Good Corporate Governance Policy

The company has established a policy of treating all shareholders equally, regardless of whether they are majority or minority shareholders, executive or non-executive shareholders, Thai or foreign nationals. The details are as follows:

1. The company will submit a notice of the shareholders' meeting, including the agenda and the opinion of the board of directors, to the Securities and Exchange Commission (SEC) and publish it on the company's website at least 28 days before the meeting date. The company will also prepare the notice of the shareholders' meeting in English and publish it together with the Thai version.
2. The company will establish criteria and procedures for minority shareholders to propose candidates for directorship. Minority shareholders can submit their proposals to the board of directors in advance of the shareholders' meeting, along with information on the qualifications of the candidates and their consent.
3. The company will establish criteria and procedures for minority shareholders to propose additional agenda items in advance of the shareholders' meeting. This is to ensure fairness and transparency in the consideration of whether to add the items proposed by minority shareholders.
4. Executive shareholders will not add agenda items that were not notified in advance without a valid reason, especially important items that require shareholders to take time to study the information before making a decision.
5. At each shareholders' meeting, the company will provide equal opportunity to all shareholders. Before the meeting begins, the chairman of the meeting will explain to the shareholders the rules of the meeting, how to exercise their voting rights, the voting rights of each class of shares, and how to count the votes of shareholders who are required to vote on each agenda item.
6. In the agenda for the election of directors, the company will conduct a separate vote for each director.
7. Directors are required to report any conflicts of interest in any agenda item at least before the relevant item is considered at a board meeting. The conflicts of interest will be recorded in the minutes of the board meeting. Directors with significant conflicts of interest that would prevent them from providing independent opinions on the relevant item are prohibited from participating in the meeting on that item.
8. The company has a written policy on the preservation and prevention of the misuse of insider information. The policy is communicated to all employees. All directors and executives who are required to report their securities holdings under the law are required to submit such reports to the company secretary on a regular basis and disclose them in the company's annual report.

The Board of Directors is committed to the rights of all stakeholders, both internal and external. The Board recognizes that the input of all stakeholders is essential to the company's operations and development. The company will comply with all applicable laws and regulations and establish policies for treating each stakeholder group with due regard for their rights under the law or under any agreement with the company. The company will not engage in any activities that violate the rights of stakeholders.

Shareholders

The Board of Directors is committed to the rights and equality of shareholders. The Board has established policies that guarantee shareholders the right to receive a share certificate, to transfer shares, to receive adequate, timely, and relevant information, to attend and vote at shareholder meetings, to elect and remove directors, to approve the appointment of the company's annual auditor and set his or her remuneration, and to share in the company's profits in proportion to the number of shares held. The company will keep minutes of shareholder meetings and disclose the meeting resolutions to shareholders and relevant government agencies in accordance with applicable regulatory disclosure requirements.

Employees

The Board of Directors recognizes that employees are a valuable asset to the company's success. The Board has established policies for fair treatment of employees at all levels, without discrimination in terms of opportunities, compensation, or promotions. The company also provides opportunities for employees to develop their skills and knowledge to their full potential, such as through training, seminars, and workshops. The company strives to retain high-performing employees to develop the organization. The company has policies for occupational safety, health, and environmental protection to ensure a safe working environment for employees and to prevent accidents, injuries, and illnesses arising from work. The company has also established anti-corruption guidelines and promotes compliance with applicable laws, regulations, and rules, such as the prohibition on insider trading.

Vendors

The company has a process for selecting vendors that ensures fair and competitive bidding. The company has also developed fair and equitable contract terms and a monitoring system to ensure compliance with the terms of the contract. The company prevents corruption and misconduct in all stages of the procurement process, the purchase of goods and/or services from vendors, and the fulfillment of commercial terms and conditions. The company complies with contracts in a strict manner.

Customers

The company is committed to providing excellent customer service and satisfaction. The company ensures that customers receive high-quality products at fair prices and that these products meet the company's standards. The company also complies with all terms and conditions agreed with customers. The company strives to continuously improve the quality of its products and services. The company maintains a strong and sustainable relationship with customers. The company does not use customer data for the benefit of the company or its affiliates without proper authorization, except as required by law, regulation, or the consent of the data owner.

Competitors

The company conducts its business in a fair and ethical manner. The company supports and promotes free and fair competition. The company treats competitors in a manner consistent with international norms and in accordance with applicable laws and regulations on competition. The company does not violate the confidentiality of competitors or acquire their trade secrets through fraudulent means. The company is committed to fair business practices and complies strictly with the company's ethical guidelines.

Creditors

The company will comply with all terms and conditions of its agreements with creditors, including the repayment of loans, interest, and insurance premiums. The company will also comply with its obligations in the event of default on a loan.

Society and the Environment

The company is committed to the safety, well-being, and quality of life of the people affected by its operations. The company also promotes a culture of environmental and social responsibility among its employees. The company complies strictly with all applicable laws, regulations, and rules. The company also participates in activities that promote environmental protection and social welfare, as well as the local culture in the communities where it operates.

       Stakeholders can submit questions, complaints, or tips about suspected illegal activities, inaccurate financial reporting, inadequate internal controls, or violations of the company's business ethics to the company's independent directors. The company will keep all complaints and tips confidential. The independent directors will investigate the information and recommend corrective action, if necessary. The independent directors will then report their findings to the Board of Directors.

The company is committed to the timely, accurate, and transparent disclosure of material information related to the company, including financial and non-financial information, in accordance with the requirements of the Securities and Exchange Commission ("SEC") and the Stock Exchange of Thailand ("SET"). The company also discloses other information that may have an impact on the company's share price, which affects the decision-making process of investors and other stakeholders.

Specific measures taken by the company to ensure the accuracy and transparency of information disclosure include:

1. Establishing mechanisms to ensure that information disclosed to investors is accurate, not misleading, and sufficient for investor decision-making.
2. Appointment of an investor relations (IR) officer to communicate with investors or shareholders. The company will disseminate information about the company, financial information, and general information to shareholders, securities analysts, credit rating agencies, and relevant agencies through various channels, including reporting to the SEC and SET, and the company's website. The company also emphasizes the importance of disclosing information regularly in both Thai and English so that shareholders can receive news regularly through the company's website. The information on the company's website is updated regularly, including vision, mission, financial statements, press releases, annual reports, corporate and management structure, shareholder structure and major shareholders, meeting invitations, and meeting minutes, etc.
3. Support for the preparation of management discussion and analysis (MD&A) to help investors understand the changes in the company's financial position and operating results in each quarter.
4. Disclosure of information about the role and responsibilities of the board of directors and the company's sub-committees, the number of meetings held, the attendance of meetings in the past year, the opinions from the performance, and the training and development of the board in the annual report. The company also discloses the policy for paying remuneration to directors and senior executives, the form and nature of remuneration, and the amount of remuneration received by each director from being a director of the company and its subsidiaries.
5. Disclosure of audit fees and other services provided by the auditor. In addition to disclosing information in Form 56-1 One Report according to the specified criteria and through the channels of the SET, the board will consider disclosing information in both Thai and English through other channels, such as the company's website. The information will be presented in a timely manner, accurate, and grammatically correct.

1.Board Structure and Committees

The Board of Directors is composed of individuals with diverse skills and experience that can benefit the company. They play a key role in setting the company's strategy and overall direction, as well as in overseeing, monitoring, and evaluating the company's performance to ensure it meets its objectives.

The Board of Directors has a minimum of 5 members and a maximum of 12 members. The Board of Directors must include at least one-third of the total number of directors, or at least 3 directors, who are independent. This helps to ensure that there is a balance in decision-making and voting on various matters. All of the company's independent directors meet the requirements set out in the Securities and Exchange Commission (SEC) Notification, the Stock Exchange of Thailand (SET) By-laws, and other relevant regulations, guidelines, and laws.

The Board of Directors has a term of office of no more than 3 years at a time in accordance with the relevant laws. Independent directors may serve for a maximum of 9 consecutive years, unless the Board considers it necessary and appropriate. In addition, the company's directors and executives may serve as directors or executives of affiliated companies or other companies, but they must comply with the requirements of the SEC, the Securities and Exchange Commission, the Capital Market Supervisory Board, the SET, and other relevant regulations, guidelines, and laws. They must also notify the Board of Directors of their appointments. Each director may serve on the board of no more than 5 listed companies and may not serve as a director or chief executive officer of more than 3 public companies that are listed on the SET.

The Board of Directors may appoint committees to assist with corporate governance. These committees are as follows:

1. Management Committee: This committee consists of at least 3 managing directors to assist the Board of Directors in managing the company's affairs in accordance with the company's policies, plans, regulations, and instructions, as well as the objectives set forth by the Board of Directors, within the framework delegated by the Board of Directors.
2. Audit Committee: This committee consists of at least 3 independent directors to assist the Board of Directors in overseeing and auditing the company's management, intercompany transactions, internal controls, internal audits, and compliance with relevant laws, as well as the preparation of financial statements, to ensure that the company's operations and disclosure of information are transparent and reliable.
3. Nomination and Remuneration Committee: This committee consists of at least 3 directors to recruit qualified individuals for positions as directors and senior executives, consider the form and criteria for the payment of remuneration to directors and senior executives, and submit their opinions to the Board of Directors for approval before being presented to the shareholders' meeting for approval (if applicable).
4. Risk Management Committee: This committee consists of at least 3 directors and/or executives to assist the Board of Directors in establishing appropriate, adequate, efficient, and effective risk management policies and overseeing the overall risk management system or process to ensure that it is at an acceptable level.

In addition, the company has appointed a company secretary to handle matters related to Board of Directors meetings and shareholders' meetings, as well as to support the work of the Board of Directors by providing advice on legal and regulatory requirements relating to the Board's duties, and coordinating the implementation of Board resolutions

2.The Role, Duties, and Responsibilities of the Board of Directors

The Board of Directors is responsible to the shareholders for the company's business operations. It is responsible for setting the company's policies and direction, and for overseeing the management to ensure that it meets the company's goals, objectives, vision, strategy, and direction for the long-term benefit of the shareholders within the framework of the law and the principles of good corporate governance. At the same time, it also takes into account the interests of all stakeholders, as set forth in the Board Charter.

1. Corporate Governance PolicyThe Board has established a written corporate governance policy and a corporate governance manual as a guideline for directors, executives, and employees to follow this policy. The policy is reviewed annually.
2. Business EthicsThe Board is committed to ensuring that the company's business operations are transparent, ethical, and responsible to stakeholders as well as society and the environment. The Board has developed and approved a business ethics manual. The Board oversees directors, executives, and employees to strictly follow the manual and to promote understanding of the manual throughout the organization. This is to help employees to be aware of and to follow the company's business ethics, including:

• • Ethics in dealing with shareholders
  • Ethics in dealing with employees
  • Ethics in dealing with suppliers
  • Ethics in dealing with customers
  • Ethics in dealing with competitors
  • Ethics in dealing with creditors
  • Ethics in dealing with society and the environment
  • Ethics in combating corruption
  • Ethics in respecting the law and human rights
  • Ethics in conducting business under environmental standards
  • Ethics in not infringing on intellectual property

3.Conflict of Interest

The Board has carefully developed a conflict of interest policy that is based on the principles of necessity, reasonableness, and fairness, and is conducted with honesty and integrity, with the company's interests as a priority. The policy requires that individuals involved in matters that require disclosure of their interests and the interests of those related to them must inform the Board, and must not participate in the consideration or approval of such matters.

The Board will oversee related party transactions and transactions with conflict of interest in accordance with the law and other requirements of the Securities and Exchange Commission (SEC), the Capital Market Supervisory Board, and the Stock Exchange of Thailand (SET) when the company becomes a listed company on the stock exchange.

4.Internal Control

The Board will oversee the company's internal control system and effective internal audit system. The internal control system should be in place at both the management and operational levels, and an internal auditor should be appointed to independently perform audits and report directly to the Audit Committee.

5.Risk Management

The Board will oversee the company's risk management system and processes to appropriately reduce the likelihood and impact of risks to the company's business. The Risk Management Committee will be responsible for considering and developing risk management policies that cover both external and internal risks, and are consistent with the company's strategy and direction. These policies will be presented to the Board of Directors for approval.

6.Whistleblowing Mechanism

The Board of Directors has established a mechanism for receiving complaints and taking action in the event of a whistleblowing of illegal acts, financial statement inaccuracies, inadequate internal control systems, or unethical business practices of the company through independent directors or the company's independent auditors. The complaint and whistleblowing information that is submitted to the company will be kept confidential. Once the independent directors or independent auditors have completed their investigation and found a solution (if any), they will report to the Board of Directors.

7.Audit Committee Report

The Audit Committee is responsible for reviewing the financial statements withthe accounting department and the independent auditor before the financial statements are presented to the Board of Directors for approval. The Audit Committee also receives the internal audit report from the internal auditor every quarter.

1. The Board of Directors schedules at least quarterly meetings, with additional special meetings as needed. The agenda for each meeting is clearly defined and meetings are scheduled in advance. The Board of Directors will send out a meeting notice, agenda, and meeting materials to all directors at least 5 days before the meeting date so that they have sufficient time to study the information before attending the meeting, unless there is an urgent need. Meeting minutes will be recorded and approved documents will be collected for reference and verification. In each meeting, executives and relevant persons will be invited to attend each agenda item as needed and appropriate, in order to provide detailed information for accurate and timely decision-making.
2. The Board of Directors' meeting shall be decided by a majority vote, with each director having one vote. Directors with a conflict of interest in any agenda item will not attend the meeting or vote on that agenda item. In the event of a tie, the chairman of the meeting shall cast one additional vote as the tie-breaking vote.
3. The Board of Directors will conduct an annual performance evaluation to improve and correct its operations. The evaluation will clearly define the evaluation topics and evaluation criteria. The Board of Directors will collect feedback from the evaluation results and present them to the Board of Directors meeting. The evaluation criteria, process, and results will be disclosed in the annual report.

The Board of Directors has established a policy on the prevention of conflicts of interest based on the principle that any decision made in conducting business activities must be solely for the best interest of the company. Actions that may result in a conflict of interest should be avoided. Any person involved or having an interest in a matter under consideration must notify the company of their relationship or interest in such matter and must not participate in the decision-making process nor have approval authority in the related transaction. The key principles are outlined as follows:

1. Directors and executives must inform the company of any relationship or interest in the relevant matter and must refrain from participating in the decision-making process or having any approval authority in such transactions.
2. Avoidance of related-party transactions involving individuals or legal entities with potential conflicts of interest or vested interests. In cases where such transactions are necessary, they must be presented to the Audit Committee for opinion before seeking approval from the Board of Directors or the shareholders' meeting (as the case may be), in accordance with good corporate governance principles for listed companies and other relevant laws. Compliance with the regulations of the Stock Exchange of Thailand (SET) and the Securities and Exchange Commission (SEC) must also be ensured.
3. Executives and employees must strictly adhere to the company's regulations and business ethics. This is essential to maintain the company's credibility and the trust of all stakeholders. The company must ensure that employees throughout the organization are informed and understand how to comply with these practices.

This policy was approved by the Board of Directors at the Board Meeting No. 1/2023 on May 15, 2023.

The company will protect stakeholder information obtained from business operations or related sources, such as customer information, employee information, and trade creditor information.
The company will make every effort to protect such data and will only share it with authorized individuals for legitimate business purposes in accordance with the law. Once the information is no longer needed for business purposes and authorized for destruction, it must be securely disposed of.

Operational Guidelines

1. Disclosure or use of information is permitted only for employees involved in the relevant tasks or as required by law.
2. Unused information must be destroyed properly to prevent data leakage.
3. When disclosure is necessary, the consent of the data owner must be obtained, unless the company is legally required to disclose such information.
4. Carefully review any messages to be sent to external parties and refrain from sending information regarding internal discussions or decisions, as such disclosures could put the company at a disadvantage or cause harm.
5. Do not discuss or disclose confidential information in public without the data owner's consent.
6. Do not install unauthorized programs or software on company computers, and do not forward inappropriate data.
7. Avoid setting overly simple passwords for accessing computers or electronic devices to help protect information.

This policy was approved by the Board of Directors at the Board Meeting No. 1/2023 on
May 15, 2023.

1. Objective

  Asian Palm Oil Public Company Limited (“the Company”) is committed to conducting business with honesty, integrity, transparency, and ethics in line with good corporate governance principles and a strong commitment to anti-corruption in all forms. The company has established this "Whistleblowing and Complaint Policy" to support and provide a communication channel for directors, executives, employees, and all stakeholders to report, in good faith, any misconduct or suspected misconduct such as fraud, corruption, legal violations, breaches of regulations, company policies, or codes of conduct, discrimination, negligence, or careless behavior. The goal is to correct, improve, and ensure proper, transparent, and fair operations. All whistleblower information will be kept confidential to protect the whistleblower’s rights.

2. The scope of Whistleblowing or Complaints

              Whistleblowers may report serious matters that could have a negative impact on the company, including:

1. Violations of the law, corporate governance policies, business ethics, or anti-corruption principles
2. Breaches of company rules or regulations
3. Inaccurate financial reporting, defective internal control systems, or falsified financial documents
4. Conflicts of interest
5. Whistleblowing or Complaint Channels

        To ensure fairness and equal treatment of all stakeholders in line with corporate governance principles, the company provides multiple channels for reporting matters that may affect stakeholders or result in harm due to actions by directors, executives, employees, or staff. Reports may include details about suspected violations of laws, ethics, or corruption. Whistleblowers should provide their name, address, and contact number, along with the name of the alleged offender, incident details, and supporting evidence (if available). Channels include:   

1. Chairperson or Chairman of the Audit Committee

Asian Palm Oil Public Company Limited

99 Ao Luek Tai Subdistrict, Ao Luek District, Krabi Province 81110

Tel: (075) 681354-5

              Email: [email protected]

2. Email to the Chairperson of the Board and Chairperson of the Audit Committee:

         Email : [email protected], [email protected]

3. Suggestion/Complaint Box within the company

  These channels are secure and accessible to ensure that whistleblowers can report without fear of retaliation. The company will investigate all reports following proper procedures, keep written records, and protect whistleblower identity and information.

4. Whistleblowing/Complaint Handling Process
5. Upon receiving a report, the internal audit team or another appropriate unit will gather and verify facts. If the report is substantiated, the matter will be escalated to the Audit Committee and the Board for acknowledgment, direction, and investigation. A fact-finding committee may be appointed to proceed accordingly. The committee will then report findings and recommendations to the Audit Committee and the Board, including appropriate disciplinary actions.
6. After the investigation committee has reviewed the facts, it will present the summary of findings and proposed corrective actions, along with any disciplinary measures, to the Audit Committee and the Board of Directors for acknowledgment.
7. Investigation and Disciplinary Action

  If, upon investigation, there is sufficient reason to believe that the accused has committed an act of fraud or corruption or has violated laws, regulations, company rules, or the code of conduct, the company shall grant the accused the right to be informed of the allegations and to defend themselves by providing additional information or evidence proving their non-involvement. If the accused is found to have indeed committed fraud, corruption, or violated any laws, regulations, rules, or the company’s code of conduct—regardless of whether they are a director, executive, employee, or staff member—such act shall be deemed a violation of the Anti-Corruption Policy, Corporate Governance Policy, and the Company’s Code of Conduct. The violator shall be subject to disciplinary action in accordance with the company’s rules. In cases where the act is unlawful, the violator will face both legal and disciplinary penalties as prescribed by the company.

6. Whistleblower and Complainant Protection Measures

To protect the rights of complainants and informants who act in good faith, the company will keep confidential their names, addresses, or any identifiable information. Access to such information shall be restricted to individuals responsible for handling the investigation.

            In the case of complaints involving corruption by directors or executives, the Audit Committee shall be responsible for protecting the whistleblowers, complainants, witnesses, and individuals providing information during the fact-finding process from any adverse consequences, harm, or unfair treatment resulting from their actions.

            The company shall not take any unfair action against whistleblowers or complainants, including but not limited to changes in job position, job description, workplace, suspension, threats, interference in job performance, termination, or any other form of unfair treatment due to their cooperation in the investigation process.

            Those responsible for handling complaints must maintain the confidentiality of all information, complaints, and evidence provided by complainants and informants. Disclosure to unrelated parties is strictly prohibited unless required by law.

7. False Allegations or Complaints

       If it is found that a whistleblower or complainant has made false statements or reports or provided information with malicious intent or in bad faith that can be proven with evidence, and such actions were aimed at causing damage, then if the person is a company employee, disciplinary action will be taken according to the company’s regulations. If the person is an external party whose actions cause damage to the company, legal action may be taken against that individual.

This policy was approved by the Board of Directors in Meeting No. 1/2023 on May 15, 2023.

1. Company’s Dividend Payment Policy

The company considers dividend payments based on its profitability each year and overall operating performance, subject to legal requirements. Dividends will not be paid in the case of accumulated losses. The company has a policy to pay dividends to shareholders at a rate not less than 30.0% of net profit according to the company’s separate financial statements, based on the typical criteria of listed companies, after corporate income tax, legal reserves, and other reserves (if any). Consideration will also be given to the financial position, cash flow, liquidity, investment plans, and other factors as deemed appropriate by the Board of Directors. Dividend payments must not materially affect the company’s normal operations. The Board of Directors will resolve to pay dividends and propose the matter for approval at the shareholders’ meeting, except for interim dividends, which the Board of Directors has the authority to approve and later report to the shareholders' meeting.

  Dividend payments must not exceed the retained earnings shown in the company’s separate financial statements and must comply with relevant laws.

2. Dividend Payment Policy of Subsidiaries

              Subsidiaries have a policy to pay dividends to shareholders at a rate not less than 50.0% of net profit according to the subsidiary’s separate financial statements, after corporate income tax, legal reserves, and other reserves (if any). Consideration will also be given to factors to maximize shareholders’ benefit, such as financial position, cash flow, liquidity, investment plans, and other factors as deemed appropriate by the subsidiary’s Board of Directors. Dividend payments must not materially affect the normal operations of the subsidiary. The subsidiary’s Board of Directors will resolve to pay dividends and propose the matter for approval at the shareholders’ meeting, except for interim dividends, which the subsidiary’s Board of Directors has the authority to approve and report to the shareholders' meeting at the next session.

  This policy was approved at the Board of Directors’ Meeting No. 1/2023 on May 15, 2023.

Asian Palm Oil Public Company Limited (“the Company”) places great importance on the management and use of inside information in accordance with the principles of good corporate governance. The company is committed to conducting business with integrity and in compliance with good governance practices to ensure that investors receive reliable information equally and promptly. The company has established the following policy regarding the use of inside information:

The guidelines for safeguarding and preventing the misuse of inside information are as follows:

         All personnel at every level must understand and adhere to procedures for securing confidential information to prevent unauthorized disclosure and misuse of inside in formation."inside Information" means:

• Material facts that may affect the price of securities and have not yet been disclosed to the public.
• Information prohibited from being disclosed to the public.
• Information scheduled for public disclosure but not yet officially announced.

1. Guidelines for Handling Inside Information

• Classification of Confidential Information

         Inside information is considered trade secrets and must not be disclosed to external parties. It may be classified into various confidentiality levels based on importance, such as public, restricted, confidential, or highly confidential. Sharing of such information must only occur within the scope of assigned responsibilities.

• Disclosure to External Parties

         Disclosure to the public must be approved by the chief executive officer or executive vice president. The spokesperson may disclose information personally if it is of high  importance or delegate the task to a responsible person. The designated spokesperson is responsible for investor relations and communication with investment-related agencies, coordinating with internal departments that own the data.

• Expressing Opinions to External Parties

         Personnel shall not respond to or express opinions to external parties unless formally designated to do so. If not authorized, employees must politely decline to comment.

2. Use of Inside Information

         The company’s board of directors, executives, and personnel in accounting or finance must report their securities holdings—including those of their spouse and minor children—according to the Securities and Exchange Act B.E. 2535 (1992) and its amendments, as well as relevant regulations by the SEC and the Capital Market Supervisory Board, through the company secretary before submission to the SEC or the Stock Exchange of Thailand.

• Use of Inside Information

The company recognizes its responsibility to shareholders and stakeholders under good governance principles. To promote fairness and equality, the company prohibits all personnel—board members, executives, accounting/finance officers, employees, and their families—from using undisclosed material inside information for trading or influencing others to trade in the company’s securities, whether for personal or third-party benefit.

The use or disclosure of material, undisclosed information to gain any advantage is considered insider trading and is a violation of the Securities and Exchange Act and company disciplinary rules.

Personnel are also prohibited from disclosing financial or price-sensitive information to outsiders or unrelated persons. Trading of the company’s securities is prohibited during the one-month period before such information is released to investors and within 24 hours (or 48 hours for complex information) after its public disclosure.

• Information Technology and Data Security Measures

To ensure compliance, the company has implemented the following IT and information security measures:

• Access to non-public information is restricted to designated management and disclosed to employees only on a need-to-know basis, with notification of confidentiality.
• Workplace security systems are in place to prevent unauthorized access to confidential files and documents.
• Owners of non-public information must ensure strict adherence to security protocols by relevant personnel.
• Disciplinary Measures

         Violators will face disciplinary action, ranging from written warnings, wage deductions, and unpaid suspension to termination of employment, depending on the severity of the offense. Legal penalties may also be imposed by relevant authorities where applicable.

This policy was approved by the Board of Directors in Meeting No. 1/2023 on May 15, 2023.

Asian Palm Oil Public Company Limited (“the Company”) by the Securities and Exchange Commission (SEC) and the Stock Exchange of Thailand (SET). This includes compliance with disclosure requirements on related party transactions and other relevant criteria. Therefore, the Board of Directors has established the following policy on related party transactions:

1. Definitions

         “Related Party Transaction” refers to any deal between the company or its subsidiaries and people or organizations that are connected to them, or between subsidiaries and those connected people or organizations, that involves agreements to buy or sell assets, lease or rent assets, provide or receive services, give or get financial help, issue new securities, or any deals that create or give up rights related to these actions.

         “Related Persons” means the following individuals or entities:

(a) Directors or executives of the company

(b) Major shareholders of the company

(c) Controllers of the Company

(d) Persons proposed to be appointed as directors or controllers of the company

(e) Persons related to or close relatives of those mentioned in (a) to (d)

(f) Juristic persons where individuals in (a) to (e) are major shareholders or controllers

(g) Persons who, by circumstance, are deemed to act on behalf of or under the influence of those in (a) to (f) in making decisions, setting policies, managing, or significantly operating the company, or those whom the SET considers to have similar circumstances.

“Executives” means the chief executive officer or the top four executives following the CEO, including those with equivalent positions, and executives in accounting and finance at the level of vice president or above.

         “Major Shareholders” means shareholders holding more than 10% of the total voting shares of the entity, including shares held by related persons.

         “Controllers” means shareholders or others who have significant influence over the policy, management, or operation of the company, whether by direct or indirect means, such as

(a) Persons holding more than 25% of the voting rights directly or indirectly
(b) Persons who can control the appointment or removal of directors
(c) Persons who can control policy setting, management, or operation
(d) Persons acting as directors or executives or holding similar authority.

“Control over Business” means having relationships such as
(a) Holding more than 50% of voting rights
(b) Controlling majority votes at shareholders’ meetings directly or indirectly
(c) Controlling appointment or removal of at least half of the directors.

“Related Persons” under Section 258(1)–(7) of the Securities and Exchange Act, including:
(a) Spouses
(b) Minor children
(c) Partnerships involving the above
(d) Limited partnerships with more than 30% shares held by persons
(e) Limited companies with more than 30% shares held by above
(f) Other companies controlled by the above.

“Close Relatives” means individuals related by blood or legal registration, including parents, spouses, siblings, children, and their spouses.

“General Commercial Terms” means fair pricing and conditions that do not result in benefit transfers, including

(a) Prices and conditions the listed company or subsidiaries receive or give to the general public
(b) Prices and conditions related to services provided to the general public.
(c) Prices and conditions that can be demonstrated as standard commercial practices.

“Subsidiaries” means companies where the company has control, directly or indirectly.

Other definitions shall comply with the Securities and Exchange Act, relevant announcements, regulations, and guidelines by the SEC and SET.

2. Types of Related Party Transactions

There are five types of related party transactions:

1. Ordinary Business Transactions: Routine commercial transactions with general commercial terms such as sales, purchase of raw materials, or services.
2. Support Transactions: Transactions supporting ordinary business, such as transportation services, advertising contracts, management contracts, or technical assistance.
3. Leasing of Immovable Property for Not More Than 3 Years: Leases that cannot demonstrate general commercial terms, e.g., office or warehouse leases.
4. Asset or Service Transactions: Acquiring or disposing of assets, rights, or services, e.g., machinery purchase, investment acquisition, or sale of rights.
5. Financial Assistance Transactions:

• Providing financial assistance, e.g., loans or guarantees
• Receiving financial assistance, e.g., loans, credit fees, or guarantee fees.

3. Conducting Related Party Transactions by the Company

3.1 Transactions with General Commercial Terms

Related party transactions that are agreements with general commercial terms between the company or subsidiaries and directors, executives, or related individuals may be approved in principle by the Board of Directors. Management is authorized to approve such transactions if the terms are equivalent to those a reasonable person would agree to with an unrelated party in similar circumstances, free from influence, under reasonable and verifiable conditions, and without benefit transfer. These transactions must be necessary for business and in the company’s best interest. A summary report of all such transactions shall be presented quarterly to the Audit Committee and the Board of Directors for review and comments on necessity and fairness.

3.2 Transactions Without General Commercial Terms

For transactions lacking general commercial terms, the Audit Committee will review the necessity and reasonableness before requesting approval from the Board and shareholders. Compliance with all relevant laws, regulations, and disclosure requirements is mandatory. If the Audit Committee lacks expertise, the company may engage independent experts (e.g., auditors, appraisers, legal advisors) to provide opinions for decision-making by the Audit Committee, Board, or shareholders. This approach ensures the transaction is necessary and reasonable, prioritizing the company’s benefit.

Additionally, the company has measures to prevent executives or interested parties from participating in the approval of transactions where they have an interest. The board oversees compliance with securities laws, disclosure, and accounting standards as per professional accounting standards, including disclosure in the annual registration statement and audited financial statement notes.

Future Related Party Transactions

The board will ensure all future related party transactions comply with applicable securities laws, regulations, disclosure requirements, and accounting standards, both current and future. Any transactions or changes involving major shareholders, directors, executives, or related individuals require directors with interests to abstain from related board discussions.

This policy was approved by the company’s board of directors at meeting no. 1/2023 on May 15, 2023.

Asian Palm Oil Public Company Limited (“the Company”) operates under the principles of good corporate governance for listed companies. Therefore, in making investment decisions in various businesses, the company not only considers the returns to all stakeholders involved but also strictly adheres to good corporate governance practices in accordance with the regulations of the Stock Exchange of Thailand and the Securities and Exchange Commission (“SEC”).

         To comply with the aforementioned principles, the company has established an investment policy for its subsidiaries and associates, as detailed below:

The company’s investment policy focuses on subsidiaries or associates that support its core business, as well as those aligned with the company’s goals, vision, and strategic growth plans. Such investments aim to improve the company’s performance or profitability or to benefit the company in ways that enhance its competitive capability and help achieve its goal of becoming a leading operator in its core business. Subsidiaries and associates may also consider investing in other businesses if those businesses demonstrate growth potential, offer opportunities for business expansion, or benefit the group’s operations while providing satisfactory investment returns.

The company will establish governance mechanisms that allow it to control, manage, and be responsible for the operations of its subsidiaries as though they are business units of the company. It will also implement appropriate and sufficient internal control systems in these subsidiaries to safeguard the company's investment in accordance with the defined standards. These measures aim to create shared benefits, expand revenue opportunities, and enhance the company's profitability. The company will assess the appropriate level of investment based on potential risks and its financial position, conducting thorough investment analysis before making any decisions.

Investment decisions must be approved by the Board of Directors or the shareholders’ meeting, as the case may be, and they must comply with the relevant notifications of the Capital Market Supervisory Board and the Stock Exchange of Thailand. Moreover, the company shall appoint qualified and experienced representatives to serve on the boards of directors of such subsidiaries or associates, at least in proportion to the shareholding, to set key policies and oversee their operations.

         The company will monitor the management of its subsidiaries and associates to protect the value of its investment. Subsidiaries and associates are required to submit monthly operating results, quarterly financial statements reviewed by licensed auditors, and supporting information necessary for the preparation of the company’s consolidated financial statements or its quarterly or annual performance reports, as applicable. Furthermore, subsidiaries and associates must report any significant financial issues affecting the company when identified or upon request for review and reporting. They must also disclose all related-party transactions, acquisitions and disposals of assets, or any other transactions fully and accurately.

         This policy was approved by the Board of Directors at Meeting No. 1/2023 on May 15, 2023.

Asian Palm Oil Public Company Limited (“the Company”) has an Information Technology Policy to ensure that employees and related personnel utilize IT systems—comprising data communication networks, operational and data processing software, computers and peripherals, and company files and data—effectively, in compliance with relevant laws and acts, and with adequate security standards, for the benefit and operational effectiveness of the Company. The following practices are hereby established:

(1) To implement information technology systems in all aspects of work and concurrently develop the company's personnel to enhance their knowledge and capabilities.

(2) Employees must use information technology systems to promote the company's business and must not use them for personal gain or in a manner that violates ethics and good morals.

(3) The data owner is responsible for data recorded and disseminated through information technology systems, ensuring it does not lead to legal violations or infringe upon third-party rights.

(4) The use of legally licensed software is mandatory.

(5) The use of information technology systems must be approved and must comply with established regulations.

(6) Data owners must protect their information technology systems and critical business data from unauthorized external access, theft, and sabotage to ensure the continuity of the company's business operations.

(7) Personnel assigned by the company to oversee information technology systems must establish measures to control and secure these systems and must also monitor compliance to ensure all personnel strictly adhere to these regulations.

This policy was approved at the Board of Directors' meeting No. 1/2566 on May 15, 2023.

Internal Control

The company has a policy to establish an effective and efficient internal control system. The board of directors and management have direct duties and responsibilities to establish and maintain the internal control system, as well as to regularly review its effectiveness. Their goal is to protect shareholders’ investments and the company’s assets. The internal control system covers three main objectives: financial and non-financial reporting, operational performance, and compliance with applicable laws and regulations. This system aims to provide reasonable assurance that the company can achieve its goals and strategies.

Internal Audit

The company has established a systematic internal audit function, carried out by the company’s internal audit department and external audit firms. The internal audit reports directly to the Audit Committee. Its role is to provide assurance and advisory services regarding the internal control system, risk management system, and corporate governance processes to ensure that these systems are sufficiently established and effective. This function helps the organization achieve its intended objectives.

This policy was approved by the company’s board of directors at meeting No. 1/2023 on May 15, 2023.

The company has a policy to systematically manage risk throughout the organization by establishing a Risk Management Committee. This committee is responsible for creating policies, establishing systems, and assessing various risks, whether arising from external factors or from the organization's management and internal operations. It also sets guidelines for managing risks to an acceptable level. The company communicates and provides practical training and seminars to employees to raise awareness of the importance of risk management and the company's risk management processes, as follows:

1. Establishing Risk Management Policies and Principles

Policies, objectives, scopes of responsibility, principles, and risk management guidelines are established to align with the company's strategies, goals, plans, and business direction. The company reviews these annually, concurrent with business plan development to ensure consistency. The risk management policies are as follows:

1. The Risk Management Committee is responsible for considering and defining risk management policies, covering both internal and external factors, that align with the company's strategies and business direction in at least four areas:

• Strategic Risk
• Operational Risk
• Financial Risk
• Compliance Risk

2. All employees must recognize the risks in their duties, departments, and the organization. Importance is placed on managing various risks and ensuring systematic management under internal controls to maintain an adequate and appropriate level.
3. All employees must recognize the risks in their duties, departments, and the organization. Importance is placed on managing various risks and ensuring systematic management under internal controls to maintain an adequate and appropriate level.
4. An enterprise risk management process is established that follows recognized standards and aligns with international best practices to ensure effective risk management, which may affect the company's operations. This fosters development and consistent risk management practices throughout the organization. The risk management system is integrated into decision-making, strategic planning, work planning, and company operations, focusing on achieving the objectives, goals, vision, mission, and strategies to create operational excellence and build stakeholder confidence.
5. Guidelines are established to prevent and mitigate risks from the company's operations in order to avoid potential damage or loss. Regular monitoring and evaluation of risk management are conducted to ensure risks are at an acceptable level under appropriate internal controls.
6. We promote and develop the use of modern information technology systems in the company's risk management processes. Support is provided to ensure employees at all levels have access to risk management information, along with the establishment of an efficient reporting system for risk management for the Risk Management Working Group.
7. Risk Identification

The process involves identifying risks that may impact the achievement of objectives and goals by considering risks arising from internal and external factors, such as the environment, laws, finance, information systems, decision-making information systems, investor satisfaction, investment management, human resources, reputation and image, and security systems. Risk management involves prioritizing risks before considering control systems. If risks are rated as high or very high, the organization will analyze and manage them first.

3. Risk Analysis

This involves analyzing and assessing the level of risk remaining after evaluating existing control systems and prioritizing risks. If the remaining risk is still high or very high, risk management measures must be implemented immediately by the responsible senior executives. If the remaining risk is moderate or low, management measures should be implemented at the department level or corrected in the work processes.

4. Risk Management

This involves defining methods and creating plans to manage significant risks, as prioritized in the risk analysis phase. Risk management can be achieved through various methods, such as risk control, risk transfer, risk avoidance, risk exploitation, or risk acceptance.

5. Monitoring and reviewing

This is the process of monitoring the results of risk management according to the defined plan, including evaluating the effectiveness of risk management. The Risk Management Committee will monitor and report to senior management and the Audit Committee on the risk analysis.

This policy was approved by the Board of Directors at meeting No. 1/2023 on May 15, 2023.

Asian Palm Oil Public Company Limited (“the Company”) places great importance on the preparation of accounting and financial reports, which must be accurate, complete, factual, timely, and reasonable for presentation to management, shareholders, government agencies, and other relevant stakeholders. Therefore, it mandates that personnel at all levels must strictly comply with all procedures related to accounting systems, finance, and internal controls, including the company's accounting and financial regulations and Generally Accepted Accounting Principles (GAAP), as follows:

1. Accuracy of Recording Transactions

All business transactions of the company must be recorded accurately and completely and be auditable, without limitation or exception. Transactions must be recorded truthfully in accordance with recognized accounting standards and relevant laws. There must be complete and appropriate supporting documentation for all business entries.

2. Accounting and Financial Transactions

All types of accounting and financial transactions of the company must be accurate, clear, and contain sufficient material information, including appropriate disclosure of significant information,
in accordance with generally accepted standards and the company's financial and accounting regulations. All employees must be aware of the accuracy of accounting and financial transactions, which is considered a shared responsibility with the board of directors, management, and employees responsible for business transactions at various stages.

This policy was approved by the Board of Directors at Meeting No. 1/2023 on May 15, 2023.

This Customer Privacy Policy (“Policy”) is established by Asian Palm Oil Public Company Limited (“the Company”) to outline the policy and procedures related to the collection, use, and disclosure of personally identifiable information (“data processing”) of individuals who are current customers, potential customers, visitors to websites under the Company’s responsibility, and participants in activities organized by the Company (collectively referred to as “Customers” or “you”). It also describes how the company protects and secures your personal data to prevent any violations of your privacy rights under the company’s responsibility. The Company will process your data in accordance with the requirements and practices outlined in the Personal Data Protection Act B.E. 2562 (2019) (“Personal Data Protection Law”), as well as all relevant rules, notifications, and regulations regarding personal data protection.     This policy does not apply to any actions, processes, or activities that are not under the company’s responsibility or are carried out by third parties not engaged by the company.

What is Personal data?

Personal Data” refers to any information that can directly or indirectly identify a natural person. However, it does not include information relating to deceased individuals.

Types of Personal Data Collected

The company may collect various types of personal data from you, including but not limited to the following:

• Identification Information: such as name, surname, date of birth, gender, age, nationality, identification card number/passport number/taxpayer identification number, signature, photographs, video recordings, voice recordings, job title, customer ID, etc.
• Contact Information: such as telephone number, fax number, email address, mailing address, billing address, and shipping address.
• Social Media Contact Information: such as LINE ID.
• Business Documentation: such as copies of corporate certificates or trade registrations, copies of tax-related documents.
• Transaction and Financial Information: such as bank account numbers, transaction patterns with the Company, credit limit information, purchase and payment details, and shipping details.
• Identity Verification Documents: such as copies of ID cards and passports.

Other Personal Data: including any personal information you voluntarily provide to the Company, such as feedback, suggestions, complaints, vehicle details when visiting the Company’s premises (e.g., license plate number), or any other personal data submitted when participating in Company activities.

The Company may also collect, use, or disclose sensitive personal data. The Company will only process your sensitive personal data when it has obtained your explicit consent, unless there is a necessity and the law allows the Company to process such data without your explicit consent. Sensitive personal data includes, but is not limited to, health information, religion, race, biometric data (e.g., facial recognition data, iris scan data, fingerprint data), and any other data that could affect your personal privacy as prescribed by the Personal Data Protection Committee.

Please note that if the personal data collected by the Company is necessary for legal compliance or contractual obligations between you and the Company, and you do not provide such data, the Company may be unable to offer you the desired goods or services, allow your participation in Company activities, or resolve issues arising from your product purchases or service experiences with the Company.

If you provide the personal data of your subordinates, representatives acting on your behalf, or individuals related to services with the Company for the purposes outlined in this Policy, you are responsible for informing them of the intended use and their rights related to personal data as described herein. You are also responsible for obtaining any necessary consents from those individuals and ensuring that you have the legal right to provide their personal data to the Company for further processing (if applicable).

Data is automatically collected by the company.

When you visit the Company’s website, certain types of information may be collected automatically, including but not limited to:

• Technical Information: such as IP address, cookie ID, website usage history (activity log), browser settings, and your website visit data.

Website Usage Information: such as search queries, media or content viewing data, page response times, the duration of visits to each page, and other related data concerning how you access and interact with the Company’s website.

Methods of Personal Data Collection

The Company may collect your personal data directly through the following means and actions:

1. The Company may collect your personal data when you reach out to it via its communication channels, seeking information or making inquiries about its products, services, or business operations.
2. You may also submit information and documents about your business or organization to the Company for the purpose of contract processing or to place product orders.
3. You may place orders for products or services directly from the Company or through authorized representatives acting on its behalf.
4. You also register to participate in any activities organized by the Company, or to receive giveaways or other privileges offered to customers.
5. When you visit the company's premises or inspect its product quality or production processes.
6. You visit the Company's website.

In addition, the Company may collect your personal data from other accessible sources, including public sources such as:

1. The Company may also collect your personal data from its affiliates, group companies, or subsidiaries.
2. Websites that publicly disclose your information.
3. Social media platforms of which you are a member and where you have shared personal data.
4. Business partners, service providers, or other third parties who have lawfully collected your personal data and have your consent to disclose it.
5. Government agencies whose data is publicly accessible or available upon request.

Purposes of Personal Data Processing

The Company will collect, use, and disclose your personal data for the following purposes:

1. The Company will use your personal data to fulfill contractual obligations between you and the Company, which includes preparing contracts or transactions such as sales agreements, product preparation, product delivery, and providing services to you as a customer or contractual party.
2. Before entering into transactions or legal agreements with the Company, the Company will verify and authenticate your identity to ensure the accuracy of the information or documents you provide.
3. The Company will consider and approve the creation of a customer account in its system, and will also evaluate and approve your credit for product purchases.
4. The Company processes financial transactions and payment-related services to fulfill your product orders, which includes the verification, confirmation, and cancellation of transactions.
5. We engage in marketing activities, which include updating you about benefits, launching promotional campaigns, inviting you to Company events, and presenting products or services you might find appealing through the channels you've specified, including phone, mail, email, or the LINE application.
6. We may consider granting you access to the Company's premises, allowing your personnel or relevant individuals to inspect and evaluate the Company's operational performance.
7. To register your participation in activities organized by the company or to receive giveaways or benefits prepared for customers, including for event preparation purposes.
8. We verify your compliance with the terms and conditions of participation in Company-organized activities.
9. The Company may contact you to resolve issues, respond to inquiries, feedback, complaints, or disputes related to its products, services, or activities.
10. We aim to gather your feedback on our products and services, which we will utilize in our research, evaluation, development, and enhancement efforts to better cater to your needs and those of our other customers.
11. The Company uses this information for the planning, administration, management, and development of its business operations.
12. The Company is also responsible for managing and enhancing the functionality and usability of its website.
13. The Company also uses closed-circuit television (CCTV) for security monitoring within its premises. The Company adheres to the laws and regulations of the governmental authorities under its jurisdiction, and it also handles legal claims against it, including the reporting of high-risk transactions to the appropriate authorities.

The processing of your personal data for the aforementioned purposes will depend on the activities and methods of your interaction with the Company. The legal basis on which the Company may rely for processing your personal data includes the following:

1. You have given consent for one or more specified purposes.
2. The processing is necessary for the performance of a contract to which you are a party and to take steps at your request prior to entering into a contract.
3. The processing is necessary for compliance with a legal obligation to which the Company is subject.
4. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.

The processing is necessary for the legitimate interests of the Company or of another natural or legal person.

Disclosure of Personal Data

The Company may disclose your personal data to other individuals or entities either with your consent or as permitted by law without requiring your explicit consent. The parties to whom your personal data may be disclosed include:

Subsidiaries, Affiliates, or Group companies.

The Company may disclose your personal data to its subsidiaries, affiliates, or group companies when necessary to achieve the purposes specified in this Privacy Policy.

Service Providers

The Company may disclose certain personal data to its service providers as necessary to carry out various operations, such as banks or financial institutions, logistics providers, the Company’s IT system providers, auditors, legal and tax consultants, etc.

These service providers may not use or disclose your personal data for any purpose other than those specified in this Policy, unless it is necessary to contact you on behalf of the Company or to comply with legal obligations.

Business Partners

The Company may disclose certain personal data to its business partners for the purposes specified in this Policy, which may be beneficial to you.

Law Enforcement and Governmental Authorities

The Company may be required to disclose your personal data to comply with legal obligations or to respond to lawful requests from governmental authorities, such as submitting tax records to the Revenue Department.

Business Transfers

The Company may disclose your information, including your personal data, as part of a corporate restructuring, merger, business sale, or transfer of other assets. The transferee will be required to handle your data in a manner consistent with this Policy and applicable personal data protection laws.

Retention and International Transfer of Personal data

The Company stores your personal data in both physical and electronic formats at its designated data storage locations. Your personal data will be stored on the company’s servers, located in Thailand.

In certain cases, the Company may disclose or transfer your personal data to individuals or organizations located outside of Thailand. If such a transfer occurs, the Company will implement appropriate measures to ensure that your personal data is adequately protected and that the destination country maintains an appropriate level of data protection. The transfer will be in accordance with the conditions and requirements prescribed under applicable data protection laws, regulations, or relevant announcements or guidelines.

• Administrative safeguards
• Technical safeguards
• Physical safeguards

These measures cover access control and the use of personal data. The Company will periodically review these measures to ensure compliance with the data protection laws and related regulations. The Company shall also comply with data protection standards, relevant laws, announcements, and regulations concerning personal data security.

However, data transmission over the Internet or wireless networks cannot be guaranteed to be 100% secure. You acknowledge that: There are inherent security and privacy limitations of the internet that are beyond the Company's control; The security, integrity, and privacy of any information exchanged between you and the Company cannot be fully guaranteed; and Personal data and information may be accessed or tampered with by unauthorized third parties during transmission, despite the Company's best efforts.

Tracking Technologies (Cookies)

When you visit https://asianpalmoil.web.app/cookiepolicy.html or any website operated and maintained by the Company, please be informed that the Company uses “cookies” to enhance and optimize your user experience.

Cookies are text files that the Company stores on your hard drive via a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Each cookie is uniquely assigned to you and can only be read by the web server in the domain that issued it.

The Company may use cookies to collect, store, and track information for statistical purposes to operate its website. You have the option to accept or decline cookies. Most web browsers automatically accept cookies; however, you can modify your browser settings to decline cookies if you prefer. Please note that if you choose to decline cookies, you may not be able to use or experience certain features of the Company’s website.

If you If you would like more detailed information about cookies used by the company, please visit: https://asianpalmoil.web.app/cookiepolicy.html.

Data Subject Rights

When you provide your personal data to the Company, you are entitled to various rights as the data subject. You may exercise these rights free of charge, subject to exceptions as provided by law. Your rights under the Personal Data Protection Law include the following:

1. Right to Withdraw Consent – You have the right to withdraw the consent you have previously given to the Company at any time. However, your withdrawal of consent will not affect the lawfulness of personal data processing carried out based on your prior consent before the withdrawal.
2. Right of Access – You have the right to access your personal data held by the Company and to request a copy of such data. You also have the right to request disclosure of how the Company obtained your personal data.
3. Right to Data Portability – You have the right to receive your personal data in a structured, commonly used, and machine-readable format where the Company has made such data available in an automated format. You also have the right to request that the Company transmit such data to another data controller, where technically feasible, or to receive such data directly unless it is technically impractical or prohibited by law.

4. Right to Object – You have the right to object to the collection, use, or disclosure of your personal data at any time unless such collection, use, or disclosure is necessary for the legitimate interests of the Company or another person or legal entity, or for carrying out a task in the public interest, and such processing is within your reasonable expectations.
5. Right to Erasure (Right to be Forgotten) – You have the right to request the deletion or destruction of your personal data, or to make the data anonymous if you believe that your data is being collected, used, or disclosed unlawfully, or if the Company no longer needs to retain it for the purposes stated in this policy, or if you have exercised your right to withdraw consent or object to the processing.
6. Right to Restrict Processing –You can ask for your data to be deleted or made anonymous if you think it is being unlawfully collected, used, or disclosed, if the Company no longer needs it, or if you have withdrawn consent or objected to processing.
7. Right to Rectification – You have the right to request that your personal data be corrected to ensure it is accurate, up-to-date, complete, and not misleading.
8. Right to Lodge a complaint – You have the right to lodge a complaint with the competent supervisory authority if you believe that the collection, use, or disclosure of your personal data is in violation of or not in compliance with the Personal Data Protection Law.

You may exercise your rights as a data subject, as outlined above, by contacting the Company or the Company’s Data Protection Officer using the contact details provided at the end of this policy. The Company will inform you of the outcome of your request within 30 days from the date your request is received, using the request form or procedures specified by the Company. However, in some cases, the Company may take longer than 30 days to process your request if permitted by applicable law.

If the Company rejects your request, it will inform you of the reason for the rejection through various communication channels, including SMS, email, phone calls, and postal mail.

Personal Data Breach Notification

In the event of a personal data breach involving your personal data, the Company will notify the Office of the Personal Data Protection Committee without undue delay and, where feasible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, the Company will notify you of the breach, along with remedial measures, without undue delay through various communication channels such as the Company’s website, SMS, email, phone call, postal mail, etc.

Links to Other Websites.

The Company’s website may contain links to other websites that are not owned or controlled by the Company. Please be aware that the Company is not responsible for the privacy practices of such third-party websites. So, the Company suggests you check the privacy policies of any site that may collect your data, as those policies govern how your data is protected.

Amendments to the Privacy Policy

The Company may amend this Privacy Policy from time to time if there are changes in its personal data protection practices, due to reasons such as technological advancements or legal requirements. The updated Privacy Policy will become effective once published on the Company’s website at:

https://asianpalmoil.web.app/cookiepolicy.html

However, if such amendments significantly affect you as a data subject, the Company will provide you with prior notice in an appropriate manner before the changes take effect.

This policy was approved by the Board of Directors at Meeting No. 1/2023 on May 15, 2023.

Contact Information

If you have any questions or wish to request additional information regarding this policy, including exercising your rights, you may contact the Company using the following contact details:

Asian Palm Oil Public Company Limited

Address:             99 Moo 2, Ao Luek Tai Sub-district, Ao Luek District, Krabi Province, 81110, Thailand

Email:                [email protected]

เว็บไซต์:             https://asianpalmoil.web.app/

เบอร์โทรศัพท์:       075-681354, 075-681355

Data Protection Officer (DPO)

Email:                   [email protected]

Phone Numbers:    075-681354 ext. 1400, 075-681355 ext. 1400

The Information Technology Risk Management Plan of the Information Department, Asian Palm Oil Public Company Limited ("the Company"), has been established as an operational framework for managing information technology risks. This includes identifying risks, analyzing risks, and defining guidelines or control measures to prevent or reduce risks, aiming to achieve the company's policy objectives. Since risks can lead to direct or indirect negative consequences or losses, the company must understand the types of risks it faces to select appropriate methods for managing them.

Executive Summary

         The Information Technology Department of Asian Palm Oil Public Company Limited ("the Company") recognizes the importance of risk management. Therefore, an Enterprise Risk Management Policy has been established to serve as a framework for developing a quality and standardized risk management system. This policy considers alignment with the policies and operational goals of Asian Palm Oil Public Company Limited. This ensures that the risk management plan is both efficient and effective in managing risks while also providing confidence that work processes comply with rules, regulations, announcements, orders, and best practices. This compliance aims to achieve the company's goals through the participation of all departments and personnel at every level within the company.

Principles and Objectives

         Asian Palm Oil Public Company Limited has adopted information technology to enhance operational efficiency and provide greater convenience to various departments. At the same time, information technology systems may be damaged by changes in strategy, structure, and internal resources, as well as external factors such as political unrest and natural disasters. These may impact the company's operations, preventing them from meeting the targets set in the operational plan, which would pose risks to the company as a whole.

The Enterprise Risk Management Policy has been established for the following objectives:

1. The policy aims to guide all personnel in the organization to engage in the development of the risk management process, thereby assisting the company's operations in accomplishing the objectives outlined in the operational plan.
2. The policy aims to equip departments with an operational framework that enables them to respond systematically and uniformly to events that could potentially pose risks across all areas.
3. Since risks can lead to direct or indirect negative consequences or losses, it is necessary to consider factors that may impact operations and prepare support measures to manage them systematically. This ensures that risk management is successful and can efficiently reduce potential losses.

5-Step Risk Management Process:

1. Identify risk factors.
2. Analyze risks.
3. Define risk management measures.
4. Monitor, report, and evaluate results.
5. Review risk management.

Risk factors can be identified in four areas, as follows:

1. There are risks associated with harm to information systems and data.
2. Information system disasters carry risks.
3. There are risks associated with the security and safety of database systems.
4. User access rights at various levels pose risks.

Risk management measures have been analyzed and defined as control guidelines as follows:

1. Perform backups of information databases and procure backup systems to ensure information systems can operate.
2. Conduct tests for the recovery of information databases and information systems.
3. Inspect the main communication network systems, uninterruptible power supply (UPS) systems, intrusion prevention systems, and network firewall systems.
4. Install antivirus programs and keep the antivirus database updated.
5. Inspect the security system for accessing and exiting the server room.
6. Inspect the readiness of firefighting equipment.
7. Define data access rights between users and information technology system administrators.

Information Technology Risk Management

Risk management in information technology involves defining policies, structures, and processes for the board, executives, and personnel of the organization to implement in formulating strategies and performing operations throughout the organization. This is to provide a reasonable level of assurance that the organization's operations will achieve the established objectives.

1. Identify risk factors and the potential impacts that may arise.

2. Risk Assessment

Note: The scoring criteria for likelihood and impact range from 1 (lowest) to 5 (highest).

1 = Least / 2 = Low / 3 = Moderate / 4 = High / 5 = Highest

3. Risk Management

4. Risk Management Activities

The company has implemented the following risk management plans for its database and information systems:

1. Data backup and recovery from damage (backup and recovery)
2. The development of a contingency plan is necessary to address uncertainties or disasters that may affect the information systems, referred to as the IT Contingency Plan.
3. Monitoring and controlling access to the computer center and protecting against damage
4. Maintaining security systems for the database, such as antivirus software, uninterruptible power supply (UPS), firewalls, and backup systems
5. Defining user access rights at different levels (access rights)
6. Maintaining audit logs is essential for monitoring system activities, which include logs of server and network operations, application logs of user activities, and detailed intrusion prevention logs like login and logout records.

Risk Assessment and Mitigation Measures

Upon assessing various risks, the following hazardous risks and corresponding mitigation measures were identified:

Human Error: Staff's insufficient knowledge and comprehension of hardware and software can lead to damage, malfunction, or system downtime, ultimately decreasing operational efficiency. To minimize this risk, training sessions are provided to enhance staff knowledge and understanding of both hardware and software.

Computer Viruses: Viruses can damage computers or network systems. The following measures are implemented:

• Installation and regular updating of antivirus software
• Installation of firewalls to prevent external intrusions.
• Use of properly licensed software and prohibition of unauthorized software installations
• Prohibition of unauthorized software downloads by users

Power Outage: UPS devices have been installed to regulate power supply to servers in case of electrical failure. Measures include:

• Installation of UPS units is intended to protect computer equipment and ensure the uninterrupted operation of servers and personal computers, providing backup power that lasts approximately 20–30
• Keeping UPS units operational during computer use and regularly maintaining them
• Users are instructed to save work immediately and shut down equipment properly during power outages.

Fire Damage:

An automatic fire suppression system (IG-55 inert gas system) has been installed above and below raised floors and is environmentally safe and harmless to electronic equipment. High-sensitivity smoke detectors are also installed near the air return of the air conditioning system. Actions include:

• Defining fire control zones and posting warning signs
• Providing basic fire prevention and suppression training to all employees, with at least annual fire drills
• Marking critical server equipment for efficient relocation during emergencies

External Intrusion or Attacks:

Attempts to access or control IT systems or damage data are mitigated by

• Scanning for vulnerabilities and updating programs to patch weaknesses
• Maintaining active firewall protection to prevent unauthorized access from the internet
• Prohibiting unauthorized installation or use of wireless devices by users

Software and Data Loss: Issues such as virus infection, hackers, spyware, internet worms, trojans, or disruptive software can damage database systems. Measures include:

• Regular monitoring of operating system performance
• Installation of updated antivirus and firewall systems
• Restricting system access rights to authorized users only

Internet Network Failures: Failures may result from server crashes or high user loads, causing service disruption. Measures include:

• Technical staff monitoring network performance
• Monthly maintenance and inspection of network channels

This policy was approved by the company’s board of directors at Meeting No. 1/2023 on May 15, 2023.

Asian Palm Oil Company Limited (Public) is engaged in the extraction of crude palm oil from fresh palm fruit purchased from local farmers and the generation of electricity from biogas. The company is committed to environmental and social responsibility by actively implementing the following actions:

1. Extracting palm oil in compliance with environmental regulations as prescribed
   by law.
2. Promoting environmental awareness and safety consciousness among employees, making it their responsibility to ensure environmental protection and safety during operations.
3. Utilizing production technology, resources, and energy efficiently and cost-effectively to maximize production and product quality, with minimal environmental impact.
4. Continuously improving environmental performance according to the objectives and goals set in a proper and suitable manner.
5. Protecting the environment with a focus on preventing pollution and addressing issues at the source.

        This policy was approved by the Board of Directors at its meeting No. 1/2566 on May 15, 2023.

Objective

       Since Asian Palm Oil Company Limited (Public) ("the Company") recognizes the importance of reducing greenhouse gas emissions, it has established the Greenhouse Gas Emission Reduction Policy to manage and implement strategies aimed at reducing energy consumption and greenhouse gas emissions within the organization.

Implementation Guidelines

Based on the objective above, the company has developed a corporate carbon footprint report. The company is committed to carrying out the following practices in accordance with this policy:

1. Conduct various activities in compliance with laws and other regulations by compiling these requirements into an operational manual.
2. Collect all relevant data and calculate the amount of greenhouse gas emissions from the organization’s activities annually in order to continuously improve the management system.
3. Promote and campaign for the reduction of greenhouse gas emissions from various organizational activities, including the use of raw materials, fuels, energy consumption, transportation, etc.
4. Provide knowledge to employees to foster awareness and responsibility towards society and the environment.
5. Disclose the information on the amount of greenhouse gases emitted from the organization’s operations to all employees and relevant stakeholders, in accordance with applicable rules and regulations.

        This policy was approved by the Board of Directors at the 1/2566 meeting held on May 15, 2023.

Download 

Asian Palm Oil Public Company Limited (“the Company”), engaged in the extraction of crude palm oil and the generation of electricity from biogas, is committed to energy management and conservation. The company encourages active participation from all levels of management and employees in implementing this policy, as outlined below:

1. The Company shall establish and continuously improve an appropriate energy management system, integrating energy conservation as a core component of all departmental operations, in compliance with applicable laws and relevant regulations.
2. The company shall enhance energy resource utilization efficiency through the adoption of appropriate technologies, improved production processes, and best operational practices in accordance with the energy management system.
3. The company shall define annual energy conservation plans and targets and ensure effective communication and understanding among all employees to enable accurate implementation.
4. The company regards energy conservation as a shared responsibility of all levels of management and employees, who are expected to actively cooperate in adhering to established measures.
5. The Company shall provide necessary support, including personnel resources, budgeting, working time, training, and opportunities for employee involvement in proposing ideas to improve energy performance.

6. The management team and the energy management working group shall review and revise the energy policy, goals, and action plans on an annual basis.

This policy was approved by the Board of Directors at its Meeting No. 1/2025 on
26 February 2025.