Company Policy

Risk Management Policy

TTW Public Company Limited (the “Company”) is determined to operate the business to achieve goals, create added value and stability for the best interests of the Company's stakeholders and in accordance with Good Corporate Governance principles. The Board of Directors, therefore, set the policy risk management, this policy applicable in the performance of all executives and employees.

Risk definition

Risks are uncertain events that may occur and affect the achievement of the Company's objectives.

Risk Management Policy

• 1

  To ensure the achievement of business objectives and stakeholder expectations. The Company will maintain a balance between the risk level and the return on business opportunities by allowing the risk to the Company's acceptable level.

• 2

  All executives and employees must be aware of and pay attention to the various risks of the Company, especially the risks that are in their own responsibilities.

• 3

  Executives and employees will encourage a risk management culture in the Company for sustainable risk management and be part of daily operations.

• 4

  All events that may have a negative impact towards the achievement of the Company's objectives must be treated as follows:

  • 4.1

    Timely identify and assess the risk level both in terms of likelihood and impact.

  • 4.2

    Manage the risk to the acceptable level by using various control activities to prevent potential losses by considering the cost and benefits of implementing that control.

  • 4.3

    Follow up on the Company's risk management continually to ensure that the Company's risks are properly managed.

Responsibility

• Board of Directors approve risk management policy acceptable risk level (Risk Appetite), acceptable deviation level (Risk Tolerance) supervises the implementation of the policy. The Board of Directors may delegate the authority to the Risk Management Committee of the Company.
• The Risk Management Committee is responsible for supervising the implementation of the risk management framework to follow up on the identification of risks, risk assessment, management adequacy major risk, reporting risks and performing duties as assigned by the Board of Directors.
• Audit Committee is responsible for providing a review of compliance with the risk management process to ensure that such processes are implemented adequately and appropriately.
• Managing Director is responsible for implementing the risk management policies by setting guidelines for executives and employees in risk management, allocating sufficient resources and following up for continuous practice.
• Risk Management team is responsible for providing advice on the implementation of risk management practices throughout the organization and support the operation of the Risk Management Committee to comply with the policy and risk management manual.
• Executives and all employees are responsible for complying with the policy and risk management manuals established by the Company.
• Internal audit team is responsible for reviewing the efficiency and effectiveness of the risk management process, communicating and exchanging information about and internal control of the risk management team on a regular basis.

Supplier Code of Conduct

TTW Public Company Limited and its subsidiaries (“the Company”) strive to prevent its business partners from operational risks arising from law and regulations and business continuity. Those risks can possibly pose the adverse impact to the Company in term of environmental, social, and ethical aspects.

Scope

“Business partners” or “Suppliers” under the scope of this Supplier Code of Conduct covers the business partners with the agreement to sell goods and services to the Company regardless the type of products or services. Therefore, the suppliers are not limited to distributors, brokers, consultants, wholesaler, and traders. This Code of Conduct is universally applicable within the Company and it is expected that the suppliers will also apply this guideline to their own business partners at the same degree.

Policy

The Company is confident that their reputation and accountability will be shared to all business partners for all sourcing of products, services, business process. The Company define the business sustainability into 3 aspects as follows:

• 1.

  Environmental Aspect

  • 1.1

    Suppliers should have the environmental management system in accordance with the law and regulations which can lead to continuous improvement in order to increase the efficiency.

  • 1.2

    Suppliers shall strive to improve the efficiency of energy consumption in business process in connection with the greenhouse gases.

  • 1.3

    Suppliers shall manage, preserve, release, eliminate the waste occurred from the business operations in accordance with the law and regulations by checking and controlling the process in line with the Company’ guideline.

  • 1.4

    Suppliers shall handle the toxic and hazardous chemical and subjects with care including the proper management and elimination in line with the law without affecting the environment.

• 2

  Social Aspect

  • 2.1

    Suppliers shall provide the health and safety policy to support the safe and proper working environment including the suitable and adequate personal protection equipment and opportunities for employees to raise the safety concerns without being considered as disciplinary violence.

  • 2.2

    Suppliers should anticipate, identify, prepare and evaluate the situation and emergency and also should have the plan and procedure to respond to the emergency in order to relief the tension of that situation.

  • 2.3

    The Company does not support the employment inequality or discrimination on competition, race, nationality, age, religion, gender, sexual orientation, disability, or any form of inequality.

  • 2.4

    Suppliers shall not hire the underage workers (including abuse of labor) in accordance with the national law, in which, the employees must be at least 15 years old and the Company shall not employ any form of unwilling or forced labors.

  • 2.5

    Suppliers shall accept the rights of employees to join or not to join the association, labor union, federation and negotiation / bargaining.

  • 2.6

    Suppliers shall comply with the applicable local law and regulations pertaining to working condition including working hours, compensation and termination.

  • 2.7

    Suppliers shall maintain the engagement with local community to build the relationship in the operational areas.

  • 2.8

    Suppliers shall systematically evaluate and control the environment impact which may occur from operations toward the community.

• 3

  Ethical Aspect

  • 3.1

    Suppliers shall conduct the business in accordance with the international and local law and regulations applicable to business operations including compulsory permits and licenses.

  • 3.2

    The Company clearly express the intention to comply with the anti-corruption and anti-bribery policy. If any suppliers involve in bribery, the agreement between the Company and such suppliers will be revoked and terminated. And the Company will not be responsible for any loss incurred from such revocation or termination, while, that suppliers may be filed a lawsuit.

  • 3.3

    Suppliers shall acknowledge that the Company’ employees will not receive or give any awards, gifts, and souvenirs which will affect to the decision-making or cause the unfair benefits unless it is just a decent present as per business tradition.

  • 3.4

    Suppliers shall notify the Company if there is any conflict of interest arising among the management, employees or staff working at the Company.

  • 3.5

    Suppliers shall have a procedure to protect the information breach of the Company.

  • 3.6

    Suppliers shall keep the confidential information properly and disclose information in term of business environment, social activities, structure and performance in line with the relevant law and regulations.

Tax Policy

TTW Public Company Limited and its subsidiaries (the “Company”) realizes the matter of taxation, a significant obligation to the society and the nation, and also promotes the sustainable development of the Company in its business operations. Therefore, the Company has adopted the tax principles as a guideline as follows:

Compliance with Laws and Regulations

The Company has tax management to create added value for shareholders by paying taxes properly as required by law, and disclosing tax information in accordance with the relevant rules, including regulations and related reporting standards.

Relationship with Tax Authorities

The Company will honestly discuss with the tax authorities on the basis of factual information and maintain the reputation, good relationship with the relevant government tax authorities.

Support and Practice with the Business Group

The Business Group is supported in compliance with this policy.

Non-Discrimination and Antitrust Policy

Objective

TTW Public Company Limited and its subsidiaries (the “Company”) strive to comply with Non-Discrimination, Antitrust, and Fair Competition laws, whereas, these laws are currently applicable in most countries in the world. The Companies have own objectives to protect the fair competition with transparency and non-discrimination in order to eliminate the trade barrier and unfair transactions. The Companies shall not bar any business opportunities or dealing with the competitors e.g. to join hands with the competitors for pricing conspiracy.

Guideline:

1. Avoid any actions related to pricing conspiracy with competitors.
2. Avoid any actions related to monopolistic manipulation or unfair competition including abuse of dominant position and/or predatory pricing policy.
3. Avoid any researches or activities that enable the information/ data exchange with the competitors. If required, the Companies shall collect the public information/ data available in trustworthy sources.
4. Avoid any agreements that lead to the unfair treat to any juristic persons including the business partners, representatives, distributors and any natural persons.
5. In the event that the Companies will expand the business in any foreign market by joint-venture, and merger & acquisition, the responsible business unit shall perform the due diligence to cover the laws and regulations in connection with non-discrimination or fair trade guideline of such country.
6. Avoid to perform any discriminatory deeds toward the stakeholders to prevent the adverse impact.

Investment Policy

To ensure that the investment of TTW Public Company Limited (the “Company”) would achieve its designed vision and generate a reasonable return which would lead to a stable, continuable, and sustainable growth of the business, the Board of Directors thus determines investment policy as follows:

1. Any investments must be in accordance with the vision and mission at that time.
2. The investment must be agree with the Risk Committee and the Executive Committee, then must be approved by the Board of Directors. In case the investment is a related transaction or has a conflict of interest, the transaction must also be approved by the Audit Committee, and the Company needs to strictly follow all the related laws, rules, and regulations.
3. In case of investing in newly establish projects with more than 2 parties, the Company must invest more than 20% of registered capital of the new company that set up for the projects, or not less than the proportion that has voting right to approve significant matters. In any case, there must be the Company's delegates participate in the board of directors of that company.
4. Any risks of the investments must be carefully evaluated and all the risks must be under acceptable level.
5. The expected investment rate of return (EIRR) must not be less than 15%.
6. In case of a low-risk investment, the EIRR could be less than 15% however, it must include crucial conditions, such as a guarantee of minimum revenue, a guarantee of compensation for unexpected expenses or other expenses that unstated in the contract, and/or a guarantee of minimum investment rate of return. In any cases, the investment rate of return must not be less than the summation of risk free rate return, and the financial cost of the Company at the time of investment.

Privacy Policy

TTW Public Company Limited and its subsidiaries (the “Companies”) are committed to protecting and respecting of your Personal Data and privacy under the Thai Personal Data Protection Act B.E. 2562, as possibly amended in the future, as well as other applicable laws and rules in Thailand (collectively “the PDPA”). The Companies conduct the Personal Data Protection Policy (the “Policy”) and intend to protect your personal information that the Companies collect, use, or disclose during the course of business activities. The Companies have the obligations as indicated in any laws regarding the protection of Personal Data, privacy, data security, and personal rights.

Scope of this Policy

This Policy has the objectives for the collection, use, or disclosure of Personal Data; the types of Personal Data that the Companies may collect, use, or disclose; the intention to use of such Personal Data, the third parties the Companies may disclose, the collection and retention of Personal Data, how you can access or request changes to your Personal Data that is held by the Companies, and how you can complain if you think that the Companies have violated the applicable law on Personal Data protection.

Definitions

“Company” means TTW Public Company Limited.

“Subsidiaries” mean the firms that TTW Public Company Limited holds the shares and has the rights to control all management.

“Companies” or “We” (our/ ours) mean TTW Public Company Limited and its subsidiaries.

“Personal Data” means any information that relates, whether directly or indirectly, to an identified or identifiable person, or which can be used to distinguish or trace an individual’s identity, whether by reference to such information alone, or when combined with other identifying information, but this excludes the data of dead persons.

“Sensitive Personal Data” means any information as specified in the Thai Personal Data Protection Act, as well as other applicable laws and rules, such as information about race, ethnicity, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other information that affects the data subject as prescribed by the personal data protection law.

“Processing” means the collection, use, or disclosure of Personal Data.

“Personal Data Controller” means any individual or legal entity authorized to make decisions concerning the collection, use, or disclosure of Personal Data.

“Personal Data Processor” means any individual or legal entity that processes the collection, use, or disclosure of Personal Data, in accordance with instructions, or on behalf of the Controller. Any person who performs the Processing is not considered a Controller.

1. Type of Personal Data that the Companies collect

The type of Personal Data that the Companies may collect depends on the nature of the activities and the means which are used to collect the Personal Data, which may include the following information:

• 1.1

  Employees and Job Applicants

  • Personally identifiable information, such as name, surname, address or contact details, gender, age, nationality, marital status, date of birth, and passport/ID Card number; identification information about your property, such as your car license number and bank account details, information about persons under your care, your travel information, such as your visa application, travel itinerary, and flight information, Sensitive Personal Data as defined in the definition.
  • Educational background and work experience, such as your school/university certificates, academic records, academic or language test results, certificates, and reference letters.
  • Basic information about your work, such as your work contact details, employee identification number, position, job description, line of supervision, working hours, and the terms and conditions of your employment agreement.
  • Information about your employment, such as your resume, military service, information obtained during job interviews, and references.
  • Information relating to your benefits and remuneration, such as information about the payment of your salary and other benefits, your social security information, information about retirement and pensions, your provident fund information, tax information, information about third party beneficiaries.
  • Information about your work efficacy, including work performance evaluation, the Companies’ opinion about your work performance, feedback, information about work rules or complaints, annual leave/sick leave/absence records, health-related data, information about physical checkups, and workplace and safety information, including information about inspection and risk assessments.
  • Equality and diversity information (only if you give consent), and audio/ visual information about you, if audio/ visual records are kept for any activities or disciplinary action purposes, or as evidence in an investigation.
• 1.2

  Other Third Parties

  • Personally identifiable information, such as your name and surname, ID card number, passport number, telephone number, email address, applications, postal address or other contact details, your birth date, nationality, occupation, photograph, biometric data, audio recordings and other information that required for risk assessment, including the personal data of your representative or authorized representative or your proxy.
  • Audio/ visual information about you, if audio/ visual records are kept for any activities or security purpose.
  • Health-related data and criminal records of any representatives who provide services to us, and information about the sale or provision of services by you.
  • Payment information, such as your bank account number, bank account details, billing information, credit or debit card information, such as your credit or debit card number, and the name of the cardholder (if any).
  • In cases where you use any of our websites or mobile applications, technical information, the Companies will collect the Personal Data such as the IP address and Cookies, and, in the case of mobile applications, the Companies will collect the Personal Data of your location and your mobile device.
• 1.3

  Stakeholders

  • Personally identifiable information, such as your name and surname, ID card number, passport number, telephone number, email address, applications, postal address or other contact details, your birth date, nationality, occupation, photograph, biometric data, audio recordings and visa application and travel itinerary.
  • Audio/ visual information about you, if audio/ visual records are kept for any activities or security purpose.
  • Financial status, such as your income, the source country of your income, your other sources of income, your sources of investment funds, the value of your personal property, your accounts, identification information about your property, such as your car license number, details relating to your bank accounts, bonds, certificates of deposit, bills of exchange, debentures, listed securities, and investment units, and your salary certificate.
  • Educational background and work experience, such as your highest education level achieved, the institutions (and their countries) from which you obtained your education, the field(s) of your education, the year of your graduation, certificates, your finance-related educational background, your career, details about your work, the name of your company and the type of business, your position and department, the nature of your work, your responsibilities, the name of your secretary and his/her telephone number, or applications, your length of service to date, and your work experience.
  • Legal offense record, such as records of anti-money laundering offenses, information about transaction suspension, involvement in any anti-money laundering scheme, or transaction rejections by any financial institution (if any), information about bankruptcy, information about any related legal entities, any information for the KYC process, information about risky businesses under anti-money laundering law, any criminal record from the government agencies / supervisory bodies.
  • Information for investment assessment.
  • Information about sales and purchase transaction and other transactions.
  • Information about persons relating to any Stakeholder, such as his/her spouse, children, emergency contacts, his/her guarantor; persons who give consent on behalf of legal representatives, guardians, and/or estate administrators; parents and/or legal representatives, grantors of powers at all levels, beneficiaries, and guarantors.

Any provision of your Personal Data is vulnerable. You may choose not to give any information that is requested by the Companies. However, the lack of such information may result in the Company’s inability to provide you with certain products or services.

Some of the Personal Data collected by the Companies may be considered “Sensitive Personal Data.” The Companies intend to collect Sensitive Personal Data only upon your consent, except the cases that the Companies collect such data under compliance of any applicable laws such as temperature, travel timeline and syndrome for the health-related purposes in case of outbreak of diseases in accordance with the Communicable Disease Act B.E. 2558 or relevant laws.

In cases your documents contain the Sensitive Personal Data and the Companies find it unnecessary to collect e.g. religious data in your ID card where you are free to cover such data before sending it to the Companies or the Companies will cover it.

2. The channel that the Companies collect the Personal Data

The Companies will collect your Personal Data through many possible channels such as your documents, Companies’ website, application in devices or other channels.

Generally, the Companies collect your Personal Data directly from you, such as job application forms or any documents provided before becoming our personnel, director, or executive, forms or systems for registration as our service provider or vendor, our channels for receipt of information or our website, oral methods, such as by phone or through video/virtual conferences, emails or other communication channels, and through mobile applications which are made available by the Company or any related company.

In the event that the Companies collect your Personal Data from others rather than the sources you give, the Companies will notify you and ask your permission within 30 days from the collecting date except the exemption by the laws.

The Companies do not intent to collect the Personal Data of incapable persons. Therefore, if you are incapable, the Companies will need the prior consent from your rightful representative or guardian before collecting such data.

3. The channel that the Companies collect the Personal Data

The Companies collect your Personal Data for the following objectives:

• 3.1

  Employees and Job Applicants

  • For business administration and management, and the Company’s operations.
  • For human resource management, such as to assist employees with onboarding program, set plans, and perform acts regarding employment and training, promotion, job rotation and relocation of employees, and manpower allocation, etc.
  • For employee identity verification or identification when accessing digital technology systems, and to examine usage of digital technology systems by employees, according to our IT policy.
  • For other benefits regarding our business operations, such as to offer products to customers or business partners, communicate, improve products or services, organize training, perform statistical or marketing analysis, manage IT systems, conduct testing and development, maintain security systems and measures.
  • To comply with any legal procedures, laws, rules, or court orders, or policies set out by a government supervisory authority, law enforcement authority, government agency, dispute resolution agency, or any supervisory authority.
  • To carry out data storage and processing to be in order and in compliance with any applicable laws, rules, and regulations, including our working rules and applicable laws.
  • To carry out the statistical survey or survey forms requested by the governmental bodies.
  • To investigate complaints and issues concerning inappropriate behavior, as part of disciplinary process.
  • For internal and external communications of the Companies.
  • To keep records of employees, insurance, medical history, and insurance plans.
  • For reference and background checks in order to avoid any possible conflicts of interest, for compliance with the regulations of local or foreign administrative authorities, and to examine the terms and conditions of employment.
  • To facilitate investigations by competent officers, provide assistance in respect to law enforcement on behalf of the Companies for government agencies or any other supervisory agencies, perform reporting obligations, perform any requirements under law, or as approved by government agencies or any other supervisory agencies.
  • To process payments, collect charges or payments, fulfil accounting objectives, perform accounting management, perform auditing, and pursue debt payments in case that employees owe the Companies.
  • To examine, prevent, or perform any acts in connection with violation of law and risk mitigation, in case of threatened fraud, money laundering, illegal acts, or threats to the lives, health, or safety of other persons.
  • To ensure the Companies’ safety.
  • To conduct organizational restructuring or any other transactions that are part of business activities, or business acquisition or sale proposals resulting in your Personal Data being transferred or disclosed.
  • To comply with rules, to conduct business audit (both internal and external).
• 3.2

  Other Third Parties

  • To communicate with you, to get to know you, verify your identity, verify any information provided by you to the Companies.
  • To offer, sell, provide, manage, operate, proceed with, and otherwise handle products and services for you, including for procurement, communicate with you in order to respond to your purchase orders, deliver products based on your purchase orders and provide services to you.
  • To comply with a contract, enter into the contract with you, proceed with management procedures, fulfil and effect your requests or any transactions contemplated herein, or any other documents that you may send to the Companies from time to time, analyze risks, collect any outstanding payments from you, amend or terminate the contract, pursue debt payments, execute our contractual rights against you.
  • In case you are customers or representatives: to render the services to you, install, repair the products, advise in relation to products and services, support or assist in the service or product management.
  • To communicate with you, including communications about product management or other information about our products, or any accounts that the Companies have with you, provision of technical support for any of our websites and applications, or communications about any changes relating to this policy.
  • To process collections or payments, issue invoices, collect charges or payments, fulfil accounting objectives, perform accounting management, and perform auditing.
  • To examine, prevent, or perform any acts in connection with violation of law and risk mitigation, in case of threatened fraud, money laundering, or threatened illegal acts, or threats to the lives, health, or safety of other persons.
  • To provide information about other products or services which may be of interest to distributors, suppliers, or representatives, who may inform the Companies to deny to obtain such information at any time.
  • To ensure the Companies’ safety.
  • To assist the Companies in our business operations, such as to serve advertisements, public relation materials, sales promotions, and other communications, improve our products or services, organize training, hold marketing activities, perform statistical or marketing analysis, conduct consumer surveys, manage IT systems, conduct testing and development, maintain security systems and measures.
  • To conduct organizational restructuring or any other transactions that are part of business activities, or business acquisition or sale proposals resulting in your Personal Data being transferred or disclosed.
  • To comply with rules, to conduct business audit (both internal and external).
  • To comply with the Companies’ policy.
  • To comply with any applicable laws, rules, agreements, or policies set out by a government supervisory authority, law enforcement authority, government agency, dispute resolution agency, or any supervisory authority.
  • To provide assistance in respect to law enforcement, or investigations by or on behalf of the Companies, or by police officers or government agencies, or by any other supervisory agencies, perform reporting obligations, perform any requirements under law, or as approved by government agencies or any other supervisory agencies.
• 3.3

  Stakeholders

  • For business administration and management, and the Companies’ operations.
  • For verification or identification of shareholders and independent directors, including their related persons, such as their spouses, children, emergency contacts, guarantors, or persons who give consent on behalf of legal representatives, guardians, and/or estate administrators; parents and/or legal representatives, proxies, and beneficiaries.
  • For other benefits regarding our business operations and administration, such as to make meeting agendas for shareholders’ meetings, board of directors’ meetings, or other internal meetings, as well as the minute of meeting, public relation and other activities.
  • To sale and purchase transactions or other transactions by stakeholders, including risk assessments for investments, according to applicable laws and regulations.
  • To comply with any legal procedures such as holding the shareholders’ meeting, sending the invitation letters, dividend payment, or comply with any applicable laws, rules, agreements, court order, policies set out by a government supervisory authority, law enforcement authority, government agency, dispute resolution agency, or any supervisory authority.
  • To carry out data storage and processing to be in order and in compliance with any applicable laws, rules, and regulations, including our working rules and applicable laws.
  • To comply with any requirements with respect to payment of wages, compensation, benefits, remuneration plans, offers, rewards, and compensation account.
  • For performance appraisal, internal reporting, data analysis, and performance of contractual obligations.
  • For internal communications, notification of internal and external appointments, whether through telephone, text, email, post, electronic media, such as applications with communications features, or any communication channels.
  • To process payments, collect charges or payments, fulfil accounting objectives, perform accounting management, perform auditing, and pursue debt payments, in case stakeholders owe the Companies.
  • To facilitate investigations by competent officers, provide assistance in respect to law enforcement on behalf of the Companies for government agencies or any other supervisory agencies, perform reporting obligations, perform any requirements under law, or as approved by government agencies or any other supervisory agencies.
  • For anti-money laundering crime checks (e.g. transaction suspension, involvement in anti- money laundering schemes, or transaction rejections by financial institutions), examination of information about bankruptcy, information about any related legal entities, information for the KYC process, information about occupations or businesses considered risky under anti- money laundering laws, and information about offenses received from supervisory bodies; to examine, prevent, or perform any acts in connection with violation of law and risk mitigation, in case of threatened fraud, money laundering, or threatened illegal acts, or threats to the lives, health, or safety of other persons.
  • To ensure the Companies’ safety.
  • To conduct organizational restructuring or any other transactions that are part of business activities, or business acquisition or sale proposals resulting in your Personal Data being transferred or disclosed.
  • To comply with rules, to conduct business audit (both internal and external).

In the event that the Companies reveal your Personal Data for other purposes apart from aforementioned in this policy, the Companies will notify you for such objectives or ask your permission before proceeding it.

4. Disclosure or transferring your Personal Data

The Companies may disclose your Personal Data to any persons or organizations in connection with business operations or management, including the government agency or officials. The Companies will disclose your Personal Data only for the original purpose for which data was collected, or for related objectives, except for security purposes, or for compliance with the laws.

The Companies may disclose or share your Personal Data to any of the following parties:

• The affiliates and subsidiaries.
• Shareholders, including their executives, either they are natural persons or legal entities, companies in the same group as the shareholders’.
• Organizers, advertisers, the press, and sponsors of events or exhibitions.
• Hotels or other event site service providers, or their representatives relating to events or exhibitions.
• Contractors, service providers, suppliers, and other agents, who act on behalf of the Companies or who are retained by the Companies, such as event-related service providers, banking or financial service providers, hosting service providers, cloud application or network providers, event registration service providers, domestic and overseas tourism service providers, security service providers, auditing service providers, legal service providers, insurance service providers, marketing survey service providers, email management service providers, postal service providers, representatives and agents that sell or promote products and services, auction service providers.
• Thailand Securities Depository Co., Ltd.,
• Banks, or financial institutions as the case may be.
• Any persons that you agree to provide your Personal Data.
• Persons engaged in the sale of our business, in whole or in part, a merger, or acquisition.
• Any persons or government agencies, as required by the law, court orders, or orders of any authorities.
• Supervisory bodies, government agencies, private organizations, or state-owned enterprises with the duty to supervise our business operations, when they require the Companies to disclose Personal Data.

The Companies may hire third parties to fulfil any of the above objectives, either in whole or in part, or for the development or maintenance of our system. In such cases, the Companies will control and put in place measures to ensure that such third parties will store and use Personal Data strictly in accordance with this policy, any data security requirements and conditions, and the personal data protection law.

5. Data retention

To secure the Personal Data, the Companies have implemented the following measures:

• The right to access, and/or process Personal Data including the identity verification, authorized persons, Personal Data processing must be strictly complied with our policy.
• The Companies have established a safe encoding method to prevent loss or unauthorized or unlawful access, destruction, use, alteration, or disclosure of Personal Data.
• Personal Data may be transferred, including transfer for storage on a database, to an external organization or any country only if the personal data protection measures implemented by such organization, or the country, are of equal or higher standards than the measures in this policy.
• In case that the Companies engage a third party to store the Personal Data of employees, such as the time recording application or document storage companies, the Companies will require those firms to keep the information confidential, and prohibit use to only the purposes determined by the Companies.

The Companies will collect, use, disclose, and retain your Personal Data throughout the sale and purchase of our products. Upon the end of the relationship between the Companies and you, the Companies will retain your data, including Personal Data, only as necessary for the fulfilment of the above objectives, not exceeding 10 years from our last contact, or from the end of the relationship between the Companies and you, except where it is necessary for the Companies to retain your Personal Data for more than 10 years, to the extent that it is permitted by law. When it expires, the Companies will destroy your Personal Data or make it unidentified.

6. The Companies’ website

The Companies may collect your Personal Data through our website as described below:

• When you apply for job vacancy, the Companies will require the necessary information such as your history, contact, education record, working experience, and other necessary information.
• Your device, IP address, connection information, location, browser, log file, referring website, customer behavior, access time, keywords and your search.
• The Companies use the Cookies to record the data and present it to match with your requirements, in which, the Companies will use Cookies, which are tools that recognize your device and record certain information during your visit to the Companies’ website. This is to better respond to you when you use certain parts of the website. The information collected and analyzed by the Companies for future improvement includes information about your computer and connections, your browsing history, and etc. You may change your browser settings so that your browser does not detect the Cookies or delete it, or disable it.
• The Companies may use the information technology from the supplier to store the Personal Data, in which, the Companies will select the proper supplier to comply with the policy.

Other websites: this policy is applied for only the Companies. In case you link to other websites through our web pages, the Companies are not responsible for their practice concerning data and privacy. You have to review and consider the Personal Data Protection policy of such websites.

CCTV: the Companies use a CCTV system to record images of persons and vehicles around our premises, for public safety and for prevention and detection of crimes. The CCTV cameras provide 24-hour footage of the entrance, lobby, balconies, outdoor parking areas, areas along the fence, and other accessible areas. The information is recorded for one month, and is then overwritten. Camera locations were chosen to avoid footage which is not related to the purpose of inspection and monitoring.

Live feeds from the CCTV system can be examined, only in necessary circumstances, by an authorized person. The Companies believe that live feeds and visual recordings are seen only by authorized employees, who are directly responsible for access to such information. The Companies respect your privacy and do not have CCTV cameras in locations where privacy can be expected, such as toilets.

7. Consent

To assess the Personal Data, the Companies will notify you the relevant details and obtain the prior consent from you before your data collection. However, if the laws allow the Companies to assess your Personal Data without prior consent, whenever you access our website or give your Personal Data to the Companies, it will imply that you consent the Companies to collect, reveal, transfer your data according to the objectives. In the event that you would like to revoke your consent or any rights in connection with your Personal Data (see Topic no.8: Rights of personal data owner), you shall notify the Companies as per the guideline.

If you provide Personal Data of another person, you must obtain prior consent from that person. In such event, you represent and warrant that you have obtained consent from that person, or you are entitled to provide Personal Data of such person to the Companies. When you provide Personal Data of such person to the Companies, it shall be deemed that you represent that such person acknowledges and gives consent under this privacy policy.

If the Companies require any additional consent, the Companies or any of third party service providers, will obtain your consent for the collection and use of your Personal Data at the time of collection.

To give your Personal Data is voluntary, you may choose not to give your data to the Companies. Anyhow, in the event that the Companies must collect your data according to the laws or for the purposes of entering into contracts, if you deny to give such data, the Companies may not be able to provide you the services or enter into such contracts with you.

8. Rights of personal data owner

You have the right to access your data, obtain the copies of your data, withdraw your consent, or request to edit or delete or destroy your Personal Data that is in our possession or control, or request that such data be anonymized or transfer your data to other data controller.

To exercise the said rights, the Companies may refuse your request or limit it according to the laws. In case you find the Companies not comply with the Thai Personal Data Protection Act. B.E. 2562, you can petition to the Office of the Personal Data Protection Commission.

You can exercise your right through our form by www.ttwplc.com or telephone no. 0-2019- 9490-3 or email: ttw_pdpa@or contact: Human Resources and Administration Department in the event that the data owner is the Companies’ employee.

9. Contact of Data Protection Officer

Mr. Phakpoom Thaweewittayarut

Deputy Managing Director, Administration Group

TTW Public Company Limited

30/130 Moo 12, Buddhamonthon sai 5 road, Raikhing, Sampran, Nakhon Pathom

Tel: 02-0199490-3

10. Change in the Personal Data Protection Policy

The Companies will review this policy from time to time in order to abide by the laws and its guideline. Anyway, the Companies reserve the right to change this policy without prior notice to you.

Announced as of 27 February 2025

Information Technology System Security Policy

TTW Public Company Limited and its subsidiaries (the “Company”) realizes and recognizes the importance of Information Technology Security, thus, the Company has established an "Information Technology Security Policy" to enable employees and related parties to manage the information technology system appropriately with safety and adequacy. And this is to prevent any damage that may occur, intentionally or unintentionally, which will affect the service, coordination and ability to operate the business according to goals.

1. Objective

• 1.1

  To ensure the security and reliability of the Company's information technology system, the Company is able to effectively and efficiently perform and achieve its objectives.

• 1.2

  To determine standards, practices and procedures to ensure that employees are aware of the importance of securing the use of the Company's information technology system and to prevent potential problems from misuse.

• 1.3

  To prevent the Company's information technology system from being breached, changed, stealed, or destroyed or done by other acts that may cause damage to the Company.

2. Guidelines

• 2.1

  The Company will supervise the operation of Information Technology Security to achieve the designated goals by covering the following matters:

  • 2.1.1

    Maintain accuracy and safety in operations related to the information technology system.

  • 2.1.2

    Control access to information and the information technology system.

  • 2.1.3

    Maintain the security of data.

  • 2.1.4

    Monitor and investigate malfunctions and vulnerabilities of the information technology system.

  • 2.1.5

    Manage the information technology system to support business continuity.

• 2.2

  The Company has assessed the effectiveness of the IT Security Policy with an internal and external audit of ISO 9001:2015 at least once a year to improve the security flaws of the Company’s information technology system.

• 2.3

  The Company will manage risks from improper access to information assets, including provisions on information confidentiality and non-disclosure of confidential information.

• 2.4

  The Company operates business under the laws of Thailand. Therefore, the use of information technology system shall comply with the Computer Crime Act in force, and if employees are found to have violated the information technology security policy, they will be punished according to the Company's regulations. They may also be subject to both criminal and civil liability. If the violation is against the provisions of the law.

• 2.5

  The information technology system provided by the Company to employees is the property of the Company and therefore, employees must use it for the Company's business only. The Company does not allow to use for private purposes.

• 2.6

  Employees are responsible for maintaining the information technology system and follow the instructions of the information technology department. If there is an abnormality, the information technology unit must be notified to fix the problem immediately.

• 2.7

  The software installed on the information technology system is legally purchased by the Company, so employees are prohibited from copying software and installing it on personal devices, or giving it to other person for illegal use.

• 2.8

  The Company provides User ID and Password to employees in order to access the Company's information technology system individually. The Company does not allow the disclosure of username and password to other person.

• 2.9

  Employees are prohibited from installing any software that infringes intellectual property rights and harmful softwares in the Company's information technology system.

• 2.10

  The company's policy is to conduct regular backups of all critical information. These backups are performed at scheduled intervals and stored in a secure location to prevent data loss and facilitate recovery in the event of an unforeseen incident.

Human Rights and Non-Discrimination Policy

TTW Public Company Limited and its subsidiaries (the “Company”) respects and complies with human rights laws and has established a human rights and non-discrimination policy. This policy aligns with the Company's operational principles and international standards, aiming to prevent and avoid human rights and discrimination violations of all stakeholders, including employees, shareholders, customers, business partners/suppliers and/or contractors, communities and society, as well as the environment. This is in accordance with the Company's corporate governance principles and business ethics.

To ensure that business operations are free from human rights and discrimination violations, the Company has established a human rights and discrimination policy and guidelines. These measures aim to prevent human rights violations in all business activities of the Company, including those involving stakeholders in the business value chain. The Board of Directors, management, and employees of the Company must recognize the importance of this issue, refrain from violations, and fully respect the human rights of all stakeholders in accordance with Thai and international laws, as well as treaties to which each country is obligated to adhere. This includes:

• Treating everyone equally in accordance with human rights principles, without discrimination.
• Avoiding actions that violate human rights.
• Supporting and prioritizing human rights.
• Communicating, disseminating, educating, understanding, setting guidelines, monitoring, and providing support to business partners, suppliers, contractors, as well as joint ventures to ensure their participation in ethical business practices, respect for human rights, and treating everyone adherence to human rights principles according to this policy.

Human Rights and Non-Discrimination Practices

• 1.

  Labor and Employees

  The Company places importance on employment processes and employee welfare, ensuring compliance with labor rights and working conditions in accordance with relevant legal standards. These include the guidelines specified in the corporate governance manual, the code of business ethics, human resources policies, personal data protection policies, information and IT security policies, and occupational health, safety, and work environment policies that align with international labor standards. The human rights practices concerning labor and employees are as follows:

  • 1.1

    Emphasize basic human rights, promoting respect for rights and freedoms without discrimination based on perspectives, race, color, religion, gender, nationality, age, education, disability, or any other status considered a human right in all areas where the Company operates.

  • 1.2

    Does not support human trafficking, child labor, forced labor, or illegal migrant labor. Special attention is given to the rights of vulnerable groups, including children, disabled persons, women, migrants, third-party hired workers, indigenous peoples, local communities, LGBTQ+ individuals, the elderly, and pregnant women.

  • 1.3

    All employees are treated equally throughout the employment process, from recruitment, compensation, working hours, and leave to performance evaluation, training, development, career planning, and other aspects. This is done without discrimination and in accordance with the Company's lawful rules, regulations, announcements, and orders.

  • 1.4

    Respect the Right to Freedom of Association and the Right to Collective Bargaining. Employees are allowed to express their opinions, lodge complaints, and access disciplinary hearing processes within the organization.

  • 1.5

    Does not support any physical or mental abuse of employees, including threats, detention, harassment, violence, or sexual harassment, and has measures in place to prevent and address such incidents.

  • 1.6

    Employees are encouraged to exercise their rights as citizens in accordance with the constitution and relevant laws. The Company ensures that the human rights of all stakeholders are not violated, even in situations of severe political and democratic instability.

  • 1.7

    Does not support corruption and prohibits employees from having any conflicts of interest related to the activities of business partners/suppliers, customers, or other stakeholders who violate universal human rights principles or engage in corruption.

  • 1.8

    Prevent the violation and misuse of employees' personal data, ensuring confidentiality and proper use.

  • 1.9

    Aim to provide a safe workplace free from violence and harassment. Employees who feel threatened can report and/or file complaints directly with their supervisors and/or the Human Resources and Administration Department.

  • 1.10

    Employees can refuse to perform work that is unsafe or poses a risk, and they should report this to their supervisors and/or the Human Resources and Administration Department and the safety and occupational health department, so appropriate safety measures can be implemented by the Company.

• 2.

  Shareholders

  The Company treats all shareholders equitably, in accordance with the Company's governance policies and code of ethics. The human rights and non-discrimination practices for shareholders are as follows:

  • 2.1

    Commit to being a good representative for shareholders, conducting business transparently, considering long-term growth in the Company’s value, and providing good returns.

  • 2.2

    Shareholders have equal rights to receive information about the Company's performance.

  • 2.3

    Respect shareholders' rights and emphasize equal treatment. It promotes shareholders’ exercise of their rights, both basic and entitled rights.

• 3.

  Customers

  The Company adheres to its obligations towards customers by delivering clean, sufficient, and consistent products and services based on fairness, verifiability, and the enhancement of sustainable relationships. The human rights and non-discrimination practices for customers are as follows:

  • 3.1

    Provide accurate, sufficient, and timely information about products and services to customers without exaggeration that could mislead customers about the quality, quantity, or conditions of those products or services.

  • 3.2

    Strictly adhere to all conditions agreed with customers. If any conditions cannot be met, promptly inform customers to collaboratively find a solution.

  • 3.3

    Establish systems and processes for customers to lodge complaints about the quality, quantity, and safety of products and services, responsiveness, or delivery speed, including human rights issues. Ensure prompt responses to customer concerns.

  • 3.4

    Prevent the misuse of customers' personal data, maintaining confidentiality and not using it for improper benefits.

  • 3.5

    Neither solicit nor accept, nor offer any benefits that could be perceived as dishonest transactions with customers.

• 4.

  Business Partners / Suppliers / Contractors

  The Company treats all business partners/suppliers and/or contractors equally and without discrimination, focusing on strategic alignment with the Company's business strategies. Policies and guidelines have been established to ensure fair treatment of external service providers under the Company's oversight and regulations. The human rights and non-discrimination practices for business partners/suppliers and/or contractors are as follows:

  • 4.1

    Support and promote awareness, protection, and respect for human rights among business partners/suppliers and/or contractors within the business value chain.

  • 4.2

    Ensure procurement processes for goods and services adhere to standards of ethics, fairness, equality, and non-discrimination, with appropriate and fair competition and selection.

  • 4.3

    Require business partners/suppliers and/or contractors to respect human rights and operate according to the principles outlined in the Company's Supplier Code of Conduct (SCOC), covering environmental, social, and corporate governance aspects.

  • 4.4

    Require business partners/suppliers and/or contractors to comply with the Company's quality and environmental policies, as well as occupational health and safety and workplace environment policies.

  • 4.5

    Require business partners/suppliers and/or contractors to demonstrate a commitment to identifying issues, preventing, mitigating impacts, and taking responsibility for their human rights impacts.

  • 4.6

    In cases of human rights and discrimination violations, require business partners/suppliers and/or contractors to have processes in place to address and resolve human rights and discrimination violations appropriately.

• 5.

  Community and Society

  The Company operates with a commitment to the welfare of the community and society, particularly the communities surrounding its business operations. As part of the Company's mission, it is essential to be a responsible corporate citizen and engage with the community. This responsibility is upheld by all executives and employees. The human rights and non-discrimination practices for communities and society include:

  • 5.1

    Establish and maintain positive relationships, support, and provide appropriate assistance to communities in the vicinity of business operations.

  • 5.2

    Implement measures to prevent the Company's operations from causing damage or negatively impacting local communities.

  • 5.3

    Promote and support the community’s right to preserve, restore, and promote local wisdom, arts, culture, and traditions.

  • 5.4

    Encourage and support the community’s right to manage, maintain, and utilize natural resources, the environment, and biodiversity.

  • 5.5

    Foster a sense of responsibility among employees towards the surrounding community and society by encouraging participation in community activities, contributing to improving the quality of life in the community, and collaborating with the community to create a harmonious and sustainable local environment.

  • 5.6

    Establish channels for stakeholders to provide feedback on the Company's business operations. Designate responsible personnel for each channel to receive and address issues and complaints.

• 6.

  Environment

  The Company is committed to protecting and preserving the environment, giving it the same importance as the Company’s business operations. The human rights and non-discrimination practices for environmental protection are as follows:

  • 6.1

    Implement measures to prevent the Company’s operations from adversely affecting the environment.

  • 6.2

    Continuously promote the development and use of modern technology and innovations to reduce the environmental impact of the Company’s operations.

  • 6.3

    Conduct business in accordance with environmental and safety standards, as well as relevant laws and regulations.

  • 6.4

    Manage waste in alignment with international standards for environmental management systems (ISO 14001).

  • 6.5

    Promote, support, and collaborate with environmental agencies to conserve, restore, and maintain natural resources, the environment, and biodiversity.

Human Rights and Discrimination Risk Assessment and Management

The Company regularly monitors, audits, and assesses human rights and discrimination risks and impacts comprehensively across all stakeholders. It ensures that appropriate guidelines or measures are established to manage these risks effectively. Each department is responsible for overseeing and managing the risks within its jurisdiction.

The Company has developed two-way communication channels to promote knowledge, understanding, and adherence to human rights and non-discrimination principles. These channels also provide opportunities for employees and stakeholders to express concerns or report grievances through a Whistleblower System if they witness or are aware of any actions or incidents related to human rights and discrimination violations. The Company has established procedures to address and remedy human rights and discrimination violations fairly and equitably.

Human Resources Policy

To align human resource operations of TTW Public Company Limited and its subsidiaries (the “Company”) consistent with current business operations and to support future business expansion of the companies. Therefore, the human resource policy has been established. For executives and human resources and administrative departments to use as guidelines for operations as follows:

1. Emphasizing the importance of employees as one of the most valuable company resources. Employees of the Company will continuously receive opportunities for knowledge enrichment, skill development and expertise enhancement.
2. Recruit and select personnel with knowledge, abilities, and good behavior and positive attitude.
3. Emphasizing the importance of human development, to have knowledge and potential for driving business operations according the company vision and mission.
4. The company respects human rights, employee rights and non-discrimination.

Safety, Occupational Health, and Working Environment Policy

TTW Public Company Limited and its subsidiaries (the “Company”) recognizes the importance of safety, which includes Security in Work, occupational health and working environment, safety of the machinery and equipment systems. The manufacturing process and the security of the building, which is an important basis of management. Effective and effective business sustainability under the following actions:

1. The company will provide resources in terms of personnel, time, budget, promotion, motivation, and training. safety inspection and other activities to improve working conditions, environmental conditions, and build a sense of security.
2. The company will prevent accidents and illness in the workplace, as well as inconvenience caused by the company. Employees and stakeholders from the company's operations focus on risk management and control Loss.
3. The company will evaluate the performance of its safety operations and review its safety policies. Occupational health and working environment at least once a year.
4. Safety is the first responsibility in the operation of all employees and all employees must participate in various safety, occupational health, and environmental activities Work.
5. All employees must consider the safety of themselves and others while working.
6. The company will comply with the laws, requirements and international standards relating to safety, Occupational health and working environment as a preliminary standard.
7. identify, evaluate, and control safety, occupational health, and environmental risks in Work, including collecting hazard information that poses such risks.
8. prepare for an incident, be able to cope with a possible accident. Responding to the accident and recovering after the accident effectively to ensure that these events will not affect the company's personnel and assets, both internal and external, and will result in a loss of life. The company continues its business continuously and as quickly as possible.

In this regard, all management are responsible for promoting and supporting the operation. work in accordance with the policies of safety, occupational health and working environment

Policy on Preventing Sexual Harassment in the Workplace

Principles and Scope

TTW Public Company Limited and its subsidiaries (the “Company”) recognizes the inherent value and dignity of every individual. This policy is designed to complement the Human Rights and Non-Discrimination Policy by committing to the prevention and protection of employees at all levels from sexual harassment or any form of sexual misconduct. The Company aims to create a safe and positive workplace environment where equality and non-discrimination are upheld. In the event of sexual harassment or misconduct occurring within the workplace or in connection with work, whether by supervisors, colleagues, or external contacts, the Company will conduct a fair investigation into the incident to ensure justice for all parties involved.

Guidelines

To ensure that all employees are confident in their protection against sexual harassment or misconduct, the Company strictly enforces a Zero Tolerance Policy prohibiting the following behaviors in all Company areas:

• Verbal Conduct: Inappropriate comments, discussions about sexual topics, or remarks about someone's body.
• Physical Conduct: Sexual advances such as leering, whistling, unnecessary physical contact, or unwelcome proximity.
• Display of Materials: Sharing or displaying obscene materials, including sending inappropriate images via any electronic media.
• Inappropriate Solicitation: Using language that could be interpreted as a request for sexual favors in exchange for work-related benefits or avoiding penalties, such as exerting authority to offer rewards or impose consequences between supervisors and subordinates, or proposing work-related exchanges for sexual gratification.

Measures for Preventing and Addressing Sexual Harassment

• Complaint Mechanism: Employees who experience harassment may file a complaint directly with the Human Resources and Administration Division. The disciplinary process will be confidential or handled according to the wishes of the complainant.
• Friendly Resolution: Employ a problem-solving approach that avoids causing embarrassment to either the perpetrator or the victim.
• Protection Measures: Ensure that complainants and witnesses are protected from any adverse impact on their employment or livelihood.
• Work Environment: Focus on creating a positive work atmosphere, respecting one another, and maintaining a zero-tolerance policy towards harassment or sexual coercion.
• Training and Awareness: Provide training, communication, and raise awareness about preventing sexual harassment.