Privacy Policy of Honda Logistics Asia Co., Ltd.

           Honda Logistics Asia Co., Ltd. (the “Company”) places great importance on the protection of personal data in accordance with the law and respects the privacy rights of its customers, shareholders, employees, and other related individuals or entities. To ensure that these individuals receive full legal protection under the Personal Data Protection Act B.E. 2562, the Company has established this privacy policy, outlining guidelines and measures for the management of personal data.

1. Scope of Application
           "Personal Data" refers to any information that can directly or indirectly identify a living individual. This policy applies to the processing of personal data by the Company in relation to:
           1. Current, former, or future individual customers and their representatives.
           2. Employees and other personnel working with the Company, whether current, former, or future, including those under permanent or temporary contracts.
           3. Individual shareholders and their legal representatives.
           4. Company directors, authorized representatives, and agents.
           5. Customers, partners, business associates, and vendors.
           6. Service providers, contractors, and licensees, whether individuals or representatives of entities.
           7. Outsourced employees, probationary employees, and interns.
           8. Individuals participating in activities organized by or in collaboration with the Company.
           9. Individuals who have disclosed or transferred their personal data to the Company.
           10. Any other person whose personal data is processed by the Company.
           This policy also covers data processing on the Company’s website, official online channels, customer service, and other communication methods. If personal data was collected before the law came into effect, the Company has the right to continue processing it for its original purposes without needing consent. However, if you wish to stop the collection and use of your data after the law takes effect, you may contact the Company as detailed in Section 10.
2. Collection of Personal Data
           The Company collects personal data only for lawful and fair purposes, within necessary limits for its operations. The data owner will be informed and their consent will be obtained electronically or as per the Company’s method.
           For sensitive data, consent will be obtained unless exempted by law. The Company will request consent from the data owner by informing them before collecting, except in the case that the collection of sensitive personal data falls under the exceptions as specified in the Personal Data Protection Act B.E. 2562 or other laws.
           The Company may ask for additional personal data such as when you participate in activities or services organized by the Company or business partners. Providing additional personal data will allow you to use more services.
3. Purpose of Collection, Use, and Disclosure of Personal Data
           The Company collects and uses personal data to provide effective services and products, and for the following purposes:
           1. Delivering personalized services and marketing activities.
           2. Research and analysis of customer experience.
           3. Executing legal transactions and agreements.
           4. Contacting and assisting users.
           5. Legal compliance.
           6. Protecting the Company’s assets and user safety.
           The disclosure of your personal information to other persons will be carried out only for the purposes specified above or other purposes permitted by law. In the event that the law requires your consent, the Company will seek your explicit consent in advance. The Company will provide appropriate measures to protect the disclosed personal information and to comply with the Personal Data Protection Act. This Privacy Policy does not cover the collection and use of personal information of external parties, whether they are advertisers, service providers, sellers of products on other websites that are linked to the Company's website, applications, social media, or future channels. If any action is against the law and causes damage to the Company, the Company will not be responsible for any damages resulting from the actions or collection of information by external parties.
4. Data Retention
           The Company retains personal data as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.
5. Limitations on Collection, Use, and Disclosure
           1. The Company shall collect, compile, use or disclose personal data only with your consent for the purposes stated. The Company shall supervise its employees or operators not to use and/or disclose your personal data outside of the purposes for collect personal data, or disclose it to external parties, except:
                      1.1) To comply with the law, such as the Personal Data Protection Act, the Electronic Transactions Act, the Anti-Money Laundering Act, the Civil and Criminal Code, the Civil and Criminal Procedure Code, etc.
                      1.2) To be under the investigation of investigators or the court's consideration of the case
                      1.3) In case of the consent cannot be made at that time.
                      1.4) For the legitimate interests of the Company or of another person or juristic person
                      1.5) To prevent or suppress danger to the life, body or health of an individual
                      1.6) For the performance of a contract to which the owner of the personal data is a party or for the purpose of taking action at the request of the owner of the personal data prior to entering into such contract
                      1.7) To achieve the purposes related to the preparation of historical documents or archives for the public interest or for study, research or statistics which has provided appropriate preventive measures
           2. The Company may use information services of external service providers to store personal data, which such service providers must have security measures, prohibiting the collection, use or disclosure of personal data other than those specified by the Company.
6. Transfer of Personal Data Abroad
           The Company may transfer personal data to foreign entities with appropriate data protection measures. The Company will take steps and measures to ensure that the transfer of your personal data is carried out securely and that the person receiving the data has an appropriate level of personal data protection, and in some cases, the Company may request your consent to transfer your personal data abroad if required by law.
7. Data Security Measures
           The Company has implemented security measures to protect personal data based on the risks from the PDIA (Protection Data Impact Assessment) to prevent the loss, access, use, alteration, modification or disclosure of personal data inappropriately, including any action that will result in the data not being ready for use.
           1. Create awareness and sense of responsibility for personal data security for employees involved with personal data, including personal data processors, by organizing training for new employees and reviewing it for employees annually.
           2. Establish measures for the security of personal data use.
                      2.1 Control access to devices for use, storage and processing of personal data, taking into account the security of devices and personal data. Unauthorized persons will not be permitted to use the devices.
                      2.2 Determine the rights to access personal data for different levels of workers.
                      2.3 Manage user access to control access to personal data.
                      2.4 Determine the responsibilities of users to prevent unauthorized access to personal data, disclosure, knowledge or unauthorized copying of personal data, and theft of equipment. Responsible persons must inspect and maintain hardware, software and data files to ensure they are in good condition.
                      2.5 Determine retrospective audits of data use, access, change, deletion or transfer of personal data, by specifying the storage and deletion period.
           3. Determine the audit and assessment of security risks and the impact of personal data protection using the PDIA process, including compliance with processes and procedures for accessing personal data or information systems at least once a year.
           4. Determine the use of special and specific control measures for the security of sensitive or sensitive personal data.
           5. Schedule a review and inspection of the security measures of the data to be held every year or upon request or when the situation changes. And/or it is the duty of the DPO to comply with the requirements.
8. Legal Rights of Data Subjects
           Within the scope of this Privacy Policy, if you have any troubles regarding the processing of your personal data, you have the following legal rights:
           (1) Right to withdraw consent: You have the right to withdraw the consent you have given us. This withdrawal of consent may affect certain processing you have done with us and you may not receive any benefits or services from us. However, your withdrawal of consent will not affect the processing of your personal data that we have done with your prior consent.
           (2) Right to access: You have the right to request access, copy or disclosure of the information we hold about you.
           (3) Right to restriction: You can request to restrict the use of your personal data.
           (4) Right to data portability: You have the right to request your personal data from us, which must be in a format that is easily accessible and usable by automated tools or devices. And can use or disclose personal data by automated means. You may also request to transfer or transmit your personal data in such a format to another data controller in an automated manner, or you may request to transfer your personal data directly to another data controller, but only where commercially and technically feasible.
           (5) Right to object to personal data: You have the right to object to the processing of your personal data that is under our control. By accepting this objection to the processing of your personal data, you may not receive the benefits or services that we provide. However, your acceptance of the objection shall not affect the processing of your personal data that we have carried out with your prior consent.
           (6) Right to be forgotten: You have the right to request to delete, destroy or anonymize your personal data. By deleting your personal data, you may affect the processing of your personal data that you have done with us. And you may not receive any benefits or services from us. However, the withdrawal of your consent will not affect the processing of your personal data that we have already processed with your prior consent.
           (7) Right to rectification: You may request us to rectify your personal data to be accurate, current, complete and not misleading.
           (8) Right to lodge a complaint: In case of you believe that there has been a violation of the personal data protection law, you have the right to lodge a complaint to the relevant legal authority.
           We reserve the right to reject your request in order to protect your rights or rights as provided by law, including in the event that it is found that you cannot identify yourself or confirm that you are the true owner of your personal data.
9. Changes to the Personal Data Protection Policy
           When you use services, conduct transactions, or participate in any activities with Honda Logistics Asia Co., Ltd. and its affiliates, you are deemed to have acknowledged and agreed to comply with this Personal Data Protection Policy, as well as any future amendments. The company may amend this policy from time to time to comply with changes in personal data protection laws or other relevant laws. Any amendments will be published on the company’s website and other channels, and your continued use of the services will be considered as your acceptance of the updated policy.
10. Company Contact Information
           If you wish to inquire further or exercise your rights under this policy, you can contact us via email at: proposal-hlas@hlas.co.th or by phone at 02-235-6200.

Cookies, Pixels, and IP Address Policy
           In addition to personal data, the company may collect certain information through technologies such as Cookies, Pixels, IP Addresses, and storage on users’ browsers and devices, including data collection tools from third parties such as marketing or analytics providers. Data collection using such technologies may be conducted directly on the website.
           Cookies are small text files that collect information on the user’s computer, mobile phone, or other devices. Cookies enable the company to understand your preferred services or products, as well as services that do not interest you. Pixels, on the other hand, are small images that are part of the code on a webpage. They perform functions such as allowing other servers to measure website and application traffic, often in conjunction with cookies. The code tracks when the pixel is downloaded to indicate that a user has accessed a particular display or part of the display.
           By using Cookies and Pixels, the company can recognize users who have previously visited its website and applications, understand the number and purposes of those using the website and applications, and provide information and services tailored to the users. This helps improve the user experience, enhance service quality, and offer services, privileges, products, activities, or advertisements that match your behavior and interests. Notifications may also be set up by the system, which you can enable or disable through the website.