Hino Motors Asia Ltd.

Announcement No. 10/2025

Effective Date: 15 August 2025

Hino Motors Asia Ltd. (the “Company”) recognizes and places utmost importance on the protection of your personal data. The Company is committed to conducting business with integrity,

transparency, and accountability to build trust among customers, business partners, employees, and all stakeholders. This Policy has been established to explain the Company’s approach

to the collection, use, disclosure, and protection of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and other relevant laws.

For more details, click (Privacy Policy)

1. Scope of Application

Customers Individuals who are customers or interested in the Company’s products and services

Business Partners Individual dealers, suppliers, service providers, and contractual counterparties

Employees and Job Applicants Current and former employees, job applicants, and referees

Visitors Individuals visiting the Company’s office, factory, or premises

Online Users Individuals accessing the Company’s website or digital platforms

Other Individuals Any other persons whose personal data the Company may collect for business purposes

2. Definitions

For clarity and consistency, key terms in this Policy are defined as follows:

“Personal Data” means any information relating to a person that enables the identification of such person, whether directly or indirectly, but excluding information of deceased persons.

“Special Category of Personal Data” means personal data pertaining to race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union membership, genetic data, biometric data, or any other data as prescribed by the Personal Data Protection Committee.

“Data Controller” refers to a person or legal entity with the authority to make decisions regarding the collection, use, or disclosure of personal data.

“Data Processor” refers to a person or legal entity that collects, uses, or discloses personal data on behalf of or under the instructions of the Data Controller, but who is not the Data Controller themselves.

“Data Protection Officer” or “DPO” means a person or legal entity appointed by the Company to perform the duties under the PDPA.

“Personal Data Protection Committee” means the committee appointed under the PDPA responsible for issuing rules, regulations, and guidance related to personal data protection.

3. How the Company Collects Your Personal Data

The Company may collect your personal data through the following means:

3.1 Directly from You – Such as when signing contracts (e.g., sales, service, or employment contracts), making inquiries, participating in marketing events, filling out forms (on paper or online), submitting job applications, exchanging business cards, or communicating via email, phone, or other channels.

3.2 Automated technologies – Such as via cookies or similar technologies on the Company’s website, or through CCTV footage when entering Company premises for safety purposes.

3.3 Third Parties – Including affiliated companies within the Hino Group, business partners, government agencies (e.g., Revenue Department, Social Security Office), recruitment agencies, referees,

or public sources.

4. Purposes and Legal Bases for Processing Personal Data

The Company processes your personal data based on lawful grounds and only for necessary purposes, including:

4.1 Contractual Basis: To fulfill contractual obligations (e.g., sales, employment, or service agreements).

4.2 Legal Obligation: To comply with legal requirements (e.g., tax, labor laws).

4.3 Legitimate Interest: For the Company’s legitimate interests that do not override your fundamental rights (e.g., CCTV monitoring, data analytics, customer relationship management).

4.4 Consent: For activities requiring your explicit consent (e.g., direct marketing, processing of Special Category of personal data unless exempted by law).

4.5 Other Legal Grounds: Including public interest, vital interest, or archiving/research purposes in accordance with applicable laws.

The Company does not process special categories of personal data unless it is necessary, explicit consent has been given or processing is permitted by law (e.g., for labor protection purposes).

5. Disclosure of Your Personal Data

The Company may disclose your personal data to the following entities, only when necessary and for the specified purposes:

5.1 Internal Departments: Only to relevant personnel on a need-to-know basis.

5.2 Affiliates within the Hino Group: For internal administrative and business support purposes.

5.3 Third-Party Service Providers (Data Processors): Including IT providers, cloud services, logistics providers, legal advisors, and auditors under strict data processing agreements.

5.4 Business Partners: Such as service centers or financial institutions, for purposes such as credit processing.

5.5 Government agencies or state enterprises: Including the Revenue Department, the Social Security Office, the Industrial Estate Authority of Thailand, the Ministry of Labour, the Ministry of Commerce,

the Customs Department, the Excise Department, or other regulatory authorities as required by law or by court order.

6. Cross-Border Data Transfers

The Company may transfer your personal data to foreign countries in specific circumstances (e.g., cloud storage with servers overseas or reporting to the parent company). The Company will ensure that appropriate safeguards or adequate data protection standards are in place as required by law.

7. Data Retention Period

The Company retains personal data only as long as necessary to fulfill the stated purposes or as required by law. Examples include Accounting and tax data: retained in compliance with legal requirements. Employment data: retained during employment and for a period thereafter for legal and reference purposes. Job application data: if not selected, retained briefly for future opportunities (unless deletion is requested). Upon expiration of the retention period, the data will be deleted, destroyed, or anonymized

8. Your Rights as a Data Subject

Under the PDPA, you have the following rights:

8.1 Right to Withdraw Consent: You may withdraw your consent to the processing of your personal data at any time.

8.2 Right of Access: You have the right to access your personal data and request a copy, as well as verify how it is lawfully processed.

8.3 Right to Rectification: You may request correction or updating of your personal data if it is inaccurate or incomplete.

8.4 Right to Erasure: You may request the deletion, destruction, or anonymization of your personal data if it is no longer necessary or if it was unlawfully processed.

8.5 Right to Restrict Processing: You may request a temporary suspension of data processing under certain conditions.

8.6 Right to Object: You may object to the processing of your personal data for specific purposes, such as direct marketing.

8.7 Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format or request that it be transmitted to another data controller.

8.8 Right to Lodge a Complaint: You have the right to file a complaint with the competent authority if you believe your personal data is being processed unlawfully or in violation of the PDPA.

These rights may be subject to limitations under applicable laws, and the Company may lawfully deny certain requests

9. Data Security Measures

The Company implements appropriate technical and organizational measures to protect personal data from unauthorized access, use, alteration, or disclosure. These include access control measures, encryption, firewalls, regular staff training, and incident response procedures

10. Roles and Responsibilities

To ensure data protection, the Company assigns clear roles and responsibilities as follows:

10.1 Executive Management

10.1.1 Approves and endorses this Policy, aligning it with business direction and legal requirements.

10.1.2 Allocates sufficient resources (budget, personnel, tools).

10.1.3 Promotes a culture of privacy throughout the organization.

10.1.4 Oversees policy implementation and reviews significant risks or incidents.

10.2 Data Protection Working Group and Data Protection Officer (DPO)

10.2.1 Advises management and employees on legal compliance and policy interpretation.

10.2.2 Monitors internal data processing and supports data protection impact assessments (DPIAs).

10.2.3 Manages data breach incidents and notifies authorities and data subjects as required.

10.2.4 Conducts awareness training.

10.2.5 Acts as liaison with the Personal Data Protection Committee.

10.3 All Employees and Supervisors

All Employees Must:

10.3.1 Understand and comply with this Policy and all related procedures.

10.3.2 Handle personal data responsibly and confidentially.

10.3.3 Participate in required training.

10.3.4 Promptly report data incidents or potential vulnerabilities.

Supervisors Must Also:

10.3.5 Ensure compliance within their departments.

10.3.6 Control access to personal data based on role necessity.

10.3.7 Support DPO investigations or audits.

11. Penalties

Any employee violating this Policy or the PDPA may be subject to internal disciplinary action. If such actions result in damage to the Company or any third party, legal action may be pursued.

12. Review and Updates

The Company will regularly review and update this Policy to reflect legal and operational changes. Significant updates will be communicated through appropriate channels (e.g., Company website).

13. Contact Channels

For inquiries or to exercise your data subject rights, please contact:

(DPO) Data Protection Officer and Working Group to supervise Personal Data and Confidential Data Management.

Hino Motors Asia Ltd.

Address: 99, Moo 3, Teparak Road, Teparak Sub-district, Muang Samut Prakan District, Samut Prakan Province 10270

Email: [email protected]

Phone: 02-384-2900 ext. 121, 244, 106, 567

This Policy is hereby announced for acknowledgment and strict compliance.

Announced on 15 August 2025

Hino Motors Asia Ltd.

Mr. Toru Matsukawa

President