Customer Privacy and Personal Data Protection

SHR places the highest importance on customer privacy and data security. The Company strictly complies with legal requirements and is committed to continuously improving its data management systems.

A Personal Data Protection Policy has been established, along with the preparation of a Record of Processing Activities (ROPA) in accordance with personal data protection laws. These efforts aim to build trust among customers and all stakeholders.

In addition, SHR regularly conducts activities to promote awareness and understanding of personal data protection throughout the organization.

Performance

Business Opportunities and Risks

Efficient and responsible management of customer data helps enhance trust, create business opportunities, and support long-term customer relationships. At the same time, the risk of data breaches can negatively impact the Company's reputation, revenue, and may result in legal consequences.

Management Guideline

• Regularly review the Personal Data Protection Policy to ensure compliance with the Personal Data Protection Act 2019.
• Adopt international standards and updated data protection regulations to align with company operations.
• Communicate the Personal Data Protection Policy clearly to all employees, executives, and directors throughout the organization.
• Conduct periodic audits to verify adherence to the policy and applicable personal data protection laws.

Personal Data Protection

SHR is committed to protecting customer privacy and personal data. We have implemented a Personal Data Protection Policy in line with Thailand’s Personal Data Protection Act B.E. 2562 (2019) and international standards. The policy outlines clear guidelines and security measures to prevent unauthorized access, loss, use, or disclosure of personal data.

To ensure effective compliance, SHR provides regular PDPA training to employees to raise awareness of data protection responsibilities and reduce risks associated with data breaches.

Personal Data Protection Activities

• Policy Implementation: Established a Personal Data Protection Policy and operational procedures aligned with legal requirements.
• Awareness & Communication: Promotes understanding of personal data protection across departments and defines each unit’s responsibilities.
• ROPA Management: Prepares and maintains Records of Processing Activities (ROPA) and provides specific training to relevant teams.
• Compliance Audits: Conducts regular PDPA compliance audits to ensure adherence to applicable laws and standards.