1. Personal Data
“Personal Data” means the information relating to a person, which enables the identification of such person, whether directly or indirectly. The Company shall collect the following personal data for the Services:
- Information on the User’s identification card, passport and/or other documents issued by government authorities. The information may include identification card number, name, surname, birthday, gender, nationality, photo, and location
- Necessary contact information such as contactable address, telephone number, and e-mail
- Financial information such as transaction records made through wallet accounts or other Services, credit card information, and bank account information
- Information that is necessary for the Company’s service support
- Information relating to your devices and usage behaviors, including but not limited to the unique device identifier, advertisement ID, IP address, mobile device operating system, mobile network service provider, location, cookie, phonebook.
- Information that is necessary for the compliance with the law and the requests of law enforcement agencies and/or court orders
2. Personal Data Source
The Company may receive the User’s Personal Data from the following source:
- Directly from the User. The User discloses Personal Data to the Company, the Company has obtained Personal Data from the use of its Services, the response of its survey, and the interactions between the Company and the User from available communication channels including but not limited to the Company’s website and its browser’s cookies
- From a third party including agents and subcontractors where the right to disclose the User’s personal data is in compliance with the law in order to register and provide the Services to the User
3. Basis of the Collection, Use and Disclosure of Personal Data and the Purposes of such Processing
The Company shall collect, use, or disclose Personal Data under the legal basis and in accordance with the following purposes:
- To enhance and improve the Services’ quality, increase the Services’ efficiency, and facilitate the use of the Services
- To verify the User’s identity in transactions with the Company
- To contact the User regarding the matters of its Services, after sales services, or other cases deemed necessary
- To perform its responsibilities in accordance with the contract in which the User is a contractual party or to perform the request of the User before entering into the contract
- To perform its responsibilities in accordance with the contract between the Company and a third party that is deemed beneficial to the User
- To enable the Company to use, transmit, transfer, process and/or disclose personal data to relevant persons or entities including auditors, government agencies, assignees of claim and/or juristic persons or any other person that the company is a contractual party
- To investigate fraudulent transactions
- To assess data and notify news, promotions, and other benefits of the Company including that of other juristic persons
- For any other purpose that is not prohibited by law and/or to comply with any applicable law or regulation.
- For any other purpose that is authorized by law to collect, use or disclose without the consent of the personal data subject.
4. Storing of Personal Data and the Retention Period
- Storing of Personal Data
- Retention Period
The Company shall store Personal Data in hard copy format and/or electronic format with a security system in place to prevent the loss, access, use, alteration, or disclosure of personal information
The Company shall retain Personal Data for as long as necessary throughout the time the user is still using the Services or having the relationship with the Company, or as long as necessary to achieve the purposes related to the Company’s Services. In this regard, the Company may continue to retain such Personal Data in accordance with the laws such as the Anti-Money Laundering law or for the purpose of verification and investigation in the event of dispute within the prescription as specified by law. The Company shall delete or destroy Personal Data or make such Personal Data unidentifiable when it is no longer necessary to be retained or such retention period has ended.
5. Using of Personal Data
The Company shall collect, use, or disclose Personal Data according to Article 3. The Company may disclose Personal Data and services’ information to other parties, such as the Company’s affiliates and subsidiaries, personal data processors, government agencies, IT service providers, financial institutions, customer support service providers, marketing and advertising agencies, and persons or juristic persons which the Company and/or the User is the contractual party with, with the consent of the User or when it is allowed by law. The Company may disclose Personal Data for various purposes, such as for analyzing and improving its Services, for collecting statistical data and research, for promotions and public relations, for management review, for fraud prevention, and for identifying the User.
The Company may be required to submit Personal Data to the Anti-Money Laundering agency. The Company may need to transfer the User’s Personal Data to persons, foreign agencies, or international organizations that do not have adequate personal data protection standards.
6. Restrictions on the Use of Personal Data
The Company shall not disclose and use Personal Data other than the intended purpose unless the consent from the User is obtained, or in accordance with the contract the company has made with the User, or when it is required by court order or by law to do so, or when the Company is asked for cooperation to assist government officials to prevent frauds which do not interfere with the confidentiality of Personal Data or to support the benefit of public interest or legitimate rights.
In case the Company requires additional Personal Data, the Company shall inform the User as seen appropriate to obtain the User’s consent as well as notifying of the consequence in case the User refuses.
7. Right of the Owner of Personal Data
As the data subject under the PDPA, the User has the following legal rights:
- Right to withdraw the consent The User has the right to withdraw the consent which has been provided to the Company except in cases where the legal rights are restricted or when the consent is contractually beneficial to the User. The withdrawal of the consent may have an impact on the use of the Services, such as the User will not receive benefits Information, news, offers do not receive products or services that are better and more in line with their needs, etc. Users should study and inquire about the impact before withdrawing their consent.
- Right to access to and obtain a copy of the Personal Data
- Right to request the Company to send or transfer the Personal Data to the data controller or the User
- Right to object to the processing of Personal Data
- Right to correct and update Personal Data
- Right to delete or destroy Personal Data
- Right to suspend the use of Personal Data
- Right to file complaint
However, the Company is entitled to deny any of the request if there is any specific legal ground allowing the Company to do so or if the request deemed fraudulent or unreasonable including the request which is not in accordance with the law and/or which may deem impractical to do so.
8. Impact from Refusing to Release Personal Data
If the User does not give consent to the Company to collect, record, or use of Personal Data as specified by the Company, the Company may be obliged to refuse or suspend the Services due to the inconsistency with the Company’s purposes and/or relevant laws or regulations. The consideration and approval of the use of the Services is at the sole discretion of the Company.
In the event that the User does not give consent to the Company to use the information other than that allowed by the contract and by law the User can still access to the Services but may not receive the same level of services and benefits.
9. Personal Data of Legally Incompetent Person
In the event that the Company requires to collect, use, or disclose Personal Data of a legally incompetent person, such as a minor (under 20 years of age), a person who has been ordered by the court to be a quasi-incompetent person, or a person who is legally incompetent, the Company shall conduct in accordance with appropriate procedures and the standards prescribed by law.
The company maintains measures for the security of Personal Data by establishing a secured area and/or deploying technology to prevent data loss, data access, data use, destruction of data, and data misuse including changing, modifying or disclosing of data inappropriately
Improvement of Policy