Personal Data Protection Policy

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd.

                                                                                                            1 June 2022

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd. respect the rights on privacy of employees and all concerned

parties. Therefore, the Companies have established this policy to ensure protection of the employees’ and parties’ personal data, as follows : 

1. 1. The Companies shall recognize the importance of personal data protection and comply with Personal Data Protection Act (the "PDPA"), applicable laws, ordinances and other regulations regarding personal data protection and manage such personal data in an appropriate manner.
   2. The Companies shall define the purpose of collection, use and disclosure of personal data that it has obtained. The Companies shall not collect, use or disclose the acquired personal data outside the scope of the defined purpose. After the defined purpose of collection, use or disclosure of such personal data has been met, the Companies shall delete the data certainly and appropriately.
   3. When the Companies outsource handling of the personal data acquired by the Companies (the acquired personal data), the Companies shall fully examine the qualifications of the outsourcee and provide instructions and exercise supervision to ensure proper personal data management by imposing the outsourcee the legal obligations regarding non-disclosure of confidential personal data, safety management and prohibition of re-entrustment contractually.
   4. The Companies shall not provide the acquired personal data to a third party without consent of the individual concerned except in cases stipulated by applicable laws and ordinances or justified by good reason.
   5. The Companies shall establish and maintain adequate security measures for the personal data protection so that unauthorized access to the acquired personal data, leakage to the outside, loss, alteration, destruction or misuse, etc. of such does not occur in any way.
   6. The Companies shall disseminate its personal data protection policy to all officers, employees, contracted workers and temporary workers that are engaged in the Companies' businesses and provide adequate education to them all on an as-needed basis.
   7. The Companies shall conduct regular checks of its handling of personal data management system and other operations and documents including manuals and shall continuously review and improve these aspects of its business.

(Mr. Yoshihiro Sakanushi)

General Manager of Regional Affairs for Southeast Asia and India

Privacy Notice for Employees

1. Purposes

This privacy notice has been established to clarify details as well as methods applied for handling and processing

Employee’s Personal Data which have been collected, used, and disclosed by the Company to assure that such Personal

Data are protected by applicable laws and regulations.

2. Definitions

“Employee” refers to an individual the Company has agreed to employ as an Employee, regardless of position or

level, and shall include advisors, experts, interns, contract/outsourcing workers, and employees assigned by their employer

to provide service for the Company.

“Company” refers to NMB-Minebea Thai Ltd. or Minebea Aviation Co., Ltd., as the case may be.

“Data” refers to personal data as defined in management manual on personal data management and protection of

MinebeaMitsumi Group (Thailand).

“Processing” refers to any operation or set of operations performed Data, whether or not automated. It includes

the collection, recording, organization, structuring, adaptation, alteration, retrieval, consultation, use, disclosure by

transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

of the Data.

However, term or statement without specific definition stated in this privacy notice shall be referring to definitions

as set forth in the Standard on Personal Data Protection and Management of MinebeaMitsumi Group (Thailand) or other

applicable laws.

3. Data retention and Usage

The Company shall retain and use Employee’s Data collected during recruitment process and needed to be retained

continually  such as  name - surname, address, date of birth, age, gender, photograph, ID number, telephone number,

educational information, names of father and mother as well as  name – surname /  address /  telephone number of

emergency contact, etc.  In addition, the Company shall retain and use Employee’s Data collected at the time of agreeing

or after having agreed to be employed as an Employee such as child’s birth certificate, marriage certificate, health record,

vehicle registration number,  passport number,  etc.  Details of Data retained and used shall be as specified in Personal

Data Registration.

In the event that the Company receives a copy of the Employee's national ID card or any other document for the

purpose of verifying identity in establishing legal relations  and/or  conducting any transactions with the Company,

the documents may contain religious or sensitive Data. The Company shall not collect such kind of Data from Employee

unless the Company has received consent from the Employee.  In this regard,  the Company will establish management

approach for the Data in accordance with relevant guideline and as permitted by law.

The Company may receive third parties’ Data who are related to the Employee, where the Employee has provided

the Data to the Company,  such as  spouses, children, parents, family members, contact persons in case of emergency,

reference persons or former employers. The Company uses the Data for managing welfare and benefits for Employee,

contact in case of emergency, or for referring Data useful for Employee. Please inform such third parties of this privacy

notice and obtain their consent if necessary,  unless there is a legal exception where the Company is not required to

obtain consent.

The Company shall not collect Data of minors, disabled persons and quasi-disabled persons without the consent of

the person exercising parental authority, guardian or custodian, as the case may be, or without any legal basis.  If the

Company learns that it has collected Data from these individuals without their consent or without any legal basis, the

Company will immediately delete or destroy such Data.

4. Purpose of Data Retention and Usage

The Company shall retain and use Employee’s Data for purposes of Processing, managing or administrating,

implementing various aspects both in present and future as follows: - 

• • • Human resources management such as personnel recruitment and selection, employment contract, personnel
      training and development, general administration, payment of wages and remuneration, welfares and facilities
      arrangement,labor relations,procurement,manpower study/analysis/allocation,database analysis or improvement.
    • Security and crime prevention.                           
    • Investigation and action taken on complaint, corruption, lawsuit, dispute, violation of rules and regulations.
    • Authorization, preparation of certificate, preparation of document for publication, preparation of report for
      government / regulatory agencies.
    • Actions taken on environmental conservation, occupational health and safety, and corporate social responsibility.
    • Production of products and services.
    • Advertisement, publication, and merchandizing.
    • Retaining and strengthening good business relationships.
    • Compliance with various standards including requirements / claims from customers, shareholders, investors.
    • Mitigating business – economic problems or impacts.
    • Safeguarding and suppressing hazards to personnel’s life, physical body, or health.
    • Compliance with contract which Data subject has been bound as second party or action taken in response to
      Data subject’s request before binding into the contract.
    • Exercise of legal rights as well as rights associated to court, claim, prosecution, and litigation.
    • Other necessary action required to be taken for legitimate interest of the Company or person or other juristic
      person other than the Company.
    • Compliance with laws, notices, regulations, instructions, requests, measures or cooperation with officers of
      government agencies, state enterprises, or representatives of such officers or agencies.

5. Lawful Basis for Processing the Data

The Company collects Employee’s Data by adopting following lawful basis :

• • • Vital interest : To protect and suppress hazards to Employee and other person’s life, physical body or health.
    • Contract : To be necessary for performance of a contract to which Employee is a party, or in order to take steps
      at the request of Employee prior to entering into a contract.
    • Legitimate interest : For legitimate interest of the Company or other person which is equal or more important than
      Employee’s fundamental rights in the Data.
    • Legal Obligation : To comply with applicable laws,  to administrate the surveillance on occupational and
      environmental safety and security of Company’s property.
    • Public interest : To perform duties for public interest.
    • Consent : For cases where no other legal basis can be used.

6. Duration of Data Retention

The Company shall not retain Data longer than duration considered necessary for achieving purposes mentioned

above unless longer retention of such Data is required by applicable laws,  for examples,  competencies evaluation,

medical diagnosis, public health, exercise of legal claim, compliance with law, or litigation against legal claim, etc. 

The Company shall arrange audit system to ensure deletion or destruction of Data after expiration of retention

duration, or Data which are unconcerned or excessive for above purposes.

7. Data Disclosure

Data shall be retained confidential as required by laws and for the purposes mentioned above.   

However, the Company shall disclose Data to following persons : -

• • • The Company’ employees or representatives in charge or with obligation to be informed or to use such Data.
    • Affiliated companies or affiliates in same business group, business alliances, business partners, shareholders,
      investors.
    • Suppliers, subcontractors, customers, service providers, consultants.
    • Agencies or officers belong to government, state enterprises, public organizations, associations, clubs.
    • Other person considered necessary to enable Company to carry on business operation or to serve Employee
      or to achieve purposes of Data retention and usage mentioned above.

8. Right of Data Subject

Employee who is Data subject shall be entitled with following rights : -

• • • To request for Data access and copy of own Data under Company’ accountability or request to disclose source
      of Data collected without consent.
    • To notify Company to correct, update, and complete own Data as well as not to cause any misunderstandings.
    • To request own Data from the Company if the Company had already processed and carried out such Data by
      automated tool or device into common readable or usable format, or into format readable or disclosable by
      automated means.
    • To oppose against collection, use, or disclosure of own Data which was permissible to be collected any time in
      accordance with applicable law without consent from Data subject.
    • To request the Company to delete or destroy or make own Data to be anonymous in case it is required by law.
    • To request the Company to suspend Data use in case it is required by law.
    • To withdraw own consent at any time subject to requirement stated in Article 9 of this privacy notice.
    • To file complaint in situation that the Company or Data processor including workers or subcontractors of the
      Company or Data processors have violated or failed to comply with Personal Data Protection Act.
    • To be entitled to other rights as required by law.

Employee is able to exercise own rights by filing requisition in written manner to the Company or Personal Data

Protection Officer through forms and channels specified by the Company.  The Company shall take complaints filed into

consideration and feedback results within 30 days after receipt of the complaint.   However, the Company and Personal

Data Protection Officer may reject such complaint in case it is required by applicable law.

9. Obligation of Data Subject

Employee shall be obliged to provide true and complete Data within specified time frame to benefit the compliance

with aforementioned purposes, laws, contracts, or to bind into contract.  Providing false and incomplete Data or providing

Data later than specified time frame may impact the benefits Employee is entitled to receive in accordance with purposes,

laws, or contracts mentioned above.

10. Data Security

The Company gives precedence to security of Employee’s Data to ensure that the Company’s personnel and third

parties acting on the Company’s behalf comply with standards on protection of Data appropriately, including duties to

prevent Data leakage.

The Company will keep Employee’s Data in good condition in accordance with technical and organizational measures

to secure the Processing of Data appropriately and to prevent Data breaches.  To fulfill the purposes,  the Company has

established policies,  regulations and criteria for Data protection,  including measures to prevent Data recipients from

collecting, using or disclosing Data outside of its intended purpose or without authority or improperly. The Company has

revised the policies, regulations and criteria from time to time as necessary and appropriate. In addition, the Company's

executives, employees, contractors, agents, consultants and Data recipients are obliged to maintain the confidentiality of

the Data in accordance with the confidentiality measures established by the Company,   including Data Processing

agreement.

The Company regularly reviews and updates its Data security procedures and measures in order to maintain Data

security in the level suitable for potential risk as well as to ensure continuation in protection of Data confidentiality,

integrity, accuracy and availability in Data Processing. In addition, the Company establishes measures to prevent the loss,

collection, access, use, modification, alteration, deletion, destruction or unauthorized disclosure of Data.

11. Amendment to Privacy Notice

The Company may occasionally amend this privacy notice in conformity with change(s) associated to the Processing of

Employee’s Data and the changes in Personal Protection Act or other applicable laws. The Company shall inform important

amendment to Employee through appropriate channel.

12. Contact

Data Controller :

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd.

1 Moo 7, Chiang Rak Noi Subdistrict, Bang Pa-in District, Ayutthaya 13180

Telephone 035-361439 ext. 1789 Fax 035-361477

E-mail MinebeaMitsumiCare@minebea.co.th

This privacy notice is effective as of 1 April 2025.

Privacy Notice for Applicants

1. Purposes

This privacy notice has been established to clarify details as well as methods applied for handling and processing

Applicant’s Personal Data which have been collected, used, and disclosed by the Company to assure that such Personal

Data are protected by applicable laws and regulations.

2. Definitions

“Applicant” refers to an individual who applies to be employed as the Company’s employee, regardless of whether

the application is made directly to the Company or through recruitment agency, and includes those who are looking for

work.

“Company” refers to NMB-Minebea Thai Ltd. or Minebea Aviation Co., Ltd., as the case may be.

“Data” refers to personal data as defined in management manual on personal data management and protection

of MinebeaMitsumi Group (Thailand).

“Processing” refers to any operation or set of operations performed Data, whether or not automated. It includes

the collection, recording, organization, structuring, adaptation, alteration, retrieval, consultation, use, disclosure by

transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

of the Data.

However, term or statement without specific definition stated in this privacy notice shall be referring to definitions

as set forth in the Standard on Personal Data Protection and Management of MinebeaMitsumi Group (Thailand) or other

applicable laws.   

3. Data Retention and Usage

The Company shall retain and use Applicant’s Data, namely Data concerning recruitment process  such as name -

surname, address, date of birth, age, gender, photograph, ID number, telephone number, email address, educational

information, as well as name – surname / address / telephone number of emergency contact,  etc.   Details of Data

retained and used shall be as specified in Personal Data Registration.  

In the event that the Company receives a copy of the Applicant's national ID card or any other document for the

purpose of verifying identity in establishing legal relations and/or conducting any transactions with the Company,

the documents may contain religious or sensitive Data. The Company shall not collect such kind of Data from Applicant

unless the Company has received consent from the Applicant. In this regard, the Company will establish management

approach for the Data in accordance with relevant guideline and as permitted by law.

The Company may receive third parties’ Data who are related to the Applicant, where the Applicant has provided

the Data to the Company, such as spouses, children, parents, family members, contact persons in case of emergency,

reference persons or former employers. The Company uses the Data for managing welfare and benefits for Applicant,

contact in case of emergency, or for referring Data useful for Applicant. Please inform such third parties of this

privacy notice and obtain their consent if necessary, unless there is a legal exception where the Company is not required

to obtain consent.

The Company shall not collect Data of minors, disabled persons and quasi-disabled persons without the consent

of the person exercising parental authority, guardian or custodian, as the case may be, or without any legal basis.  If the

Company learns that it has collected Data from these individuals without their consent or without any legal basis, the

Company will immediately delete or destroy such Data.

4. Purpose of Data Retention and Usage

The Company shall retain and use Applicant’s Data for purposes of Processing, managing or administrating,

implementing various aspects both in present and future as follows : - 

• • • Consideration to employ as the Company’s employee.
    • Proceedings upon employment as the Company’s employee as follows:
    • Human resources management such as personnel recruitment and selection, employment contract,
      personnel training and development, general administration, payment of wages and remuneration,
      welfares and facilities arrangement, labor relations, procurement, manpower study / analysis / allocation,
      database analysis or improvement.
    • Security and crime prevention.                           
    • Investigation and action taken on complaint, corruption, lawsuit, dispute, violation of rules and regulations.
    • Authorization, preparation of certificate, preparation of document for publication, preparation of report for
      government / regulatory agencies.
    • Actions taken on environmental conservation, occupational health and safety, and corporate social responsibility.
    • Production of products and services.
    • Advertisement, publication, and merchandizing.
    • Retaining and strengthening good business relationships.
    • Compliance with various standards including requirements / claims from customers, shareholders, investors.
    • Mitigating business – economic problems or impacts.
    • Safeguarding and suppressing hazards to personnel’s life, physical body, or health.
    • Compliance with contract which Data subject has been bound as second party or action taken in response to
      Data subject’s request before binding into the contract.
    • Exercise of legal rights as well as rights associated to court, claim, prosecution, and litigation.
    • Other necessary action required to be taken for legitimate interest of the Company or person or other juristic
      person other than the Company.
    • Compliance with laws, notices, regulations, instructions, requests, measures or cooperation with officers of
      government agencies, state enterprises, or representatives of such officers or agencies.

5. Lawful Basis for Processing the Data

The Company collects Applicant’s Data by adopting following lawful basis:

• • • Vital interest : To protect and suppress hazards to Applicant and other person’s life, physical body or health.
    • Contract : To be necessary for performance of a contract to which Applicant is a party, or in order to take steps
      at the request of Applicant prior to entering into a contract.
    • Legitimate interest : For legitimate interest of the Company or other person which is equal or more important
      than Applicant’s fundamental rights in the Data.
    • Legal Obligation :  To comply with applicable laws,  to administrate the surveillance on occupational and
      environmental safety and security of Company’s property.
    • Public interest : To perform duties for public interest.
    • Consent : For cases where no other legal basis can be used.

6. Duration of Data retention

The Company shall not retain Data longer than duration considered necessary for achieving purposes mentioned

above unless longer retention of such Data is required by applicable laws,  for examples,  competencies evaluation,

medical diagnosis, public health, exercise of legal claim, compliance with law, or litigation against legal claim, etc. 

The Company shall arrange audit system to ensure deletion or destruction of  Data after expiration of retention

duration, or Data which are unconcerned or excessive for above purposes.

7. Data Disclosure

Data shall be retained confidential as required by laws and for the purposes mentioned above. 

However, the Company shall disclose Data to following persons : -

• • • The Company’ employees or representatives in charge or with obligation to be informed or to use such Data.
    • Affiliated companies or affiliates in same business group, business alliances, business partners, shareholders,
      investors.
    • Suppliers, subcontractors, customers, service providers, consultants.
    • Agencies or officers belong to government, state enterprises, public organizations, associations, clubs.
    • Other person considered necessary to enable Company to carry on business operation or to serve Applicant
      or to achieve purposes of Data retention and usage mentioned above.

8. Right of Data Subject

Applicant who is Data subject shall be entitled with following rights : -

• • • To request for Data access and copy of own Data under Company’ accountability or request to disclose source
      of Data collected without consent.
    • To notify Company to correct, update, and complete own Data as well as not to cause any misunderstandings.
    • To request own Data from the Company if the Company had already processed and carried out such Data by
      automated tool or device into common readable or usable format, or into format readable or disclosable by
      automated means.
    • To oppose against collection, use, or disclosure of own Data which was permissible to be collected any time in
      accordance with applicable law without consent from Data subject.
    • To request the Company to delete or destroy or make own Data to be anonymous in case it is required by law.
    • To request the Company to suspend Data use in case it is required by law.
    • To withdraw own consent at any time subject to requirement stated in Article 9 of this privacy notice.
    • To file complaint in situation that the Company or Data processor including workers or subcontractors of
      the Company or Data processors have violated or failed to comply with Personal Data Protection Act.
    • To be entitled to other rights as required by law.

Applicant is able to exercise own rights by filing requisition in written manner to the Company or Personal Data

Protection Officer through forms and channels specified by the Company.  The Company shall take complaints filed

into consideration and feedback results within 30 days after receipt of the complaint.  However,  the Company and

Personal Data Protection Officer may reject such complaint in case it is required by applicable law.

9. Obligation of Data Subject

Applicant shall be obliged to provide true and complete Data within specified time frame to benefit the compliance

with aforementioned purposes, laws, contracts, or to bind into contract.  Providing false and incomplete Data or providing

Data later than specified time frame may impact the benefits Applicant is entitled to receive in accordance with purposes,

laws, or contracts mentioned above.

10. Data Security

The Company gives precedence to security of Applicant’s Data to ensure that the Company’s personnel and third

parties acting on the Company’s behalf comply with standards on protection of Data appropriately, including duties to

prevent Data leakage.

The Company will keep Applicant’s Data in good condition in accordance with technical and organizational measures

to secure the Processing of Data appropriately and to prevent Data breaches.  To fulfill the purposes,  the Company has

established policies,  regulations and criteria for Data protection,  including measures to prevent Data recipients from

collecting, using or disclosing Data outside of its intended purpose or without authority or improperly. The Company has

revised the policies, regulations and criteria from time to time as necessary and appropriate. In addition, the Company's

executives, employees, contractors, agents, consultants and Data recipients are obliged to maintain the confidentiality

of the Data in accordance with the confidentiality measures established by the Company,  including Data Processing

agreement.

The Company regularly reviews and updates its Data security procedures and measures in order to maintain Data

security in the level suitable for potential risk as well as to ensure continuation in protection of  Data confidentiality,

integrity, accuracy and availability in Data Processing. In addition, the Company establishes measures to prevent the loss,

collection, access, use, modification, alteration, deletion, destruction or unauthorized disclosure of Data.

11. Amendment to Privacy Notice

The Company may occasionally amend this privacy notice in conformity with change(s) associated to the Processing of

Applicant’s Personal Data and the changes in Personal Protection Act or other applicable laws.  The Company shall inform

important amendment to Applicant through appropriate channel.

12. Contact

Data Controller :

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd.

1 Moo 7, Chiang Rak Noi Subdistrict, Bang Pa-in District, Ayutthaya 13180

Telephone 035-361439 ext. 1789   Fax 035-361477

E-mail MinebeaMitsumiCare@minebea.co.th

This privacy notice is effective as of 1 April 2025.

Privacy Notice for Visitors

1. Purposes

This privacy notice has been established to clarify details as well as methods applied for handling and processing

Visitor’s Personal Data which have been collected, used, and disclosed by the Company to assure that such Personal Data

are protected by applicable laws and regulations. 

2. Definitions

“Visitor” refers to an outside individual such as vendor, customer, guest, state officer, instructor, site visit person,

distributor or service provider, etc. who contacts with the Company at its place of business or through other means such

as e-mail, telephone, etc. but not include job applicant and the Company’s employee. 

“Company” refers to NMB-Minebea Thai Ltd. or Minebea Aviation Co., Ltd., as the case may be.

“Data” refers to personal data as defined in management manual on personal data management and protection of

MinebeaMitsumi Group (Thailand).

“Processing” refers to any operation or set of operations performed Data, whether or not automated.  It includes

the collection, recording, organization, structuring,  adaptation, alteration, retrieval, consultation, use,  disclosure by

transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

of the Data.

However, term or statement without specific definition stated in this privacy notice shall be referring to definitions as

set forth in the Standard on Personal Data Protection and Management of MinebeaMitsumi Group (Thailand) or other

applicable laws. 

3. Data Retention and Usage

The Company shall retain and use Visitor’s Data such as  name - surname, address, ID number, telephone number,

vehicle registration number, email address (Visitor’s name is a part of the email address), picture from CCTV etc. Details

of Data retained and used shall be as specified in Personal Data Registration.  

In the event that the Company receives a copy of the Visitor's national ID card or any other document for the purpose

of verifying identity in establishing legal relations and/or conducting any transactions with the Company,   the documents

may contain religious or sensitive Data. The Company shall not collect such kind of Data from Visitor unless the Company

has received consent from the Visitor. In this regard, the Company will establish management approach for the Data in

accordance with relevant guideline and as permitted by law.

The Company may receive third parties’ Data who are related to the Visitor, where the Visitor has provided the Data

to the Company,  such as  spouses,  children,  parents,  family members,  contact persons in case of emergency,  reference

persons or former employers. The Company uses the Data for managing welfare and benefits for Visitor,  contact in case

of emergency, or for referring Data useful for Visitor. Please inform such third parties of this privacy notice and obtain their

consent if necessary, unless there is a legal exception where the Company is not required to obtain consent.

The Company shall not collect Data of minors,  disabled persons and quasi-disabled persons without the consent

of the person exercising parental authority, guardian or custodian, as the case may be, or without any legal basis.  If the

Company learns that it has collected Data from these individuals without their consent or without any legal basis,  the

Company will immediately delete or destroy such Data.

4. Purpose of Data Retention and Usage

The Company shall retain and use Visitor’s Data for purposes of Processing, managing or administrating,

implementing various aspects both in present and future as follows : - 

• • • Security and crime prevention.               
    • Investigation and action taken on complaint, corruption, lawsuit, dispute, violation of rules and regulations.
    • Authorization, preparation of certificate, preparation of document for publication, preparation of report for
      government/ regulatory agencies.
    • Actions taken on environmental conservation, occupational health and safety, and corporate social responsibility.
    • Production of products and services.
    • Advertisement, publication, and merchandizing.
    • Retaining and strengthening good business relationships.
    • Compliance with various standards including requirements / claims from customers, shareholders, investors.
    • Mitigating business – economic problems or impacts.
    • Safeguarding and suppressing hazards to personnel’s life, physical body, or health.
    • Compliance with contract which Data subject has been bound as second party or action taken in response to
      Data subject’s request before binding into the contract.
    • Exercise of legal rights as well as rights associated to court, claim, prosecution, and litigation.
    • Other necessary action required to be taken for legitimate interest of the Company or person or other juristic
      person other than the Company.
    • Compliance with laws, notices, regulations, instructions, requests, measures or cooperation with officers of
      government agencies, state enterprises, or representatives of such officers or agencies.

5. Lawful Basis for Processing the Data

The Company collects Visitor’s Data by adopting following lawful basis :

• • • Vital interest : To protect and suppress hazards to Visitor and other person’s life, physical body or health.
    • Contract : To be necessary for performance of a contract to which Visitor is a party, or in order to take steps
      at the request of Visitor prior to entering into a contract.
    • Legitimate interest : For legitimate interest of the Company or other person which is equal or more important
      than Visitor’s fundamental rights in the Data.
    • Legal Obligation : To comply with applicable laws, to administrate the surveillance on occupational and
      environmental safety and security of Company’s property.
    • Public interest : To perform duties for public interest.
    • Consent : For cases where no other legal basis can be used.

6. Duration of Data Retention

The Company shall not retain Data longer than duration considered necessary for achieving purposes mentioned

above unless longer retention of such Data is required by applicable laws, for examples, medical diagnosis, public health,

exercise of legal claim, compliance with law, or litigation against legal claim, etc. 

The Company shall arrange audit system to ensure deletion or destruction of Data after expiration of retention

duration, or Data which are unconcerned or excessive for above purposes.

7. Data Disclosure

Data shall be retained confidential as required by laws and for the purposes mentioned above. 

However, the Company shall disclose Data to following persons : -

• • • The Company’ employees or representatives in charge or with obligation to be informed or to use such Data.
    • Affiliated companies or affiliates in same business group, business alliances, business partners, shareholders,
      investors.
    • Suppliers, subcontractors, customers, service providers, consultants.
    • Agencies or officers belong to government, state enterprises, public organizations, associations, clubs.
    • Other person considered necessary to enable Company to carry on business operation or to serve Visitor or
      to achieve purposes of Data retention and usage mentioned above.

8. Right of Data Subject

Visitor who is Data subject shall be entitled with following rights : -

• • • To request for Data access and copy of own Data under Company’ accountability or request to disclose source
      of Data collected without consent.
    • To notify Company to correct, update, and complete own Data as well as not to cause any misunderstandings.
    • To request own Data from the Company if the Company had already processed and carried out such Data by
      automated tool or device into common readable or usable format, or into format readable or disclosable by
      automated means.
    • To oppose against collection, use, or disclosure of own Data which was permissible to be collected any time in
      accordance with applicable law without consent from Data subject.
    • To request the Company to delete or destroy or make own Data to be anonymous in case it is required by law.
    • To request the Company to suspend Data use in case it is required by law.
    • To withdraw own consent at any time subject to requirement stated in Article 9 of this privacy notice.
    • To file complaint in situation that the Company  or  Data processor including workers  or  subcontractors of
      the Company or Data processors have violated or failed to comply with Personal Data Protection Act.
    • To be entitled to other rights as required by law.

Visitor is able to exercise own rights by filing requisition in written manner to the Company or Personal Data

Protection Officer through forms and channels specified by the Company.  The Company shall take complaints filed into

consideration and feedback results within 30 days after receipt of the complaint.   However,  the Company and Personal

Data Protection Officer may reject such complaint in case it is required by applicable law.

9. Obligation of Data Subject

Visitor shall be obliged to provide true and complete Data within specified time frame to benefit the compliance with

aforementioned  purposes, laws, contracts, or to bind into contract.  Providing false and incomplete Data or providing Data

later than specified time frame may impact the benefits Visitor is entitled to receive in accordance with purposes, laws, or

contracts mentioned above.

10. Data Security

The Company gives precedence to security of Visitor’s Data to ensure that the Company’s personnel and third parties

acting on the Company’s behalf comply with standards on protection of Data appropriately, including duties to prevent

Data leakage.

The Company will keep Visitor’s Data in good condition in accordance with technical and organizational measures to

secure the Processing of Data appropriately and to prevent Data breaches.   To fulfill the purposes,  the Company has

established policies,  regulations and criteria for Data protection,  including measures to prevent Data recipients from

collecting, using or disclosing Data outside of its intended purpose or without authority or improperly. The Company has

revised the policies, regulations and criteria from time to time as necessary and appropriate. In addition, the Company's

executives, employees, contractors, agents, consultants and Data recipients are obliged to maintain the confidentiality of

the Data in accordance with the confidentiality measures established by the Company, including Data Processing agreement.

The Company regularly reviews and updates its Data security procedures and measures in order to maintain Data

security in the level suitable for potential risk as well as to ensure continuation in protection of  Data confidentiality,

integrity, accuracy and availability in Data Processing. In addition, the Company establishes measures to prevent the loss,

collection, access, use, modification, alteration, deletion, destruction or unauthorized disclosure of Data.

11. Amendment to Privacy Notice

The Company may occasionally amend this privacy notice in conformity with change(s) associated to the Processing of

Visitor’s Data and the changes in Personal Protection Act or other applicable laws.  The Company shall inform important

amendment to Visitor through appropriate channel.

12. Contact

Data Controller :

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd.

1 Moo 7, Chiang Rak Noi Subdistrict, Bang Pa-in District, Ayutthaya 13180

Telephone 035-361439 ext. 1789   Fax 035-361477

E-mail MinebeaMitsumiCare@minebea.co.th

This privacy notice is effective as of 1 April 2025.

Privacy Notice on CCTV Use

1. Purposes

The Company has implemented the use of Closed-Circuit Television (CCTV) for surveillance in the area within and

around buildings, premises and facilities of the Company or under responsibilities of the Company (“Area”). The Company

collects personal data of officer, worker, customer, employee, contractor, visitor or any other person (“You” or “Your”)

entering the Area through the CCTV.  This privacy notice provides information about our collection, use,  or disclosure of 

Your personal data including Your rights.

2. Definitions

 “Company” refers to NMB-Minebea Thai Ltd. or Minebea Aviation Co., Ltd., as the case may be.

“Data” refers to personal data as defined in management manual on personal data management and protection of

MinebeaMitsumi Group (Thailand).

“Processing” refers to any operation or set of operations performed Data, whether or not automated.  It includes

the collection,  recording,  organization,  structuring,  adaptation,  alteration,  retrieval,  consultation,  use,  disclosure by

transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

of the Data.

“CCTV” refers to a television camera system that takes motion pictures and transmits signal to a recording device

for recording as still and/or motion picture.   It includes the recording of photographs, moving picture or sound using

other types of equipment which has the same characteristics or methods as or similar to CCTV, such as IP Cameras

(Internet Protocol Cameras), etc.

However, term or statement without specific definition stated in this privacy notice shall be referring to definitions

as set forth in the Standard on Personal Data Protection and Management of  MinebeaMitsumi Group (Thailand) or other

applicable laws.

3. Data Retention and Usage

The Company have installed CCTV in visible locations at entrance, exit, workplace,  including Area that Company

deems as appropriate locations where surveillances are required with arrangement of warning signs indicating the use

of CCTV. Your Data collected are still pictures, motion pictures, sound, and/or pictures of Your belongings, e.g., vehicles,

bags, hats, clothing, etc.

The Company shall not install CCTV in Area that unduly breaches Your fundamental rights, e.g., residential room,

toilet, shower room.

4. Purpose of Data Retention and Usage

The Company shall retain and use Your Data for purposes of Processing, managing or administrating, implementing

various aspects both in present and future as follows : - 

• • • To protect Your health and safety including Your property. To secure Company’s buildings, facilities, and properties
      from damage, obstruction, destruction, or other crime.
    • To support agencies in charge with law enforcement to restrain, prevent, investigate,and prosecute against litigation.
    • To provide assistance in process of dispute resolution that occurs during disciplinary or grievance proceeding.
    • To provide assistance in investigation or complaint filing process.
    • To provide assistance in process of initiating or preventing civil litigation. This includes but is not limited to legal
      proceeding related to employment.
    • To improve and develop work process or work efficiency.

5. Lawful Basis for Processing the Data

The Company collects Your Data by adopting following lawful basis :

• • • Vital interest :  To protect and suppress hazards to Your and other person’s life, physical body or health.
    • Legitimate interest :  For legitimate interest of the Company or other person which is equal or more important
      than Your fundamental rights in the Data.
    • Legal Obligation :  To comply with applicable laws, to administrate the surveillance on occupational and
      environmental safety and security of Company’s property.
    • Public interest :  To perform duties for public interest.
    • Consent :  For cases where no other legal basis can be used.

6. Duration of Data Retention

To achieve the purposes of surveillance by using CCTV as specified in this privacy notice,   the Company shall keep

Your Data collected in CCTV for period of no more than 3 months from the date of recording; however, for certain purposes

the Company may keep Your Data for longer period as the Company deems necessary or to the necessary extent permitted

by applicable laws,  such as for legal claims or litigation, disciplinary action,  etc.   After the expiration of the said period,

the Company shall delete and destroy Your Data accordingly.

 7. Data Disclosure

The Company shall keep Your Data in CCTV confidential and undisclosed.  Nevertheless,   the Company may be

required to disclose the Data in CCTV to following person or juristic person under following categories in order to fulfill

the achievement of surveillance purposes stated in this privacy notice,

• • • Agency with legal authority and accountability, consultant, in order to assist and support law enforcement
      or investigation, inquisition, or litigation.
    • Third-party service provider,  in order to assure the prevention or suppression of hazards to Your or other
      person’s life, physical body, health, and property.
    • The Company’s employees who are responsible for or assigned to have duty in Processing of Your Data.

8. Right of Data Subject

You as data subject shall be entitled with following rights : -

• • • To request for Data access and copy of Your Data under Company’ accountability or request to disclose source
      of Data collected without consent.
    • To notify Company to correct, update, and complete Your Data as well as not to cause any misunderstandings.
    • To request Your Data from the Company if the Company had already processed and carried out such Data by
      automated tool or device into common readable or usable format, or into format readable or disclosable by
      automated means.
    • To oppose against collection, use, or disclosure of Your Data which was permissible to be collected any time in
      accordance with applicable law without consent from Data subject.
    • To request the Company to delete or destroy or make Your Data to be anonymous in case it is required by law.
    • To request the Company to suspend Data use in case it is required by law.
    • To withdraw Your consent at any time,  unless there is a restriction of the withdrawal of consent by law,  or
      the contract which gives benefits to You.
    • To file complaint in situation that the Company or Data processor including workers or subcontractors of the
      Company or Data processors have violated or failed to comply with Personal Data Protection Act.
    • To be entitled to other rights as required by law.

You are able to exercise Your rights by filing requisition in written manner to the Company or Personal Data

Protection Officer through forms and channels specified by the Company.  The Company shall take complaints filed into

consideration and feedback results within 30 days after receipt of the complaint. However, the Company and Personal Data

Protection Officer may reject such complaint in case it is required by applicable law.

9. Data Security

The Company gives precedence to security of Your Data to ensure that the Company’s personnel and third parties

acting on the Company’s behalf comply with standards on protection of Data appropriately, including duties to prevent

Data leakage.

The Company will keep Your Data in good condition in accordance with technical and organizational measures to

secure the Processing of Data appropriately and to prevent Data breaches.   To fulfill the purposes,  the Company has

established policies,   regulations and criteria for Data protection,  including measures to prevent Data recipients from

collecting, using or disclosing Data outside of its intended purpose or without authority or improperly.  The Company

has revised the policies, regulations and criteria from time to time as necessary and appropriate.   In addition, the

Company's executives,  employees,  contractors,  agents,  consultants and  Data recipients are obliged to maintain the

confidentiality of the Data in accordance with the confidentiality measures established by the Company, including Data

Processing agreement.

The Company regularly reviews and updates its Data security procedures and measures in order to maintain Data

security in the level suitable for potential risk as well as to ensure continuation in protection of Data confidentiality,

integrity, accuracy and availability in Data Processing. In addition, the Company establishes measures to prevent the loss,

collection, access, use, modification, alteration, deletion, destruction or unauthorized disclosure of Data.

10. Amendment to Privacy Notice

The Company may consider to amend or change this privacy notice as appropriate and shall notify You through

Company’s communication channels.  Therefore,  the Company encourage You to check for updated privacy notice on

regular basis especially before entering into Company’s Area 

Your entry into the Area shall be deemed as Your acknowledgment of the terms in this privacy notice. Please refrain

from entering the Area if You do not agree with the terms of this privacy notice. After this privacy notice had been revised

and publicized through channel mentioned above and if You continue to enter the Area,   Your entry shall be deemed as

Your acknowledgment of the changes.

11. Contact

Data Controller :

NMB-Minebea Thai Ltd. and Minebea Aviation Co., Ltd.

1 Moo 7, Chiang Rak Noi Subdistrict, Bang Pa-in District, Ayutthaya 13180

Telephone 035-361439 ext. 1789    Fax 035-361477

E-mail MinebeaMitsumiCare@minebea.co.th

This privacy notice is effective as of 1 April 2025.