Privacy Policy

AKAGANE (THAILAND) CO., LTD. (hereinafter called "the Company") respects the privacy rights of its employees, employees of subcontractors, applicants, student interns, website visitors, suppliers, and participants (hereinafter called "you"). To ensure your personal data is protected, the Company has issued this Privacy Notice to inform you of the details related to the collection, use, disclosure, and/or cross-border transfer of your personal data (collectively called "processing") in accordance with the Personal Data Protection Act B.E. 2562 (PDPA).

I. Privacy Notice for Website Visitors, Suppliers and Participants

1. Purpose of the Processing of Personal Data

1.1 To carry out your request prior to entering into a contract or relationship with the Company (e.g. contact form submissions, visitor records, arrangement of service contracts).

1.2 For the legitimate interests of the Company or another person that may reasonably be expected to be necessary to the Company — for example: to share information with an affiliate or group entity (Akagane Group — Japan / China / India); for internal management; access control for the Company's premises (office, meeting rooms, workplace); to analyze, develop and improve management effectively; for property security; controlling access to Company information, internet connection and information media provided by the Company; including the prevention of crimes, offences or inappropriate behavior.

1.3 To enable the Company to comply with any law, regulation or lawful order of the state or its authorized representative; including the prevention of crimes, acts that are stipulated by the law as an offense, or behavior contrary to the good morals of the people, public benefit, and emergency contact.

1.4 To prevent and stop danger to life, body or health of you or others such as emergency contact, epidemic control and prevention.

1.5 To perform duties in the exercise of state authority or the public interest.

1.6 In the event that you give your consent, the Company will process personal data:

• To enable the Company to communicate with you and notify you of news and benefits via e-mail, SMS, applications, social media, or phone calls, including marketing research such as taking surveys and interviews.

If there is a change in the purpose of processing personal data, the Company will notify you of the new purposes and seek your consent in cases where a new consent is required from time to time.

2. Type of Personal Data Collected

2.1 When you submit our website Contact form, we collect:

• Your name, email address, telephone number (optional), company name (optional), and the message you send.

2.2 When you interact with our website, we collect:

• A first-party cookie consent record (akt_consent), a client-generated session identifier, a SHA-256 hash of your IP address, and a SHA-256 hash of your user-agent string.
• Aggregated technical data such as pages visited, browser type and device type — used only to improve the website.

2.3 When you visit the Company's office or participate in a Company event, we may collect:

• Personal data such as name-surname, photograph, information that appears on the ID card or passport, or other similar information for identity verification and to enter the premises.
• Phone numbers, emails, business cards for communication; registration details when connecting to the Company's Wi-Fi or information systems.
• Images from closed-circuit television cameras (CCTV) that may be installed in or around the premises.

2.4 When you or your representative come into the Company for negotiations, trade discussions, contract execution, purchase or delivery of goods, or any commercial and business activity with the Company, we will additionally collect financial information such as bank account number, copy of bank passbook or other information used for the payment of goods sold or services rendered.

2.5 The Company may need to collect and process special types of personal data (sensitive data) as required by data protection laws only when strictly necessary — e.g. identification data as shown on identity documents (religion, ethnicity) solely for identity verification. The Company has no purpose and policy for collecting, using or disclosing such sensitive data beyond identity verification.

2.6 The Company will process your sensitive data only with your express consent where necessary or for other purposes as permitted by law.

2.7 If you provide personal data of a third party to the Company (e.g. name, address or phone number for emergency contact), please share this Privacy Notice with such third party and obtain consent if necessary.

2.8 The Company collects personal data of minors only with the consent of parents or guardians, except where the minor may independently give consent by law. If you are under 20 years of age, please inform the Company of your parental authority so consent can be obtained. Where the Company discovers it has collected data from a person under 20 without the required parental consent, the Company will delete the data immediately or only continue processing where a legal basis other than consent applies.

3. Connecting to External Websites or Outside Service Providers

The Company's website may contain links to third-party websites or services. Such websites or services may have a privacy policy different from the Company's. We recommend that you read the privacy policy of each such website or service before using it. The Company has no control over, and cannot be held responsible for, the content, policies, damages or actions of third-party websites or services.

4. Asking for Consent and Possible Effects of Withdrawing Consent

4.1 You are free to give consent without misrepresentation for the purpose of collecting, using or disclosing personal data by the Company.

4.2 You may withdraw your consent at any time. Such withdrawal will not affect the collection, use or disclosure of personal data that you previously consented to.

4.3 Withdrawal of consent may result in the Company being unable to carry out some or all of its purposes, and you may be affected by the Company's inability to operate accordingly. The Company will inform you of any such impact before or during withdrawal.

5. Period of Retention of Personal Data

5.1 The Company will retain your personal data for the period necessary to fulfill the purposes for each type of data, unless the law allows a longer retention period. Where the retention period cannot be clearly stated, the Company will retain data in accordance with data security control standards or in line with the statutory prescription period.

5.2 Contact form submissions are kept for up to 24 months after the last communication.

5.3 Cookie consent records are retained for 36 months for audit purposes.

5.4 CCTV footage (where applicable) will be retained for the duration of the storage capacity of the device and system — no less than 30 days from the date of recording.

5.5 If consent is withdrawn before the necessary retention period expires, the Company will retain data up to the time of withdrawal. A record of the withdrawal will be kept for reference or to handle your future requests.

6. Disclosure of Personal Data to Others

The Company may disclose your personal data to third parties — whether a juristic person or a natural person — to the extent necessary for the purposes stated, including:

6.1 Affiliates or Akagane group companies (Japan, China, India) to carry out the Company's business administration and objectives under your relationship with the Company. Processing will be within the scope of a Binding Corporate Rule / Standard Contractual Clause.

6.2 Service providers — legal entities or natural persons — collecting or processing personal data according to the Company's instructions under defined purposes (e.g. hosting providers, cloud service providers, email service providers). Service providers process data under a Data Sharing / Data Processing Agreement with adequate and appropriate data security measures.

6.3 Government agencies or other persons as required by law, such as police, courts, the Department of Legal Execution, or other agencies to which the Company is obliged to disclose personal data by law.

7. Transfer of Personal Data Overseas

7.1 The Company may transfer your personal data to foreign countries that may have higher or lower personal data protection standards than Thailand — for example, transferring data to Akagane group affiliates in Japan, China, or India to carry out business administration purposes.

7.2 When transferring to a country with a lower protection standard than Thailand, the Company will ensure the protection of personal data is at an adequate level and that appropriate safeguards are in place, including enforceable rights and effective legal remedies for individuals.

8. Security Measures for Personal Data

8.1 The Company places the protection of personal data as a priority. Your data is stored under standard data security control measures — whether in document or electronic form — including tools used to secure personal data, a responsible unit for management and audit, rules for data encryption, data display, data transfer, and destruction.

8.2 The Company maintains an organization for internal controls and incident management, with guidelines for responding to unusual events concerning personal data in a timely manner.

8.3 The Company proceeds with caution to ensure that your personal data will not be accessed by unauthorized persons, or modified, altered, damaged, or destroyed by any other person.

8.4 The Company conducts regular audits of information security controls and compliance assessments, and will update measures to remain current with changing circumstances.

9. Rights Relating to Your Personal Data

You have the right to exercise some or all of the following legal rights in relation to your personal data provided to the Company. The Company will process your request within 30 days from the date the request is received.

9.1 Right of access — to access or request a copy of your personal data.

9.2 Right to be informed — to ask the Company to disclose how it acquired your personal data.

9.3 Right to object — to the collection, use or disclosure of personal data about you.

9.4 Right to erasure / restriction — to request removal or suspension of the use of your personal data.

9.5 Right to withdraw consent — at any time (without affecting prior lawful processing).

9.6 Right to rectification — to update your data to be accurate, complete, and current.

9.7 Right to data portability — to request the transfer of your personal data to another party, where this can be done automatically.

Any request to exercise the above rights may be limited by applicable law. There may be circumstances in which the Company can reasonably and duly refuse your request, such as where the Company is required to comply with the law or to maintain its legitimate interests.

10. Communication Channels and Company Information

You may request to exercise your rights under the PDPA by submitting a written request to the Company's data protection officer at the address below, by sending a copy by email, or by calling for more information:

• Email: sales@akaganethailand.co.th
• Phone: +66-2-105-3228
• Contact place: AKAGANE (THAILAND) CO., LTD.
• Address: 16 Compomax Building, 5th Floor, Room 502, Soi Ekamai 4, Sukhumvit 63 Rd., Prakanong Nua, Wattana, Bangkok 10110, Thailand

11. Amendments to the Privacy Notice

The Company may amend this Privacy Notice as appropriate. The new version will be effective immediately from the date of its official announcement via www.akaganethailand.co.th or from the moment of being properly notified to you by any other means. Please check the Company's announcements from time to time for your benefit and the protection of your privacy rights.

II. Privacy Notice for Employees, Subcontractor Staff, Applicants and Student Interns

1. Purpose of the Processing of Personal Data

1.1 To use before entering into an employment contract, or for the completeness of the employment contract with the Company — including those related to labor contracts the Company has made with subcontractors and outsourcing partners — or for identification and qualification to apply to be an employee of the Company, an employee of a subcontractor, an applicant, or a student intern.

1.2 To process personal data to the extent reasonably expected under the employment contract, labor subcontractor contract, job application and internship — or as reasonably necessary for Company purposes such as human resource management, compliance with Company Regulations, welfare management, benefits or compensation of employees or related persons, employee transfer, information sharing with affiliates, internal management of the Company, personnel development, and consideration of candidates' qualifications from questionnaires.

1.3 For the Company to comply with the law — including the provisions, rules and orders related to labor protection, labor relations, social security, compensation, provident fund, occupational health and safety, or other relevant laws, including regulations or lawful orders of the state or its authorized representative.

1.4 For the legitimate interests of the Company or third parties, such as:

• The management and development of the Company.
• Safety, including security measures for life and property and for your personal data, by controlling access to Company information, restricting area and internet access, and preventing crimes, offences or inappropriate behavior.
• To inform you of Company business and activities via email, SMS, social media, or phone.
• For the exercise of legal claims relating to you and/or the Company.
• To enable the Company to analyze, develop and improve management.

1.5 To prevent and stop danger to life, body or health of you or others, such as emergency contact, epidemic control and prevention.

1.6 For performing duties in the exercise of state authority or public interest.

1.7 Where you give consent, the Company will process personal data to communicate with you for informing news and benefits via email, SMS, applications, social media, or phone, including marketing research such as surveys and interviews.

If there is a change in the purpose of processing personal data, the Company will notify you of the new purposes and seek your consent in cases where a new consent is required.

2. Type of Personal Data Collected

2.1 When you are an employee of the Company or an employee under a labor subcontractor contract, the Company collects:

• Contact information (email, phone number, address, social media contacts).
• Personal data (name-surname, photograph, information appearing on ID card, passport, copy of house registration, government-issued documents, or similar information).
• Educational information (certificates of training, qualification, test results, professional certifications, military evidence).
• Work experience (occupation, position, past work experience, salary, welfare and benefits).
• Behavioral data (attitude, behavior, emotional intelligence, survey, leadership).
• Financial information (account number, copy of bank passbook, provident fund information, letters of consent for direct debit, proof of loan).
• Employee information related to welfare benefits, attendance, overtime, leave, absence, work assessment forms, and information related to domestic and international travel as assigned by the Company.

2.2 When you apply to be an employee of the Company, we collect contact information, personal data, educational information, work experience, and behavioral data as above.

2.3 When you are a student intern, we collect contact information, personal data, and educational information as above.

2.4 The Company may need to collect and process special types of personal data (sensitive data) as required by data protection laws — for example:

• Biometrics (facial recognition, fingerprints) for identification when accessing systems, devices or control areas.
• Sensitive personal data as shown on identity documents (religion, ethnicity) solely for identity verification.
• Health information (annual health check results, legally required workplace safety tests, medical certificates for welfare management, food allergy information).
• Labor union membership information for use in accordance with agreements or compliance with labor union demands.
• Information about criminal records or connections to the proliferation of weapons of mass destruction, for determining suitability under Company regulations and personnel risk assessment before hiring.

2.5 The Company will process your sensitive data with your express consent where necessary, or for other purposes as permitted by law only.

2.6 If you provide personal data of a third party to the Company (e.g. name, address, phone numbers for emergency contacts), please share this Privacy Notice with them and seek consent if necessary.

2.7 The Company collects personal data of minors only with the consent of parents or guardians, except where the minor may independently give consent by law, following the same rules as in Notice I section 2.8.

3. Connecting to External Websites or Outside Service Providers

See Notice I, section 3 — the same terms apply.

4. Asking for Consent and Possible Effects of Withdrawing Consent

See Notice I, section 4 — the same terms apply. Withdrawal of consent by an employee, subcontractor or applicant may specifically result in the Company being unable to carry out some or all of its employment-related purposes; the Company will inform you of the impact before or during withdrawal.

5. Period of Retention of Personal Data

5.1 Employee records are retained for the duration of employment plus the statutory prescription period as required by Thai law.

5.2 Applicant data for unsuccessful candidates is retained for up to 12 months for possible reconsideration, then deleted.

5.3 CCTV footage (where applicable) is retained for no less than 30 days from the date of recording.

5.4 If consent is withdrawn before the necessary retention period expires, the Company will retain data up to the time of withdrawal, with a record of the withdrawal kept for reference.

6. Disclosure of Personal Data to Others

See Notice I, section 6 — the same categories of recipients apply, including: Akagane group affiliates (Japan / China / India); service providers under data processing agreements; government agencies as required by law.

7. Transfer of Personal Data Overseas

See Notice I, section 7 — the same terms apply.

8. Security Measures for Personal Data

See Notice I, section 8 — the same terms apply.

9. Rights Relating to Your Personal Data

See Notice I, section 9 — the same rights apply. Requests will be processed within 30 days from receipt.

10. Communication Channels and Company Information

Same as Notice I, section 10 (see contact details above).

11. Amendments to the Privacy Notice

Same as Notice I, section 11.