SiamSquared Technologies (Thailand) Co., Ltd. and its affiliates (hereinafter referred to as "S2" or "the organization" or "the company") recognize the importance of personal data and other information relating to you (collectively referred to as "data"). To ensure that you can trust S2's transparency and responsibility in collecting, using, or disclosing your data in accordance with the Personal Data Protection Act B.E. 2562 (2019) ("Personal Data Protection Act") and other relevant laws, this Personal Data Protection Policy ("Policy") has been established to inform you of the details regarding the collection, use, or disclosure (collectively referred to as "processing") of personal data conducted by S2, including officers and related persons acting on behalf of or in the name of S2. The content is as follows:

This policy applies to the personal data of individuals who have a current or potential future relationship with S2, which is processed by S2, its officers, contract employees, business units, or other operational units of S2, as well as contractors or third parties who process personal data on behalf of or in the name of S2 ("personal data processors"). This includes various products and services such as websites, systems, applications, documents, or other forms of services controlled by S2 (collectively referred to as "services").

Individuals who have a relationship with S2 as mentioned in the first paragraph include:
1) individual customers
2) officers or operators, employees
3) partners and service providers who are natural persons
4) directors, authorized persons, representatives, agents, shareholders, employees, or other persons with similar relationships of juristic persons associated with S2
5) users of S2's products or services
6) visitors or users of the website https://stockradars.co, as well as systems, applications, devices, or other communication channels controlled by S2
7) other individuals whose personal data is collected by S2, such as job applicants, family members of officers, guarantors, beneficiaries in insurance policies, etc. Items 1) to 6) are collectively referred to as "you".

In addition to this policy, S2 may establish privacy notices ("Notices") for S2's products or services to inform the personal data owners who are service users about the personal data being processed, the purposes and legal bases for processing, the retention period of personal data, as well as the rights to personal data that the personal data owner should have in that specific product or service. In case of any material conflict between the content of the privacy notice and this policy, the content of the privacy notice for that particular service shall prevail.

- S2 refers to SiamSquared Technologies (Thailand) Co., Ltd. and its affiliates.
- Personal Data means information relating to a natural person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular.
- Sensitive Personal Data means personal data as stipulated in Section 26 of the Personal Data Protection Act B.E. 2562 (2019), which includes racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data which may affect the data subject in a similar manner, as prescribed by the Personal Data Protection Committee.
- Personal Data Processing means any operation performed on personal data, such as collection, recording, copying, organization, storage, adaptation or alteration, retrieval, disclosure, forwarding, dissemination, transfer, combination, erasure, or destruction.
- Data Subject means a natural person who is the owner of the personal data collected, used, or disclosed by S2. - Data Controller means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of personal data.
- Data Processor means a natural person or a juristic person who operates in relation to the collection, use, or disclosure of personal data pursuant to the orders given by or on behalf of a data controller, whereas a person or juristic person who operates in such manner is not a data controller.

1) Personal data that S2 collects directly from the data subject through various service channels, such as during the application process, registration, job application, contract signing, documents, surveys, or use of products, services, or other service channels controlled by S2, or when the data subject communicates with S2 at its office or through other contact channels controlled by S2.
2) Data that S2 collects from the data subject's use of websites, products, or other services under contract or mission, such as tracking website usage behavior, products or services of S2 through the use of cookies, or from software on the data subject's device.
3) Personal data that S2 collects from sources other than the data subject, where such sources have the authority, legitimate reasons, or have obtained consent from the data subject to disclose the information to S2. For example:
- Linking digital services of government agencies to provide comprehensive public services to the data subject themselves.
- Receiving personal data from other government agencies in S2's capacity as having a mission to establish a central data exchange center to support government agencies in providing public services through digital systems.
- Necessary for providing services under contracts that may involve exchanging personal data with contractual partners.

Furthermore, this includes cases where you provide personal data of third parties to S2. In such cases, you are responsible for informing those individuals about the details in this policy or service-specific announcements, as applicable. You must also obtain consent from those individuals if required for disclosing their information to S2.

In cases where the data subject refuses to provide information necessary for S2's services, it may result in S2 being unable to provide all or part of its services to that data subject.

S2 determines the purposes for collecting your personal data based on appropriateness and the context of service provision. The purposes for which S2 collects personal data include:

In cases where S2 needs to collect your personal data for the purpose of contract performance, compliance with legal obligations, or as necessary for entering into a contract, if you refuse to provide personal data or object to the processing for the purposes of the activity, S2 may be unable to fully or partially perform or provide the services you have requested.

S2 may collect or obtain the following information, which may include your personal data. This depends on the services you use or the nature of your relationship with S2, as well as other considerations that affect the collection of personal data. The types of data listed below are just a general framework for S2's personal data collection. Only the information relevant to the products or services you use or have a relationship with will be applicable.

S2 collects and uses cookies and other similar technologies on websites under S2's supervision, such as https://stockradars.co, or on your devices depending on the services you use. This is done to ensure security in providing S2's services and to provide you, as a user, with convenience and a good experience in using S2's services. This information will be used to improve S2's website to better meet your needs. You can set or delete cookie usage yourself through the settings in your web browser.

In cases where S2 knows that personal data requiring consent for collection belongs to a data subject who is a minor, incompetent person, or quasi-incompetent person, S2 will not collect such personal data until consent is obtained from the person with parental authority, guardian, or curator, as the case may be, in accordance with legal conditions. In cases where S2 did not know beforehand that the data subject was a minor, incompetent person, or quasi-incompetent person, and later discovers that S2 has collected data of such data subjects without consent from the person with parental authority, guardian, or curator, as the case may be, S2 will promptly delete or destroy such personal data if S2 has no other legal basis apart from consent for collecting, using, or disclosing such data.

S2 collects your personal data for several purposes, depending on the type of products, services, or activities you use, as well as the nature of your relationship with S2 or considerations in each context. The purposes listed below are only a general framework for S2's use of personal data. Only the purposes relevant to the products or services you use or have a relationship with will be applicable to your data.

1). To carry out necessary actions in pursuing public interests assigned to S2 or as necessary to exercise legal authority that S2 has the duty to perform according to the mission as stated in the Royal Decree Establishing the Digital Government Development Agency (Public Organization) B.E. 2561 and related laws, rules, regulations, or orders.
To provide and manage S2's services, both services under contracts with you or according to S2's mission.
3) For S2's business transactions.
4) To control, use, monitor, inspect, and manage services to facilitate and align with your needs.
5) To maintain and improve information related to you, including documents that reference you.
6) To create records of personal data processing as required by law.
7) To analyze data and solve problems related to S2's services.
8) To carry out necessary actions in internal organizational management, including job recruitment, selection of board members or various position holders, and qualification assessment.
9) To prevent, detect, avoid, and investigate fraud, security breaches, or prohibited or illegal actions that may cause damage to both S2 and personal data owners.
10) For identity verification, authentication, and information checking when you apply for S2's services, contact for services, or exercise legal rights.
11) To improve and develop the quality of products and services to be up-to-date.
12) For risk assessment and management.
13) To send notifications, confirm orders, communicate, and inform you of news.
14) To prepare and deliver relevant and necessary documents or information.
15) To verify identity, prevent spam or unauthorized or illegal actions.
16) To check how personal data owners access and use S2's services, both overall and individually, and for research and analysis purposes.
17) To carry out necessary actions to comply with S2's obligations to regulatory authorities, tax authorities, law enforcement, or S2's legal obligations.
18) To carry out necessary actions for the legitimate interests of S2 or other individuals or legal entities related to the operations of the Digital Government Development Agency (Public Organization) or DGA.
19) To prevent or stop dangers to life, body, or health of individuals, including epidemic surveillance.
20) To prepare historical documents for public benefit, research, or statistics that S2 is assigned to conduct.
21) To comply with laws, announcements, enforceable orders, or to conduct legal proceedings, handle data according to court orders, including exercising rights related to your data.

Under the purposes specified in Section 9 above, S2 may disclose your personal data to the following persons. The categories of data recipients listed below constitute only a general framework for S2's personal data disclosure. Only data recipients relevant to the products or services you use or have a relationship with will be applicable.

However, at the time of drafting this policy, the Personal Data Protection Committee has not yet announced a list of destination countries with adequate personal data protection standards. Therefore, when S2 needs to send or transfer your personal data to a destination country, S2 will take measures to ensure that the personal data transferred has adequate protection measures according to international standards or will operate under conditions that allow such data to be sent or transferred legally, including:

1) Compliance with laws that require S2 to send or transfer personal data abroad
2) Notifying you and obtaining your consent in cases where the destination country has inadequate personal data protection standards, as per the list of countries announced by the Personal Data Protection Committee
3) It is necessary for the performance of a contract to which you are a party with S2 or to take steps at your request prior to entering into a contract
4) It is to comply with a contract between S2 and other persons or juristic persons for your benefit
5) To prevent or suppress danger to your life, body, or health, or that of other persons, when you are incapable of giving consent at that time
6) It is necessary for carrying out activities for substantial public interest

S2 will retain your personal data for as long as it is necessary for the purposes for which it was collected, as detailed in the policy, announcements, or as required by relevant laws. When the retention period has expired and your personal data is no longer necessary for the aforementioned purposes, S2 will delete, destroy your personal data, or render your personal data unidentifiable, in accordance with the form and standards of deletion and destruction of personal data that the Committee or the law will announce or according to international standards. However, in the event of a dispute, exercise of rights, or legal proceedings related to your personal data, S2 reserves the right to retain such data until the dispute is resolved or a final court order or judgment is issued.

S2 may assign or procure third parties (personal data processors) to process personal data on behalf of or in the name of S2. These third parties may offer services in various forms, such as being a host, cloud computing service/provider, or other forms of contracted work.

When assigning third parties to process personal data as personal data processors, S2 will arrange for an agreement specifying the rights and duties of S2 as the personal data controller and of the person assigned by S2 as the personal data processor. This includes specifying details of the types of personal data that S2 assigns for processing, as well as the purposes, scope of personal data processing, and other relevant agreements. The personal data processor has the duty to process personal data only within the scope specified in the agreement and according to S2's instructions, and cannot process for other purposes.

In cases where the personal data processor assigns sub-processors to process personal data on behalf of or in the name of the personal data processor, S2 will supervise the personal data processor to arrange for an agreement between the personal data processor and the sub-processor in a form and standard no less than the agreement between S2 and the personal data processor.

S2 has measures to protect personal data by limiting access rights to personal data to be accessible only by specific officers or authorized persons or assignees who need to use such data, according to the purposes notified to the personal data owner. Such persons must adhere to and strictly comply with S2's personal data protection measures, as well as have a duty to maintain the confidentiality of personal data that they become aware of from performing their duties. S2 has organizational and technical security measures that meet international standards and comply with what the Personal Data Protection Committee announces.

Furthermore, when S2 sends, transfers, or discloses personal data to third parties, whether for service provision according to the mission, contract, or other forms of agreement, S2 will specify appropriate personal data security measures and confidentiality maintenance that comply with the law, to confirm that the personal data collected by S2 will always be secure.

S2's services may connect to third-party websites or services, which may have personal data protection policies with different content from this policy. S2 recommends that you study the personal data protection policy of those websites or services for details before use. S2 is not associated with and has no control over the personal data protection measures of such websites or services, and cannot be responsible for the content, policies, damages, or actions arising from third-party websites or services.

S2 has appointed a Data Protection Officer to inspect, supervise, and provide advice on the collection, use, or disclosure of personal data, including coordinating and cooperating with the Office of the Personal Data Protection Committee, to comply with the Personal Data Protection Act B.E. 2562 (2019).

The Personal Data Protection Act B.E. 2562 (2019) has stipulated several rights of personal data owners. These rights will come into effect when the law in this part becomes effective. The details of various rights include:

1) Right to access personal data: You have the right to access, obtain a copy, and request disclosure of the source of your personal data that S2 has collected without your consent, unless S2 has the right to reject your request for legal reasons or court orders, or if exercising your right may affect and cause damage to the rights and freedoms of others.

2) Right to rectify personal data to be accurate, up-to-date, and complete: If you find that your personal data is inaccurate, incomplete, or not up-to-date, you have the right to request corrections to make it accurate, up-to-date, complete, and not misleading.

3) Right to delete or destroy personal data: You have the right to request S2 to delete or destroy your personal data, or make your personal data non-identifiable. However, exercising this right to delete or destroy personal data must be subject to the conditions prescribed by law. You can request directly to us via our contact channels on 21.

4) Right to restrict the use of personal data: You have the right to restrict the use of your personal data in the following cases:
a) When S2 is in the process of verifying the accuracy of personal data as requested by the personal data owner
b) When the personal data has been collected, used, or disclosed unlawfully
c) When the personal data is no longer necessary to be retained for the purposes S2 has notified in the collection, but the personal data owner wishes S2 to retain this information for the purpose of establishing legal claims
d) When S2 is in the process of proving legitimate grounds for collecting personal data of the personal data owner, or checking the necessity of collecting, using, or disclosing personal data for public interest purposes, due to the personal data owner exercising the right to object to the collection, use, or disclosure of personal data

5) Right to object to the processing of personal data: You have the right to object to the collection, use, or disclosure of personal data related to you, unless S2 has legitimate grounds to reject your request (e.g., S2 can demonstrate that the collection, use, or disclosure of your personal data has more legitimate grounds, or for the establishment of legal claims, compliance with or exercise of legal claims, or for S2's public interest).

6) Right to withdraw consent: In cases where you have given consent to S2 for the collection, use, or disclosure of personal data (whether such consent was given before or after the Personal Data Protection Act B.E. 2562 (2019) came into effect), you have the right to withdraw consent at any time throughout the period that S2 retains your personal data, unless there are legal restrictions requiring S2 to retain the data, or there is still a contract between you and S2 that benefits you.

7) Right to data portability: You have the right to receive your personal data from S2 in a format that is readable or commonly usable by automatic tools or equipment, and can be used or disclosed by automatic methods. You may also request S2 to send or transfer such data in the aforementioned format to other personal data controllers. However, exercising this right must be subject to the conditions prescribed by law.

Failure to comply with the policy may result in disciplinary action and penalties according to S2's rules (for S2 officers or operators) or according to the personal data processing agreement (for personal data processors), depending on the case and your relationship with S2, and may be subject to penalties as stipulated by the Personal Data Protection Act B.E. 2562 (2019), as well as subordinate legislation, rules, regulations, and related orders.

In the event that you find S2 is not complying with personal data protection laws, you have the right to file a complaint with the Personal Data Protection Committee or a supervisory authority appointed by the Personal Data Protection Committee or by law. However, before filing such a complaint, S2 requests that you please contact S2 first to allow S2 the opportunity to acknowledge the facts, provide explanations on various issues, and address your concerns at the earliest opportunity.

S2 may consider improving, amending, or changing this policy as deemed appropriate and will notify you through the website https://stockradars.co, with the effective date of each amended version indicated. However, S2 recommends that you regularly check for updates to the policy through the application or specific channels where S2 operates, especially before disclosing personal data to S2. Using S2's products or services after the new policy takes effect is considered acknowledgment of the terms in the new policy. If you disagree with the details in this policy, please discontinue use and contact S2 for further clarification of the facts.

- Contact Address: Siamsquared Technologies (Thailand) Co., Ltd.
- Contact Address: 23/69-71 Soi Chula Soi 5, Rama 9 Road, Bang Kapi Subdistrict, Huai Khwang District, Bangkok 10310
- Contact Channels: dpo@siamsquared.com Call Center: 09 2249 4999