Effective Date: [27 October 2025]
Last Updated: [27 October 2025]
This Privacy Policy Amendment for the Thailand Personal Data Protection Act (“PDPA Amendment”) applies to the processing of personal data, including the collection, use, and disclosure of any information that identifies or can be used to identify an individual (“Personal Data”), by Sharge Management Company Limited (“SHARGE,” “the Company,” “we,” or “our”).
This PDPA Amendment constitutes an amendment to and forms part of the Sharge Management Privacy Policy (“Privacy Policy”) to ensure compliance with the Thailand Personal Data Protection Act B.E. 2562 (“PDPA”).
This PDPA Amendment applies specifically to the processing of Personal Data of customers using SHARGE’s applications, websites, or electric vehicle charging station networks (collectively, the “Services”) and who are located in Thailand.
In the event of any conflict between the provisions of the Privacy Policy and this PDPA Amendment, the provisions of this PDPA Amendment shall prevail.
Sharge Management Company Limited, incorporated under the laws of Thailand, is the data controller responsible for the collection and processing of your Personal Data.
Address: 29 Vanissa Building, 11th Floor, Ratchadamri Road, Lumpini, Pathumwan,
Bangkok 10330
Email: support@shargemgmt.com Tel: +66 2 114 7571
We may collect Personal Data directly from you or automatically through your use of the Services, including but not limited to:
●
Identification
Data: Name,
email, phone number, address, and information provided during registration or
customer support.
●
Identity
Verification:
Verified phone number via OTP (required for account security).
●
Charging
Data:
Station location, start/stop time, electricity consumption, service fees, and
usage history.
●
Payment
Data:
Cardholder and billing information (SHARGE does not store full card numbers).
●
Location
Data: When
location-based features are enabled.
●
Device
Data: IP
address, device/browser type, app version, and error logs.
● Cookies and Analytics Data: See Section 4 for further details.
We process your Personal Data for the following purposes and legal bases:
|
Purpose of Processing |
Legal Basis under PDPA |
|
To provide access to EV charging stations and partner (roaming) services |
- It is necessary to process personal data to comply with our contractual obligations with you or to respond to your requests prior to entering into such a contract; or - It is necessary to process personal data based on the Company’s legitimate interests to support business activities and provide services efficiently, which helps generate profit and attract new customers. |
|
To verify identity and prevent unlawful activities or rights violations |
- It is necessary to process personal data to comply with applicable laws and regulations, such as corporate law, tax law, electronic transactions law, and to adhere to lawful orders issued by government authorities. |
|
To process financial transactions such as payments, refunds, and the issuance of receipts |
- It is necessary to process personal data to fulfill your requests prior to entering into a contract or to perform the contract. |
|
To provide safety alerts or payment-related notifications |
- It is necessary to process personal data to fulfill your requests prior to entering into a contract or to perform the contract. |
|
To provide customer service and handle complaints |
- It is necessary to process personal data to fulfill your requests prior to entering into a contract or to perform the contract, in order to provide services and facilitate the customer experience throughout the use of the service. |
|
To detect, prevent, and investigate fraud or security incidents |
- It is necessary for the performance of duties under the public authority vested in the Company. - It is necessary, based on the Company’s legitimate interests, to protect the rights, safety, and property of the Company, as well as those of its customers, from potential harm arising from unauthorized access to or use of personal data. |
|
To analyze usage statistics and improve service performance |
- It is necessary to process personal data for statistical purposes in order to analyze, develop, and improve the performance of the application. - It is necessary to process personal data based on our legitimate interests to promote our business activities and provide services efficiently, which helps generate profit and attract new customers. |
|
To send news, promotions, and marketing offers from SHARGE (with opt-out available at any time) |
- It is necessary to process the data for the purpose of developing marketing strategies based on the consent legal basis, whereby the data subject is given the voluntary choice to provide such consent. |
Use of phone numbers: Verified phone numbers may be used for identity verification, service notifications, and system alerts. With your consent, SHARGE may also use this data for marketing communications, which you may withdraw at any time via the app or customer support.
SHARGE may disclose your Personal Data to the following parties:
1.
Service
Providers:
Including cloud service providers, OTP systems, analytics, or security services
under PDPA-compliant agreements.
2.
Payment
Processors:
For the purpose of processing financial transactions.
3.
Station
Owners and Roaming Partners: To provide services and resolve related issues.
4.
Affiliates
and Strategic Partners: Within Thailand or abroad, for product development and
service delivery, under appropriate data protection safeguards.
5.
Government
Authorities or Regulators: As required by law, court orders, or lawful instructions.
6. External Auditors: For compliance and performance assessments.
Disclosures may also occur in connection with corporate restructuring, mergers, or business transfers. All Personal Data will be maintained confidentially in both physical and electronic form, including during data transmission.
In cases of cross-border data transfers, SHARGE will comply strictly with the PDPA by implementing appropriate safeguards, such as Standard Contractual Clauses or other legally recognized mechanisms.
SHARGE does not sell your Personal Data to any third party.
SHARGE uses cookies to recognize returning users, analyze usage patterns, enhance system performance, and ensure security.
You may manage cookies through your browser settings; however, disabling cookies may cause certain website features to function improperly.
The
Company implements appropriate physical, digital, and administrative safeguards
— including encryption, access control, and segregation of duties.
While SHARGE strives to protect your information, no system is completely
secure. Please maintain the confidentiality of your account credentials.
In the event of a personal data breach that may pose a risk to your rights or freedoms, SHARGE will notify you and the Personal Data Protection Committee (PDPC) as required by law.
SHARGE retains Personal Data only for as long as necessary for business purposes or as required by law:
●
Transaction
Data: Up to
10 years (in accordance with tax laws).
●
Customer
Service Data:
Up to 3 years after case closure.
● Analytics Data: Up to 13 months, or longer if required for ongoing disputes or claims.
Retention periods may vary depending on system requirements, legal obligations, or pending disputes.
Your Personal Data may be transferred to or processed in other countries that may not provide equivalent data protection standards as Thailand.
Where required by the PDPA, SHARGE will ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) or other legally recognized protective measures — to ensure your data remains adequately protected.
(8.1) Right to Access, Rectification, and Erasure of
Personal Data
In
the event that you consider any of your personal data retained by the Company
to be inaccurate, incomplete, or misleading as a result of the disclosure or
processing of such data, you are entitled to request access to, rectification,
erasure, or destruction of your personal data in accordance with the procedure
prescribed by the Company. Upon receipt of such a request, the Company will
review and take appropriate actions to fulfill the purpose of your request
without undue delay. The Company, however, reserves the right to refuse such a
request if it is aware that the request is contrary to applicable law or legal
obligations.
(8.2) Right to Withdraw Consent
You
are entitled to withdraw your consent to the processing of your personal data,
where such processing is based on consent, at any time. The withdrawal of
consent shall not affect the lawfulness of any processing previously carried
out prior to such withdrawal.
(8.3) Right to Object to Processing
You
have the right to object to the processing of your personal data where such
processing is carried out under any of the following legal bases:
(8.1) performance of a task carried out in the public interest or in
the exercise of official authority vested in the Company;
(8.2) legitimate interests pursued by the Company or by a third
party;
(8.3) processing for direct marketing purposes; or
(8.4) processing for scientific, historical, or statistical research
purposes.
The Company may, however, deny your objection if there are overriding legitimate grounds for such processing, or if the processing is necessary for the establishment, exercise, or defense of legal claims. In such a case, the Company shall record the reasons for its refusal as required by law.
(8.4) Right to Restrict Processing
You
have the right to request the restriction of processing of your personal data
for a temporary period if the personal data held by the Company is suspected to
be inaccurate, incomplete, or under verification, or if the processing is
unlawful. The Company will take appropriate measures to suspend such processing
until the accuracy of the data has been verified or the dispute has been
resolved.
Please contact the Company through the communication channels provided below to exercise your rights under the Personal Data Protection Act. The Company may be required to verify your identity prior to taking action on your request, such as by sending a one-time password (OTP) to your registered phone number or email address.
We do not knowingly collect data from children under 13. If discovered, such data will be deleted. Where consent is required for minors, we will seek consent from a legal guardian.
We may update this PDPA Supplemental Notice from time to time.In the event of material changes, we will notify users via the application or website. Continued use of the Services after such changes constitutes acceptance of the revised terms.
Sharge Management Company Limited
29 Vanissa Building, 11th Floor, Ratchadamri Road, Lumpini, Pathumwan, Bangkok 10330
Email: support@shargemgmt.com Tel: +66 2 114 7571