The Company has established internal regulations titled the “Personal Data Management Policy (AD047)” in accordance with the relevant provisions of the Personal Data Protection Act (PDPA). This policy serves as the internal governance framework for the collection, processing, use, and protection of personal data and is applicable to all employees of the Company.
The scope of application of this Policy covers the Company’s employees, directors and supervisors, members of the remuneration committee, shareholders, as well as customers, suppliers, and personnel of public and private institutions involved in business dealings with the Company. In practical operations, the Company implements appropriate management and protection measures based on the nature of the personal data and the purposes of use, and ensures full compliance with applicable laws and regulations.
At the operational level, the Company includes notices regarding data subject rights and confidentiality disclaimers in external email communications, reminding recipients that the use of personal data must comply with relevant legal requirements, thereby mitigating the risk of improper use or data leakage.
With respect to education and training, personal data protection has been incorporated into the onboarding training programs for new employees. Through course briefings and assessments, the Company strengthens employees’ awareness of and compliance with personal data protection requirements. In 2025, the total number of training hours related to personal data protection amounted to 62.5 hours.