This website uses cookies for the purpose of improving the user experience. You can learn more details in the Cookie Policy.

Privacy Policy

Privacy Policy

1. Preamble

NR Instant Produce Public Company Limited (the “NRF”) recognizes the importance of maintaining the confidentiality of Personal Data and seeks to ensure that data subjects can be confident that NRF collects, uses, and discloses Personal Data in a transparent and fair manner, and in compliance with the Personal Data Protection Act B.E. 2562 (2019), including any related subordinate legislation. Accordingly, NRF has established this Personal Data Protection Policy (the “Policy”) to set out and explain the details of NRF’s Personal Data processing practices, the details are summarized as follows.

2. Scope of Application

This Policy applies to the Personal Data of individuals who currently have, or may in the future have, a relationship with NRF, and whose Personal Data is processed by NRF, its contract personnel, business units or other organizational units operated by NRF, as well as counterparties or external persons who process Personal Data on behalf of or in the name of NRF (the “Data Processors”). Such processing may occur in connection with various products and services, including websites, systems, applications, documents, or other forms of services under NRF’s supervision or control (collectively, the “Services”). All such processing will be carried out in compliance with the Personal Data Protection Act B.E. 2562 (2019), including this Policy.

Individuals who have a relationship with NRF include the following persons (collectively referred to as “you” or “You”):

  1. 2.1 Customers who are natural persons;
  2. 2.2 Job Applicants, Interns, and Employees;
  3. 2.3 Vendors, Prospective Vendors, and Service Providers, who are natural persons;
  4. 2.4 Directors, Authorized Persons, Representatives, Agents, Shareholders, or other persons in similar capacities of juristic persons that have a relationship with NRF
  5. 2.5 Visitors and Users of NRF’s services
  6. 2.6 User of NRF’s information systems, including websites, applications, or other communication channels owned or supervised by NRF; and
  7. 2.7 Other persons whose Personal Data is collected by NRF, such as meeting participants, employees’ family members, insurance beneficiaries, and similar individuals.

In addition to this Policy, NRF will issue specific privacy notices (each a “Notice”) to inform you of the details of particular Personal Data processing activities, including the categories of Personal Data processed, the purposes and legal bases for processing, the retention periods, as well as the rights of data subjects.

In the event of any material inconsistency between the provisions of the Notice and this Policy, the provisions of the relevant Notice applicable to the respective category of data subjects will prevail.

3. Definitions

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject(s) a person who has been identified by the Personal Data, whether directly or indirectly
processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Customer(s) natural person or juristic person that NRF targets for sale of NRF’s products or services, irrespective of whether a purchase has been made or is expected to make a purchase, including any other similar person, such as event participants, service requesters, website users, and survey respondents
Job Applicant(s) any person of Thai nationality or foreign nationality who applies for employment as a permanent employee, temporary employee or intern, working for NRF, as the case may be, whether such job application is submitted directly by the Job Applicant, through internal NRF recruitment, through referral by any other person, or through the operation of an employment service provider
Employee(s) Job Applicant who has been selected to enter into a contract to work for NRF as a permanent employee, temporary employee , employee during probationary period, or intern, and receive wage calculated on a monthly, daily, hourly, or price-rate basis, or calculated by other means, or as otherwise agreed between NRF and such Employee
Prospective Vendor any natural person or juristic person who may become a vendor of NRF, including those who have expressed intention to enter into a contract or register as a vendor of NRF, parties interested in business collaboration, parties operating jointly with NRF, or any other person requesting quotations or to whom NRF has submitted quotations for consideration
Vendor any natural person or juristic person who submits quotations for the sale of goods or services, or contract to perform work for NRF, whether registered as a vendor with NRF or not, trade partner, business participants, whether selling directly to NRF or participating in product or service development with NRF for distribution, service providers, service recipients, employers, contractors, consultants, experts, academics, speakers, contractual parties of NRF, and other persons of similar nature
Visitor and User any person who notifies NRF of their intention to request access to services, visits, perform work, or carry out any transactions with NRF within buildings, factories, operational facilities, or restricted areas within NRF's premises

4. Personal Data Collected

NRF collected the following Personal Data to process in accordance with NRF’s objectives, limited to the extent necessary for achieving such purpose.

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics first name, last name, gender, nationality, date of birth, age, national identification number, passport number, driver’s license number, taxpayer identification number, signature, photograph, marital status, military service status, and parents’ names.
Contact Information address, telephone number, and email address.
Information Relating to Educational Backgrounds and Work Experience educational background, level of education, academic qualifications, training history, occupation, employee identification number, job position, department, length of service, work attendance dates and times, commencement date, performance evaluation scores, attendance records, and reasons for resignation.
Financial Information wage rate, salary, and bank account number.
Information used as Evidence for Legal Transaction copies of national identification cards, copies of bank account passbooks, vehicle registration numbers, copies of passports, visa documents, work permits, identification cards for persons without Thai nationality (pink card), and receipts evidencing the notification of employment of foreign workers.
Technical Information IP address, MAC address, cookies, and computer traffic data (log files).
Sensitive Personal Data height, weight, injury information, disease information, medical information, medical certificates, health examination results, underlying medical conditions, disability information, criminal history, sexual behavior, fingerprints, and copies of disability identification cards.
Others images, video recordings, and audio recordings captured by NRF’s data recording equipment images, video recordings, and audio recordings captured by closed-circuit television (CCTV) systems

5. Personal Data of Minors, Incompetent Person, and Quasi-Incompetent Person

Generally, NRF does not have a necessity to process Personal Data of minors, incompetent persons, or quasi-incompetent persons. Notwithstanding the foregoing, should NRF require such processing, NRF will obtain consent from the legal representative, or the guardian, or the curator, as applicable, in accordance with the conditions prescribed by law.

In the event NRF subsequently becomes aware that Personal Data of minors, incompetent persons, or quasi-incompetent persons has been processed without obtaining consent from the legal representative, or the guardian, or the curator, as applicable, and NRF is unable to invoke alternative lawful basis for such processing, NRF will immediately discontinue processing and proceed to erase or destroy such Personal Data.

6. Source of Personal Data

NRF collects or receives Personal Data from the following sources:

  1. 6.1 Personal Data that NRF collects directly from data subjects, such as through job applications, registrations, completion of documents or online forms, interactions and communications with NRF through various channels, and the recording of still images or video footage when you participate in NRF’s activities.
  2. 6.2 Personal Data that NRF collects automatically, such as data generated from access to or use of NRF’s information technology systems, as well as data recorded by closed-circuit television (CCTV) systems.
  3. 6.3 Personal Data that NRF collects from other sources where such sources have the requisite authority, a lawful basis, or have obtained consent from the data subjects, such as recruitment agencies, competent government authorities, or the exchange of Personal Data with contractual counterparties where necessary for the conduct of NRF’s business operations.

In the event that you provide NRF with Personal Data of another person, NRF requests that you inform such data subject of this Policy and obtain valid consent from the relevant person, as well as verify and confirm the accuracy and completeness of the Personal Data provided.

7. Lawful Basis for Personal Data Processing

In processing Personal Data, NRF will obtain your explicit consent prior to such processing, unless NRF is able to rely on one or more of the following legal bases to support its Personal Data processing activities:

  1. 7.1 for the achievement of the purpose relating to the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics;
  2. 7.2 for preventing or suppressing a danger to Data Subject’s life, body or health
  3. 7.3 necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract
  4. 7.4 necessary for the performance of a task carried out in the public interest by NRF, or it is necessary for the exercising of official authority vested in NRF;
  5. 7.5 necessary for legitimate interests of NRF or any other natural persons or juristic persons other than NRF, except where such interests are overridden by the fundamental rights of the data subject of his or her Personal Data
  6. 7.6 necessary for compliance with a law to which NRF is subjected

Where NRF is required to process Personal Data for the performance of a contract to which you are bound, for undertaking your request prior to entering into such contract, or for compliance with applicable legal obligations, if your do not give consent, or withdraw consent for the disclosure of Personal Data to NRF, or exercise of the right to object to the processing of Personal Data for the relevant purposes, it may result in NRF being unable to carry out the requested actions or provide the requested services, whether in whole or in part.

8. Purpose of Personal Data Processing

In processing Personal Data, NRF processes Personal Data for the following purposes:

  1. 8.1 To conduct verification and assessment of qualifications and suitability, where the data subject is a business counterparty or a job applicant;
  2. 8.2 To carry out actions at the request of the data subject prior to entering into a contract, to enter into a contract, and to perform obligations under such contract;
  3. 8.3 For business administration and management relating to NRF’s operations, human resources management, and communications and coordination with data subjects;
  4. 8.4 To conduct accounting and tax-related activities, transactions, and the preparation and retention of documents relating to such transactions;
  5. 8.5 For public relations, the dissemination of information and communications, including marketing, promotional activities, and the presentation of information regarding products and services for marketing purposes;
  6. 8.6 To collect data, conduct satisfaction surveys, prepare statistical analyses, and use such data to support the improvement and development of products and services;
  7. 8.7 For information technology management and administration;
  8. 8.8 To safeguard the life, body, health, and property of data subjects within and in the vicinity of NRF’s premises, and to prevent or suppress danger to the life, body, or health of any person;
  9. 8.9 To establish, exercise, or defend legal claims; and
  10. 8.10 To comply with applicable laws, rules, regulations, and legally binding orders to which NRF is subject.

9. Data’s Quality

NRF collects and retains Personal Data for utilization within the scope of its authority and objectives in conducting NRF's operations, with due regard to the accuracy, completeness, integrity, and timeliness of the data.

10. Disclosure of Personal Data

In furtherance of Personal Data processing objectives, NRF requires disclosure of Personal Data to the following categories of natural persons or juristic persons:

  1. 10.1 Internal departments of NRF and its affiliated companies; however, disclosure will be limited solely to people who are relevant and have a legitimate need to process such Personal Data.
  2. 10.2 Business partners involved in NRF’s operational and administrative management, including their agents and authorized representatives, such as banks, financial institutions, insurance companies, and healthcare providers.
  3. 10.3 External service providers, including their agents, contractors, and subcontractors, such as website and information system management service providers, logistics and transportation service providers, public relations service providers, and event management service providers.
  4. 10.4 Professional advisors, such as auditors, internal control or management auditors, and legal advisors.
  5. 10.5 Government authorities, regulatory bodies, or other entities vested with statutory authority to which NRF is subject, for the purpose of legal compliance, such as the Social Security Office, Department of Employment, Department of Skill Development, Ministry of Social Development and Human Security, Revenue Department, Customs Department, Excise Department, the Royal Thai Police, the Personal Data Protection Committee, courts, as well as government officials authorized to access Personal Data, including police officers and public prosecutors.
  6. 10.6 Public media, whether through social media platforms, NRF’s communication channels, or websites of relevant government authorities.

11. Sending or Transferring Personal Data Abroad

In certain cases, NRF may send or transfer Personal Data to foreign countries for the purpose of carrying out Personal Data processing objectives. NRF will implement appropriate safeguards for Personal Data that are sent or transferred, as well as ensure compliance with Personal Data Protection Law, and will take measures to ensure that the destination country or international organization receiving the Personal Data maintains adequate standards of Personal Data protection or satisfies other conditions as prescribed by law.

In sending or transferring Personal Data abroad, NRF will notify and obtain your explicit consent specifically for the transfer or transmission of Personal Data to foreign countries, except in cases prescribed by law where NRF may send or transfer Personal Data abroad without obtaining your consent.

12. Personal Data Retention Period

NRF will retain Personal Data only for such duration as such Personal Data remains necessary for the purposes of Personal Data processing, in accordance with the details specified in policies, notices, or relevant legislation, including but not limited to the law on Securities and Exchange, the law on Public Limited Companies, and the Revenue Code.

Upon expiration of the retention period and when Personal Data ceases to be necessary for the aforementioned purposes, NRF will proceed to erase, destroy, or anonymize such Personal Data in accordance with the formats and standards for Personal Data erasure and destruction as prescribed under Personal Data protection legislation. Notwithstanding the foregoing, in cases where there are disputes, exercise of legal rights, or litigation relating to Personal Data, NRF reserves the right to continue retaining such data until such disputes are concluded by final order or judgment.

13. Personal Data Security Measure

NRF has established appropriate security safeguards, encompassing administrative safeguards, technical safeguards, and physical safeguards, designed to preserve the confidentiality, integrity, and availability of Personal Data and to prevent the loss, unauthorized or unlawful access, use, alteration, modification, or disclosure of Personal Data.

Furthermore, NRF will conduct periodic reviews of such measures and refine and develop Personal Data security measures as required, in response to technological advancements, or upon changes in governing legislation, to ensure that security measures remain contemporary, maintain effectiveness, and are perpetually aligned with statutory requirements.

14. Rights of Personal Data & Exercise of Rights

Data Subjects have the following rights as prescribed under Personal Data Protection Law:

Data Subject Rights Description
Right to withdraw consent
  • If you consent to NRF to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at NRF, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, NRF encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire NRF to disclose of the source of Personal Data that you did not consent.
  • Unless NRF is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to Data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible.
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing
  • You have the right to object to Data Processing in the event that NRF process Personal Data
    • for the necessary legitimate interests of NRF or any other person;
    • for the purpose of direct marketing; or
    • for the purpose of scientific, historical or statistic research
  • Nonetheless, if you object to Data Processing, NRF will continue processing your Personal Data to the extent that
    • there exists a compelling legitimate ground that is more important than your privacy;
    • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
    • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten

You have the right to request NRF to erase, destroy, or anonymize your Personal Data in the following circumstances:

  • You believe that NRF has unlawfully processed your Personal Data
  • You believe that NRF cease the necessity to retain your Personal Data according to NRF’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing

You have the right to request NRF to restrict Data Processing in the following circumstances:

  • NRF is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • NRF is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request NRF to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.

You may exercise the aforementioned rights at any time. Notwithstanding the foregoing, the exercise of such rights may be restricted pursuant to Personal Data Protection Law or other relevant legislation, and there may be circumstances in which NRF is required to refuse or is unable to fulfill your rights request. In such instances, NRF will provide notification of the grounds for refusal in conjunction with the response to such rights request.

15. Connection with External Websites or Services

NRF's services may contain links to third-party websites or services, which may have privacy policies with content that differs from this Policy. NRF recommends that you review the privacy policies of such websites or services to understand the details prior to use. NRF is not affiliated with, has no control over the Personal Data protection measures of such websites or services, and cannot be held responsible for the content, policies, damages, or actions arising from third-party websites or services.

16. Cookies

NRF collects and uses cookies, as well as similar technologies, on websites under NRF's administration or on your devices, depending on the services you use, for the purpose of ensuring security in the provision of NRF's services and to provide users with convenience and enhanced user experience. Such data will be utilized to improve information systems to better align with your needs. You may configure or erase cookie usage yourself through the settings in your web browser.

17. Rendering of Service by Third Parties or Sub-Processor

NRF may engage or procure third parties (Data Processors) to process Personal Data on behalf of or in the name of NRF. Such third parties may provide services in various capacities, such as hosting, outsourcing, cloud services providers, or other forms of contracted services.

In delegating Personal Data processing to third parties acting as Data Processors, NRF will establish agreements specifying the rights and obligations of NRF as the Data Controller and those of the delegated parties as Data Processors. This includes defining the categories of Personal Data delegated for processing, as well as the purposes, scope of Personal Data processing, and other relevant agreements. Data Processors are obligated to process Personal Data only within the scope specified in the agreement and in accordance with NRF's instructions, and may not process data for any other purposes.

In cases where Data Processors engage sub-contractors (Sub-Processors) to process Personal Data on behalf of or in the name of the Data Processor, NRF will require that Data Processors establish contractual agreements between the Data Processor and Sub-Processor in a form and to standards no less stringent than the agreement between NRF and the Data Processor.

18. Data Protection Officer

NRF has appointed a Data Protection Officer (DPO) to perform the functions of monitoring, supervising, and providing guidance on Personal Data processing, as well as coordinating and cooperating with the Office of the Personal Data Protection Committee, to ensure that NRF's operations regarding Personal Data processing comply with Personal Data Protection Law in a fair and transparent manner. Furthermore, NRF has mandated that the Data Protection Officer maintain confidentiality of information obtained in the course of performing duties as Data Protection Officer.

19. Penalty for Non-Compliance with Policy

Failure to comply with this Policy may constitute an offense and be subject to disciplinary action in accordance with NRF's rules and regulations (for Employee or personnel of NRF) or pursuant to the Data Processing Agreement (for Data Processors), as applicable, depending on the circumstances and the relationship you have with NRF, and may be subject to penalties as prescribed under Personal Data Protection Law.

20. Lodging a Complaint to the Supervisory Authority

In the event that NRF failed to comply with or violated Personal Data Protection Law, Data Subjects have the rights to lodge a complaint with the Office of the Personal Data Protection Committee or the relevant regulatory authority as provided by law. Nonetheless, prior to lodging such complaint, NRF kindly requests that Data Subjects contact NRF to provide NRF with an opportunity to acknowledge the facts, provide clarification on various matters, and address concerns at the earliest opportunity.

21. Personal Data Processing under Same Purpose

NRF has the right to continue processing the Personal Data of Data Subjects that was collected by NRF prior to the effective date of the Personal Data Protection Act, B.E. 2562 (2019), as it pertains to Personal Data processing, for the same original purposes. If Data Subjects do not wish NRF to continue processing such Personal Data, Data Subjects may notify NRF to withdraw their consent at any time.

22. Amendment to Privacy Policy

NRF will periodically review this Policy to ensure alignment with applicable practices, laws and regulations. In the event of any changes or amendments, NRF will notify Data Subjects through NRF's website, indicating the effective date of each revised version. Nevertheless, NRF recommends that you regularly review the updated Policy to remain informed of any changes.

23. Inquiry

If you have any questions or suggestions about the policy or its practices, NRF is happy to answer any questions and listen to your suggestions You can contact NRF at

Contact NRF and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

24. Applicable Law

You acknowledge and accept that this Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Policy will be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy Policy was reviewed and approved by the Board of Directors of NR Instant Produce Public Company Limited at Meeting No. 5/2026 on 15 May 2026 and shall be effective from 16 May 2026 onwards.

Announced on 16 May 2026

Privacy Policy For CCTV

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) has implemented closed-circuit television (CCTV) installations both within and around the Company premises for the security of the Company premises and property, as well as for the protection of life, body, and health of any person within and around the Company premises. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data through CCTV usage is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For CCTV

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics
  • Facial
  • Image, Video Recording, and Audio Recording of you
  • Image, Video Recording, and Audio Recording of your property, such as vehicle

Nonetheless, the Company will not install CCTV in the area which may unduly infringe your fundamental rights, such as toilet, and rest area.

3. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
2 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
3 Vital Interest an operation to protect vital interest of Data Subject, such as prevention or suppression of danger to a Data Subject’s life, body, and health
No Lawful Basis Description
1 Ensuring security and safety of the Company’s buildings, facilities, and assets located within and around the premises Legitimate Interest
2 Ensuring safety and prevent danger to your life, body, and health , including ensuring security in your property within and around the premises Legitimate Interest Vital Interest
3 Assisting relevant authorities in enforcing law to suppress, prevent, investigate, and legal prosecution Legal Obligation
4 Assisting in dispute resolution processes arise during disciplinary proceedings or grievance processes Legal Obligation
5 Assisting in investigations, handling of complaints or processes related to initiating or defending legal actions, including but not limited to exercising claims in labor disputes. Legal Obligation

4. Disclosure of Personal Data

  1. 4.1 Generally, the Company will store and keep confidential any Personal Data from CCTV and will not disclose such Personal Data, unless there exists any necessity in order to achieve the Company’s purpose as prescribed in this Privacy Policy. In such case, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affiliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations. This may include agents, contractors, and subcontractors of these service providers, such as security service providers to ensure the security of the Company, including CCTV vendors, for repair and maintaining CCTV, only in the case authorized by the Company.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

  1. 4.2 The Company will assign the recipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

5. International Transfer of Personal Data

  1. 5.1 Generally, the Company does not intend to transfer Personal Data from CCTV to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer such Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 5.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 5.3 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.

6. Personal Data Retention Period

  1. 6.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 90 days from the date of collecting Personal Data.
  2. 6.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 6.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

7. Security Measures of Personal Data

  1. 7.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 7.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 7.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

8. Data Subject Rights and Exercise of Rights

  1. 8.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to disclose of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible.
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people.
Right to object to Data Processing
  • You have the right to object to Data Processing in the event that the Company process Personal Data
    • for the necessary legitimate interests of the Company or any other person;
    • for the purpose of direct marketing; or
    • for the purpose of scientific, historical or statistic research
  • Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
    • there exists a compelling legitimate ground that is more important than your privacy;
    • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
    • it is necessary for a performance carried out in the public interest.
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 8.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 10. to request to exercise Data Subject’s rights.
  2. 8.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

9. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

10. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

11. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Customer

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of Customer and people representing or act on behalf of Customer, including but not limited to executive, shareholder, authorized director, attorney-in-fact, substitute attorney-in-fact, employee, staff, and the representative of juristic person. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For Customer
Customer(s) natural person or juristic person that the Company targets for sale of Company’s products or services, irrespective of whether a purchase has been made or is expected to make a purchase, including any other similar person, such as event participants, service requesters, website users, and survey respondents

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics Title, First Name, Family Name, Age, Birth Data, Sex, Nationality, National Identification Number, Taxpayer Identification Number, Picture, Signature
Contact Information Address, E-mail, Mobile Number, Workplace, Line ID
Information Relating to Educational Backgrounds and Work Experience Department, Position
Financial Information Salary, Bank Account Number
Information used as Evidence for Legal Transaction Business Card, Copy of Personal Identification Card
Technical Information IP Address, MAC Address
Others
  • Image, Video Recording, and Audio Recordings captured by the Company’s recording device
  • Image, Video Recording, and Audio Recording captured by CCTV

Generally, the Company does not intend to process Sensitive Personal Data, such as religious belief or blood type information appeared on your personal identification card. If you provide the Company with your copy of your personal identification card containing such data, the Company kindly request you to redact such data before submitting to the Company. Should you failed to redact the aforementioned data, it is deemed that you consent to the Company to redact such data on your behalf.

3. Source of Personal Data

The Company may collect your Personal Data from various source as follows:

Type Example of Source of Personal Data
Personal Data obtained directly from you
  • Data appeared in any business contracts
  • Data appeared in other documents, such as quotations or business cards
  • Data provided through the completion of documents or online forms
  • Communication and Interaction records with the Company, in any format or method, such as telephone calls, video calls, e-mail, SMS, or postal mail
  • Data used to register for creating an account or profile with the Company for communication through both offline and online channels
Personal Data obtained automatically
  • Image, Video Recording, and Audio Recording captured by CCTV within the Company’s premises
  • Technical Information obtained from accessing the Company’s Information technology systems
Personal Data obtained from other sources or third-person
  • Other department within the Company
  • Your employer or affiliated organization
  • Related person or representatives, such as authorized persons, employees, staff, and agents
  • Data from the Company’s service providers

In the event that you agree and consent to giving Personal Data relating to a third person, you warrant and represent that such Personal Data is accurate and you have fully informed of this Privacy Policy to the third person.

4. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
4 Vital Interest an operation to protect vital interest of Data Subject, such as prevention or suppression of danger to a Data Subject’s life, body, and health.
5 Consent in the event that the Company must process your Personal Data or Sensitive Personal Data which cannot rely on the aforementioned lawful basis, the Company will explicitly notify you and request your consent specifically.
No Purpose Lawful Basis
1 Facilitating communication and undertake any necessary operations, including completing internal procedures prior to entering into contract with you, such as preparing quotations and customer registration
  • Performance of Contract
  • Legitimate Interest
2 Performing contractual obligation, process purchase orders, and discolose information to third parties as required for such purposes, including coordinating with you, invoicing for goods and services, and providing after-sales services
  • Performance of Contract
  • Legitimate Interest
3 Carrying our activities related to the Company’s business operations, performing contractual obligation between the Company and you, and engaging with external party for purposes related to contractual agreements
  • Performance of Contract
  • Legitimate Interest
4 Conducting marketing activity, facilitating communication about marketing initiatives that align with your needs, presenting marketing materials and product and service information, including mange activities related to customer service and promotional campaigns Consent
5 Collecting and analyzing your behavior data and conduct satisfaction surveys as a basis for relationship management, improving services, and designing marketing activities that align more closely with your needs Consent
6 Collecting communication in a database for ongoing correspondence and creating future business opportunities, including facilitating coordination and communication related to the Company Legitimate Interest
7 Complying with applicable laws governing the Company’s operation, such as issuing withholding tax certificates, generating tax invoices, and disclosing financial data to auditors Legal Obligation
8 Managing information technology systems, including performing data backups, recording access logs, and monitoring data traffic within the Company's information technology infrastructure
  • Legitimate Interest
  • Legal Obligation
9 Ensuring safety and prevent danger to your life, body, health and your property within and around the Company’s premises, such as oversight through CCTV
  • Legitimate Interest
  • Vital Interest
10 Establishing, exercising, or defending of legal claims, including but not limited to litigation, enforcement proceedings, or other actions under legal proceedings Legitimate Interest
11 Complying with applicable laws, regulations, and requirements, both domestic and international, as well as to achieve legitimate orders by authorized government agents or government officials, including performing actions required under legal proceedings Legal Obligation
12 Managing risks, monitoring, investigating, and reporting on financial crimes, fraud, misconduct, and other criminal activities Legitimate Interest

5. Disclosure of Personal Data

  1. 5.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affliates: the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Trade Partners the Company may disclose your Personal Data to trade partners for purposes related to the Company’s operational management. This may include agents or authorized representatives of such organizations, such as banks, financial institutions, or insurance companies.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations and customer services. This may include agents, contractors, and subcontractors of these service providers, such as website and IT management providers, logistics service providers, and public relations service providers.

Professional Consultants the Company may disclose your Personal Data to auditors, corporate governance inspectors, consultants, professional service providers, and other experts, both internal and external, to support the Company’s business operations.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, the Revenue Department, Customs Department, Excise Department, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

Public Media the Company may disclose Personal Data as necessary to achieve its objectives on public platforms, whether in an informational or non-informational format, where it is accessible to the general public. These platforms may include social media channels, the Company’s communication channels, or websites of relevant government authorities.

  1. 5.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

6. International Transfer of Personal Data

  1. 6.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may transfer Personal Data to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 6.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 6.3 The Company may store your Personal Data on computers, servers, or cloud, provided by third parties, and may utilize third-party program or applicavation in the form of software as a service and platform as a service for processing your Personal Data. In this regard, the Company will not permit unauthorized person to access Personal Data and require such third parties to implement appropriate security measures for safeguarding Personal Data.

7. Personal Data Retention Period

  1. 7.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 10 years from the date of termination of the customer’s relationship.
  2. 7.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 7.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

8. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 10.2.

9. Security Measures of Personal Data

  1. 9.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 9.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 9.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

10. Data Subject Rights and Exercise of Rights

  1. 10.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to dosclode of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
  • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 10.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 10. to request to exercise Data Subject’s rights.
  2. 10.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

11. Withdrawal of Consent & Consequence from Withdrawal

  1. 11.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 11.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

12. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 12.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 12.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on other lawful basis that do not require consent.

13. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

14. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

15. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Employee, Intern, and Job Applicant

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of employee, intern, and job applicant. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For Employee, Intern, and Job Applicant
Job Applicant(s) any person of Thai nationality or foreign nationality who applies for employment as a permanent employee, temporary employee or intern, working for the Company, as the case may be, whether such job application is submitted directly by the Job Applicant, through internal company recruitment, through referral by any other person, or through the operation of an employment service provider
Employee(s) Job Applicant who has been selected to enter into a contract to work for the Company as a permanent employee, temporary employee , employee during probationary period, or intern, and receive wage calculated on a monthly, daily, hourly, or price-rate basis, or calculated by other means, or as otherwise agreed between the Company and such Employee

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics First Name, Family Name, Sex, Nationality, Age, National Identification Number, Alien Identification Number, Taxpayer Identification Number, Signature, Photo, Marriage Status, First Name & Family Name of Father & Mother
Contact Information Address, Mobile Number, E-mail, Name of the company
Information Relating to Educational Backgrounds and Work Experience Education Background, Degree, Academic Qualifications, Training Background, Employee ID, Position, Department, Length of Service, Data and Time of Work Attendance, Employment Commencement Date, Performance Evaluation Score, Attendance Record, Reason for Resignation
Financial Information Wage Rate, Salary, Bank Account Number
Information used as Evidence for Legal Transaction Copy of Personal Identification Card, Copy of Bank Account, Vehicle Registration Number, Copy of Passport, Visa Documents, Work Permit, Alien Identification Card, Alien Work Permit Receipt, Copy of Disabled Person Idenficiation Card
Technical Information IP Address, MAC Address
Sensitive Personal Data Height, Weight, Wound Details, Disease Details, Medical Information, Medical Certificate, Health Examination Result, Underlying Disease, Disability Information, Criminal Record, Sexual Orientation, Fingerprint
Others
  • Image, Video Recording, and Audio Recordings captured by the Company’s recording device
  • Image, Video Recording, and Audio Recording captured by CCTV

Generally, the Company does not intend to process Sensitive Personal Data, such as religious belief or blood type information appeared on your personal identification card. If you provide the Company with your copy of your personal identification card containing such data, the Company kindly request you to redact such data before submitting to the Company. Should you failed to redact the aforementioned data, it is deemed that you consent to the Company to redact such data on your behalf.

3. Source of Personal Data

The Company may collect your Personal Data from various source as follows:

Type Example of Source of Personal Data
Personal Data obtained directly from you
  • Data appeared during recruitment process
  • Data appeared in any relevant contract or documents, any government documents
  • Data provided through the completion of documents or online forms
  • Process undertaken during recruitment process or any other process during your tenure as an Employee
  • Communication and Interaction records with the Company, in any format or method, such as telephone calls, video calls, e-mail, SMS, or postal mail
  • Data used to register for creating an account or profile with the Company for communication through both offline and online channels
Personal Data obtained automatically
  • Image, Video Recording, and Audio Recording captured by CCTV within the Company’s premises
  • Technical Information obtained from accessing the Company’s information technology systems
Personal Data obtained from other sources or third-person
  • Other department within the Company
  • Your employer or affiliated organization
  • Employment Service Provider
  • Information from government agents
  • Infirmary

In the event that you agree and consent to giving Personal Data relating to a third person, you warrant and represent that such Personal Data is accurate and you have fully informed of this Privacy Policy to the third person.

4. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
4 Vital Interest an operation to protect vital interest of Data Subject, such as prevention or suppression of danger to a Data Subject’s life, body, and health.
5 Consent in the event that the Company must process your Personal Data or Sensitive Personal Data which cannot rely on the aforementioned lawful basis, the Company will explicitly notify you and request your consent specifically.

If you are a Job Applicant, the Company will process your Personal Data for the following purposes and lawful basis as follows:

No Purpose Lawful Basis
1 Undertaking the necessary actions for evaluating and selecting Job Applicants, assessing their suitability for the positions required by the Company, and considering their employment as the Company's Employee, including recruitments, testing, interviews, assessments, and extending employment offers to candidates. Performance of Contract
2 Conducting background and qualification checks prior to employment including verifying essential information necessary for the Company's decision-making process regarding employment and the execution of employment contracts Performance of Contract
3 Facilitating the Company’s internal management processes related to recruitment activities, such as sharing your information or reports with decision-makers, completing internal procedures prior to entering into contracts, and carrying out other essential preparations for onboarding new employees. Performance of Contract
4 Ensuring safety and prevent danger to your life, body, health and your property within and around the Company’s premises, such as oversight through CCTV
  • Legitimate Interest
  • Vital Interest

If you are an Employee, the Company will process your Personal Data for the following purposes and lawful basis as follows:

No Description Lawful Basis
1 Entering into employment contracts as requested by you or to perform contractual obligations where you are the party to the contract, such as preparing employment contracts and agreements, ensuring compliance with Company policies, organizing internal and external training, evaluating job performance, and considering remuneration and benefits
  • Performance of Contract
  • Legitimate Interest
2 Registering Employees, preparing Employee identification cards, maintain Employee records, and manage information technology systems, such as creating usernames, passwords, and e-mail accounts, as well as provisioning necessary equipment such as computers and other tools to ensure that you are adequately prepared to perform their duties
  • Performance of Contract
  • Legitimate Interest
3 Processing the issuance or renewal of visas, work permits, and other work- related permits for you, including the issuance of alien identification cards (pink cards), retention of work permit information, and preparation of Certificates of Identity and other work-related documents as required by law Legal Obligation
4 Collecting health-related data, including pre-employment medical examination results, for assessing suitability for the positions
  • Performance of Contract
  • Consent
5 Conducting criminal background checks for the evaluation of qualifications and suitability for specific positions Consent
6 Collecting data regarding disabilities for the purposes of labor protection, performance evaluation of disabled Employees, and submission of performance evaluation reports Legal Obligation
7 Collecting fingerprint scan data for recording access to restricted Company areas, identity verification, ensuring internal security, and preventing criminal activities Consent
8 Managing social security administration, including registering and de-registering insured persons, managing provident funds, and administering your tax matters, such as preparing supporting documents for accounting purposes (e.g., petty cash vouchers, tax invoices, and other tax deduction documents) Legal Obligation
9 Managing salaries, wages, compensation, bonuses, overtime pay, housing allowances, travel expenses, and your benefits, in addition to processing related compensation considerations, such as leave requests, overtime records, and attendance verification through timekeeping systems or fingerprint scan data
  • Performance of Contract
  • Legal Obligation
  • Consent
10 Providing you appropriate welfare benefits, such as health insurance, expressway cards, fuel cards, annual health check-ups, health screenings for at-risk groups, medical care, a loan for residential purposes, and welfare provisions for employee who is an alien, such as assisting in opening bank accounts for foreign nationals
  • Legitimate Interest
  • Consent
11 Appointing personnel for occupational safety roles, including Professional Safety Officers, Safety Officers at the Management Level, Safety Officers at the Supervisor Level, the Committee of Occupational Safety, Health and Environment of the Company, and other safety-related units Legal Obligation
12 Organizing training programs, seminars, and meetings for the development of the Company’s personnel, in addition to off-site activities such as corporate social responsibility (CSR) initiatives and recreational activities Legitimate Interest
13 Capturing image or video recordings of various activities, including ceremonial events, general event settings, and activities conducted within and outside the Company, as well as personalized or individual photography
  • Legitimate Interest
  • Consent
14 Engaging with the government agents, grants authorization, carrying out labor-related processes, and submitting information to government systems, such as the electronic public service system of the Department of Skill Development under the Ministry of Labour
  • Legitimate Interest
  • Legal Obligation
15 Evaluating the performance of employee during probationary period to determine their eligibility for permanent employees, assessing the performance of interns, and assessment of promotions, compensation adjustments, and additional benefits
  • Performance of Contract
  • Legal Obligation
16 Ensuring safety within production processes, manage measures for accident and hazard prevention and mitigation, and oversee other processes related to emergencies or risks to the life or body of Employees Legitimate Interest
17 Managing information technology systems, including creating user accounts, performing data backups, recording access logs, and monitoring data traffic within the Company's information technology infrastructure
  • Legitimate Interest
  • Legal Obligation
18 Preventing and suppressing danger to your life, body, and health such as emergency contact, hospital transfers, recording travel history, and implementing disease control measures
  • Legitimate Interest
  • Legal Obligation
  • Vital Interest
19 Managing risk, implementing internal controls, overseeing the administration of the Company and its affiliates, ensuring adherence to good corporate governance practices, internal and external auditing, including coordination with service providers responsible for governance and compliance oversight for the Company and its affiliates
  • Legitimate Interest
  • Legal Obligation
20 Ensuring safety and prevent danger to your life, body, health and your property within and around the Company’s premises, such as oversight through CCTV
  • Legitimate Interest
  • Vital Interest
21 Establishing, exercising, or defending of legal claims, including but not limited to litigation, enforcement proceedings, or other actions under legal proceedings Legitimate Interest
22 Complying with applicable laws, regulations, and requirements, both domestic and international, as well as to achieve legitimate orders by authorized government agents or government officials, including performing actions required under legal proceedings Legal Obligation

5. Disclosure of Personal Data

  1. 5.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Trade Partners the Company may disclose your Personal Data to trade partners for purposes related to the Company’s operational management. This may include agents or authorized representatives of such organizations, such as banks, financial institutions, insurance companies, or infirmary.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations and customer services. This may include agents, contractors, and subcontractors of these service providers, such as website and IT providers, event organizers.

Professional Consultants the Company may disclose your Personal Data to auditors, corporate governance inspectors, consultants, professional service providers, and other experts, both internal and external, to support the Company’s business operations.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, the Social Security Office, Department of Employment, Department of Skill Development, Office of Social Development and Human Security, the Revenue Department, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

  1. 5.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

6. International Transfer of Personal Data

  1. 6.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may transfer Personal Data to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 6.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 6.3 The Company may store your Personal Data on computers, servers, or cloud, provided by third parties, and may utilize third-party program or applicavation in the form of software as a service and platform as a service for processing your Personal Data. In this regard, the Company will not permit unauthorized person to access Personal Data and require such third parties to implement appropriate security measures for safeguarding Personal Data.

7. Data Retention Period

  1. 7.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period as follows:
Data Subject Data Retention Period
Job Applicant who does not get selected to work for the Company, irrespective of the reasons, such as the Company rejects or Job Applicant rejects the offer Not exceeding 6 months from the interview date
Employee who is an intern Not exceeding 5 years from the date of termination of internship period
Employee who is not an intern and receive wage calculated on monthly-rate basis For the duration of employment, and for a period of up to 10 years after the termination of the employment
Employee who is not an intern and receive wage calculated on daily-rate basis For the duration of employment, and for a period of up to 2 years after the termination of the employment
  1. 7.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  2. 7.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

8. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 10.2.

9. Security Measures of Personal Data

  1. 9.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 9.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 9.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

10. Data Subject Rights and Exercise of Rights

  1. 10.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to dosclode of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible.
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
  • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 10.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 14. to request to exercise Data Subject’s rights.
  2. 10.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

11. Withdrawal of Consent & Consequence from Withdrawal

  1. 11.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 11.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

12. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 12.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 12.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on other lawful basis that do not require consent.

13. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

14. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

15. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Photography and Videography

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of shareholders, directors, employees, interviewees/commentators, activity participants, award recipients, premises users, visitors, applicant to enter building, as well as customers, vendors, prospective vendors, and representatives of such persons. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For Photography and Videography

2. Type of Personal Data the Company Collected

  1. 2.1 The Company requires the processing of photographic data, whether it is an image or video recording, whereby your Personal Data may includes image or video recording of you during interviews, photographs of specific individuals during activities (individual photos), overview of activities or group photographs (group photos) upon completion of activities. Such data are stored electronically on the Company's recording device, which may include personal information of the Data Subject, such as first name, family name, position of the photo subject, and activity information, location, date, time appearing on the images.
  2. 2.2 In the event that image or video recording of you are recorded for commercial and/or public relations purpose, the Company will explicitly notify you and request your consent specifically when the Company has selected such image or video recording to disclose, disseminate, along with requesting permission to specify first name and family name to accompany such image or video recording for commercial and/or public relations purpose which the Company has obtained your consent.

3. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Consent in the event that the Company must process your Personal Data or Sensitive Personal Data which cannot rely on the aforementioned lawful basis, the Company will explicitly notify you and request your consent specifically.
No Lawful Basis Description
1 Capturing of image or video recording which is not personalized or individual photography, and overview image of the event, exhibition, activity during the event, training session, meeting, for the communication purpose and dissemination across various medic channels, including social media or the Company’s communication channels Legitimate Interest
2 Capturing of image or video recording which is personalized or individual photography, or using of first name and family name, or works associated with the person to accompany such image or video recording for appropriate business purpose and in adherence with the Company’s purpose Consent
3 Data Processing of photography or videography, first name, family name, and works associated with the person according to Photography or Videography license agreement, where compensation has been provided Performance of Contract
4 Capturing of image or video recording in case that the person is recorded as part of an award ceremony, either as a winner of a prize or as a selected recipient in any event Performance of Contract
5 Capturing of image or video recording as an evidence for identity verification, internal audit, or other Company’s legitimate purpose Legitimate Interest

4. Disclosure of Personal Data

  1. 4.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

Public Media the Company may disclose Personal Data as necessary to achieve its objectives on public platforms, whether in an informational or non-informational format, where it is accessible to the general public. These platforms may include social media channels, the Company’s communication channels, or websites of relevant government authorities.

  1. 4.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

5. International Transfer of Personal Data

  1. 5.1 Generally, the Company does not intend to transfer Personal Data from photography or videography to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer such Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 5.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 5.3 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.

6. Personal Data Retention Period

  1. 6.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 10 years from the date of collecting Personal Data.
  2. 6.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 6.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

7. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 9.2.

8. Security Measures of Personal Data

  1. 8.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 8.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 8.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

9. Data Subject Rights and Exercise of Rights

  1. 9.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to disclose of the source of Personal Data that you did not consent.
Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 9.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 13. to request to exercise Data Subject’s rights
  2. 9.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

10. Withdrawal of Consent & Consequence from Withdrawal

  1. 10.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 10.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

11. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 11.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 11.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on another lawful basis that do not require consent.

12. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

13. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

14. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with the laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Shareholder and Director

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of shareholder, director, and representative of such person, such as proxy, attorney-in-fact, and any other related person. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy NR Instant Produce Public Company Limited Privacy Policy For Shareholder and Director

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics Title, First Name, Family Name, Sex, Birth Data, National Identification Number, Taxpayer Identification Number, Signature
Contact Information Address, E-mail, Mobile Number
Information Relating to Educational Backgrounds and Work Experience Position
Financial Information Bank Account Number
Information used as Evidence for Legal Transaction Copy of Personal Identification Card, Copy of Passport, Vehicle Registration Number
Others Image, Video Recording, and Audio Recording captured by CCTV

Generally, the Company does not intend to process Sensitive Personal Data, such as religious belief or blood type information appeared on your personal identification card. If you provide the Company with your copy of your personal identification card containing such data, the Company kindly request you to redact such data before submitting to the Company. Should you failed to redact the aforementioned data, it is deemed that you consent to the Company to redact such data on your behalf.

3. Source of Personal Data

The Company may collect your Personal Data from various source as follows:

Type Example of Source of Personal Data
Personal Data obtained directly from you
  • Data provided through the completion of documents or online forms
  • Process undertaken during your tenure as a shareholder, director, or representative of such person
  • Data used to register for creating an account or profile with the Company for communication through both offline and online channels
Personal Data obtained automatically
  • Image, Video Recording, and Audio Recording captured by CCTV within the Company’s premises
  • Technical Information obtained from accessing the Company’s information technology systems
Personal Data obtained from other sources or third-person
  • Other department within the Company
  • Information from government agents such as the Department of Business Development
  • Information obtained from conducting background checks with relevant government agents
  • Publicly available and reliable information

In the event that you agree and consent to giving Personal Data relating to a third person, you warrant and represent that such Personal Data is accurate and you have fully informed of this Privacy Policy to the third person.

4. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
4 Vital Interest an operation to protect vital interest of Data Subject, such as prevention or suppression of danger to a Data Subject’s life, body, and health.
No Purpose Lawful Basis
1 Managing corporate matters related to registration, proxies, granting authorization, and the furnishing of meeting notices in compliance with applicable laws, such as the law on Public Company Limited, the law on Securities and Exchange, or other relevant legislation
  • Legitimate Interest
  • Legal Obligation
2 Facilitating the Company’s operations in alignment with its business legitimate interest, including organizing shareholder meetings, board meetings, and managing corporate activities such as capital increase or reduction, business restructuring, conducted in accordance with applicable laws, such as the law on Public Company Limited, the law on Securities and Exchange, or other relevant legislation
  • Legitimate Interest
  • Legal Obligation
3 Recording image or video recording during meeting for disseminating through the Company’s information technology systems, or for attendees to view the content later, or for public relations purpose Legitimate Interest
4 Recording meetings as evidence of such meetings and preparing meeting minutes to furnish to relevant persons or entities Legitimate Interest
5 Facilitating processes related to recruitment, selection, evaluation, and qualification verification, as well as to fulfill contractual obligations, such as payment of director remuneration and providing welfare benefits and entitlements to directors
  • Performance of Contract
  • Legitimate Interest
6 Maintaining a database for communication, dissemination of public relations materials, and delivery of necessary and relevant documents, such as annual reports and financial statements Legitimate Interest
7 Paying dividend to shareholders, interest payments on debentures, and manage other corporate matters related to the rights and obligations of shareholders Legal Obligation
8 Entering into contract with vendors or trade partners or third persons, including actions undertaken by the Company prior to entering into contracts or to perform contractual obligations
  • Performance of Contract
  • Legitimate Interest
9 Engaging with government agents, granting authorizations, carrying out transactions with relevant government agents, submitting information to government systems
  • Legitimate Interest
  • Legal Obligation
10 Preventing and suppressing danger to your life, body, and health such as emergency contact, hospital transfers, recording travel history, and implementing disease control measures
  • Legitimate Interest
  • Legal Obligation
  • Vital Interest
11 Managing risk, implementing internal controls, overseeing the administration of the Company and its affiliates, ensuring adherence to good corporate governance practices, internal and external auditing, including coordination with service providers responsible for governance and compliance oversight for the Company and its affiliates
  • Legitimate Interest
  • Legal Obligation
12 Ensuring safety and prevent danger to your life, body, health and your property within and around the Company’s premises, such as oversight through CCTV
  • Legitimate Interest
  • Vital Interest
13 Establishing, exercising, or defending of legal claims, including but not limited to litigation, enforcement proceedings, or other actions under legal proceedings Legitimate Interest
14 Complying with applicable laws, regulations, and requirements, both domestic and international, as well as to achieve legitimate orders by authorized government agents or government officials, including performing actions required under legal proceedings Legal Obligation

5. Disclosure of Personal Data

  1. 5.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affiliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Trade Partners the Company may disclose your Personal Data to trade partners for purposes related to the Company’s operational management. This may include agents or authorized representatives of such organizations, such as banks, financial institutions, or insurance companies.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations and customer services. This may include agents, contractors, and subcontractors of these service providers, such as website providers, hire-purchase & leasing company.

Professional Consultants the Company may disclose your Personal Data to auditors, corporate governance inspectors, consultants, professional service providers, and other experts, both internal and external, to support the Company’s business operations.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, the Revenue Department, Customs Department, Excise Department, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

Public Media the Company may disclose Personal Data as necessary to achieve its objectives on public platforms, whether in an informational or non-informational format, where it is accessible to the general public. These platforms may include social media channels, the Company’s communication channels, or websites of relevant government authorities.

  1. 5.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

6. International Transfer of Personal Data

  1. 6.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may transfer Personal Data to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 6.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 6.3 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.

7. Personal Data Retention Period

  1. 7.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 10 years from the date of collecting Personal Data.
  2. 7.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 7.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

8. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 10.2.

9. Security Measures of Personal Data

  1. 9.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 9.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 9.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

10. Data Subject Rights and Exercise of Rights

  1. 10.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to disclose of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible.
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
  • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 10.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 14. to request to exercise Data Subject’s rights.
  2. 10.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

11. Withdrawal of Consent & Consequence from Withdrawal

  1. 11.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 11.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

12. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 12.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 12.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on other lawful basis that do not require consent.

13. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

14. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

15. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Vendor

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of Vendor, Prospective Vendors and people representing or act on behalf of Vendor and/or Prospective Vendor, including but not limited to executive, shareholder, authorized director, attorney-in-fact, substitute attorney-in-fact, employee, staff, and the representative of juristic person. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For Vendor
Prospective Vendor any natural person or juristic person who may become a vendor of the Company, including those who have expressed intention to enter into a contract or register as a vendor of the Company, parties interested in business collaboration, parties operating jointly with the Company, or any other person requesting quotations or to whom the Company has submitted quotations for consideration
Vendor any natural person or juristic person who submits quotations for the sale of goods or services, or contract to perform work for the Company, whether registered as a vendor with the Company or not, trade partner, business participants, whether selling directly to the Company or participating in product or service development with the Company for distribution, service providers, service recipients, employers, contractors, consultants, experts, academics, speakers, contractual parties of the Company, and other persons of similar nature

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics First Name, Family Name, Age, Sex, National Identification Number, Alien Identification Number, Taxpayer Identification Number, Nationality, Signature, Photo
Contact Information Address, E-mail, Line ID, Mobile Number, Workplace
Information Relating to Educational Backgrounds and Work Experience Department, Position
Financial Information Bank Account Number
Information used as Evidence for Legal Transaction Copy of Personal Identification Number
Technical Information IP Address, Mac Address
Others
  • Image, Video Recording, and Audio Recordings captured by the Company’s recording device
  • Image, Video Recording, and Audio Recording captured by CCTV

Generally, the Company does not intend to process Sensitive Personal Data, such as religious belief or blood type information appeared on your personal identification card. If you provide the Company with your copy of your personal identification card containing such data, the Company kindly request you to redact such data before submitting to the Company. Should you failed to redact the aforementioned data, it is deemed that you consent to the Company to redact such data on your behalf.

3. Source of Personal Data

The Company may collect your Personal Data from various source as follows:

Type Example of Source of Personal Data
Personal Data obtained directly from you
  • Data appeared during procurement and purchase process, and vendor assessment documents
  • Data appeared in any business contracts
  • Data provided through the completion of documents or online forms
  • Data appeared on business cards
  • Communication and Interaction records with the Company, in any format or method, such as telephone calls, video calls, e-mail, SMS, or postal mail
  • Data used to register for creating an account or profile with the Company for communication through both offline and online channels
Personal Data obtained automatically
  • Image, Video Recording, and Audio Recording captured by CCTV within the Company’s premises
  • Technical Information obtained from accessing the Company’s information technology systems
Personal Data obtained from other sources or third-person
  • Other department within the Company
  • Your employer or affiliated organization
  • Related person or representatives, such as authorized persons, employees, staff, and agents
  • Information from government agents
  • Data from the Company’s service providers
  • Publicly available and reliable information

In the event that you agree and consent to giving Personal Data relating to a third person, you warrant and represent that such Personal Data is accurate and you have fully informed of this Privacy Policy to the third person.

4. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
4 Vital Interest an operation to protect vital interest of Data Subject, such as prevention or suppression of danger to a Data Subject’s life, body, and health.
5 Consent in the event that the Company must process your Personal Data or Sensitive Personal Data which cannot rely on the aforementioned lawful basis, the Company will explicitly notify you and request your consent specifically.
No Purpose Lawful Basis
1 Evaluating qualifications and suitability of vendor registration applicants and registered vendors, establishing new vendor relationships, and carrying out procedures related to vendor registration processes, such as background verification, identity validation, and processing your various requests within the Company's system, including modifications to your information
  • Performance of Contract
  • Legitimate Interest
2 Facilitating procurement and selection processes, assessing qualifications and suitability in accordance with the Company's procurement procedures, and price comparison activities Legitimate Interest
3 Entering into contract and completing procedures prior to entering into contracts as requested by you, such as including but not limited to employment agreements, service agreements, commercial contracts, memoranda of understanding (MOU), non-disclosure agreements and others, as well as managing Company in compliance with contractual obligations
  • Performance of Contract
  • Legitimate Interest
4 Carrying our activities related to the Company’s business operations, communicating essential information as a performance of contractual obligation between the Company and you, facilitating business communications, and providing services in the capacity of Vendor Performance of Contract
5 Publicizing information regarding Company operations, news production, and creating of public relations announcement Legitimate Interest
6 Collecting communication in a database for ongoing correspondence and creating future business opportunities Legitimate Interest
7 Collecting payments or outstanding debts owed to the Company, executing transactions, processing payments, including implementing various measures to successfully complete transactions, verifying account accuracy, and issuing accounting documentation for both accounts payable and accounts receivable, such as tax invoices, payment vouchers, receipts, and withholding tax certificates
  • Performance of Contract
  • Legal Obligation
8 Managing risk, implementing internal controls, overseeing the administration of the Company and its affiliates, ensuring adherence to good corporate governance practices, internal and external auditing, including coordination with service providers responsible for governance and compliance oversight for the Company and its affiliates
  • Legitimate Interest
  • Legal Obligation
9 Managing information technology systems, including performing data backups, recording access logs, and monitoring data traffic within the Company's information technology infrastructure
  • Legitimate Interest
  • Legal Obligation
10 Ensuring safety and prevent danger to your life, body, health and your property within and around the Company’s premises, such as oversight through CCTV
  • Legitimate Interest
  • Vital Interest
11 Establishing, exercising, or defending of legal claims, including but not limited to litigation, enforcement proceedings, or other actions under legal proceedings Legitimate Interest
12 Complying with applicable laws, regulations, and requirements, both domestic and international, as well as to achieve legitimate orders by authorized government agents or government officials, including performing actions required under legal proceedings Legal Obligation
13 Managing risks, evaluating your credibility for the purpose of monitoring, investigating, and reporting on financial crimes, fraud, misconduct, and other criminal activities Legitimate Interest

5. Disclosure of Personal Data

  1. 5.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Trade Partners the Company may disclose your Personal Data to trade partners for purposes related to the Company’s operational management. This may include agents or authorized representatives of such organizations, such as banks, financial institutions, or insurance companies.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations and customer services. This may include agents, contractors, and subcontractors of these service providers, such as website and IT management providers.

Professional Consultants the Company may disclose your Personal Data to auditors, corporate governance inspectors, consultants, professional service providers, and other experts, both internal and external, to support the Company’s business operations.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, the Revenue Department, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

Public Media the Company may disclose Personal Data as necessary to achieve its objectives on public platforms, whether in an informational or non-informational format, where it is accessible to the general public. These platforms may include social media channels, the Company’s communication channels, or websites of relevant government authorities.

  1. 5.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

6. International Transfer of Personal Data

  1. 6.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may transfer Personal Data to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 6.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 6.3 The Company may store your Personal Data on computers, servers, or cloud, provided by third parties, and may utilize third-party program or applicavation in the form of software as a service and platform as a service for processing your Personal Data. In this regard, the Company will not permit unauthorized person to access Personal Data and require such third parties to implement appropriate security measures for safeguarding Personal Data.

7. Personal Data Retention Period

  1. 7.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 10 years from the date of termination of the customer’s relationship.
  2. 7.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 7.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

8. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 10.2.

9. Security Measures of Personal Data

  1. 9.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 9.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 9.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

10. Data Subject Rights and Exercise of Rights

  1. 10.1 Under Personal Data Protection Law, you, as a Data Subject, have the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to dosclode of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible
  • Unless
    • it is not feasible due to technical reasons;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
  • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 10.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 14. to request to exercise Data Subject’s rights.
  2. 10.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

11. Withdrawal of Consent & Consequence from Withdrawal

  1. 11.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 11.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

12. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 12.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 12.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on other lawful basis that do not require consent.

13. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

14. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

15. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Privacy Policy For Visitor and Applicant to Enter the Building

NR Instant Produce Public Company Limited (hereinafter referred to as “Company”) emphasizes the utmost importance of protection the Personal Data of Visitor and Applicant to Enter the Building. (“you”) To ensure that the collection, use, and/or disclosure of your Personal Data is in adherence with the Personal Data Protection Act B.E. 2562, the Company hereby established this Privacy Policy to inform you of your rights, duties, and the Company’s practice in collect, use and/or disclosure of Personal Data.

1. Definition

Vocabulary Definition
Personal Data Protection Law Personal Data Protection Act B.E. 2562 and any further amendment, including any relevant Rule, Regulation, and Order related to Personal Data protection
Personal Data any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the notification of the deceased Persons in particular
Sensitive Personal Data Personal Data relating to race, ethnicity, political opinion, belief, religion or philosophy, sexual orientation, criminal record, health information, disability, labour union information, genetic data, biometric data (such as facial scan, iris scan, fingerprint scan) or any other data which may impact the Data Subject in a similar manner, as prescribed by the Personal Data Protection Committee
Data Subject a person who has been identified by the Personal Data, whether directly or indirectly
Data Processing/process any operation performed on the Personal Data or set of the Personal Data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consideration, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction
Privacy Policy This Privacy Policy For Visitor and Applicant to Enter the Building
Visitor/ Applicant to Enter the Building any person who notifies the Company of their intention to request access to services, visits, perform work, or carry out any transactions with the Company within buildings, factories, operational facilities, or restricted areas within the Company's premises

2. Type of Personal Data the Company Collected

The Company will collect and store Personal Data in a legitimate manner and only to the extent necessary for the Company’s business operation as follows:

Type Example of Personal Data
Specific Personal Information and Information Relating to Personal Characteristics First Name, Family Name, Age, National Identification Number, Signature
Contact Information Name of the Company, Department
Information used as Evidence for Legal Transaction License Plate
Others Image, Video Recording, and Audio Recording captured by CCTV
Sensitive Personal Data Sickness, Injury

3. Source of Personal Data

The Company may collect your Personal Data from various source as follows:

Type Example of Source of Personal Data
Personal Data obtained directly from you
  • Data provided through the completion of documents or online forms
  • Data appeared in documents that the Company requested you to furnish to
  • Communication and Interaction records with the Company, in any format or method, such as telephone calls, video calls, e-mail, SMS, or postal mail
Personal Data obtained automatically Image, Video Recording, and Audio Recording captured by CCTV within the Company’s premises
Personal Data obtained from other sources or third-person
  • Other department within the Company
  • Your employer or affiliated organization
  • Related person or representatives, such as authorized persons, employees, staff, and agents

In the event that you agree and consent to giving Personal Data relating to a third person, you warrant and represent that such Personal Data is accurate and you have fully informed of this Privacy Policy to the third person.

4. Purpose & Lawful Basis for Data Processing

The Company will process your Personal Data for various purposes, applying lawful basis as appropriate as follows:

No Lawful Basis Description
1 Performance of Contract necessity for the Company to perform contractual obligations to which you are a party to the Contract with the Company, including any preliminary action undertaken at your request prior to entering into the contract
2 Legitimate Interest necessity for the Company to operate under the Company’s legitimate interests within reasonable expectations of the Data Subject and without unduly infringing on the rights and freedoms of the Data Subject
3 Legal Obligation necessity for compliance with the law, regulations, or order issued by the regulatory authorities overseeing the Company
4 Vital Interest an operation to protect vital interest of Data Subject, such as prevent or suppress of danger to a Data Subject’s life, body, and health.
No Purpose Lawful Basis
1 Managing your access to buildings, factories, operational facilities, or restricted areas within the Company's premises, including monitoring, preventing and deterring, as well as varying of any unauthorized access, as well as facilitating any necessary processes such as card exchange, registration, and recording your necessary information Legitimate Interest
2 Ensuring safety and prevent danger to your life, body, health and your property, including security of the Company’s buildings, factories, operational facilities, or restricted areas within the Company's premises, in addition to implementing necessary internal process prior to any performance of work within the Company
  • Legitimate Interest
  • Vital Interest
3 Controlling access to the Company’s information technology systems and databases, including monitoring preventing and deterring, as well as verying of any unauthorized access. Legitimate Interest
4 Managing hygiene and safety standards and ensuring compliance with applicable laws related to workplace safety and public health benefits
  • Legal Obligation
  • Consent
5 Preventing and suppressing danger to your life, body, and health such as emergency contact, hospital transfers, recording travel history, and implementing disease control measures
  • Legitimate Interest
  • Legal Obligation
  • Vital Interest
6 Establishing, exercising, or defending of legal claims, including but not limited to litigation, enforcement proceedings, or other actions under legal proceedings Legitimate Interest
7 Complying with applicable laws, regulations, and requirements, both domestic and international, as well as to achieve legitimate orders by authorized government agents or government officials, including performing actions required under legal proceedings Legal Obligation

5. Disclosure of Personal Data

  1. 5.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may disclose your Personal Data to internal and external party as follows:

Internal Departments and Affliates the Company may disclose your Personal Data to its personnel and internal departments, including executives, supervisors, employees, and affiliates. However, such disclosure will be strictly limited to those directly involved and necessary for processing Personal Data.

Service Provider the Company may engage in external service providers (Outsource) to act on its behalf or support its business operations and customer services. This may include agents, contractors, and subcontractors of these service providers, such as security guard service provider.

Professional Consultants the Company may disclose your Personal Data to corporate governance inspectors, consultants, professional service providers, and other experts, both internal and external, to support the Company’s business operations.

Government Authority the Company may disclose your Personal Data to government agents, regulatory bodies overseeing the Company, or other authorized agent as required by law. This includes, but not limited to, Royal Thai Police, Office of the Personal Data Protection Committee, Courts, and authorized government officials such as police officers or public prosecutors.

  1. 5.2 The Company will assign the receipients of your Personal Data to implement appropriate security measures to safeguard Personal Data and to process your Personal Data only to the extent necessary. The Company will undertake actions to prevent unauthorized or unlawful Data Processing and will ensure that such Data Processing is carried out in strict adherence to the purpose as prescribed in this Privacy Policy or Personal Data Protection Law. In the event that the consent is required to process your Personal Data according to the Personal Data Protection Law, the Company will explicitly notify you and request your consent specifically.

6. International Transfer of Personal Data

  1. 6.1 To achieve the Company’s purpose as prescribed in this Privacy Policy, the Company may transfer Personal Data to the receipients located in foreign country. Nonetheless, if there exists any necessity for the Company to transfer Personal Data to the receipients located in foreign country, the Company will explicitly notify you and request your consent specifically.
  2. 6.2 In transferring such Personal Data, the Company will implement appropriate security measures and will comply with Personal Data Protection Law, whereby the Company will undertake measures to ensure that the destination country or international organization receiving Personal Data has adequate Personal Data protection standards or in adherence with other law.
  3. 6.3 The Company may store your Personal Data on computers, servers, or cloud, provided by third parties, and may utilize third-party program or applicavation in the form of software as a service and platform as a service for processing your Personal Data. In this regard, the Company will not permit unauthorized person to access Personal Data and require such third parties to implement appropriate security measures for safeguarding Personal Data.

7. Personal Data Retention Period

  1. 7.1 The Company will retain your Personal Data for a period necessary to achieve the purpose in Data Processing, taking into account the criteria used to determine the retention period, including the duration of the Company’s relationship with you and the practices for each type of Personal Data. Generally, the Company will retain your Personal Data for a period not exceeding 4 years from the date of collecting Personal Data.
  2. 7.2 Upon expiration of the aforementioned period or when it is no longer necessary to retain your Personal Data, the Company will promptly erase, destroy, or anonymize your Personal Data. Nonetheless, the Company may retain all or part of your Personal Data exceeding the aforementioned period for compliance with laws or legitimate orders.
  3. 7.3 The Company has implemented an audit system to implement the erasure, destruction, or anonymization of such Personal upon expiration of the retention period or when processing of such data is no longer necessary.

8. Data Processing Under Original Purpose

The Company reserves the right to process your Personal Data collected prior to the effective date of the Personal Data Protection Act B.E. 2562, for the original purpose for which it was collected. If you no longer wish the Company to process your Personal Data, you may withdraw your consent at any time, subject to the clause 10.2.

9. Security Measures of Personal Data

  1. 9.1 The Company has implemented appropriate security measures, including administrative measures, technical measures, and physical measures, to maintain the confidentiality, integrity, and availability of Personal Data to prevent loss, access, use, modification, alteration, or disclosure of Personal Data by unauthorized persons or those who do not have relevant duties concerning such Personal Data.
  2. 9.2 The Company has strictly enforced security measures within the Company, utilizing security technologies and procedures, such as implementing access control measures and data use measures by establishing data access rights, authorization rights for designated persons to access data, as well as implementing measures for audit trail monitoring to ensure that only authorized persons can access your Personal Data and such authorized persons have been trained and are aware of the importance of Personal Data security.
  3. 9.3 The Company will conduct review of such security measures, including improving and developing such measures to reflect necessity or change in technology to ensure the effectiveness of Personal Data security.

10. Data Subject Rights and Exercise of Rights

  1. 10.1 Under Personal Data Protection Law, you, as a Data Subject, has the following rights:
Data Subject Rights Description
Right to withdraw consent
  • If you consent to the Company to process your Personal Data, you has right to withdraw consent at any time that the Personal Data is retained at the Company, unless there is any legal restrictions or contraty to the contract that benefits you.
  • Nonetheless, the withdrawal of consent may affect certain benefits you are entitled to. To safeguard your interests, the Company encourages you to review and inquire about the consequences of withdrawing your consent.
Right to access and retrieve a copy of data
  • You have the right to access and obtain copy of your Personal Data, including to inquire the Company to disclose of the source of Personal Data that you did not consent.
  • Unless the Company is subjected to the law or the court’s order or it violates the rights and freedoms of other people.
Right to data portability
  • You have the right to request for Personal Data in an easily accessible and intelligible form using automated tools or equipment and in the format that can be used or disclosed using automated tools or equipment and may request a transfer of such Personal Data to other Data Controller in such format if feasible.
  • Unless
    • it is not feasible due to technical reason;
    • it is a performance carried out in the public interest;
    • it is for compliance with the law; or
    • it violates the rights and freedoms of other people
Right to object to Data Processing You have the right to object to Data Processing in the event that the Company process Personal Data.
  • for the necessary legitimate interests of the Company or any other person;
  • for the purpose of direct marketing; or
  • for the purpose of scientific, historical or statistic research
Nonetheless, if you object to Data Processing, the Company will continue processing your Personal Data to the extent that
  • there exists a compelling legitimate ground that is more important than your privacy;
  • it is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims; or
  • it is necessary for a performance carried out in the public interest
Right to erasure/Right to be forgotten You have the right to request the Company to erase, destroy, or anonymize your Personal Data in the following circumstances:
  • You believe that the Company has unlawfully processed your Personal Data
  • You believe that the Company cease the necessity to retain your Personal Data according to the Company’s purpose as prescribed in this Privacy Policy; or
  • You have exercised right to withdraw consent or right to object to Data Processing as aforementioned
Right to restriction of Data Processing You have the right to request the Company to restrict Data Processing in the following circumstances:
  • The Company is pending examination process in accordance with the request to exercise rights to rectification,
  • It is Personal Data which must be erased or destroyed, but you request to restrict Data Processing instead, or
  • The Company is pending examination process in accordance with the request to exercise rights to object to Data Processing
Right to rectification You have the right to request the Company to rectify your Personal Data to be accurate, up to date, complete, and not cause any misleading.
Right to lodge a complaint You have the right to lodge a complaint to the Company or to the competent authority where you believe that the Company’s Data Processing is not in adherence with Personal Data Protection Law.
  1. 10.2 You may exercise your aforementioned rights at any time by contacting through channel specified in clause 14. to request to exercise Data Subject’s rights.
  2. 10.3 The exercise of such rights may be restricted under Personal Data Protection Law or other relevant law, and there may exist certain circumstances where the Company has necessary grounds to reject or unable to proceed with your application. In such case, the Company will notify you of the reasons for rejection together with the response to such application.

11. Withdrawal of Consent & Consequence from Withdrawal

  1. 11.1 In the event that the Company processes Personal Data based on consent, you, as a Data Subject, have the right to withdraw the consent given to the Company at any time. Such withdrawal of consent will not affect any legitimate Data Processing based on your consent given prior to its withdrawal.
  2. 11.2 If you withdraw the consent previously given to the Company or refuse to provide information to the Company, whether in whole or in part, it may result in the Company's inability to achieve the Company’s purpose as prescribed in this Privacy Policy, whether in whole or in part.

12. Personal Data of a Minor, Incompetent Person, or Quasi-Incompetent Person

  1. 12.1 If you are a minor, an incompetent person, or a quasi-incompetent person, and with to consent the Company to process your Personal Data, you must obtain consent from your legal representative, guardian, or curator, as the case maybe, prior to giving consent to the Company.
  2. 12.2 In the event that the Company is required to obtain consent from a legal representative, guardian, or curator, as the case may be, for processing Personal Data of a minor, an incompetent person, or a quasi-incompetent person, but the Company was unaware of such facts at the time of Data Processing and subsequently becomes aware that the Company has processed such Personal Data without obtaining the aforementioned consent, the Company will promptly erase, destroy, or anonymize the Personal Data of such minor, incompetent person, or quasi-incompetent person, unless the Company can process such Personal Data based on other lawful basis that do not require consent.

13. Amendment to Privacy Policy

The Company may update this Privacy Policy from time to time to reflect changes in our practices or changes in circumstances. In the event of any material amendment to this Privacy Policy, the Company will notify you of the amendment. The Company encourages you to review this Privacy Policy periodically.

14. Contact Us

Should you have any inquiries regarding this Privacy Policy, or would like further information about the Company's data protection practices, or to exercise your rights as a Data Subject, please contact us at the following channels:

Contact the Company and DPO:

Address: NR Instant Produce Public Company Limited 99/1 Moo 4, Khae Rai Sub-District, Krathum Baen District, Samut Sakhon, 74110

E-mail: DPO@nrinstant.com

Telephone Number: 034849576-80

15. Applicable Law

You acknowledge and accept that this Privacy Policy is governed and construed in accordance with laws of Thailand. Any dispute arising out of or in connection with this Privacy Policy shall be submitted to the exclusive jurisdiction of the courts of Thailand.

This Privacy has been approved by the Board of Directors Meeting No. 9/2025 held on 15 May 2025 and effective on 16 May 2025 onwards.

Announcements on 16 May 2025.

Cookie Policy

A cookie is a small text file which is copied onto your hard disk by a website. Cookies do not cause any damage to your computer and do not contain any viruses. The cookies from our websites do not gather any personal data about you. You can disable the use of cookies at any time via the settings in your browser. As a rule, cookies are only used on our websites for the length of your session for the purpose of anonymous, statistical assessments and for improving user-friendliness. Cookies may occasionally serve an additional purpose in certain sections of the website. You will be informed of this if you access one of these sections.

1. What is a cookie?

A cookie is a small text file which is downloaded onto customer computer, this file allows us (NR Instant Produce Public Company Limited) to collect data regarding visitor browsing history.

2. Benefit of cookies

By collecting cookies, the Website is able to supply customers with an enhance experience and meet their needs in the future.

This information will be used exclusively by NR Instant Produce Public Company Limited, so any transfer of cookie data cannot occur.

Cookies also record the initial settings of the site, this enables customers to receive the same requirement settings. If a cookie is deleted, any settings will return to its default state.

3. Cookies do not harm your computer

Cookies sole purpose is to collect data into files, it does not have any extra function.

4. What cookies do not gather?

Cookies do not collect information regarding your personal details such as mobile phone number or your date of birth. Any further gathering of information will require customer consent prior to collection.

5. How to disable cookies?

Customers can disable cookies settings by visiting their browser settings and configure privacy settings to restrict any future collection of cookies.