Data Security and Privacy

Today, OISHI uses digital technology as an important tool in business operations, both in terms of increasing the efficiency of work for employees and various operating systems, as well as adjusting business strategies to be in line with the current situation to increase sales and generate profits, for example, giving special privileges with a personalized marketing strategy through the form of displaying messages on mobile phones of customers, as well as increasing security and convenience for consumers. But at the same time, electronic espionage has escalated into a cyber threat. OISHI considers the security of all stakeholders’ information. This includes information about consumers, customers, employees and other sectors directly and indirectly related to the Company. Therefore, OISHI has the following mechanisms, plans, and preventive measures for management to prevent unauthorized access to information that may cause damage to business and related parties:

1. Establish an information policy of OISHI, which includes guidelines for use, governance, security protection, and penalties. This also includes educating employees about digital technology in their daily lives, continually raising awareness and responsibility about the use of social media for employees through e-mail notification, training and various activities to provide employees with knowledge and understanding of the correct use of technology that does not violate the relevant
laws and with information security to prevent cyber threats, including the benefits and harms of using social media that will affect society.

2. Build a security protection system from network systems to computers and devices that are vulnerable to third-party attacks.
2.1 At the network level, a firewall is created to prevent and ensure that traffic is transmitted only in the specified channel to the allowed destinations.
2.2 At the device level, computer anti-virus programs are installed on all computers and are centrally connected in order to control and fix problem machines accurately and quickly, as well as identifying the root cause of threats in order to solve problems at the root cause and prevent recurrence of problems in the future.

3. Assigning permissions to use various systems of employees for confidentiality classification and information management to provide access to information for the benefit of its use and as necessary, to systematically prevent illegal access to confidential information and espionage. This also includes requiring an access logging system to effectively monitor access to data across systems.

4. Having a data center and a backup system that is important to enable data to be used when the main system has problems, allowing the business to continue its operation.

5. Collecting network usage information in accordance with the regulations of the Computer Crime Act and there is supervision of access to websites that are vulnerable to espionage or illegal activities.

6. Installing a program to check the use of illegal programs on every computer to prevent copyright or other intellectual property infringements. As for server systems, licenses are reviewed and renewed annually to ensure that all OISHI Group systems use only legitimate programs.

7. Adding a system to record and track the problems of computers and equipment related to information systems so that the departments in charge of such matters can communicate with users and solve problems effectively.

8. Establish a centralized database system in accordance with the Personal Data Protection Act and the importance of respecting the privacy rights of customers’ personal data and using members. The information is stored only on servers that are accessed by the competent authority and operated by the authorized organization or service provider. Any personal data provided by the user will be retained for as long as necessary to achieve the purposes stated in the personal data choice notice to which the user has given consent or for the period necessary to meet legal requirements, accounting requirements and/or to protect the interests of the Company.