Privacy Notice of Collection of Personal Data
Pine Wealth Solution Securities Company Limited

In compliance with Section 23 of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and its amendments, including relevant laws and regulations, Pine Wealth Solution Securities Company Limited (the “Company”) has prepared this document for the purpose of informing details of the collection, use and disclosure of personal data¹ (“Data Processing”) of individual (“you”) in connection with the provision of the Company's services with details as follows:

This privacy notice applies to:

(1) The Company’s Individual customers: The Company’s past and present customers, person who requests data on products and/or services, person who has knowledge of data on products and/or services via various channels, person who has been offered or persuaded by the Company to use or accept products and/or services.

(2) Individual having involvement with a juristic person which is a customer of, or conducts transactions with the Company: These include directors, shareholders, authorized person, agent or partner, ultimate beneficial owners, employee, officer, assignee and/or legal representatives of the Company’s past and present corporate customers and other individuals authorized to act on their behalf. The Company’s corporate customer shall ensure that the authorized persons and any relevant individuals have acknowledged the Company’s privacy notice.

(3) Non-customers: These include individuals who have no product or service holding with the Company, but the Company may need to collect, use or disclose your personal data (e.g. person with whom the Company has a relationship, interaction, contact in other ways; anyone that visits the Company’s website or applications, or offices; person who attend the Company’s meeting, training or seminar; guarantors or security providers; beneficiaries under insurance policy; ultimate beneficial owner; directors or legal representatives of a juristic person that uses the Company’s services; debtors or tenants of the Company’s customers; professional advisors, including the Company’s directors, investors, shareholders and their legal representatives, and anyone involved in other transactions with the Company or the Company’s customers).

---

¹ “Personal Data” means any information relating to an identifiable person, either directly or indirectly i.e., name surname ID card number, bank account number, photo, email address, phone number, device information and location, IP address and Cookie ID., but excluding the information of a deceased person in particular.

1. Collection of Personal Data

The Company will collect your personal data for providing services to you. However, the Company may have to collect your personal data as follows.

• Specific personal data: name, date of birth, nationality, ID card number or passport number, or other identifiable government documents
• Contact information: email address, phone number, fax number, Line ID
• Information on use of websites: username and password for use of online services and applications, IP address information
• Cookies
• Data from marketing surveys: data analysis, marketing statistics of data subjects
• Conversations and communications by telephone or electronic equipment

2. Sources of Personal Data

The Company may receive Personal Data from 2 channels as follows:

• Collection from the data subjects, for example, collection of Personal Data through marketing officer or investment consultant, website, mobile applications, customer service of the Company, collection of Personal Data from filling out personal information in application forms, job applications both in paper and electronic form, usage of programs or systems related to human resources such as HR Control system, responding to surveys conducted by the Company, or accessing to the Company’s website using cookies.
• Collection from sources other than the data subjects, for example, searches for Personal Data via a website, social media, online platform of third party or other public sources or inquiries made by service provider or via affiliates, consultant, business alliance, official authorization or third parties.

In case where the Company collects personal data from sources other than the data subjects, for example inquiries made by third parties, the Company will notify you within the period of time as prescribed by the PDPA, and request consent to collect the personal data from you, except where exempted by law from the need to request consent from or notify the data subject.

3. Purpose of Processing of Personal Data

The company will collect only the personal data that is necessary for the following purposes:

• To enter into an agreement and comply with an agreement between the Company and the data subjects, for example, to open a mutual fund account, to purchase, sale, switch or transfer units, to change into the automatic sale of units, to apply for direct debit, standing instruction, to consent for direct debit, to purchase fund gift card or to receive units from a fund gift card in case of that being lost
• To verify identity or investigate an individual before providing services or entering into an agreement with the Company
• To provide services to you such as a planner/financial advisor. brokerage services and management of matters related to these services
• To provide information about products and services or conduct PR/marketing campaigns through contact channels provided by clients, to answer queries, as well as, to resolve customer complaints
• To develop and improve the Company's products to better respond to the needs of clients
• To conduct a market research, promotion, and investor behavior analysis
• To comply with laws relating to the operations of the Company, e.g., to collect Personal Data for the purpose of performing Know Your Customer (KYC) check to gather clients’ information in compliance with the law of Anti-Money Laundering, Counter Terrorism Proliferation of Weapon of Mass Destruction Financing, collecting US/non-US citizenship data, Sustainability Test, Acknowledgement of Risks, Knowledge Assessment, withholding tax deduction, listing on the Stock Exchange of Thailand, and Transfer in case of a court order appointing an administrator
• To provide information to government agencies as required by law (such as preventing and detecting transaction anomalies that lead to illegal activities, reporting customer information to the Revenue Department, reporting personal information to government agencies) or by public authority which supervises the Company, e.g., the Securities and Exchange Commission , Anti-Money Laundering Office, the Revenue Department, or upon receiving a summons from government agencies or execution of a court order
• For the purposes of audit, analysis and preparation of documents as requested by other agencies or organisations that are involved with or may be relevant to the Company's business operations
• To disclose the Personal Data to the affiliated companies, group companies, asset management company, financial institutions, business partners, professionals, experts and service providers such as information and communication technology, insurance company, company which is responsible for coordinating the trip for the seminar, meeting organizer, Thailand Securities Depository Companies, company provided credit card services and/or overseas asset management companies that the Company's feeder fund invests in, and other third parties with whom the Company works in providing services related to products and services of the Company or transfer personal data to other countries
• To disclose your Personal Data to persons acting on your behalf or involved in providing any type of products or services that you receive from the Company including the payees, beneficiaries, account nominees, intermediaries (e.g. third party securities companies), custodians, broker banks, agents, sellers, co-brand partners, counterparties, asset management companies, product issuers that the Company discloses Personal Data to provide products and services to you and that you allow the Company to disclose your Personal Data. However, these recipients must agree to treat your Personal Data in accordance with this Privacy Notice
• To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance,

(1) to record voice conversation with call center or images from CCTV

(2) to maintain relationship with customers, e.g. complaint handling, satisfaction survey, customer service by the Company’s staff, notification or offer on any products and/or services of the same types you are using for your benefits

(3) to anonymize your Personal Data (Anonymous Data)

(4) to prevent, respond, and minimize potential risks arising from corruption, cyber threat, debt default or contractual breach (e.g. bankruptcy related data), law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks

(5) to collect, use and/or disclose the Personal Data of directors, representatives, agents of customers that are juristic person

(6) to contact, voice or image recording during meetings, trainings, seminars or booth activities

(7) To make statistics and develop procedures and extend the organization of meetings, trainings, seminars, recreation or booths in the future

(8) to collect, use, and/or disclose the Personal Data of person under court’s receivership order and

(9) to receive - dispatch parcels.

4. Principles for collecting Personal Data

The Company will collect Personal Data only as long as necessary for the fulfilment of the purposes in accordance with applicable laws, with data subjects notified prior to or at the time of collection of Personal Data. The Company shall obtain explicit consent from data subjects prior to or at the time of collection of Personal Data, except under the following circumstances, where the Company may collect Personal Data without requesting consent.

• To fulfill purposes relating to the preparation of historical documents or archives on public interest grounds or relating to research studies or statistics. In such cases the Company will implement appropriate security measures to protect the fundamental rights and freedoms of data subjects.
• To prevent or to avoid danger to an individual’s life, body or health
• To comply with an agreement, only to the extent that it is necessary to do so, to which the Data Subject is a party or in order to take steps requested by the Data Subject prior to entering into an agreement
• To carry out tasks, only to the extent that it is necessary to do so, for the public interest or in the exercise of official authority vested in the Company
• For the purposes of legitimate interests pursued by the Company or by third parties or by other juristic persons, except where such interests are overridden by the fundamental rights and freedoms of data subjects
• To comply with laws

When collecting sensitive Personal Data², the Company shall obtain explicit consent from data subjects prior to or at the time of collection, unless the law states as an exception, consent is not required or notified to the Data Subject.

---

² “Sensitive Data” means personal data that is the inherently private matter of an individual but sensitive and risk being used in unfair discrimination personal information relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biological data, or any other data which may impact the data subject in a similar manner, as stipulated in the Personal Data Protection Committee’s announcements.

5. Use and disclosure of Personal Data

The use and disclosure of Personal Data by the Company shall be in compliance with the purposes and principles stated in Clause 3 and Clause 4. The Company may disclose Personal Data to agencies or third parties such as:

• Affiliates or group companies
• Partners, contractual parties, representative, service providers and business partners of the Company
• Government agencies with legal authority such as the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Company Limited, the Anti-Money Laundering Office, the Office of the National Anti-Corruption Commission, the Department of Skill Development, the Department of Labour Protection and Welfare, the Social Security Office, the Revenue Department, or courts
• Other agencies or organisations who are or may be involved in the business operations of the Company (such as professional associations that the Company is a member, independent auditors, document storage services, etc.).

6. Use of personal data for original purposes

The Company is entitled to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes, such as receiving e-news & e-promotion, conducting a market research, promotion, and investor behavior analysis, group insurance, etc. If you no longer want the Company to collect and use such personal data after the PDPA is fully effective, you may notify us to withdraw your consent at any time.

7. Period for Personal Data retention

The Company will retain personal information for a period of time as necessary under the Company's legitimate objectives. The duration for which the Company stores Personal Data will be either one of the following:

• Personal Data will be kept for the periods stipulated by laws specifically relevant to retention of Personal Data such as the Revenue Code, the Accounting Act B.E. 2543, the Anti-Money Laundering Act, B.E. 2542, the Counter Terrorism Proliferation of Weapon of Mass Destruction Financing Act B.E. 2559, Computer Crime Act B.E. 2550, and Revenue Code.
• In cases where the retention period for Personal Data is not specified by relevant laws, the Company will determine the period necessary and appropriate for its operations.

At the end of such a period, the Company shall delete, destroy, or anonymize Personal Data.

8. Rights of Personal Data Subjects

Under the PDPA, you have the following rights:

• Right to withdraw consent You have the right to withdraw your consent for the processing of Personal Data that you have given to the Company throughout the period in which the Personal Data is kept by the Company. However, the revocation of consent will not affect the processing of Personal Data for which legal consent has been given.
• Right of access You have the right to access your Personal Data and request the Company to make a copy of such data, including the right to ask the Company to disclose any acquisitions of your Personal Data for which consent has not been given.
• Right to rectification You have the right to request the Company to rectify incorrect or incomplete data that may cause misunderstandings or add incomplete information.
• Right to erasure You have the right to request the company to delete or destroy your Personal Data If it is found that it is not necessary to keep it for the purposes of collecting, using or disclosing Personal Data or in the event that you have withdrawn your consent and the Company has no power to continue processing that Personal Data or in the event that you have exercised the right to object to the processing of Personal Data and the Company unable to provide reasons for refusing objection or in cases where such processing of Personal Data is unlawful
• Right to restriction of processing You have the right to request the company to suspend the processing of Personal Data while awaiting verification of the correctness of the Personal Data as you have requested to correct it, or request to suspend use instead of deleting Personal Data or during the Company's proof to refuse to exercise your right to object.
• Right to data portability You have the right to obtain Personal Data about yourself from the Company, request the Company to send or transfer such Personal Data to other Data Controller, and obtain Personal Data that the Company send or transfer to other Data Controller.
• Right to object You have the right to object to the processing of Personal Data. In the event that the Company process Personal Data for the legitimate interests of the Company or of other person or juristic person to perform duties for the public benefit or use the state power of the Company for direct marketing purposes or for scientific research history or statistics.

In this regard, you can contact the Company or the Personal Data Protection Officer (as detailed in Clause 10) in order to submit a request for action under the above rights, however, the Company may refuse to exercise your above rights in accordance with the rules prescribed by the Company without contrary to the laws. In the event that the Company rejects the above request, the Company will inform you of the reason for the refusal.

In addition, the Data Subject has the right to lodge a complaint with the Personal Data Protection Committee in the event that the Company, Data Processors, employees or contractors of the Company violates or fails to comply with the PDPA, or announcements issued under the said Act.

9. If you refuse to give us your Personal Data

The Company is legally obligated to collect personal data or in order to make a contract between you and the Company. If you choose not to provide personal data, the Company may not be able to provide services to you.

Besides the case that the Company processes Personal Data for performing of the contract and complying with the laws, in some cases, the Company may require your consent for the collection, use or disclosure of your Personal Data in accordance with the purposes of Personal Data processing specified in Clause 3 to provide you with the best benefits and/or for the Company to be able to provide services that meet to your needs appropriately.

10. Channels to contact the Company

Data controller:	Pine Wealth Solution Securities Company Limited
Address:	989 Siam Piwat Tower Building, the 9th floor, Rama 1 Road, Pathum Wan, Pathum Wan, Bangkok 10330
Channels of contact:	02-095-8999 or 02-659-8775 www.pinewealthsolution.com
Data Protection Officer: DPO
Name:	Data Protection Officer
Address:	Pine Wealth Solution Securities Company Limited 989 Siam Piwat Tower Building, the 9th floor, Rama 1 Road, Pathum Wan, Pathum Wan, Bangkok 10330
Channels of contact:	dpo@pinewealthsolution.com

11. Changes to this privacy noticeฒฃ

The Company may change or update this Privacy Notice from time to time and we will inform the updated Privacy Notice at our website www.pinewealthsolution.com.

Version August 2023

• Consent Management via Online Channel. Please Click Here
• Consent Management and Data Subject Rights Request Form. Please Click Here