Element Banner

Privacy Notice

  1. 1. Privacy Notice

    Pruksa Holding Public Company Limited (the “Company”) recognizes and places importance on the protection of personal data of its customers, service users, website visitors, investors, shareholders, business partners, and other individuals (collectively referred to as “you”). The Company strictly adheres to the principle of respecting and safeguarding your right to privacy.

    This Privacy Notice (the “Notice”) has therefore been prepared to inform you of the details of the purposes for the collection, use, or disclosure (collectively referred to as the “processing”) of personal data, as well as your rights under the Personal Data Protection Act B.E. 2562 (2019).

    For the purposes stated in this Notice, the Company processes your personal data as a data controller, meaning that the Company is entitled to make decisions regarding the collection, use, or disclosure of personal data.

    Please be informed that where any links appearing on the Company’s website may direct you to third-party websites or platforms, once you access such third-party websites or platforms, the collection, use, or disclosure of your personal data shall be governed solely by the privacy policies of such third parties. The Company therefore recommends that you read and understand the privacy policies of such third parties carefully before accessing or using their websites or platforms.

  2. 2. Purposes

    • To ensure that the Company’s operations relating to your personal data are conducted in compliance with the applicable personal data protection laws.
    • To serve as a channel for informing data subjects of the methods by which the Company collects, uses, discloses, and/or transfers personal data to overseas, as well as other details as required under the personal data protection laws (such as the retention period of personal data, data subject rights, or contact details).

  3. 3. Definitions

    "Personal Data" means any information relating to an individual that enables the identification of such individual, and shall include any other information relating to an individual that can identify such individual, whether directly or indirectly.

    "Sensitive Personal Data" means personal data as specifically prescribed under the Personal Data Protection Act, including racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data as may be prescribed by the Personal Data Protection Committee.

  4. 4. Collection of Personal Data

      1. Methods of Collection

        The Company collects your personal data through the Company’s website and application, customer service Centers (including telephone, postal mail, events, or seminars), as well as shareholder information obtained through securities brokers or securities registrars, or from other sources (such as business partners, service providers, public sources, or government authorities). The personal data collected by the Company depends on the nature of the relationship between you and the Company or the manner in which you use the Company’s products or services.

      2. Personal Data Collected by the Company

        Categories of Personal Data Details and Examples
        Personal Information e.g., title, first name, last name, gender, age, occupation-related information, marital status, etc.
        Contact Information e.g., address as stated in official documents, current address, type of residence, mobile phone number, email address, social media account identifiers (such as LINE ID or Facebook), records of interactions and communications, preferred communication channels, etc.
        Financial Information e.g., bank account details, numbers of shares, dividends, etc.
        Technical Data / Device Information e.g., information relating to the use of wireless internet services at the juristic person’s office (Wi-Fi at a co-working space), identifiable cookies, information technology (IT) data, etc.
        Other Information e.g., data obtained from closed-circuit television (CCTV) systems, information relating to participation in activities (such as image, audio, or video recordings), details of complaints, marketing information, and data obtained from surveys, etc.

      3. Personal Data of Third Parties

        Where you provide the Company with personal data of third parties (such as directors, authorized representatives, authorized signatories of your affiliated company, close persons, or references), you are responsible for informing such third parties of the details set out in this Policy regarding the collection, use, disclosure, and/or overseas transfer of personal data; obtaining their consent or ensuring that another lawful basis exists for the collection, use, disclosure, and/or overseas transfer of such third parties’ personal data; and enabling the Company to collect, use, disclose, and/or transfer such personal data to overseas in accordance with applicable laws.

      4. Personal Data of Minors, Quasi-Incompetent Persons, and Incompetent Persons

        The Company has no intention to collect personal data of minors, quasi-incompetent persons, or incompetent persons, unless the Company has obtained prior consent from the person exercising parental power on behalf of the minor (where consent is required and the minor is legally unable to provide consent on his or her own), a guardian, or a curator, as the case may be.

        In the event that the Company becomes aware that it has unintentionally collected personal data of a minor, quasi-incompetent person, or incompetent person without obtaining consent from the person exercising parental power, guardian, or curator (as applicable), the Company shall promptly delete such personal data as soon as practicable, unless the Company has a legitimate reason and an applicable lawful basis that permits the Company to collect, use, disclose, and/or transfer such personal data overseas in accordance with applicable laws.

    Failure to provide personal data to the Company may have certain consequences for you. In particular, the Company may be unable to carry out your requests or perform its obligations under a contract, and may be unable to offer or provide the Company’s products or services to you. As a result, you may not receive convenience or may not receive performance in accordance with the contract.

  5. 5. Purposes of Processing Personal Data and Applicable Legal Bases

    The Company will collect, use, or disclose your personal data only to the extent necessary or as required by applicable laws. Except where the Company expressly states that the collection, use, or disclosure of personal data is based on your consent, the Company relies on other lawful bases for the collection, use, or disclosure of personal data, as follows: (1) contractual basis; (2) vital interests basis; (3) legal obligation basis; (4) public task basis; (5) legitimate interests basis; (6) archival, research, or statistical purposes basis; and/or (7) any other legal bases as permitted under applicable laws.

    Certain purposes set out may apply to some customers and may not apply to others. Please consider the nature of the purposes in light of the relationship between you and the Company.

    1. Purposes Requiring Consent

      Purpose Details
      For Marketing Communications e.g., for promoting products or services of business partners in cases where other lawful bases cannot be relied upon.

      The Company will collect, use, and/or disclose personal data only with your explicit consent or where such collection, use, and/or disclosure is permitted by applicable law.

    2. Other Purposes Based on Other Applicable Legal Bases

      Purpose Details
      For Communication Purposes e.g., coordinating and communicating with you, and receiving and handling complaints through various communication channels.
      For Marketing Communications e.g., strategic planning relating to public relations, publicity, advertising, offering residential properties for sale, digital marketing or social media marketing, offering special privileges to registered users, marketing communications through service providers (e.g., organizing marketing events), analyzing customer data for the purpose of offering other projects, and/or offering financial products to promote the purchase of products within the Pruksa Group or from selected business partners whose products or services are deemed beneficial to you.
      For Customer Relationship Management e.g.,establishing and maintaining customer databases, updating customer information, organizing events, press conferences, and exhibitions, granting benefits and privileges, assessing customer satisfaction, receiving complaints, considering complaints, and resolving complaint-related issues.
      For Internal Management and Data Analysis e.g., preparing reports and analyzing operational performance, considering investments in new businesses, investing in and expanding businesses related to the Company’s existing operations, preparing internal control checklists, audit reports, and reports relating to fraud, developing and presenting risk management approaches, developing processes, tools, systems, and/or analytical models for risk management purposes, designing and developing database structures and/or risk models, establishing risk assessment guidelines, supervising, monitoring, and collecting evidence, and establishing, exercising, or defending legal claims.
      For Legal Obligation e.g., complying with the Company’s policies, announcements, or orders, complying with applicable laws and regulations to which the Company is subject, cooperating with government authorities or other competent authorities, and submitting notifications or reports as required by law.
      For the Prevention or Suppression of Danger e.g., preventing or suppressing threats to life, body, or health of any person.

  6. 6. Disclosure of Personal Data

    The Company may disclose your personal data to the following categories of recipients. Certain categories of recipients may apply only to specific customers and may not apply to others. Please consider the purpose of the disclosure in relation to your specific relationship with the Company.

    Category of Recipients Details and Examples
    Affiliated Companies Companies within the Pruksa Holding Group and the Vimut Hospital Holding Group may also access your personal data to fulfill the purposes set forth in this Privacy Policy. In such cases, these affiliated companies may rely on the consent obtained by the Company as if such consent were granted to them.
    Service Providers The Company may engage external service providers to perform tasks on behalf of, in the name of, or in support of the Company’s operations. This may include, without limitation, disclosure of your personal data to: IT and computer system service providers; digital agency organizers; customer service centers; event organizers; SMS service providers; and business incubators.
    Business Partner The Company may disclose your personal data to its business partners, such as banks or financial institutions.
    Independent Advisors The Company may disclose personal data to independent advisors to ensure the Company’s operations comply with the purposes set forth in this Privacy Policy and applicable laws. Such advisors may include, but are not limited to, project consultants/ financial advisors/ legal advisors/accounting advisors/ IT consultants/ data analytics consultants/ and investment/financial consultants.
    Government Agencies The Company may be required to disclose your personal data to comply with laws, regulations, or cooperate with governmental authorities and state agencies, law enforcement authorities, or other entities as deemed appropriate by the Company. Such recipients may include, but are not limited to, the Department of Lands, Department of Highways, Revenue Department, Excise Department, Customs Department, Department of Intellectual Property, Department of Business Development, local administrative offices, the Securities and Exchange Commission, Anti-Money Laundering Office, National Anti-Corruption Commission, Royal Thai Police, courts, and/or other relevant state authorities or entities requesting data on a case-by-case basis

  7. 7. Cross-Border Transfer of Personal Data

    Company may disclose your personal data to recipients located outside Thailand (e.g., for cloud backup services with servers located abroad, or sales agents or representatives of the Company’s products based overseas). The destination countries may or may not provide a level of personal data protection equivalent to that required under Thai law. Accordingly, the Company shall implement appropriate measures and safeguards to ensure that the cross-border transfer of your personal data is conducted securely and that such recipients maintain adequate personal data protection standards, or that other legally permitted exceptions under applicable data protection laws are applied.

  8. 8. Retention Period of Personal Data

    The Company may retain your personal data for a period reasonably necessary to achieve the purposes for which the data was collected, or for a longer period as required by applicable personal data laws, the statute of limitations, your request, and/or other applicable legal requirements.

  9. 9. Security Measures for Personal Data

    1. To prevent the loss, destruction, alteration, unauthorized use, disclosure, or access of personal data in violation of applicable laws, the Company shall implement comprehensive security measures encompassing administrative, technical, and physical safeguards. Such measures may include, but are not limited to: controlling access to personal data and the devices used for its storage and processing, taking into account operational use and security requirements; establishing user access rights and permissions for the use, disclosure, or processing of personal data; managing user access; defining user responsibilities to prevent unauthorized access, disclosure, awareness, or copying of personal data; safeguarding against theft of devices used to store or process personal data; providing mechanisms for audit trails regarding access, modification, deletion, or transfer of personal data; ensuring that such measures are appropriate to the methods and media used for the collection, use, or disclosure of personal data; and verifying or authenticating the identity of individuals accessing or using personal data in accordance with the Company’s information security policies.
    2. In the event of any breach of the Company’s security measures resulting in a personal data violation or unauthorized disclosure to the public, the Company shall promptly notify the data subject and provide a remediation plan to mitigate the effects of such breach or disclosure caused by the Company’s negligence. The Company shall not be held liable for any damages arising from the use or disclosure of personal data by third parties, including any negligence or failure to log out from the Company’s databases or social media systems by the data subject or any person authorized by the data subject.

  10. 10. Amendment of the Privacy Policy

    The Company reserves the right to amend, update, or revise this Privacy Policy from time to time. Any such revised version of the Privacy Policy will be published on the Company’s website. The Company may provide notice of such amendments only in the event of material changes. Accordingly, you are encouraged to periodically review this Privacy Policy to remain informed of any updates or modifications.

  11. 11. Cookies Policy

    The Company employs cookies to store and recognize user information until the browser session ends, or until the user deletes or opts out of cookie collection. Allowing the use of cookies enhances your experience on the website, as cookies facilitate the retention of information regarding pages you have visited or actions you have taken. The Company may use the data collected through cookies for statistical analysis and/or other legitimate business purposes, including the improvement and optimization of the Company’s products and services.

  12. 12. Rights of Data Subjects

    Under applicable personal data protection laws, you, as a data subject, are entitled to the following rights:

    1. Right to Withdraw Consent You have the right to withdraw any consent previously provided to the Company for the collection, use, or disclosure of your personal data at any time. Please note that refusal or withdrawal of consent may affect the Company’s ability to perform contractual obligations or comply with legal requirements. For detailed information regarding potential impacts, please contact the Company via the channels set out in Section 13.
    2. Right of Access and Copy of Personal Data You may have the right to request access to, and obtain a copy of, your personal data held by the Company, as well as to request information regarding the source of such data. To ensure the security of personal data, the Company may require verification of the requester’s identity prior to providing the requested information.
    3. Right to Rectification You may have the right to request correction of your personal data if it is incomplete, inaccurate, misleading, or outdated.
    4. Right to Data Portability You may have the right to receive your personal data in an electronic format and, where applicable, to request that the Company transmit or transfer such personal data to another data controller in accordance with applicable legal requirements.
    5. Right to Object You may have the right to object to the collection, use, or disclosure of your personal data in certain circumstances, such as for direct marketing purposes.
    6. Right to Restrict Processing You may have the right to request that the Company restrict the processing of your personal data in certain circumstances.
    7. Right to Erasure You may have the right to request that the Company delete or destroy your personal data, or render such data anonymous so that it can no longer identify you, in accordance with applicable legal requirements.
    8. Right to Lodge a Complaint You have the right to lodge a complaint with the competent authority if you believe that the collection, use, and/or disclosure of your personal data is unlawful or not in compliance with applicable personal data protection laws. However, the Company requests the opportunity to address and resolve any concerns or complaints before you escalate the matter to the relevant authorities.

    The exercise of the above rights may be subject to limitations or exceptions under applicable law that prevent the Company from fulfilling a request. In such cases, the Company will provide you with the reasons for any denial of your request.

  13. 13. Contact Channels

    If you wish to contact the Company, have any questions, or would like to inquire about the processing of your personal data, including your rights as a data subject under this Privacy Policy, or in the event you believe your personal data has been misused, you may contact the Company through the following channels:

    1. Pruksa Holding Public Company Limited
      • Address: 1177, 23rd Floor Pearl Bangkok Building, Phaholyothin Road, Phayathai Subdistrict, Phayathai District, Bangkok 10400, Thailand
      • Telephone: +66 2 080 1739
    2. Data Protection Officer (DPO)
      • Address: 1177, 24th Floor Pearl Bangkok Building, Phaholyothin Road, Phayathai Subdistrict, Phayathai District, Bangkok 10400, Thailand
      • Telephone: +66 2 080 1739
      • E-mail : dpo-office@pruksa.com

    Revision 2
    Announced on December 23, 2025