1. Commitment Statement

ACS Aviation Consultant and Services Co., Ltd. respects and prioritizes the importance of personal data protection. To ensure transparency, the Company has established and published this Personal Data Protection and Processing Policy. This policy serves to inform the general public and external stakeholders of our practices, while remaining strictly binding for all executives, employees, and internal personnel to ensure a unified standard of conduct. All responsible officers and management are required to support and monitor operations diligently to ensure full compliance with the Personal Data Protection Act BE 2019 (PDPA) of Thailand, as well as applicable international data protection standards.

The Company guarantees that all processing of personal data will be conducted lawfully, fairly, and transparently, supported by appropriate security measures to ensure the utmost data integrity and safety.

2. Definitions

• The Company refers to ACS Aviation Consultant and Services Co., Ltd.
• Personal Data refers to any information relating to an individual which enables the identification of such individual, whether directly or indirectly, excluding the information of deceased persons. Examples include name, surname, email address, telephone number, IP address, and photographs.
• Processing refers to any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, use, disclosure, transmission, dissemination, transfer, alignment, combination, erasure, or destruction.
• Data Subject refers to a natural person who is the owner of the Personal Data that the Company collects, uses, or discloses.
• Data Protection Officer (DPO) refers to the person responsible for overseeing all personal data within the organization, whether internal or external. The DPO's duties include providing advice, auditing, and monitoring the use of personal data to ensure compliance with relevant data protection laws.
• Data Controller refers to a person or a legal entity having the power and duties to make decisions regarding the collection, use, or disclosure of Personal Data.

3. Scope

This Policy applies to all directors, employees, consultants, contractors, and third parties acting on behalf of the Company who may access, process, or manage personal data.

4. Personal Data Processing Activities

As a professional consulting service provider, ACS processes personal data only where necessary for:

• Client engagement and service delivery.
• Contractual and regulatory compliance.
• Business communication.
• Employment and vendor management.

ACS does not engage in large-scale or high-risk personal data processing unless specifically required under client contractual scope.

5. Data Protection Principles

• Lawfulness, Fairness and Transparency; Personal data is collected and processed only for legitimate business purposes and in compliance with applicable laws.

• Consent and Notice; Where required, appropriate consent will be obtained and individuals will be provided with clear privacy notices.

• Purpose Limitation: Personal data will only be used for defined and Legitimate purposes.

• Data Minimization; Only personal data necessary for business or legal

The purposes will be collected.

• Retention Limitation: Personal data will only be retained for as long as required for business, legal, or contractual obligations.

6. Data Security and Protection Measures

ACS implements appropriate administrative, technical, and organizational safeguards to protect personal data against unauthorized access, disclosure, alteration, or loss.

7. Third-Party Data Sharing

Where personal data is shared with third parties, the Company ensures that such third parties

• Are reputable and trusted business partners Maintain appropriate data
• Protection and confidentiality controls
• Comply with applicable data protection laws

8. Data Subject Rights

ACS respects the rights of data subjects under applicable laws, including rights to access, correction, deletion, restriction, and withdrawal of consent where applicable.

9. Cross-Border Data Transfer

Where personal data is transferred internationally, ACS ensures appropriate safeguards are in place in accordance with applicable data protection laws and contractual obligations.

10. Data Storage and Protection

ACS ensures that personal data is stored securely and protected from unauthorized access, loss, or misuse. Appropriate security measures are implemented based on the nature and sensitivity of personal data.

11. Data Access Control

ACS ensures that access to personal data is restricted only to authorized personnel who require access for legitimate business purposes.

Access control measures include:

• Role-Based Access Control
• Role-based access restrictions
• Password protection and system security controls (where applicable)
• Need-to-know access limitations
• Management oversight of data access activities

All personnel must maintain confidentiality of personal data.

12. Incident and Breach Management

ACS will take appropriate action to investigate, manage, and mitigate any suspected data breach. Where required by law or contractual obligation, relevant parties will be notified accordingly.

13. Governance and Responsibility

Managing Director is responsible for ensuring implementation of this Policy and promoting data protection awareness across the company.

All personnel must comply with this Policy and report any suspected data protection incident.

14. Policy Review

This Policy will be reviewed periodically to ensure continued compliance with applicable laws and regulatory requirements.

15. Contact Information

Should you have any questions, suggestions, or require further details regarding the protection of your personal data, please do not hesitate to contact the Company through the following channels:

ACS Aviation Consultant and Services Co., Ltd.

Address: 100/548, Soi Cheang Watthana 10 Yeak 9-1 (Mi Suk), Thung Song Hong Sub-district, Lak Si District, Bang Chan Sub-District, Klong Sam Wa District Bangkok.