The Company recognizes and places great importance on the rights and privacy of data subjects. The Company will implement strict measures to maintain security, confidentiality, and prevention against unauthorized use of personal data without prior consent from the data subject.

2. Sources of Data

The Company collects personal data through the following processes:

1. Services other than those specified on our website, such as products or other services operated by us or affiliated companies that are not explicitly stated to be under this policy.
2. Personal data received from affiliated companies.
3. Personal data from third parties, such as agents, retailers, or companies providing data collection services, partners, allies, etc.
4. Personal data received from website visits, such as internet service provider names and IP addresses, internet usage dates and times, website visit times, pages visited while on the website, and website addresses directly linked to the Company's website.
5. Application usage behavior, with logs of your usage collected from the Company's applications.
6. Personal data received from Public Records and Non-Public Records that the Company is legally entitled to collect.
7. Personal data received from government agencies or regulatory bodies exercising legal authority.
8. Personal data received from you for identity verification, expressing interest in joining the Company.

3. Purposes of Collection, Use, and Disclosure of Personal Data

The Company has the following purposes for collecting, using, or disclosing personal data:

1. For service provision, improvement of the Company's products and services, including future services or products, as well as maintenance and operations related to such services.
2. For conducting various transactions related to the Company's products or services.
3. For managing relationships between the Company and data subjects.
4. To confirm and/or identify data subjects when accessing services through various channels or contacting the Company.
5. For communication, notification, and/or receiving various news and information from the Company.
6. To carry out actions according to the data subject's wishes as communicated to the Company.
7. For presenting benefits and/or other services of the Company, including promotions in marketing campaigns.
8. For conducting the Company's business, such as data analysis, auditing, new product development, service improvements or changes, service usage analysis.
9. For any necessary and appropriate actions to: monitor and prevent violations of law; respond to requests from government agencies; enforce service terms and policies; protect the Company's business operations; protect privacy rights, safety, or property of the Company, personnel, and data subjects or others; remedy, prevent, or limit potential damages.
10. To comply with laws, investigations by officials, or regulatory agencies, or to comply with rules, regulations, or obligations imposed by law or government.
11. To check your criminal record to ensure that you are permitted to perform duties in the agreed position.
12. To check your health record to assess whether you are suitable for current or future positions with the Company.
13. To prove and identify you in cases where identification documents contain sensitive personal data of yours.
14. To use reference information about work history, performance, relationships with colleagues, supervisors, subordinates, which may include personal data regarding criminal records, health data, or other sensitive personal data received from referees.

Data Type	Processing Purpose
Personal Data Name, Email, Address Office address Phone number National ID number Passport number Date of birth, Nationality, Gender Various settings	When you visit the Company's website, you may be asked to register and/or be required to provide your personal data to the Company for the purpose of collecting data for the Company's marketing, such as: To contact you and offer the Company's services or other proposals regarding projects you may have expressed interest in To deliver various types of documents/materials/items To notify you about news, products, and promotional newsletters To verify your identity To maintain the security of your user account
Credit Card Number	Credit card information will be stored and verified through third-party payment systems. This information will not be permanently stored on the Company's servers and will be deleted immediately after passing through the third-party payment verification system.
IP Address	To verify your identity.
Browsing Behavior Data Browser type, Domain Websites visited Website access time Referring website address Customer support data, Logs	To provide information for accessing and using the Company's website and applications To manage the website and applications; for internal operations, troubleshooting, data analysis, testing, research, security, fraud detection, and account management To troubleshoot and investigate issues
Property Information	To provide information for vehicle/motorcycle registration records and license plates as part of receiving benefits from the Company, and/or to support contractual agreements with the Company to confirm ownership of user property.
System Data	To provide information for accessing and using the Company's website, to manage the website, for internal operations, troubleshooting, data analysis, testing, research, security, fraud detection, account management, and to enhance user experience.
Location Data	The website will use data collected by cookies for statistical analysis or other Company activities to further develop the Company's products and services.
Cookies	The website will use data collected by cookies for statistical analysis or other Company activities to further develop the Company's products and services.

5. Personal Data Collected

The Company will collect data that data subjects have provided directly to the Company, or personal data that the Company has received from providing services or operations through all channels.

• Personal Data means data related to the identification of a natural person, such as name, email, address/office address, phone number, national ID number, passport number, date of birth, nationality, gender, educational information, financial information, credit card number, computer identification number (IP address), vehicle/motorcycle registration records.
• Browsing Behavior Data means data not related to identifiable natural persons, such as browser type, domain, websites visited, website access time, referring website address, customer support data, with logs of your usage collected from the Company's applications.
• System Data means data the Company collects automatically when you log in to the Company's website, whether through cookies, web beacons, log-in files, scripts, including technical data such as IP address, browser type, domain, website visit history, access time, referring website address, information about what you searched for or viewed while using the Company's website, including application usage behavior.
• Location Data means data received from GPS, WiFi, compass, accelerometer, IP Address, or public posts that identify location.
• Cookies means data placed on your computer by a web server. After cookies are placed on your computer, they will store or remember user information until the user closes the browser, or until the user deletes or rejects cookies. Cookies help store website information that you have visited or opened.

6. Storage Period and Location of Personal Data

The Company will store personal data only as long as necessary, considering the purposes and necessity for the Company to collect and process, including compliance with applicable legal requirements. The Company will store personal data for a certain period after the contract you made with the Company has ended, in accordance with the relevant legal time periods and statutes of limitations.

The Company will exercise appropriate care in maintaining the security of personal data by following correct methods and principles to prevent unauthorized external persons (without legal rights) from accessing personal data. However, you acknowledge that no security system can completely prevent personal data leaks. If you have reasonable suspicion that the Company's personal data security system has defects or risks of personal data leakage, you can notify the Company immediately through the contact channels specified in Section 15.

Furthermore, the Company has required employees, personnel, agents, and recipients of data from the Company to maintain the confidentiality and security of your personal data according to the measures established by the Company when taking any action with your personal data.

7. Disclosure and Transfer of Personal Data

Disclosure of Personal Data

The Company will disclose personal data to external parties and/or organizations or external agencies only in the following cases:

• Related Group of Companies and Affiliates: The Company will share your personal data within the group of companies for marketing purposes.
• Contractors/Counterparties: In cases where the Company hires contractors to perform necessary tasks that require using your personal data, such as postal codes, statistical analysis, or online activities. The website will require the contractors performing such operations to protect the privacy of your personal data and prohibit contractors from using your personal data for any purposes other than to support the Company's activities or work.
• Authorized Vendors/Brokers: In some cases, the Company may share your data with authorized vendors or brokers for specific purposes, such as credit card processing.
• Government Agencies, Government, or Other Legal Organizations: To comply with laws, orders, requests, for coordination with various agencies on matters related to legal compliance.

Transfer and/or Sending Personal Data to Foreign Countries

In cases where the Company transfers and/or sends data to foreign countries, the Company will establish standards in agreements and/or business partnership contracts with agencies and organizations that will receive personal data, with internationally accepted personal data protection standards consistent with relevant laws to ensure that personal data is securely protected. For example:

• In cases where the Company has a need to store and/or transfer personal data for storage.
• Cloud processing: The Company will consider organizations with international standard security measures and will store personal data in encrypted form or other methods that cannot identify the data subject.

8. Use of Sensitive Personal Data

In offering the Company's products or services, or carrying out the Company's purposes for collecting personal data in some cases, the Company has the need to collect sensitive personal data, such as personal data regarding race, religion, or philosophy, sexual behavior, disability, trade union information, genetic data, biometric data, and health data. In such cases, the Company will notify and request consent from the data subject to use sensitive personal data for the Company's purposes in using personal data.

9. Use of Personal Data for Marketing Purposes

In addition to the purposes mentioned above and subject to legal requirements, the Company will use personal data for marketing purposes, such as sending documents regarding various promotions via mail, email, and other methods, including direct marketing operations, to increase benefits that data subjects will receive from being customers of the Company through the recommendation of related products and services.

You may choose not to receive marketing communications from the Company, except for related and necessary communications and/or services that the Company has provided to you, such as installment payment reminders and receipts.

10. Personal Data Security and Confidentiality

To ensure that data subjects have confidence in the Company's management in preventing risks that may cause personal data to be unlawfully accessed, leaked, modified, or lost, the Company has therefore created awareness of information security, including compliance with internationally accepted information security standards and business continuity management, in accordance with legal requirements.

The Company has measures to protect the privacy of data subjects by limiting access rights to personal data of data subjects. Access is restricted to only those persons who need to use such personal data in offering goods, financial products, and for the Company's service provision, such as employees, agents, financial advisors, and investment advisors of the Company. Persons whom the Company permits to access personal data must strictly adhere to and follow the Company's personal data protection measures, including maintaining the confidentiality of such personal data. The Company has both physical and electronic protection measures in accordance with applicable regulatory standards to protect personal data.

When the Company enters into contracts or agreements with third parties, the Company will establish personal data security measures and appropriate confidentiality of data to ensure that the personal data held by the Company is secure.

Your rights are legal rights that you should know. You can request to exercise various rights under legal requirements and policies established now or to be amended in the future, as well as criteria established by the Company.

Right to Withdraw Consent

If you have given consent to the Company to collect, use, and disclose your personal data (whether the consent was given before or after the Personal Data Protection Act came into force), you have the right to withdraw consent at any time throughout the period that your personal data is with the Company, unless there are restrictions on that right by law or there is a contract that provides benefits to you.

Right to Access Data

You have the right to request access to your personal data under the responsibility of the Company, and to request that the Company make copies of such data for you, including requesting the Company to disclose how your personal data was obtained without your consent.

Right to Data Portability

You have the right to request your personal data in cases where the Company has made the data available in a format that can be generally read or used by automatically operating tools or devices, and personal data can be used or disclosed by automated means. You also have the right to request the Company to send or transfer personal data in such format to another data controller when this can be done by automated means.

Right to Object

You have the right to object at any time if the collection, use, and disclosure of your personal data is done for the legitimate interests of the Company or other persons, or to carry out a mission for public interest. If you submit an objection, the Company will continue to collect, use, and disclose your personal data only if the Company can demonstrate legal reasons that are more important than your fundamental rights, or for confirmation of legal compliance, or for legal defense.

Right to Erasure or Destruction

You have the right to request the deletion or destruction of your personal data, or to make it data that cannot identify you, if you believe that your personal data has been collected, used, and disclosed unlawfully under relevant laws, or if you see that the Company no longer needs to retain it for the purposes related to this policy, or when you have exercised your right to withdraw consent or right to object as stated above.

Right to Restriction of Processing

You have the right to request a temporary restriction on the use of personal data in cases where the Company is in the process of examining your request to exercise the right to correct personal data or your objection, or any other case where the Company no longer needs the data and must delete or destroy your personal data under relevant laws, but you request the Company to restrict its use instead.

Right to Rectification

You have the right to request correction of your personal data to be accurate, current, complete, and not misleading.

Right to Lodge a Complaint

You have the right to file a complaint with the competent authority if you believe that the collection, use, and disclosure of your personal data is done in a manner that violates or does not comply with relevant laws. Please see Section 16 for contact details of the Personal Data Protection Committee Office.

Time Periods for Exercising Various Rights

Right	Processing Time
Right to withdraw consent	30 days
Right to access data Right to data portability Right to object Right to erasure or destruction Right to restriction of processing	30 days
Right to rectification	30 days

Note: Deletion or destruction, or making personal data into a form that cannot identify the data subject, or cancellation of consent of the data subject can be done only under legal requirements and contracts made with the Company. The exercise of such rights may affect compliance with contracts made with the Company or other service provision cases, as the data subject cannot be identified, which may cause limitations in some service provisions that necessarily use personal data.

12. Links to External Websites

The Company's website will have links to third-party websites which may have personal data protection policies different from those of the Company. Data subjects are asked to study the personal data policies of such websites to understand the details of personal data protection and to make decisions about disclosing personal data. The Company will not be responsible for the content, policies, damages, or actions arising from third-party websites.

13. Data Protection Officer

The Company has appointed a Data Protection Officer to oversee operations related to the collection, use, or disclosure of personal data, in accordance with the Personal Data Protection Act B.E. 2562 (2019) and the Company's policies, regulations, announcements, and orders, as well as to coordinate and cooperate with the Personal Data Protection Committee Office.

14. Questions About the Privacy Policy / 15. Contact Channels

If you have suggestions or wish to inquire about the details of the collection, use, and disclosure of your personal data, including requests to exercise rights under this policy, you may contact the Company and/or the Data Protection Officer through the following channels:

Company Name

Infinite Real Estate Company Limited

Address

193/91 Lake Rajada Office Complex, 21st Floor, Khlong Toei Sub-district, Khlong Toei District, Bangkok

Website

www.infinite.co.th

Call Center

02-0031999

Email

legal@infinite.co.th

16. Contact the Appropriate Authority

If you wish to report a complaint, or if you feel that the Company has not addressed your concerns satisfactorily, you may contact and/or file a complaint with the Personal Data Protection Committee Office at the following details:

Phone

02-142-1033

Email

pdpc@mdes.go.th

Address

120 Moo 3, Government Complex Commemorating His Majesty (Building B), Chaengwattana, Personal Data Protection Committee Office, Chaengwattana Road, Thung Song Hong Sub-district, Lak Si District, Bangkok 10210

17. Privacy Policy Updates

The Company reserves the right to improve, change, or amend this Privacy Policy in the future under legal requirements. Any changes will be announced through the Company's website.