DATA SUBJECT ACTION REQUEST FORM

Data Subject Action Request Form

Christiani & Nielsen (Thai) Public Company Limited and its Subsidiaries (the “Company”)

The Personal Data Protection Act B.E. 2562 (the “PDPA”) gives a Data Subject certain rights as specified herein in relation to Personal Data. A Data Subject is able to exercise any of the said rights by providing the following information to the Company as Data Controller.

Section 1 - Applicant’s Details

Name (Required)

Address (Required)

Contact Number (Required)

Email (Required)

Are you the Data Subject?

The Applicant is the Data Subject.

I have attached the following identification documents with self-attestation for the right to access Personal Data:

A copy of valid Identity Card (Thai Nationality)

A copy of valid passport (Foreigner)

Upload File(.jpg ||.png||.pdf)

The Applicant is NOT the Data Subject.

Name

Address

Contact Number

I have attached a completed Power of Attorney with original signatures of both the Data Subject and myself as the Attorney. In addition, I have provided one of the following identity documents with self-attestation

A copy of valid Identity Card of Data Subject (Thai Nationality)

A copy of valid passport of Data Subject (Foreigner)

Upload File(.jpg ||.png||.pdf)

I have attached the following identification documents of the Data Subject with self-attestation:

A copy of valid Identity Card (Thai Nationality)

A copy of valid Passport (Foreigner)

Upload File(.jpg ||.png||.pdf)

The Company reserves the right to request more information or additional documents from the Applicant. The Company also reserves the right to reject any request for which the Applicant cannot prove that he/she is the Data Subject or the Attorney.

Section 2 - Rights of Data Subject

Please select the type of Right you wish to exercise by placing a check mark (√) in the box in front of the rights (choose only one right). (Required)

Right of Access

Right to Withdraw Consent

Right to Rectification

Right to Erasure

Right to Restriction of Processing

Right to Data Portability

Right to Object

Please provide Personal Data you wish to exercise the rights:

Personal Data 1 (Required)

Personal Data 2

Personal Data 3

Personal Data 4

Please provide reasons for this request: (Required)

Disclaimer of the Data Controller:

In case any of the following occurs, the Company may need to deny your request.
(1) Applicant fails to clearly prove that the Applicant is the Data Subject or certified Proxy.
(2) Such request does not have reasonable ground, for example, where the Applicant does not have the right to request access to Personal Data or the Company does not own such Personal Data.
(3) Such requests are superfluous, i.e., all requests are the same nature or are repeating the same content without justification.
(4) The Company is unable to provide you with access, make copies, or disclose information regarding the acquisition of Personal Data, if this would be in contravention of the law or a court order or otherwise, if the fulfilment of such a request will have an adverse impact on the rights and liberties of others.
After considering the reason of your request, the Company will notify the result of the consideration and take relevant actions within 30 days from the date of receiving the request.
In the event that the Company refuses to process your request, you can make a complaint to the Personal Data Protection Committee at the Office of the Personal Data Protection Committee, Ministry of Digital Economy and Society.

Acknowledgment and Consent

By way of execution below, I have carefully read and understood the contents of this request and confirm that the information that has been given to the Company is true and correct. I understand that the verification process of my authority is essential in order to exercise Data Subject Rights. The Company may request additional information from me for such investigations in order to ensure the correctness and completeness of the proceedings, permission of access, copying or disclosure of the acquisition of information. If I provide false statement and/or information with fraudulent intent, I may be prosecuted under the applicable law. (Required)