Privacy Policy

Personal Data Protection Policy

Effective Date: April 26, 2022 (Latest Version)

Please read this Personal Data Protection Policy ("Policy") carefully, as it is legally binding between Sawasdee Sophonpichit Co., Ltd. ("Company") and you as a user of the Company's services.

Due to the fact that the Company may receive data that can directly or indirectly identify an individual ("Personal Data"), the Company has prepared this Personal Data Protection Policy to ensure that the processing of such Personal Data complies with relevant laws and to inform you of the Company's Personal Data Protection Policy under the terms and conditions detailed below.

 

1. Definitions

"Personal Data" refers to information about a person that can directly or indirectly identify that person, but does not include information of deceased persons specifically, as defined under the Personal Data Protection Act B.E. 2562.

"You" refers to the data subject who gives consent.

"Other companies in the same group" refers to companies in which the Company and/or shareholders holding 25% of the Company's shares hold shares, or companies and/or shareholders holding 25% of those companies' shares hold shares in the Company.

1. Consent of the Data Subject

The Company will use your data (a) for the purposes specified in this consent form and/or (b) as required by law. You may withdraw your consent under clause (a) at any time, but such withdrawal will not affect the consent you have already given.

1. Acquisition of Personal Data

The Company collects your Personal Data by the following methods:

        1.1      Direct collection from service users

You may provide Personal Data directly to the Company through the service application process, contact for inquiries, form completion, complaints, participation in activities, opinion surveys, or feedback, both in paper and electronic formats.

 

1.2      Automated collection

The Company may collect certain technical information about the device you use, operating system, activity data, browsing patterns, usage areas, website browsing history, or any other technical data, by collecting it through the use of cookies or similar technologies. For more details, please refer to the Cookie Policy.

1.3      Collection of data from other sources

The Company may collect data from other sources based on legal grounds to improve services to you, such as commercial banks, department stores, restaurants, or other shops, etc.

 

1. 2. Types of Personal Data Collected by the Company

The Company will collect your Personal Data as follows:

2.1      Personal Data from using or applying for services

(1)       General Personal Data: name and surname, national identification number, date of birth, photograph

(2)       Social media account information used for service registration or contacting for services (if any), such as account name, profile picture, account email address.

(3)       Contact information: address, telephone number, email address.

(4)       Any other information you have provided to the Company (if any).

 

2.2      Financial Personal Data

(1)       Information and details regarding payment for goods and services, purchase history, payment history, proof of payment, warranty/claim details, discounts, as well as information about bank accounts, commercial bank names of bank accounts, email addresses linked to credit/debit cards, etc.

 

2.3      Personal Data regarding complaints and disputes

(1)       Information on managing complaints and disputes, such as investigation data, investigation of fraudulent behavior or behavior contrary to laws, regulations, and company work rules, consideration and disciplinary action, litigation, and legal action concerning employees/staff, including reporting data to relevant regulatory agencies.

 

 

2.4      Technical Personal Data

(1)       User account information (if any), such as Account Name, user account information, Username, Password.

(2)       Website access and usage information or the Company's service channels, such as device identifiers, computer IP addresses, device IDs, device types, connection information, browser types, system login/logout logs, location information, etc.

(3)       Other Personal Data necessary for providing services to you.

2.5      Sensitive Personal Data

Sensitive information such as personal data about race, ethnicity, blood type, political opinions, cult beliefs, religion or philosophy, sexual behavior, criminal records, health data, disability, trade union data, genetic data, biometric data.

2.6      Other Personal Data

            Other Personal Data includes:

(1)       Communication data with the Company.

(2)       Data on participation in Company activities.

(3)       Images and audio recorded via CCTV, photographs, image recordings, and audio recordings of conversations.

 

1. Purpose of Using Personal Data

The Company collects, uses, and discloses Personal Data ("Data Processing") to carry out the following purposes (hereinafter collectively referred to as "Data Usage Purposes"):

Purpose/Activity	Basis for Data Processing
1. Management for providing services to users Operations related to product and service management, coordination, communication, and any other operations in accordance with the Company's procedures to provide services to you under the service agreement between you and the Company, including contracts or other agreements related to such service agreement.	Contractual Basis / Consent Basis (for sensitive data)
2. Public Relations and Marketing Providing information or presenting news about the Company's products, services, important events, or activities, including benefits, promotions, invitations to events or projects through user contact channels, as well as data analysis, research, advertising, and marketing, which may include linking habits with behavior, preferences, and ideas of users to conduct personalized marketing and advertising.	Consent Basis
3. Product/Service Development and Improvement Operations to develop and improve the Company's products/services, including surveying and inquiring about user satisfaction, research, data analysis, testing and experimentation, and any other operations for such purposes.	Legitimate Interest Basis
4. Business Planning and Management Data analysis, planning, forecasting, and any other operations to manage business operations and expansion.	Legitimate Interest Basis
5. Financial Management Operations in accordance with procedures to manage the Company's finances, including managing payments for goods and services from users, managing taxes and tax evidence.	Contractual Basis / Legal Obligation Basis
6. Risk Management and Complaint Handling Operations to manage risks, internal audits, handle complaints, disputes, and litigation, including fact-finding, investigations, consideration, and punishment.	Legitimate Interest Basis
7. Security Operations to assess security risks and maintain the security of information systems, data, and assets of you and the Company.	Legitimate Interest Basis
8. Compliance with Legal Obligations or Orders from Government Agencies Operations to comply with laws, rules, regulations, or ordinances of government agencies or regulatory bodies concerning business operations, not limited to tax laws, computer crime laws, and personal data protection laws, or orders from government agencies, including compliance with judicial processes and law enforcement.	Legal Obligation Basis
9. Exercise of Legal Rights by the Company Operations for the establishment of legal claims, compliance with or exercise of legal claims, or defense against legal claims, various lawsuits, as well as operations for enforcing legal claims of the Company.	Legitimate Interest Basis
10. Prevention of Danger Operations in good faith that the collection, use, or disclosure of personal data is necessary to prevent or suppress danger to the life, body, or health of you or another person, in cases where you are unable to give consent to disclose information at that time, and there is no other way to prevent or suppress such danger.	Basis for preventing or suppressing danger to life, body, or health of a person

1. 4. Disclosure of Personal Data

      The Company may disclose your personal data within the scope of the data usage purposes to the following persons:

4.1      Group companies of the Company

The Company may disclose your personal data to its group companies, including personnel of such group companies. The Company may assign group companies to process personal data under the data usage purposes for the Company.

4.2      Personnel of the Company

The Company may disclose your personal data to directors, executives, or other employees of the Company who are responsible for managing personal data under the data usage purposes of this announcement. The Company will restrict access to and disclosure of personal data only to employees who have the right to access it and only as necessary on a need-to-know basis.

4.3      External service providers

The Company may use external service providers necessary for its business operations and for providing services to you under the data usage purposes, such as external data management service providers, cloud service providers for data backup and storage, information system service providers, logistics and transportation system service providers, etc., including using services from external service providers to develop or enhance service functions to facilitate users, such as payment gateway service providers for credit card payments or other payment methods, etc., as well as professional advisors and service providers such as legal advisors and law firms, auditors, lawyers, internal and external auditors, etc.

4.4      Government agencies, regulatory bodies, and other agencies mandated by law

The Company may disclose your personal data to government agencies, regulatory bodies, or other agencies mandated by law, including officials of such agencies, to perform duties according to laws, rules, regulations, or ordinances of relevant agencies, not limited to tax laws, computer crime laws, personal data protection laws, or in cases of orders from government agencies or courts, including compliance with judicial processes, law enforcement, and the exercise of the Company's legal rights.

4.5      Other agencies or individuals

The Company may disclose your data to other agencies or individuals, including financial institutions, assignees, and/or any legal entities or individuals with whom the Company has a contract or relationship/legal relationship, both in Thailand and abroad, as necessary and appropriate to carry out the data usage purposes.

1. Retention Period of Personal Data

The Company will retain your Personal Data throughout the service period and for another [number] years after the termination of the relationship between you and the Company. The Company will delete or destroy your Personal Data after such period or when your Personal Data is no longer necessary for the purposes of data usage, unless the Company is required to retain such Personal Data to comply with laws, rules, regulations, or orders from government agencies or regulatory bodies, including the enforcement of legal rights or contracts as deemed appropriate by the Company.

1. Data Security

The Company will exercise appropriate caution in maintaining the security of Personal Data by adhering to methods and principles consistent with legal requirements to prevent unauthorized access, use, and disclosure of Personal Data, both for paper and electronic data storage. However, if you have reasonable suspicion that the Company's Personal Data security system has flaws or there is a risk of Personal Data leakage, you can immediately inform the Company through the contact channels specified in Clause 12.

1. Your Rights

You have the right to request the Company to take the following actions regarding your Personal Data:

7.1      Right of Access

The right to request access to or obtain a copy of your Personal Data held by the Company, including requesting the Company to disclose the acquisition of such Personal Data for which you have not given consent.

7.2      Right to Rectification

The right to request to review, change, update, or correct your Personal Data to be accurate, complete, and current without causing misunderstanding.

7.3      Right to Object

The right to object to the collection, use, or disclosure of your Personal Data at any time. The Company will proceed with such in the following cases:

(1)       In cases where the Company collects Personal Data based on the legitimate interests of the Company or a third party, or for public interest in processing Personal Data, unless the Company can demonstrate compelling legitimate grounds that override your interests, or the processing of Personal Data is for the establishment, compliance with, or exercise of legal claims, or the defense against legal claims.

(2)       The Company processes Personal Data for direct marketing purposes.

(3)       The Company processes Personal Data for scientific, historical, or statistical research purposes, unless it is necessary for the performance of a public task of the Company.

7.4      Right to Data Portability

Under personal data protection laws, you have the right to receive your personal data in a commonly used and machine-readable format, and have the right to transmit such personal data to another data controller or to yourself, unless it is technically impossible.

7.5      Right to Withdraw Consent

In cases where the Company relies on your consent for the collection, use, or disclosure of Personal Data, you have the right to withdraw your consent for the use of Personal Data that you have given to the Company throughout the period that the Company retains such data, unless there are legal or contractual restrictions on the right to withdraw consent that benefit you. However, such withdrawal of consent shall not affect the collection, use, or disclosure of Personal Data that has already been consented to. In the event that you refuse or withdraw consent for the collection, use, or disclosure of Personal Data to the Company, it may result in some restrictions on your rights or may result in the Company being unable to fully manage or carry out the purposes/activities for which you have refused or withdrawn consent if such data is necessary for the Company to carry out those actions.

7.6      Right to Erasure

The right to request the Company to erase or anonymize your Personal Data in the following cases:

(1)       Your Personal Data is no longer necessary for the purposes of data usage specified in Clause 3.

(2)       You withdraw your consent which is the basis for the collection and processing of Personal Data, and the Company no longer has legal authority to collect or process such Personal Data.

(3)       You have objected to the processing as per Clause 7.3.

(4)       When your Personal Data has been collected or processed unlawfully.

The above-specified cases shall not apply to the processing of personal data necessary for the purpose of exercising freedom of expression, for creating historical documents or statistics, for performing duties in public interest, for the necessity of complying with laws to achieve objectives related to preventive medicine or occupational medicine, or public health benefits, for the purpose of establishing, complying with, or exercising legal claims, or for defending against legal claims, or for complying with laws.

7.7      Right to Restriction of Processing

The right to request the restriction of processing your personal data in the following cases:

(1)       The Company is in the process of verifying the accuracy of personal data as requested by you.

(2)       In cases where personal data must be deleted or destroyed according to Article 7.6, but you wish to restrict its use instead.

(3)       The Company no longer needs to use your personal data, but you need and request the Company to retain such personal data for establishing, complying with, or exercising legal claims, or for defending against legal claims.

(4)       The Company is in the process of proving according to Article 7.3 (1) or verifying according to Article 7.3 (3) to reject your objection according to Article 7.3.

7.8      Right to File Complaint

In the event that the Company, its employees, or other personnel of the Company violate or fail to comply with the personal data protection law, you have the right to submit a complaint to the Office of the Personal Data Protection Committee at 7th Floor, Rachaprachanupak Building, Government Complex Commemorating His Majesty the King's 80th Birthday Anniversary, 5th December B.E. 2550 (2007), Chaengwattana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210, Telephone (+66) 02-142-2233.

1. Impact of not providing personal data

        You may be affected by not providing personal data as detailed below:

8.1      Cases of necessary personal data

Personal data collected by the Company based on contractual and legal obligations is necessary for the Company to comply with contracts and relevant laws as specified in purpose item 3. In the event that you refuse to provide personal data necessary for processing data for purposes based on such legal bases, the Company may not be able to manage services or process data for those purposes for you, such as providing services and delivering goods to you, processing your payments, etc., until you provide all necessary personal data to the Company.

8.2      Cases of other personal data

            In the event that you refuse or withdraw consent for some or all personal data that is not covered by clause 8.1, such refusal or withdrawal of consent may result in you not receiving or being able to utilize welfare, privileges, benefits, or anything else for the purpose of using that personal data, if the personal data you refused or withdrew consent for is necessary for that operation.                            

1. Marketing Communications

In the event that you receive letters, newsletters, and other types of communications, both in paper and electronic form, for the purpose of promoting the Company's marketing activities or informing you of other news related to the Company, if you do not wish to receive such information, you can unsubscribe from those marketing communications according to the procedures specified in the document sent.

1. Other Personal Data Protection Policies

This policy applies solely to the collection, use, and disclosure of personal data of the Company's service users. If you access or use other websites or platforms, even if accessed through the Company's website or service channels, you must study and comply with the privacy policy appearing on that website or platform entirely separate from this policy.

1. Other Matters

This Personal Data Protection Policy is subject to Thai law. The Company reserves the right to amend, change, and improve the Personal Data Protection Policy as deemed appropriate by the Company to comply with changes related to the processing of your personal data and changes in the personal data protection law or other relevant laws. The Company will notify you of significant amendments through appropriate channels. In the event that such changes involve specifying additional data usage purposes, the Company may request your consent before processing personal data according to the new purposes if the law requires such consent. However, you fully understand and accept that it is your duty to monitor changes to this policy from time to time. You can check the latest Personal Data Protection Policy on the Company's website.

1. Contact Channels with the Company

If you wish to contact the Company regarding personal data protection or wish to exercise your rights as specified in this policy, you can contact us through the following channels:

Mailing address:        

Sawasdee Sophonpichit Co., Ltd.

      No. 319/1 Soi Sukhumvit 31 (Sawasdee), Sukhumvit Road, Khlong Tan Nuea Subdistrict, Watthana District, Bangkok 10110

      Tel. 02-662-1901

      Email address: sawasdeesophonpichit@sawasdeesophonpichit.com