Privacy Notice

Super Turtle Public Company Limited (the “Company”) and its subsidiaries (collectively, the “Group”) recognize the importance of the protection of the Personal Data (as defined below) of the persons related to the Group’s business activities and operations which the Group may collect, use, and/or disclose, such as, job applicant, job interviewee, current or former employee, intern, executive, director, supplier (manufacturer, distributor or service provider), business partner, author, copyright owner, visitor, general person, shareholder and securities holder, investor, press, any person whom attends activity arranged by the Group or its partner. The Group then prepares the Personal Data security measures and follows such measures, including relevant and enforced laws for the protection of your Personal Data in term of collection, use, disclosure, and/or cross-border transfer.

This privacy policy (the “Privacy Policy”) was made to inform of the policy on collection, use and/or disclosure of your Personal Data in the Group’s business operations (e.g., employment process or procurement process). For customer, potential customer, visitor, or member of the Company’s e-Commerce or any other platform, please consider details in relevant website or platform.

The Group deems that it is important for you to carefully read and regularly check this Privacy Policy to review any changes and/or updates the Group might take from time to time. The Group will post the date the Privacy Policy was last updated at the top of the Privacy Policy.

For the purpose of this Privacy Policy,

“Personal Data” shall mean any identified or identifiable information about you; and

“Subsidiary” shall mean any company over which the Company has controlling power by means of: (a) holding shares in an amount exceeding 50 percent of the total number of shares with voting rights in such company whether directly or indirectly; (b) having control of the majority voting rights in the shareholders’ meeting of such company whether directly or indirectly or by any other reasons; or (c) having direct or indirect control over the appointment or removal of at least half of all directors in company, including company under the chain of control of the company under (a) – (c). As of 1 June 2022, the Company’s subsidairies comprise of Nation Global Edutainment Company Limited and One World Media Company Limited.

1. WHAT PERSONAL DATA WE COLLECT

The Group may collect your Personal Data from various sources, including (a) directly from you when you contact or enter into a transaction with the Group, when you fill information into a form (e.g., job application or supplier registration form) or sign an agreement to commence the relationship with the Group, or when there is a communication between the Group and you, (b) from business partners or service providers that you work for, represent or act as an agent, (c) from public domain, e.g., third party websites or relevant government agencies, or from other third parties, e.g., reference persons. The specific type of data collected will depend on the context of your interactions with the Group. The followings are example of the Personal Data that may be collected:

1.1 Personal information, such as title, name, surname, gender, age, date of birth, nationality, height, weight, national identification number, tax identification number, picture, photo, marital status, military status, educational backgrounds and work experiences (including information in job application, certification of employment, salary confirmation letter, professional license, certificate of training, and income and salary), government issued documents (including national identification card, passport, house registration, vehicle plate number, driving license, work permit, company affidavit, certificate of personal name change, VISA, and immigration form), vehicle details (including brand, model, chassis number, and vehicle plate number), details of social activity attendance or being member of club/association, smoking or drinking record, and signature;

1.2 Contact information, such as house registration address, national identification card address, current living address and map, work or business place address, phone number, facsimile number, mobile phone number, email address, LINE user account or other information-related to online social media;

1.3 Financial information, such as copy of book bank, bank account number, expense details, monthly salary, wage, income and deductable item, withholding tax detail, loan account number, provident fund detail, social security detail, copy of shareholder/securities holder register, shareholder/security holder number, security account number, number of shares/securities, and amount of dividend;

1.4 Information of your related person, such as information of your spouse, children and parents, information of your reference persons, information about employee working for company relating to you, and information in conflict of interest report;

1.5 Technical information, such as Internet Protocol (IP) address, Media Access Control (MAC) address, computer log history, log, device model and type, connection information, access information, login log, access time and location, time spent on website, and cookies;

1.6 Employment and work information, such as supplier/trading partner details (including supplier/trading partner code, type and business, evaluation score of supplier/trading partner, and supplier/trading partner registration date), employee details (including staff identification number, job title, line of command, employment beginning/termination date, service period, clock-in clock-out, performance report, work record, disciplinary record, transfer record, promotion record, complain details, training details, welfare details, and reason for resignation), inspection information, transaction details between you and the Group, and information given to the Group as specified in an agreement, form or survey form;

1.7 Other information, such as clock-in clock-out information, images taken at and/or voice recorded through CCTV inside office area; and

1.8 Sensitive data (“Sensitive Data”), such as religion shown in national identification card, health information (e.g., health check result, medical certificate), criminal background, disability information.

If you provide the Personal Data of any third party (such as authorized director or attorney-in-fact of a person whom the Group has legal activity or relationship with, reference person, emergency contact) to the Group, for any purpose under this Privacy Policy, you represent and warrant that you have the authority to do so by (i) informing such other person about the collection, use, disclosure and/or cross-border transfer under this Privacy Policy; and (ii) obtaining consent from such other person.

The Group only collect the Personal Data of minor, quasi-incompetent person and incompetent person where their parent, curator or guardian (as the case may be) has given their consent. In the event that the Group learns that it has unintentionally collected the Personal Data of minor, quasi-incompetent person and incompetent person without consent from their parent, curator or guardian (as the case may be), the Group will delete it immediately or collect, use and/or disclose if it is permitted by laws.

2. PURPOSES OF COLLECTION, USE AND/OR DISCLOSURE OF PERSONAL DATA

2.1 Purposes of which you have given your consent

The Group relies on your consent for the collection, use, and/or disclosure of your Personal Data and Sensitive Data for the human resources management, including without limitation to checking record, qualifications, and suitability for employment, personal identification and verification, performance examination during employment, provision of work record, procurement of welfare (e.g., granting leave, medical fee, annual health check-up, and health insurance) and for use in emergency case.

2.2 Purposes based on legal grounds

The Group may rely on legal grounds ((a) vital interest, for preventing or suppressing a danger to a person’s life, body or health; (b) contractual basis, for initiation or fulfilment of obligations under an agreement with you; (c) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities; (d) legitimate interest, for the purpose of the legitimate interests of the Group or third parties, where the Group will consider your interest and fundamental rights into account; (e) legal compliance; or (f) other legal grounds permitted under applicable laws). Depending on the context of the interactions between the Group and you, the Group may collect, use and/ or disclose the Personal Data for the following purposes:

(1) For human resources management, such as, to manage job application and employment, to administrate the payment of monthly salary, remuneration or other benefits (social security fund and provident fund), to file and record accounting data, to proceed tax procedures (withholding income tax), to manage welfare, to manage employment relationship, including issuing staff identification card, arranging for work activity, evaluating performance, considering adjustment or relocation of position or workplace, conducting labour protection, managing work security, occupational hygeine and environment, to analyse, plan, and manage internal resources, to oversee the overall of the work and work facilities, and to arrange for training and development;

(2) For procurement management, such as, to verify data, to screen qualification and status of supplier and/or business partner, to execute an agreement, purchase order or purchase requisition with supplier and/or business partner, and to keep and record accounting data (withholding tax);

(3) For business operations of the Group, such as, to prepare financial statements, to conduct any financial or business transaction, to verify personal identity, to appoint or authorize a person to conduct a transaction on behalf of the Company or its Subsidiaries, including specifying your name and surname in an agreement relating to a transaction, to fulfill obligations under an agreement that the Company or its Subsidiaries having with you or your organization which you are its representative, including acquiring goods, services or performance, paying or collecting fee, to support any other purpose as necessary and relating to an agreement the Company or its Subsidiaries having with you or your organization which you are its representative, to use as supporting documents in transaction, to prepare title documents, to prepare database, and to analyze and develop work process and procedure;

(4) For communications, such as, to make an interview appointment, to provide activity information, to send the Group’s news, to deliver documents, to contact your reference person in emergency case, to report any update relating to any transaction, to respond any inquiry, and to receive any complaint;

(5) For IT system management, such as, to monitor, track, administer, and oversee IT system security;

(6) For legitimate interest, such as, to protect the security and integrity of the Group’s business or any person related to the Group’s business, to control office access in order to ensure that office area is safety to its employees and visitors, including their property, to exercise the Group’s rights or to protect the Group’s benefits where it is necessary and lawful to do so, and to conduct business transfer, merger, re-organization or any other event of the same nature.

Where the Personal Data the Group collects from you is needed to meet its contractual, legal, or regulatory obligations or to enter into an agreement with you, if you do not provide your Personal Data when requested, the Group may not be able (or may terminate) to perform its obligations or reject to enter into an agreement with you, where you may face damage and loss of opportunity.

3. TO WHOM THE GROUP MAY DISCLOSE PERSONAL DATA

The Group may disclose your Personal Data to the following third parties subject to applicable data protection laws and this Privacy Policy.

3.1 The Company and companies under the Group, including their employees, executives and directors.

3.2 Suppliers or business partners, including without limitation to service providers of e-Book platform, product and service distribution agents of the Company (which may be legal entity or individual) and/or persons who mutually conduct marketing or promotion activity with the Company or its Subsidiries.

3.3 Service providers, including without limitation to infrastructure, software and website developers and IT service providers, logistics service providers, data storage and cloud service providers, banks and financial institutions, securities registrars, hospitals, insurance companies, service providers of data analytics, payment system service providers, electronic payment service providers (including top up agents), customer relationship and loyalty program service providers (including point collection and reward program), communication service providers, voting and vote counting service providers, and/or printing houses.

3.4 Third parties permitted by laws, including without limitation to the Securities and Exchange Commission, the Stock Exchange of Thailand, law enforcement agencies, courts, regulators, or other third parties where the Group believes this is necessary to comply with a legal or regulatory obligation.

3.5 Professional advisors, including without limitation to project advisors, financial advisors, legal advisors, and/or auditors.

3.6 Other third parties, whom the Group may be required to disclose the Personal Data based on the legal grounds, such as, assignees who are assigned any rights and/or obligations, investors, major shareholders, or business partners in event of business transfer, merger, re-organization, or any other event of the same nature.

Please be noted that any weblink shown in our website and redirected you to the third party website, if you enter to the third party website, the processing of your Personal data shall be subject to the third party privacy policy. We then recommend you to read the privacy policy of such third party in order to learn how your Personal Data are processed. We do not warrant that your Personal Data and/or other data you are giving to the third party website will be securely kept. We will not be liable for management of security or any activity of those third party website.

4. CROSS-BORDER TRANSFER OF PERSONAL DATA

The Group may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards as Thailand’s. The Group will take steps and measures to ensure that your Personal Data is securely transferred, that the receiving parties have in place suitable data protection standard, and that the transfer is permitted under the laws.

5. HOW LONG PERSONAL DATA ARE KEPT

The Group retain your Personal Data for as long as is reasonably necessary to fulfill purposes for which the Group obtained them and to comply with the relevant legal and regulatory obligations. However, the Group may have to retain your Personal Data for a longer duration, as required by the applicable laws.

6. COOKIES AND HOW THEY ARE USED

Cookies are the groups of data sent from web server to internet browser and re-sent from internet browser to web server upon request. Normally, cookies are used to store small amounts of data, so that the web server can remember user’s internet browser usage status, such as, remembering username, latest access to website, and selected product. Collection of cookies enhances the Company to remember yours and to better deliver experience in surfing the website. Usually, most internet browsers allow you to control whether or not to accept cookies. If you reject cookies, it might affect your ability to use some of the features or pages of our websites may be limited.

7. DATA SECURITY

Protection of personal privacy of your Personal Data is the Group’s prioritization. The Group has policies and procedures to maintain the Personal Data security by limiting a person who shall access to the Personal Data on an as-needed basis. The Group implements various security measures with its best efforts to ensure that the Personal Data kept in the Group system are safe. They are stored in a secured network and can only be accessed by an authorized person or processor permitted by the Group. Access to the system is required hard-to-guess password and the validity of password is determined. In addition, the Group implements the following standard and acceptable technologies to protect the Personal Data:

7.1 Firewall, the Group places the layers of firewall (network security system) between the computer system and internet of the Group; and

7.2 Virus and malware scan software, Virus and malware scan software is installed into and is periodically updated to all of the Group computer devices and servers.

8. YOUR RIGHTS AS A DATA SUBJECT

Subject to applicable laws and exceptions thereof, you may have the following rights to:

8.1 Access: You may have the right to access or request a copy of your Personal Data which the Group collects, uses and/or discloses. For your own privacy and security, the Group may require proof of yours before providing the requested Personal Data;

8.2 Rectification: You may have the right to have your incomplete, inaccurate, misleading, or not up to date Personal Data that the Group processes rectified. This can be done by yourself through channels opened by the Group, such as editing member information at e-Commerce website or contacting contact channel as specified in clause 9;

8.3 Data portability: You may have the right to obtain your Personal Data which the Group collects in a structured and readable electronic format, or in any other appropriate format, and to transmit such data to another data controller authorized by you, provided that it is (a) the Personal Data provided by you to the Company directly, and (b) the case that the Company collects, uses and/or discloses your Personal Data on your consent or contractual basis;

8.4 Objection: You may have the right to object to certain collection, use and/or disclosure of your Personal Data;

8.5 Restriction: You may have the right to restrict the use of your Personal Data as permitted by laws;

8.6 Withdraw consent: You may withdraw your consent at any time for the purpose of which you consented to the Group for the collection, use and/or disclosure of your Personal Data. However, consent withdrawal shall not affect the lawfulness of the collection, use and/or disclosure of your Personal Data and Sensitive Data from your consent prior to consent withdrawal;

8.7 Deletion: You may have the right to request for deletion or anonymization of your Personal Data which the Company collects, uses and/or discloses; and

8.8 Lodge a complaint: You may have the right to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliance with applicable data protection laws.

In addition, the Group reserves its rights to reject your request if it is the case that the laws allow the Group as the data controller to reject to process your request, and to charge any fees and processing costs incurred from the exercise of your rights as the data subject.

9. CONTACT DETAIL

If you have any inquiry, or wish to exercise your rights relating to your Personal Data please contact the Group at:

Super Turtle Public Company Limited
333 Lao Peng Nguan 1 Tower, 24^th Floor,
Soi Choeiphuang, Vibhavadi-Rangsit Road,
Chomphon, Chatuchak, Bangkok 10900
Email: leasing@superturtle.co.th

Turtle Shop’s 2 new branches are opened in April 2024 in the office area, conveniently located on BTS stations, catering to the fast-paced urban lifestyle

5.5 Moment of Joy: Release Joy with our special menu, including tea and popular coffee, all for just 55 baht

5.5 Moment of joy: Enjoy Joy with our premium bakery menu, served in portions of 2 items for just 55 baht

Privacy Notice