Privacy Policy for Customers Betagro Public Company Limited and Affiliates

Effective April XX, 2026

Betagro Public Company Limited and Affiliates, and Reuven International (collectively referred to as the “Companies”) have established and disclosed this Privacy Policy (“Policy”) as ours approach to explain how we collect, use or disclose personal data of our existing customers, prospective customers, and directors, representatives, attorneys, or persons acting on behalf of existing juristic person customers or prospective juristic person customers and how we protect personal data and properly handle such information according to the Personal Data Protection Act of Thailand and The Personal Information Protection and Electronic Documents Act of Canada (“Applicable Laws”).

  1. Definition 

    • Companies mean Betagro Public Company Limited and its Affiliates, and Reuven International Further details regarding the entities can be found on websites at www.betagro.com and www.reuven.com.

    • Personal Data means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly, but not including the information of the deceased persons in particular.

    • Sensitive Personal Data means any information relating to an identifiable individual which carries a high risk of serious harm to the person or presents significant risks to the person’s fundamental rights and freedoms, including but not limited to data regarding racial or ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, financial information, social insurance number, or any data which may affect the Data Subject in the same manner. 

    • Data Processing means any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission and dissemination.

  2. Personal Data Collected by the Company and Sources of Personal Data
    • Personal Data Collected by the Company We collect several types of personal data, including 
      • Personal Data
        • Identity Data (for example, name, surname, identification card number, passport number, birthdate, gender, age, nationality, marital status, photos)

        • Contact Data (for example, address, telephone number, e-mail, social media contact) 

        • Communication Data (for example, images or voice recordings when communicating with us) 

        • Information on participating in activities held by us (for example, static images or videos) 

        • Technical Information (for example the information of devices you use to access the Website, Computer Traffic Data (Log), contact information and communication between you and other users, and the information from the use of Website such as mobile network information, connection information, type of browser, information recorded from your access to the Website, information of the Website entered by you before and after access to our Website (Referring Website), Website historical record, login log, transaction log, customer behavior, statistic of Website usage, access time, information on your search, use of Website functions, and the information we collect through cookies or other similar technologies)

        • Geolocation Data (for example, IP address or GPS Location)

        • Other data concerning the additional data collection in accordance with the purpose of data processing
      • Sensitive Data
        • Gender shown in your identification card
        • Financial or Transaction Data (for example, bank account number, credit card number, transactions related to our products or services, customer code) 
      • Personal data of Third Parties If you provide personal data of any third party who is a personnel of a legal entity and/or related to you to the Companies (e.g., shareholders, directors, authorized persons, family members, referees, partners, guarantors, mortgagors, security providers, beneficiaries, executors, or emergency contacts), you are responsible for informing those individuals about the details in this Policy and obtaining their consent if necessary, or establishing other legal basis to ensure that the Companies can collect, use, and/or disclose their personal data. 
    • Sources of Personal Data We may collect your personal data from various sources as follows
      • Collect information directly from you, for example
        • When you contact us to inquire our products or services information

        • Procedures for applications for purchasing our products or using our services, taking steps as per your request prior to entering into a contract, contract signing, form filling, questionnaires, registrations or submission of claims or requests for exercising your rights 

        • Your communication with us via our contact channels, for example, telephone, e-mail, social media contact, etc.

        • Information on participating in activities held by us, for example, static images or videos

        • Automatic data storage system, for example, when you use our website or application, etc.

      • Collect information from other sources, for example: 

        • Our customers, agents or service providers

        • Subsidiaries and affiliated companies 

        • Government authorities or other publicly available sources such as company website, information made available on the internet or social media platforms, for example, Facebook, etc. 

  3. Purposes of Collection, Use or Disclosure of Personal Data We collect, use or disclose your personal data for various purposes depending on relationship between you and the Companies as follows: 

    • To verify your identity, address, and the accuracy of any information you provide to the company, whether as a contracting party, or in your capacity as a director, representative, authorized person, or employee acting on behalf of a legal entity, and for the purpose of considering and approving a contract between the Companies and you or the legal entity for which you are a director, representative, authorized person, or acting employee.
    • To process requests relating to the use of products, benefits or services of the Companies, to perform contractual obligations, to register for providing services in relation to products and services, payment, to receive or deliver the information or documents between you and the Companies including to comply with our internal procedures. 
    • To manage our relationship with customers, for example to communicate with you on any information about our products and services, to manage your complaint, to respond your inquiry regarding business, media, or partnership, etc. 
    • To inform any information or notifications to you about products or services that you have with us including other products or services of the Companies, to inform benefits, sales promotion, marketing activities, any activity and project invitation of the Companies and to communicate about such activity and project including to offer our products or services. 
    • To register activity registrations, campaigns, offers, sales promotions, reward or gift registrations or any benefits which are operated by the Companies, affiliates or third parties, for example, lucky draw, prize trivia quizzes, etc., including any procedures relating to the aforesaid activities. 
    • To survey your satisfaction with our products and services and to analyze your interests including your spending or service using records in order to evaluate, manage, improve, research, conduct planning, and develop our products, services and sales promotions to better suit your needs.
    • For legitimate purposes related to the development of the Companies’ business, initiating new businesses, launching new services or promotions, gaining in-depth understanding of service usage, and preparing internal reports.
    • For internal operations of the Companies, including auditing, internal controls, risk management, and business continuity management.
    • To assert claims against you and for the Companies’ legitimate interests, such as exercising rights under contracts and laws, etc.
    • To perform duties in accordance with laws, regulations, or obligations to government or regulatory agencies.
    • To maintain a history or database of the Companies’ service usage.
    • To transfer any rights, duties, and benefits under the contract between you and the Companies, such as in mergers or contract transfers conducted legally.
    • For any other purposes as communicated at the time personal data is collected.
  4. Personal Data Retention Period We retain your personal data for as long as is considered necessary for the purpose for which it was collected, used or disclosed as set out in this Policy. The criteria used to determine our retention periods include: we retain the personal data for the duration we have an ongoing relationship with you; or we may retain the personal data for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to comply with, for any other cause, our internal policies and regulations. The Companies will take appropriate steps to delete or destroy personal data, or to anonymize the data so that it can no longer identify you, once it is no longer necessary or after the specified retention period has ended.
  5. Personal Data Disclosure We may disclose your personal data in certain circumstances, for the purposes set out in this Policy, to
    • Individuals to whom you have given consent to receive your personal data.
    • Subsidiaries and affiliated companies, and business partners for the purposes of conducting business, internal management, and carrying out any other activities as specified in the Policy.
    • Agents, contractors, sub-contractors or service providers for their implementation and procedures, for example, carriers, marketing agency, IT development and maintenance service providers, payment and payment system service providers, call center service providers, and any consultants to support the Companies' operations for the purposes previously communicated to you. 
    • Government authorities, supervisory authorities or other authorities as stipulated by laws, including competent officials. 
    • Assignees or purchasers of the business and/or their advisors, in the event of a restructuring, sale, or transfer of the Companies' business or assets. 
  6. International Transfer of Personal Data In some cases, we may transmit or transfer your personal data to the Companies databases which are operated and managed in foreign country (Thailand). In such case, the Companies shall provide adequate protection and security measures in accordance with the applicable laws. 

  7. Lawful Basis for Processing of Personal Data The Companies only processes your personal data as it is necessary for the scope set out in this Policy, as follows: 

    • When we obtain your consent (as required by laws).
    • To take steps at your request prior to entering into a contract and to perform contractual obligations between you and the Companies.

    • When it is necessary for legitimate interests of the Companies or any other persons or juristic persons, except when such interests are overridden by fundamental rights of your personal data. 

    • To comply with laws to which the Companies are subjected. 

    • When it is necessary for preventing or suppressing a danger to a person’s life, body or health. 

    • To perform the Companies’ duties for a task carried out in public interest or to perform duties for the exercising of official authority vested in the Company (if any). 

    • For research and statistical purposes.

    In the case when the Companies process your sensitive personal data, the Companies shall duly obtain your explicit consent, unless the explicit consent is not required by the applicable laws.

    In the case when the personal data collected by the Companies is necessary for the Companies’ compliance with the applicable laws or performance of contract. If you do not provide us with such necessary personal data, the Companies may not be able to provide you with our products and services, and/or may not be able to manage or administer the contract or give any convenience for you. 

  8. Your Rights as a Data Subject According to the applicable laws, you have certain rights relating to your personal data as follows:

    • Right to Withdraw Consent You have the right to withdraw consent given to us for collecting, using or disclosing your personal data at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

      However, the withdrawal of consent shall not affect the processing of personal data you have already given consent to the Companies legally. 

    • Right to Access You have the right to request access to and obtain copy of your personal data, which is under our responsibility, including to request the disclosure of the acquisition of the personal data obtained without your consent. 
    • Right to Data Portability When the Companies arranges your personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal data and are also entitled to send or transfer your personal data in such formats to other entities as prescribed by laws.
    • Right to Object  You have the right to object to the collection, use or disclosure of your personal data as prescribed by laws.
    • Right to Deletion You have the right to request the Companies to delete, destroy, or anonymize personal data as prescribed by law.
    • Right to Restriction of Processing You have the right to request the Companies to restrict the use of your personal data as prescribed by law.
    • Right to Rectification You have the right to request the Companies to modify your personal data to be accurate, up-to-date, complete, and not misleading. 

    • Right to File a Complaint You have the right to file a complaint to a competent official under the applicable laws anytime the Companies violates or does not comply with the applicable laws.

      Data Subject may request such rights by sending an official notice to the Companies’ Contact Information as mentioned in Section 10.

      The Companies shall consider the data subject rights request received and inform the Data Subject not exceeding 30 days from the date of receiving such request. However, the Companies may deny such rights subject to exception to the applicable laws. 

  9. Personal Data Protection Security Measures The Companies recognizes the importance of ensuring the security of your personal data. Therefore, the Companies has established appropriate and strict security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal data.

    In the case when the Companies assigns any third party to process your personal data pursuant to the instructions given by or on behalf of the Companies, the Companies shall appropriately supervise such third party to ensure your personal data protection in accordance with the applicable laws. 

  10. Contact Information If you have any questions or inquiries about the protection of your personal data, collection, use or disclosure of your personal data, or exercise of your rights, or have any claims, please contact us at: 

    Betagro Public Company Limited

    Address : Betagro Tower (North Park), 323, Moo 6, Vibhavadi Rangsit Road, Thung Song Hong, Lak Si District, Bangkok 10210, Thailand

    Tel : +66 2-146-1482 

    E-mail : DPOoffice@betagro.com

  11. Link to Third Party Websites via our Website This Policy applies to the sales of products or provision of services and use of our website only. When you link to third party websites via our website, the personal data protection shall be in accordance with the Privacy Policy of such third party websites which are not related to the Companies. 

    We regularly review and, if appropriate, update this Policy from time to time to ensure that your personal data is properly protected. In case of any significant update to this Policy, we will inform you through appropriate channel(s).