BTS : Privacy Policy for Proposing Agenda Items and Nominating Candidates for Election as Directors

Privacy Policy

for Proposing Agenda Items and Nominating Candidates for Election as Directors

at Annual General Meetings of Shareholders of BTS Group Holdings Public Company Limited

BTS Group Holdings Public Company Limited (the "Company", "we", "us", or "our") recognizes the importance of the protection of personal data. We follow security procedures when collecting, using, and/ or disclosing your personal data.

This privacy policy ("Privacy Policy") explains how we collect, use, and/or disclose personal data relating to you, for the purpose of proposing the agenda items of the Annual General Meeting of Shareholders and nominating candidates for election as directors of the Company at the Annual General Meeting of Shareholders.

From time to time, we may change and/or update this Privacy Policy. We will provide additional notice of significant changes and/or updates. We will post the date on which our Privacy Policy was last updated at the bottom of the Privacy Policy. We encourage you to read this Privacy Policy carefully and to check Privacy Policy regularly to review any changes and/or updates we might take in accordance with the terms of this Privacy Policy.

1. Your personal data collected by the Company

We may directly collect your personal data from you, and/or Thailand Securities Depository Co. , Ltd. ,

and/or the nominated shareholders. The followings are example of personal data that may be collected:

1. Personal information: e.g. name, surname, signature, identification card number, passport number, and/or data on any similar cards issued by the government or government departments.
2. Contact information: e.g. address, telephone number, mobile phone number, email address, and/or social media account (e.g. line ID, Facebook).
3. Other information: e.g. shareholder identification number, evidence of shareholding for shareholders from securities companies (brokers), or other evidence from the Stock Exchange of Thailand or Thailand Securities Depository Co., Ltd., including work experience, personal records, and the educational background of persons who will be nominated to be elected as directors of the Company. If you visit our websites, we will gather certain information automatically from you by using tracking tools and cookies.

We will only collect, use, and/or disclose sensitive data on the basis of your explicit consent or where permitted by law.

If you provide personal data of any third party (such as father, mother, spouse, children, or emergency contact) to us, e.g., name-surname, address, relationship, contact details, and related documents, you represent and warrant that you have the authority to do so by (i) informing such other persons about this Privacy Policy; and (ii) obtaining consents (where required by law or necessary) to permit us to use such personal data in accordance with this Privacy Policy.

2. Objectives and legal basis for collection, use, processing, or disclosure of data and personal data

In addition to obtaining your consent where required by law, we may also rely on (1) legal obligation, for the fulfilment of our legal obligations; (2) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We may collect, use and/ or disclose personal data for the following purposes:

1

1. 1. For the purpose of proposing agenda items of the Annual General Meetings of Shareholders and nominating candidates for election as directors of the Company, including verifying your identity and carrying out other activities so as to comply with the law or the orders of governmental authorities in accordance with the Public Limited Companies Act B.E. 2535 (A.D. 1992), the Civil and the Civil and Commercial Code, or other laws.
   2. for the purpose of considering the qualifications of nominated candidates for election as directors of the Company, for retention as evidence of proposed agenda items of the Annual General Meeting of Shareholders, and for any activity as necessary related to the legitimate interests of the Company and other persons, to the extent that it is within the scope of the Company's objectives which you can reasonably expect.
2. Personal data disclosure
   The Company may disclose your personal data to the persons or via the means as set out below:
3. 1. Governmental authorities, law enforcement agencies, courts, supervisory agencies (i. e. , the
      Ministry of Commerce, the Office of the Securities and Exchange Commission, and the Stock Exchange of Thailand) , or other persons, where the Company has reason to believe that it is
      necessary to comply with the law or protect the rights of the Company, the rights of third parties, or the safety of persons, including with regard to performing duties necessary for the transfer or acceptance of the rights and/or duties of the Company;
   2. Shareholders, investors or other persons via the website of the Company, the Stock Exchange of Thailand, and Thailand Securities Depository Co., Ltd.
   3. Service providers, advisors, law enforcement agencies, courts, competent officers, government agencies, and other supervisory agencies; and
   4. Via electronic and print media used for reporting minutes of meetings and publicizing meetings.
4. Period of personal data storage
   The Company retains your personal data for as long as it is necessary to fulfil the purposes for which the

Company collected it. The Company may retain your personal data longer if it is necessary for the Company's compliance with applicable laws.

5. Your rights as a data subject

Subject to the applicable laws and legal exemptions thereunder, you may have the rights to access to, to obtain a copy of your personal data, to request the Company to disclose how your personal data is acquired without your consent, to transfer, amend, erase, destroy, and anonymize your personal data, including to object and suspend the collection, use and/or disclosure of your personal data in certain cases. You may withdraw your consent in the case that the Company is relying on such consent. In addition, if you consider that the Company violates the laws concerning personal data protection, you may lodge a complaint to the relevant authority as prescribed by law.

6. Data security

As a way to protect personal privacy of your personal data, we maintain appropriate security measures, which include administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of personal data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.

2

For additional details on the Company's data security, please see our full privacy policy at https://www.btsgroup.co.th/storage/download/privacy-policy/customer-privacy-policy-en.pdf

7. Our contact details

Should you have any questions, inquiries, or requests to exercise the rights in relation to your personal data, please kindly contact our Data Protection Officer (DPO) at

Data Protection Officer (DPO)

BTS Group Holdings Public Company Limited 21 TST Tower, Viphavadi-Rangsit Road,

Chomphon Sub-district, Chatuchak District, Bangkok 10900 Telephone number: 02 273 8611-5 ext. 1119

Email:dpo@btsgroup.co.th

This Privacy Policy shall become effective as from December 23, 2022.

3