Personal Data Protection Policy

Effective Date: 14th November 2025

Beacon Offshore Ltd. (the "Company") prioritizes the protection of Personal Data and compliance with Personal Data protection laws. Therefore, the Company has established this Personal Data Protection Policy to inform any Data Subject who has a legal relationship with or contacts the Company who collects Personal Data electronically or by paper to acknowledge the Company’s treatment of Personal Data, such as the collection, use, disclosure, and retention of Personal Data, as well as the rights of the Data Subject. The Company also assures that it will maintain the security of the Data Subject's Personal Data. When necessary, the Company may revise this Policy to ensure the appropriateness and notify the Data Subject further. The Company's Personal Data protection policy is as follows:

1. Scope of Application

The Company will comply with this Policy and will ensure that all employees, personnel, and those involved in the processing of Personal Data as directed by the Company, including those to whom Personal Data has been disclosed by the Company, strictly comply with this Policy.

2. Definitions

  • “Person” means an individual.
  • “Personal Data” means any information relating to an individual that can directly or indirectly identify that individual, but does not specifically include information about deceased persons.
  • “Sensitive Personal Data” means information that is truly personal to an individual but is sensitive and potentially subject to unfair discrimination, such as race, ethnicity, political opinions, religious or philosophical beliefs, behavior, sexual orientation, criminal history, health information, and disability, trade union data, genetic data, biometric data, or any other data that affects the Personal Data Subject in a similar manner as specified by the Notification of Personal Data Protection Commission.
  • "Processing" means any operation performed on Personal Data or sets of Personal Data, whether or not automated, such as collecting, recording, copying, organizing, storing, updating, altering, using, retrieving, disclosing, forwarding, disseminating, transferring, merging, deleting, destroying, etc.
  • "Data Subject" means an individual who is the owner of Personal Data.
  • "Data Controller" means an individual or legal entity that has the authority to decide on the collection, use, or disclosure of Personal Data.
  • "Data Processor" means an individual or legal entity that processes Personal Data collection, use, or disclosure in accordance with the Data Protection Act. Under the orders of or on behalf of a Data Controller. Any individual or legal entity who performs such actions is not the Data Controller.
  • "Service User" means any Data Subject who contacts the Company through various channels, such as the website, email, telephone, etc.
  • "Website" means a website owned or provided by the Company, as applicable.
  • "Cookies" mean small computer files that temporarily store necessary Personal Data on the computer, smartphone, or tablet of the Data Subject. This is for the convenience and speed of communication and is effective only while using the website system.

3. Personal Data Collected by the Company

3.1 General Personal Data includes:

  • Personal Data used to identify individuals, such as first and last name, national identification card number, passport number, date of birth, gender, age, nationality, marital status, occupation;
  • Contact information, such as address, phone number, email;
  • Financial information or transaction information, such as bank account numbers, credit card numbers;
  • Company contacts information, such as audio or video recordings when contacting the Company;
  • Company activity participation information, such as still image or video recordings;
  • Technical information, such as website and system access information, computer traffic logs, communication information, mobile network information, connection information, geographic location information, login and logout records, system usage history records, transaction history information, user behavior, login statistics, and system visit times;
  • Information about the Geolocation Data, such as IP address or GPS location data.

3.2 Sensitive Personal Data

Such as health data, disability data, nationality, religion, fingerprints, and voice identification data.

3.3 Personal Data of Other Third Parties

If a Data Subject provides the Personal Data of other third parties who are personnel of a legal entity and/or related to the Personal Data Subject to the Company, such as shareholders, directors, authorized representatives, family members, references, partners, guarantors, mortgagors, collateral providers, beneficiaries, estate administrators, and emergency contacts, the Data Subject is responsible for informing these individuals of the details in this Company Policy and requesting their consent if necessary, or if other legal basis is required in order to ensure that the Company can collect, use or disclose the Personal Data of those third-party individuals.

4. Sources of Personal Data

The collection of Personal Data relating to the Data Subject may occur when the Data Subject provides the data directly to the Company, or the Company receives the data from other sources subject to legal requirements. In some cases, the Company will collect and use Personal Data with which the Company has, may have, or has had a direct relationship.

Furthermore, in some cases, the Company may collect Personal Data relating to the Data Subject even though the Company does not have a direct relationship with the Data Subject. This may occur in various ways, such as when the Data Subject's employer is required to provide the Data Subject's data to the Company, or when a person with a direct relationship with the Company is required to provide the Data Subject's Personal Data to the Company. The Company believes in good faith that such person has the right to collect and disclose the Data Subject's Personal Data to the Company.

5. Purpose of Collection, Use, or Disclosure of Personal Data

The Company collects, uses, or discloses Personal Data for various purposes, depending on the nature of the relationship between the Data Subject and the Company, as follows:

  • 5.1 To verify identity, including address verification, and verify the accuracy of any information the Data Subject provides to the Company as a contracting party or as the Data Subject is a director, representative, attorney, or person acting on behalf of a legal entity, and to consider and approve contracts between the Company and the Data Subject or legal entity in which the Data Subject is a director, representative, attorney, or person acting on behalf of such legal entity.
  • 5.2 To perform contracts, make payments, collect payments, receive or transmit data, and communicate between the Data Subject and the Company and compliance with the Company's internal processes.
  • 5.3 To maintain relationships with the Company's customers, such as communicating with Data Subject to provide information about the Company's services, handling complaints, etc.
  • 5.4 To survey Data Subject's satisfaction with the Company's services.
  • 5.5 To maintain security within the Company's buildings and premises, such as recording images of those who come into contact with the Company at the Company's buildings and premises via CCTV.
  • 5.6 To carry out necessary actions for the consideration and selection of job applicants, which includes the application process through online application channels via the Company's website, applying directly to the Company or through a recruitment service provider, interview procedures, and selection and evaluation procedures. Procedures for offering employment contracts to Data Subject and other related work management processes.
  • 5.7 To conduct pre-employment qualification checks as required by law, including checking necessary information and checking information from references provided by Data Subject or checking previous employment history to support the decision to hire for the Company and conclude an employment contract.
  • 5.8 To conduct the Company's internal operations related to auditing, supervision, and internal control, risk management and business continuity management.
  • 5.9 To comply with the Company's domestic and international laws, regulations, orders, requirements, and obligations.
  • 5.10 To transfer any rights, duties, and benefits under a contract between the Data Subject and the Company, as a contractual party or in the capacity of the Data Subject as a director, representative, attorney, or person acting on behalf of a legal entity, such as a merger or transfer of contract, which has been lawfully executed.
  • 5.11 To use cookies. When visiting the Company's website, cookies may be placed on the Service User's device and information is automatically collected. Some cookies are necessary for the website to function properly, and some are provided for the convenience of website users.

6. Disclosure of Personal Data

In carrying out the specified purposes, the Company may disclose Personal Data of the Personal Data Subject to the following external parties:

  • 6.1 Subsidiaries and affiliated companies, as well as business partners or clients for the purposes of business operations, internal management, and other related activities.
  • 6.2 Agents, contractors, subcontractors, or service providers for any operations, such as transportation providers, printing houses, IT system development and maintenance contractors, or any consultants to support Company’s operations.
  • 6.3 Government agencies, regulatory agencies, or other agencies as prescribed by law, including officials exercising legal authority, such as the Department of Business Development, the Securities and Exchange Commission, the Stock Exchange of Thailand, the Revenue Department, or upon receipt of a summons or seizure order from other law enforcement agencies.
  • 6.4 Third parties, under the consent of the Data Subject, as stipulated in the contract, or as required by law, as applicable.
  • 6.5 Transferees or purchasers of businesses and/or advisors to the purchasers of businesses in the event of business restructuring, disposal, or transfer or the Company's assets.

Furthermore, if the Company wishes to collect, use, or disclose additional Personal Data or there is change in the purposes for collecting, using, or disclosing Personal Data, the Company will notify the Data Subject before processing that Personal Data, unless required or permitted by law.

7. Period for Retention of Personal Data

The Company will retain the Personal Data of the Data Subject for a period which is necessary for the purpose of collection, use or disclosure of the Personal Data specified in this policy or as consented to by the Data Subject. The criteria which determines the retention such as the period during which the Company maintains a relationship with the Data Subject and the data may be retained for a period necessary for compliance with the law or within the legal statute of limitations, for the establishment of legal claims, the exercise of legal claims, or the defense of legal claims, or for other reasons in accordance with the Company's internal policies and regulations.

After the retention period has expired and the Personal Data of the Data Subject is no longer necessary for the aforementioned purposes, the Company will delete, destroy, or anonymize the Personal Data of the Data Subject.

However, in the event of a dispute over the exercise of rights or a lawsuit related to the Personal Data of the Data Subject, the Company reserves the right to continue retaining such data until a final order or judgment is reached in the dispute.

8. Security of Personal Data

The Company has established appropriate and stringent security measures to maintain the security of Personal Data to prevent loss, access, use, alteration, modification, or disclosure of Personal Data without authorization or inappropriately.

In the event that the Company entrusts another person or legal entity to process Personal Data at its command or on its behalf, the Company will appropriately supervise such person or legal entity to ensure that such person maintains the security of Personal Data in accordance with the law.

9. Rights of Personal Data Subject

The Data Subject has the following rights:

9.1 Right to Withdraw Consent

The Data Subject has the right to withdraw the consent to the processing of his/her Personal Data, which he/she has provided to the Company, at any time during the period his/her Personal Data is held by the Company, unless such withdrawal of consent is restricted by law or a contract that benefits the Data Subject. However, such withdrawal of consent will not affect the processing of Personal Data for which he/she has previously consented to the Company in accordance with law.

9.2 Right to Access Personal Data

The Data Subject has the right to access his/her Personal Data and request that the Company provides a copy of such Personal Data to them, including requesting that the Company discloses the source of the Personal Data to which he/she has not provided consent.

9.3 Right to Correct Personal Data

The Data Subject has the right to request that the Company correct his/her Personal Data to ensure that it is accurate, current, complete, and free from misunderstanding.

9.4 Right to Erase Personal Data

The Data Subject has the right to request that the Company delete, destroy, or anonymize his/her Personal Data for reasons stipulated by law.

9.5 Right to Restrict Use of Personal Data

The Data Subject has the right to restrict the use of his/her Personal Data for reasons stipulated by law.

9.6 Right to Have Personal Data Sent or Transferred

If the Company has made the Personal Data available in a format that is generally readable or usable by automated tools or devices, and allows the use or disclosure of Personal Data by automated means, the Data Subject has the right to request that the Company transfers the Personal Data he/she has provided to the Company to another Data Controller or to the Data Subject itself.

9.7 Right to Object to Personal Data Processing

The Data Subject has the right to object to the processing of his/her Personal Data as stipulated by law.

9.8 Right to Complaint

The Data Subject has the right to file a complaint with the competent officer under the Personal Data Protection Act B.E. 2562 (2019) if the Company violates or fails to comply with the Act.

10. Sending or Transferring Personal Data Abroad

In the event that the Company sends or transfers Personal Data abroad, the Company will take steps to ensure that the destination country has adequate Personal Data protection standards.

However, in the event that the destination country does not have adequate Personal Data protection standards, such sending or transferring of Personal Data will be subject to the exceptions stipulated by law, and the Company will provide appropriate protection and security measures.

11. Accessing other Websites via the Company's Website

Access to the Company's website is subject to this policy. If Service User visits other websites, even through the Company's website, the protection of Personal Data will be in accordance with the privacy policy of that website, which is not affiliated with the Company.

12. Contact Channels

In case of any questions or further inquiries regarding Personal Data protection, collection, use, or disclosure of Personal Data, including exercising rights under this policy, or making any complaints, you may contact the Company and/or the DPO through the following channels:

  • Company: Beacon Offshore Ltd.
  • Address: 121/46, Moo 4, Phlu Ta Luang Sub-district, Sattahip District, Chonburi Province 20180
  • Email: DPO@beacon-offshore.com
  • Telephone: 038 348080-7 ext. 119

13. Review of Personal Data Protection Policy

The Company reviews and may amend this Policy as appropriate to ensure that Personal Data of Data Subject is properly protected. Therefore, we encourage the Data Subject to read this Privacy Policy every time he/she visits or uses the Company's services or website.

This Policy has been reviewed and approved by the Company's Board of Directors at the 6/2025 Board of Directors Meeting, held on 13th November 2025, effective 14th November 2025 onwards.