirectly from government agencies, regulatory agencies, public sources, and persons who can legally disclose your data. Examples of the personal data we collect in this regard are as follows:

(1) In the nomination and election processes, we collect personal data from your ID cards or government-issued documents that can be used to verify your identity such as first names, last names, genders, photographs, ages, educational backgrounds, professional experiences, directorship and managerial positions in other organizations; and

(2) When you are appointed to our boards and when you are our directors, we collect additional personal data from your citizen cards and official identification documents. The data we collect in this circumstance includes your names, genders, citizen numbers, passport numbers, photographs, dates of birth, ages, nationalities, religions, places of birth, heights, and other personal data such as training records, attendance to our activities, marital status, information about your legally connected persons, preferences, blood types, addresses, telephone numbers, email addresses, contact details, bank account numbers, vehicle registration numbers, educational backgrounds, occupations, professional history, directorship or positions in other organizations, attendance at meetings of the board of directors or sub-committee or shareholders, directors’ remuneration, securities holding information, names of securities companies, director performance, and other information as required by laws or good corporate governance principles.

3.5 When you register for or attend our shareholders’ meetings, we process your data relating to names, addresses, telephone numbers, email addresses, number of shares currently held by you, citizen or passport numbers, questions asked by you, and your images, video, and audio recorded during the time you attend meetings or ask questions in meetings.

3.6 If you participate in any of our activities and we have to collect your additional personal data, we will notify you about the collection and process the data in compliance with applicable laws.

3.7 Special categories of personal data

(1) We might have to collect and process your special categories of personal data including general health data given by you (e.g. food allergy, drug allergy, vaccination) to organize events, meetings, and receptions; to accommodate you; and to comply with legal and regulatory requirements (e.g. criminal offence data);

(2) In some occasions, we might receive your special categories of personal data although we have no intention process the data. For example, we might receive data concerning your religious beliefs when we collect copies of your identification cards, which we will take appropriate measures to prevent collection and processing of such unnecessary data or ask you to redact the data before sending it to us.

3.8 If you disclose personal data of other persons to us, you must be able to disclose such data and comply with applicable laws, which includes informing the data subjects of this privacy notice and other relevant documents before or when you disclose the data to us.

 

4. Cookies

4.1 We use cookies and similar technology to collect personal data as specified in our Cookies Notice.

 

5. Consent, withdrawal, and consequences

5.1 If we rely on your consent to process personal data, you are entitled to withdraw your given consent at any time but such withdrawal will not affect the validity of the processing made prior to the withdrawal.

5.2 Your withdrawal of consent or refusal to provide certain information may result in us being unable to fulfill some or all of the objectives stated in this privacy notice.

5.3 You can withdraw your given consent by following instructions available in the channels that obtain consent from you (e.g. changing settings in your user accounts) or submit your request at https://www.scg.com/th/09legal_privacy/dsr_other_channels.html or send an email to data.privacy@scg.com

5.4 If you are minors, incompetent persons, or incapacitated persons and you wish to give consent to us; you must obtain authorization from your guardians or conservators before giving consent to us.

5.5 If you give us consent on behalf of other persons, you must have authority to legally give the consent on behalf of the data subjects at the time when it is given to us.

6. Retention Period

6.1 We will retain your personal data for the period necessary to meet the objectives unless the law requires longer retention periods. In the event that such period is unclear, we will retain the data for a customary expected period in accordance with retention standards (e.g. the prescriptive period of 10 years for general legal claims).

6.2 We have established an auditing system to delete or destroy your personal data when the retention period expires or when it becomes irrelevant or unnecessary for the purposes of collecting that personal data.

6.3 If your personal data is processed based on consent, we will stop the processing when you have withdrawn the consent. However, we may keep your personal data to record your withdrawn so we can respond to your request in the future.

7. Disclosure of Your Personal Data

7.1 We disclose and share your personal data with:

(1) SCG Companies and partners who provide services and sell products relating to construction materials and home appliances and

(2) Individuals and entities other than SCG Companies (“third parties”) for the purpose of collecting and processing personal information as described in this privacy notice such as our dealers, transport and logistics service providers, postal service providers, data processing service providers, marketing service providers (who might send messages to you to promote our products and services), contractors (who might perform tasks on our behalf), financial service providers (such as banks, payment companies, electronic payment service providers, credit providers), IT service providers (such as providers of cloud services, blockchain systems, data analytics, SMS, or emails), IT developers, programmers, auditors, consultants, advisors, government agencies (e.g. the Revenue Department, the Anti-Money Laundering Office), insurers, and other persons to the extent necessary to enable us to conduct business, provide products and services, and meet the purposes for the collection and processing of personal data as described in this privacy notice.

7.2 Recipients of your personal data in clause 7.1 might have their own separate privacy notice, please read their respective privacy notice to see details of how they process your personal.

7.3 When we restructure our business, sell or transfer assets, acquire businesses or are acquired by other businesses, or merge with other businesses; we might have to disclose your personal data to our counterparties and their advisors. However, we will use our best effort to safeguard your data and require our relevant counterparties and their advisors to comply with applicable personal data protection laws and this privacy notice.

7.4 We will require persons receiving your personal data to take appropriate measures to protect your personal data, process the data properly and only as necessary, and prevent unauthorized use or disclosure of your personal data.

8. International transfer of your personal data

8.1 We may send or transfer your personal data to SCG Companies or other persons located outside Thailand if it is necessary in order for us to perform our obligations in the contract to which you are the counterparty or contract between us and third party for your benefit, to respond to your pre-contractual request; to protect your and third party’s life, body and health, to comply with laws or to the extent necessary for the public interest activities.

8.2 We may store your personal data on computer servers or clouds located outside Thailand and use software or applications of service providers located outside Thailand to process your personal data. However, we will not allow unrelated parties to access to your personal data and will require the service providers to have appropriate security measures to protect your data.

8.3 In the event that your personal data is transferred to a foreign country, we will comply with applicable personal data protection laws and take appropriate measures to ensure that your personal data is protected and you can exercise your rights in accordance with the laws. Moreover, we will require those who receive the data to have appropriate protection measures for your personal data, to process such personal data only as necessary, and to take steps to prevent unauthorized use or disclosure of your personal

9. Security Measuresect

9.1 We have implemented appropriate technical and administrative standards to protect your personal data from loss, misuse, and unauthorized access use, disclose, or destruction. We use technology and security procedures such as encryption and access restriction to ensure that only authorized people shall have access to your personal data, and that they are trained about the importance of protecting personal data.

9.2 We provide appropriate security measures including administrative, technical, and physical safeguards (such as access control and user access management) to prevent unlawful loss, access, use, change, disclosure of personal data from those who do not have rights or duties related to that personal data. We will review the above-mentioned measures when necessary or when the technology changes to ensure effective security.

9.3 If we process your special categories of personal data, we will use our best endeavor to impose appropriate security measures to protect the data.

10. Your rights as data subjects

10.1 Your rights under the personal data protection law can be summarized as follows:

(1) Right to withdraw consent you given to us;

(2) Right to request to view and copy your personal data or disclose the source where we obtain your personal data;

(3) Right to request us to send or transfer personal data that is in an electronic form as required by personal data protection laws to other data controllers;

(4) Right to oppose our collection, use, or disclosure of personal information about you

(5) Right to request us to delete or destroy or make your personal data non-personally identifiable (anonymous) information;

(6) Right to request us to suspend the use of your personal data;

(7) Right to request us to correct your personal information to be current, complete, and not cause misunderstanding; and

(8) Right to file complaints to the Personal Data Protection Committee in the event that we, our data processors, our employees, or our contractors violate or do not comply with personal data protection laws.

10.2 We will consider your request, notify the result of the consideration, and execute it (if appropriate) within 30 days from the date we receive the request. Your rights mentioned above will be in accordance with the personal data protection law.

10.3 You can exercise your legal rights by submitting online requests at www.scg.com/th/09legal_privacy/dsr_other_channels.html or email your requests to data.privacy@scg.com

11. Information about data controller and Data Protection Officer

11.1 The data controllers of this privacy notice are the Siam Cement Public Company Limited and SCG Companies, whose names are listed on the Schedule

11.2 Business address of the data controllers is 1 Siam Cement Road, Bangsue, Bangkok, Thailand 10800

11.3 You can contact the data controllers or inquire about this privacy notice by sending emails to data.privacy@scg.com or call 0-2586-3333

In the event that this privacy notice is amended, we will announce a new privacy notice on this website, which you should periodically review the privacy notice. The new privacy notice will be effective immediately on the date of announcement.