Advanced Info Service Company Public Limited and SubsidiaryCompanies(“Company”) suggest our Subscriber to understand this Privacy Policy (“Policy”)due to this policy is rescribed the process of data collect, store, use and disclose including other rights of Subscriber (“Data Subject”). Therefore, Company would like to announce the Policy as followings:

1. Personal Data “Personal Data”

Means any information pertaining to a Data Subject, which enables the identification of Data Subject, whether direct or indirect.

2. Data collection and storage restriction

Data collection and storage under this Policy will be conducted within the purpose, scope and lawful methods as necessary for the scopes of service, or other services provided by electronic means within Company’s scope of service. Accordingly, Company will inform Data Subject to acknowledge and consent through electronic, Short Message Service (SMS) or other methods as specified by the Company. Company may collect personal data relating to Data Subject preference or subscribed service in which consisting of racial, religious or philosophical beliefs, health information, biological information, disabilities, heredity information or other information. Therefore, Company shall request consent from Data Subject before collection except;

2.1 in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Code, Criminal Code, Civil and Commercial Procedure Code, and Criminal Procedure Code;

2.2 for the purpose for investigation of the inquiry authorities or adjudication of a competent court;

2.3 for Data Subject’s benefit, and the consent cannot be made at that time;

2.4 for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;

2.5 it is necessary to prevent or to avoid danger to a person’s life, body or health;

2.6 it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or

2.7 for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.

3. Measures to secure Personal Data

3.1 The Company recognizes the importance of maintaining the security of Data Subject personal data. Therefore, the Company has established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful in accordance with the AIS Information Security Policy.

3.2 Any personal data that the Company received from Data Subject such as name, residential address, contact number, identification number, financial information which is complete and up-to-date relating to an identified or identifiable of Data Subject will be used in accordance with the objectives of the Company. The Company will carry out appropriate measures to prevent personal data from being used without permission.

4. Purpose of Collecting, Storing and Use Personal Data

The Company shall collect, store, use of Subscriber’s Personal Data for the purpose or activity which Data Subject interesting in relating to telecommunication service, broadcasting service, payment service or other services, digital service, marketing research and survey, promotional activities, providing privilege based on Subscriber’s preferences or data analysis in order to offer goods or services of Company and/or a person who is a distributor, agent, or the person who related thereof, and/or other person, or legal obligations or regulation to which the Company is subject whether present or in the future, including consent to the Company to send, transfer and/or disclose personal data to Company business group, business alliance, any agency, organization or juristic person who has a contract or a legal relationship with the Company and/or Cloud Computing Service Provider by allowing the Company to send, transfer and/or disclose such information through domestically and internationally. The Company shall retain Subscribers’ Personal Data as long as necessary only for the above mentioned purposes, where the Data Receiver or Data processor is also obligated by law to retain Personal Data as well. If there is a later update in the purpose of collecting Personal Data, the Company will inform the Subscriber.

5. Restriction of Use and/or Disclose Personal Data

5.1 The Company will use or disclose Data Subject personal data in accordance with the consent of the Data Subject, and will be solely used for the Company’s purpose in order to provide services. The Company will supervise its employees, officers or operating staffs from using and/or disclosing Data Subject’s personal data in any way other than the purpose of service or to a third party except:

5.1.1. in compliance with a legal obligation such as Personal Data Protection Act., Electronic Transaction Act., Telecommunication Business Act., Anti-Money Laundering Act., Civil and Commercial Act., Criminal Act., Civil and Commercial Procedure Act., and Criminal Procedure Act.;

5.1.2. for the purpose for investigation of the inquiry authorities or adjudication of a competent court;

5.1.3. for Data Subject’s benefit, and the consent cannot be made at that time;

5.1.4. for the necessity purpose of the legitimate interests pursued by the Company or personnel or other juristic person which is not related to the Company;

5.1.5. it is necessary to prevent or to avoid danger to a person’s life, body or health;

5.1.6. it is necessary for the performance of a contract to which the Data Subject is a party or in order to proceed as requested by the Data Subject prior to entering into a contract; or

5.1.7. for achieving the purposes in the making of history documents or annals for public interest or for study, research, statistical purposes under appropriate protection measures.

5.2. The Company may use third party IT Service providers in order to retain personal data, which such Service provider must have security measures by prohibiting the collection, use or disclosure of personal data other than those specified by the Company.

6. Right of Data Subject.

6.1 Data Subject may request to access its Call Detail Record (CDR) in accordance with the requirements and methods set by the Company at Teleinfo Media Service Center or request Company to provide the acquisition of Personal Data. However, the Company may deny such right subject to exception by applicable laws or Court order.

6.2 Data Subject may request the Company to correct or change its Personal Data that is not correct or inaccurate in order to keep such data up-to-date.

6.3 Data Subject may request the Company delete or destroy such Personal Data, except in the case that the company must comply with the relevant laws for the preservation of such personal data.

7. Disclosure of Operations, Practices and Policies with respect to Personal Data.

The Company has complied with laws, including the Notification of the National Telecommunications Commission on Measures for Protection of Telecommunications Service Users’ Rights Related to Personal Information, Privacy Rights and Freedom to Communicate by Means of Telecommunications, and other applicable privacy laws, as well as, publish a NBTC Privacy Guideline on the Company's website.

8. Data Protection Officer

The Company has undertaken the Personal Data Protection Act. B.E. 2562 by appointing the Data Protection Officer (DPO) to monitor the operation of the Company with respect to the collect, use and disclose Personal Data in accordance with the Personal Data Protection Act B.E. 2562, including relevant personal data protection laws. In addition, the Company has rules and regulations to regulate the related parties to undertake their duties in accordance with the Privacy Policy and in line with the policy of the Personal Data Protection and Cyber Security Supervision Committee as specified by the Company.

9. Contact Information Customer and Service Management Business Unit

AD Venture Public Co., Ltd.

Vanit Bldg.2 28th Fl., Room Number 2803, 2804 Vanit Bldg.2, 1126/2 New Phetchaburi Road Khwang Makkasan, Khet Ratchathewi, Bangkok 10400 Or Data Protection Office Unit

Email: DPOOFFICE@ais.co.th