Rêver Automotive Co., Ltd. (“We”) do recognizes the importance of protecting personal data. Personal data means any personal information that can verify your identity. We, as a data controller in accordance with the Personal Data Protection Act B.E. 2562, hereby create the Personal Data Protection Policy (“Policy”) in order to provide the information for data subject to acknowledge and understand the purpose, principle and security of personal data management. This policy will enforce with our website(s), mobile application(s), showrooms, social networking sites, activities, and other channels that we collect the personal data. Hereby, we, directly and indirectly, collect the personal data by the aforementioned channels or receive the personal data from affiliated companies, subsidiaries or our business partners.

1.PERSONAL DATA

1.1 “Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly.

“Sensitive Personal Data” means personal information about race, ethnicity, political opinions, cult religion, philosophy, sexual behavior, criminal records, health information, disability information, trade union information, genetic information, biological information (e.g., biometric data, finger scans, face scanning, voice recognition, retina recognition, etc.) or any other information that affects the data subject in a similar way as announced by the personal data protection committee.

“Personal Data Protection Laws” means the Personal Data Protection Act B.E. 2562 including other applicable laws.

“Cookies” means small electronic information stored in form of text file and will be sent to the browser of data subject for sending the information back to the server every time you visit the website and/or application.

Other definitions not specified in this Privacy Notice shall have the same meaning as given in the Personal Data Protection Laws.

1.2 The collected personal data

a) Personal data such as name titles, name, surname, career, position, workplace, annual income range, education, nationality, birthday, marriage status, information on government-issued cards (such as identity card number, passport number, tax identification number, driver’s license information, etc.) signature, audio recordings or recordings of telephone conversation, photographs, household registration, family information, profile information (such as user name on mobile application or website including the password) and other information.

b) Contact information such as postal address, delivery address, billing address, telephone numbers, maps, location, email address, and other channels through social networking sites.

c) Financial information such as bank account, PromptPay, bank statement, loan, financial contracts details (e.g., amount, contract type, contract status, down payment, balloon, installment, name of guarantor, down payment period, product type, behavior of balloon payment) bank cheque, credit information, financial instrument, deposit, tax amount, balance, outstanding balance, financial statements, affidavit, list of shareholders, other financial information.

d) Vehicle information such as vehicle identification number, license plate number, brand, model, year, color, engine number, vehicle type, mileage, battery, voltage, door, petrol level, brake wear, location and movement data (e.g. time, location, speed), traffic data, environmental data, sensor data (e.g. radar, ultrasonic devices, gestures, sound), car insurance, accidents and car problems records, maintenance records, credit insurance, compulsory insurance and gap insurance, salvage value (residual value), accessories performance, imported car, vehicle registration manual, car pick-up date, car price, next service appointment date or service history, vehicle inspection documents, GPS data and vehicle location, car history report summons and letters from the police and other vehicle-related information

e)Identification and Authentication Data

such as verification information (such as data related to Know Your Customer (KYC), Customer Due Diligence (CDD)), information for risk management, or anti-money laundering and counter-terrorism financing checks.

f) Transaction details

such as payment details (to you and from you), the date and/or time of payment, payment amount details about requesting a refund date and place of purchase of goods or services, address/date and time of pickup or delivery, service request form, receipt form, recipient's signature, receipts, invoices, transactions, transaction history, location, transaction status, buying preference and other details of the goods and services you purchase, deposit/payment slip, credit card, complaints and claims, expectation date of buying, and balance, including receiving special offers or discounts.

g) Electronics Information

such as IP Address, Cookies, browser types and versions, time zone setting, unique device identifiers, operating system and platforms, browsing histories, log-in and log-out times, mobile network data, and geographic location data.

h) Market Analytic and Marketing Data:

such as customer opinion surveys, information and opinions expressed when participating in market research (such as your answers to questions, questionnaires, requests for feedback, and research), details of services you have received and your needs, conclusions about you based on your interactions with Rever Group, communications you desire, and details or content of communications between you and Rever Group.

i) Sensitive Personal Data

such as religion and blood type as appears on the national ID card, biological information (e.g., biometric data, finger scans, face scanning, etc.)), health information in case of customer claim.

Unless we specifically request it, we ask that you not send us, and you not disclose, any Sensitive Personal Data to us. Otherwise, we will redact that information before processing your Personal Data. In this regard, if we have to process your Sensitive Personal Data, we will process your Sensitive Personal Data for only certain purposes (including to proceed and approve your claim).

j) Other information that we collect, disclose, exchange, or obtain, directly or indirectly, such as our business partners, partners, insurance brokers. insurance company, financial institution.

1.3 To whom we may collect Personal Data

a) Customer and Prospective Customer

i) Individual Customer – This item refers to any individual who buys or may buy our products or services from us or our authorized dealers.

ii) Corporate Customer – This item refers to directors, shareholders, employees, personnel, contact person, guarantors, collateral providers, and legal representatives of corporate customer.

b) Non-customer – This item refers to business partner, dealers, vendors, contractors or their personnel, visitor, web user, job applicant, other.

c) Minor and incompetent person – This item refers to any individual with the age of less than 20 and an incompetent or quasi-incompetent person under the Civil and Commercial Code. Note that we do not knowingly collect any Personal Data from Minor and incompetent persons. If you are Minor or incompetent person, please do not submit any Personal Data to us unless under the control of your parents or legal guardians. If you have reason to believe that Minor and incompetent persons have provided Personal Data to us illegally, please contact us as detailed below.

In cases where we become aware that we have unintentionally collected Personal Data from minor without the consent of their legal guardians, or from quasi-incompetent or incompetent persons without the consent of their curators or guardians (as the case may be), we will immediately delete or destroy such Personal Dat unless we can rely on other legal bases apart from consent, or as permitted by law.

1.4. Sources of Personal Data Collected by Rever Group

Most of Personal Data we process is provided to us directly by you for one of the following reasons:

- You have applied for our products and/or services.

- Telephone conversations between you and us or our dealers, including recordings of telephone conversations, mail, email, messages, or similar methods.

- You have made a complaint, request or enquiry to us.

- You wish to attend or have attended our marketing events.

- You have applied for a job with us.

- You are representing your organization.

- You have visited our office.

- You have visited our website or used our mobile applications, which include cookies and other internet software to collect Personal Data.

- You have responded to our customer surveys.

We also receive Personal Data indirectly, in the following scenarios:

- Information obtained from insurance documents or other documents.

- Financial checks and any financial statements.

- You have made your Personal Data publicly available, including disclosing your Personal Data through social media. In such case, we will only collect Personal Data that you choose to make public.

- When we receive your Personal Data from third parties, such as your employer, our clients, credit information collection agencies, or other government agencies.

- When you have purchased our products and/or services through third parties.

2. PURPOSES OF COLLECTING PERSONAL DATA

We use your Personal Data for the purposes described below. In many instances, we need to process your Personal Data in order to fulfil our obligations under the contracts with you or comply with any regulations. If you do not provide the Personal Data requested, we may not be able to provide our services to you.

2.1 For our existing/prospective customers:

a) For the compliance with the contract and manage contractual relationships including legal documents that are required to comply with the laws, regulations, terms and conditions for complying with legal duties.

b) To acknowledge the problem and be able to solve the problem by means of improving business operations, products and services in a timely and precisely.

c) To manage information technology operations, communication system management, information technology security maintaining and inspection, managing business for compliance with requirements, policies and/or internal processes.

d) For fraud inspection, various risk assessments as well as to prove your identity by ensuring compliance with the law and other regulations.

e) For corporate transactions in the case of sale, transfer or merger, business rehabilitation or other similar cases.

f) To communicate contents regarding Rever Group’s operation and products.

g) To arrange a test drive.

h) To call a customer to ask about his/her satisfaction with Rever Group’s services and/or products.

i) To arrange and obtain car insurance for a customer.

j) To monitor information related to customers and insurance claims presented to the Company by dealers.

k) To review the report regarding financing banks’ performance.

l) To communicate with customers and keep such records of such communication regarding CRM including complaint, claim, and customer service via official channels.

m) To provide support to customers including roadside support, technical issue support, and support to ad hoc reasonable request via call center.

n) To conduct a survey related to Rever Group’s business to check customer’s satisfaction with dealers or our personnel in terms of their performance and customer treatment.

o) To process claim, check vehicle defects, and approve claim.

p) To communicate with customers regarding the software update.

q) To collect, process, and share to any consultant Personal Data for the management and calculation of carbon credit for carbon trade.

r) To calculate credit which can be used to donate to any activity as the Company deemed which appropriate and relevant to eco-friendly and carbon credit related activities, and to update customers of such donation.

s) To take photos and videos from the Company’s events including launching events, motor show or other marketing events or campaign.

t) To prepare documents and information for the lawsuit.

2.2 For our business partners. Dealers, vendors, contractors or their personnel:

a) To manage part importation and ordering.

b) To act as middleman of the Company to deal with dealers from other regions such as implementing new policies, improving work, etc.

c) To review quotation and relevant documents.

d) To review and execute applications or contract with you.

e) To process and execute the LOI including liaison with a financial institution.

f) To arrange a training program for sales and service personnel.

g) To monitor, track, and disclose the progress of the post-training test and performance.

h) To review dealer’s information including organization charts and personnel qualifications.

i) To register a vendor into Rever Group’s vendor list.

j) To make payment or receive payment.

k) To conduct an internal or external audit

l) To prepare the content and media for communication marketing activities.

m) To prepare documents and information for the lawsuit

n) To set-up the database and facilitate working team and customers to process basic information for ordinary operation of business and to provide support on application management including the application such as DealerPro, MDS, SAP, EMCS, Rever Portal, Data warehouse, and the Company’s mobile application.

2.3 For web users, visitors, and others:

a) To provide services via Rever Group’s websites to the users.

b) To keep record of visitors.

c) To install, administer, and keep record of CCTV in public space area.

d) To improve user experience, manage the session, provide advertising and marketing communication via implementing cookies.

e) To maintain the security and prevent the crime in our office.

2.4 For job applicants:

a) To recruit new employees.

b) To evaluate qualifications, conduct interviews, perform background checks, and make hiring decisions.

c) To maintain records for future opportunities.

d) To communicate with job applicants.

3. DISCLOSURE, SHARE, OR TRANSFER OF YOUR PERSONAL DATA

3.1 Disclosure within Rever Group and to Related Parties.

We may disclose, share, or transfer the Personal Data within Rever Group, or to our subsidiaries, related companies, our car dealers, collaborating automative manufacturers and/or distributors or the third party that collects, uses or discloses for the purposes specified under this Privacy Notice.

3.2 Sharing with Third-Party Service Providers.

We may share your Personal Data with our third-party service providers or product suppliers, outsourced services in order to be able to provide services such as aftersales service, logistics and transportation service providers, market research and survey services, analytics service, marketing services, advertisements, designs, creation and communication, etc.

3.3 Personal Data Access by Third-Party Service Providers and Independent Data Controllers.

During providing the above service, our third-party service providers may have access to your Personal Data, however; we will only provide our third-party service providers with necessary information to provide the service by clearly defining the scope of use in the service agreement; and we will request our third-party service providers not to use your Personal Data for other purposes. We ensure that the service providers we work with strictly maintain the security of your Personal Data as required by law. Note that for certain cases, those third-party service provider may be data controllers independently, such as payment service provider, NCB, NDID and charger station. It is advisable that you should read their privacy policy to have a better understanding of their services.

3.4 Transfer to Business Partners.

We may transfer your Personal Data to our business partners (including but not limited to commercial banks and car insurance companies in accordance with your chosen preference) to conduct business and provide banking, finance, credit, loans, vehicles, insurance, telecommunications, marketing, retail, wholesale, equipment rentals. including vendors or platform providers with which we may jointly offer goods or services; or own the goods or services that we may offer to you.

3.5 International Data Transfer and Processing.

We may transfer your Personal Data to our subsidiaries, related companies, business partners, collaborating automative manufacturers and/or distributors or external service providers throughout the world so these service providers can perform certain tasks on our behalf or in accordance with your chosen preference, such as for after-sale service, warrantee and claims, cloud and non-cloud storage, carbon trading, customer relationship management, analytics, and general assistance, or when there is legal obligation or legitimate interest to do so, such as for audits and corporate sale or restructuring. If we have contract basis for any such processing, we will also rely on such for offshore transfer or processing. However, for non-contract basis transfer or processing, we will rely on your consent as given in your respective Consent Form. In such cases, we will ensure a standard of protection for the Personal Data so transferred that is comparable to the protection under the law and our standards.

4. DATA SECURITY

We have defined the measures for controlling access to the Personal Data and the use of equipment which is safe and appropriate for use, collection disclosure and analysis Personal Data. Moreover, we also have the measure to limit access to Personal Data and the use of devices for storing and processing Personal Data by assigning access rights to the user's data, authorized designated employees to access information including user responsibilities in order to prevent unauthorized access to Personal Data, disclosure, knowing or illegal copying of Personal Data. or unauthorized theft of Personal Data storage or processing devices. We put in place measures for retrospective review of access, change, deletion or transfer of personal data to be consistent with the methods and media used to collect, use or disclose Personal Data. Additionally, in case we have to transfer your Personal Data to other countries not considered adequate by Thailand’s supervisor authority, we will put in place adequate and appropriate safeguards as prescribed in Personal Data Protection Laws, such as standard contractual clauses, to protect your Personal Data and ensure that your Personal Data will be governed by effective legal remedies.

5. DURATION OF COLLECTION

The period for storing Personal Data is appropriate for the purposes set out in this Privacy Notice. We hereby certify not to store Personal Data beyond the period specified by law or no longer necessary for legal and/or business purposes. Our current policy is to retain certain Personal Data of you for up to 10 (ten) years after they cease to be necessary, subject to the applicable anonymization procedures and at all times in accordance with our document retention and disposal policy, and applicable laws and regulations.

6. YOUR RIGHTS AS A DATA SUBJECT

6.1 Right to access information

Data Subject is entitled to request access and obtain a copy of Personal Data referred to the Personal Data collected under this Privacy Notice.

6.2 Right to request correction of Personal Data

You are entitled to request us to amend the information to be accurate or up to date for avoidance of confusion or misunderstandings so far.

6.3 Right to erase

You are entitled to request us to erase or make your Personal Data pseudonymised under certain circumstances as allowed by law.

6.4 Right to request for Personal Data transfer

You are entitled to request us to transfer your Personal Data in a format that is reasonable and acceptable to another entity of your choice.

6.5 Right to object the processing of Personal Data

You are entitled to object to the collection, storage, use, or disclosure of your Personal Data in any of the following events: (a) in case where your Personal Data was collected for the purpose of (i) public interest, (ii) our compliance with a governmental order, or (iii) any legitimate interest of ours or other legal entity, (b) in case where we have collected, stored, used, or disclosed your Personal Data for the purpose of direct marketing, or (c) in case where we have collected, stored, used, or disclosed your Personal Data for any research purposes as specified in the law, including for statistical purpose.

6.6 Right to restrict processing of Personal Data

You are entitled to request us to suspend the use of your Personal Data in any of the following events: (a) when verifying some information under certain circumstance, or (b) when you request us to retain your Personal Data which is no longer necessary for our operations.

6.7 Right to withdraw consent

You can revoke your consent to collection, use, or disclosure. The withdrawal of consent will not affect the collection, use, or disclosure of Personal Data to which you have previously given consent.

6.8 Right to complain

You may submit a complaint to the Thailand Personal Data Protection Commission (“PDPC”) due to our misconduct under the Personal Data Protection Laws. However, we would appreciate the opportunity to address your complaint in the first instance.

Note that we may deny your request under certain circumstances, such as our collection of your Personal Data is made for the purposes authorized by the law.

7. PROVIDING PERSONAL DATA OF THIRD PARTIES

If you provide us with Personal Data of third persons, you confirm that you have informed them of this Privacy Notice and have obtained their consent, where necessary, for the use of their Personal Data. You also agree to provide evidence of such consent to us upon our request.

8. USE OF COOKIES POLICY

Our websites will send cookies to your browser and may be recorded in the computer or device you use to access the websites. Cookies are important in enabling websites to remember the setting on your devices. We will use cookies and other similar technologies for different purposes. Please see our cookies policy [.] for more information.

Rever Automotive Co., Ltd.

URL: [https://www.reverautomotive.com/cookies-policy]

[https://www.denzathailand.com/cookies-policy]

Rever Leasing Co., Ltd.

URL: [https://www.reverleasing.com/cookies-policy]

Rever Commercial Vehicle Co., Ltd.

URL: [https://www.revercommercial.com/cookies-policy]

Our website may contain URL that can link to other social media such as Facebook, Instagram, YouTube, or other social media platforms which may allow you to share content in our website with others on social media and establish other interactions with those social media via our website. As a result, the setting of these cookies is determined and set by social media service providers who are third parties to track your online activities. We have no authority to control information collected by such cookies. We suggest you check those social media platforms for additional information regarding the cookies and the cookies management of such social media service providers.

9. AMENDMNET OF THIS PRIVACY NOTICE

This Privacy Notice is under regular review and inspection to make sure it is up to date and accurate. Therefore, it may be revised to comply with the conditions of collection, use or disclosure of Personal Data in order to be fair and transparent to you as a data subject. When the Privacy Policy is revised, we will notify you through our website as soon as possible. We always indicate the date the last changes were published, and the previous versions will be posted in the below link for your review.

For Rever Automotive Co., Ltd.

https://www.reverautomotive.com/privacy-policy and

https://www.denzathailand.com/privacy-policy

For Rever Leasing Co., Ltd.

https://www.reverleasing.com/privacy-policy

For Rever Commercial Vehicle Co., Ltd.

https://www.revercommercial.com/privacy-policy

10. CONTACT US

If you would like to contact us to exercise the rights of Personal Data or have any inquiries in relation to this Privacy Notice, please contact us by contact details provided in our websitesor the given information below.

Rever Automotive Co., Ltd.

Address : No. 865 Siam@Siam Hotel Building, 9th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email : contact@reverautomotive.com

Tel : 02 766 8880

Website : For BYD Vehicles: https://www.reverautomotive.com/contact

For DENZA Vehicles: https://www.denzathailand.com/contact

Rever Leasing Co., Ltd.

Address : No. 865 Siam@Siam Hotel Building, 8th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email : contact@reverleasing.com

Tel : 02 766 8880

Website : https://www.reverleasing.com/contact

Rever Commercial Vehicle Co., Ltd.

Address : No. 865 Siam@Siam Hotel Building, 9th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email : contact@@revercommercial.com

Tel : 02 766 8880

Website : https://www.revercommercial.com/contact

Data Protection Officer

For Rever Automotive Co., Ltd.

Address: No. 865 Siam@Siam Hotel Building, 9th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email: dataprivacy@reverautomotive.com

Tel: 02 766 8880

For Rever Leasing Co., Ltd.

Address: No. 865 Siam@Siam Hotel Building, 8th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email: dataprivacy@reverleasing.com

Tel: 02 766 8880

For Rever Commercial Vehicle Co., Ltd.

Address: No. 865 Siam@Siam Hotel Building, 9th Floor, Rama 1 Road, Wangmai, Pathumwan, Bangkok 10330

Email: dataprivacy@revercommercial.com

Tel: 02 766 8880

You can submit the request regarding your Personal Data to Rever Group and Rever Group will consider your request as soon as possible.

11. EFFECTIVE DATE

This Privacy Notice is effective from 1 November 2024 onwards until further notice of changes.