“Personal Data” refers to any data whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the data, or when put together with other data would directly and certainly identify an individual.
“Sensitive personal data” pertaining to racial, ethnic origin, political opinion, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
"Processing of personal information" means any activity by the Company on the customer’s personal data, including collection, use, disclosure of personal information, and deletion of personal information.
People who use customer personal information
The company is the "controller of personal information" of all customers which company has duties and responsibilities for the processing and security of customers’ personal information. The processing of personal data is done as necessary for the provision of the service to perform the request. This may include promotion, marketing as the case may be by the purpose, scope and method of use as specified by law.
Personal information of customers that the company may collect
In order to access and use the company’s services, it is imperative that the customer provides personal information that enables the customer to be identified in order to be able to identify products or services. The company collects personal information directly from customers such information includes personal information specified in the database such as name, last name, date of birth, phone number, address, Line ID, Internet Protocol (IP), or the like.
Why does the company use personal information of customers?
Company uses the personal information of customers for the purposes of connection with the purchase of products and the provision of after-sales service. Where the company processes personal data of customers for reasons (The basis for data processing) which may be based on one or several reasons. Can be assembled as follows;
- The company has the duty to perform the contract: Processing according to the contract base so that customers can exercise their right to exchange back or use after-sales service according to company policy.
- The company has received consent from the customer: Consent processing whereby the company will ask for the consent of the customer to process the customer’s personal data for marketing purposes, promotion or for statistical studies, analysis, research and data evaluation or for any purpose that are not prohibited by law.
The processing of the customer’s personal data is for the stated purposes only. In some cases, the company may consider processing the customer’s personal data for other relevant purposes and does not conflict with the original purpose. However in the event that the company is required to process the data for another purpose rather than the original purpose. The company will request a new consent for the use of the information for that new purpose.
Getting consent from minors, incompetent person and quasi-incompetent
- For children under 16, the holder of parental responsibility shall give or authorize the consent. Children who are underage can give the consent alone only when it falls under Article 22, Article 23 and Article 24 of the Civil and Commercial Code. Other than that, consent shall be given or authorized by the holder of parental responsibility.
- Incompetent persons need to obtain consent from a guardian who has the power to act on behalf of an incompetent person.
- Quasi-incompetent persons need to obtain consent from a guardian who has the power to act on behalf of a quasi-incompetent person.
Disclosure of personal information to third parties
Company may disclose personal information of customers to third parties as necessary for the processing of our duties, responsibilities, contracts or law or according to the customer’s consent.
The website and payment account may provide links to other websites and services for your convenience and information. These may contain notices and privacy policies that differ from those of the company. Company recommends you to check before using those services. To the extent that company does not own or control the linked websites that customer visits.
The company is not responsible for that service, methods and information relating to payment for purchases made on the site. Your credit card information such as credit card number, the issuance bank of credit card, the expiration date are stored and verified through a third-party payment system. These data are not stored permanently on company servers and will be deleted immediately after being reviewed by a third-party payment system.
Right to personal information of customers
Customer has the rights to your personal data, and according to the PDPA these rights include:
Right to be informed: Customer has a right to be informed about the processing of personal data, collection method, person who will receive the information, reason and the period for which personal information is stored.
Right to access: Customer has a right to access and obtain a copy of your personal data that we hold about you. Customer may ask company to disclose the sources of where we obtained your personal data to which you have not consented to and check whether the company has processed the information in accordance with the law or not.
Right to data portability: Customer has a right to request company to transfer your personal data to other persons/organizations, or request to see the personal data that company have transferred to other persons/organizations, unless it is impossible for us to carry out your request due to technical circumstances.
Right to object: Customer has a right to object to the processing of your personal data, unless there are circumstances that do not allow you to make the objection.
Right to erasure or Right to be forgotten: Customer has a right to request us to delete, destroy or anonymize your personal data.
Right to restrict processing: Customer has a right to request us to restrict the processing of your personal data in the following circumstances:
・It is under a pending examination process to check if the personal data is accurate, up-to-date, complete and not misleading.
・Company are pending verification of a basis to reject the objection request for the collection, use or disclosure of personal data.
Right to rectification: Customer has a right to rectify inaccurate personal data in order to make it accurate, up-to-date, complete and not misleading.
Withdrawal of consent
If the customer wishes to withdraw their consent to such processing, customer can contact company and make a request in writing. Withdrawal of consent will not affect the lawful processing of personal data that you have previously consented to by the company. Withdrawing consent may affect the customer in the company’s products and services. For example, not receiving benefits notification, new promotions or offers or not receive information that is useful to you, etc. Therefore, for the benefit of customers should study or inquire about the effects before withdrawing consent.
If customer withdraws his/her consent, company will use its best efforts to process or clarify within 30 days or less within the time limit specified by law. The Company will comply with legal requirements relating to the customer’s rights as the subject of personal information.
How long we keep personal information
In principle, personal information is kept as necessary. The company will store your personal information for as long as necessary for the purposes of statutory collection. The customer’s personal information will be collected for no more than 5 years from the last time the customer bought the product or used our service. After the storage period, the company will delete or destroy personal information for the safety of our customer information.
Methods for which the company protects personal information of customers
Company will ensure that the Personal Data collected by or on behalf of the company is properly saved and having adequate security measurement to protect the processing of the Personal Data.
We will ensure the protection of Personal Data in its possession or under its control by making security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, and disposal.
In the case of customer wishes to exercise the rights agreed on this agreement or withdraw consent for the processing of the customer’s personal data or have any inquiries regarding Personal Data, please contact our Data Protection Officer at this following contact details:
- Tel : 02-080-9454
- Email : email@example.com
- Address : อาคารสยามพิวรรธน์ ทาวเวอร์ ชั้น 19 ยูนิต บี 1 เลขที่ 989 ถนนพระราม 1 แขวงปทุมวัน เขตปทุมวัน กรุงเทพมหานคร 10330
If the customer considers that the processing of the customer’s personal data does not comply with the Personal Data Protection Act 2019, the customer has the right to complain to the Office of the Personal Data Protection Commission.
Updated on 1 June 2022