[TARA BANGKOK], a company incorporated under Thai law, having its registered offices at No. 1, Soi Pattanakarn 46, Pattanakarn Road, Suanluang, Bangkok 10250 Thailand (collectively “we” or “us”), process Personal Data that we collect from or it relates to users navigating our websites or relevant party with our product and service (collectively “you”).
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. Personal Data
2. Collection of Personal Data
We may collect your Personal Data in several different ways. Sometimes, we or our authorized representative may collect your Personal Data from other sources.
2.1 Information that we may collect directly from you:
2.1.1 Whenever you interact with us, you may be asked to provide us your Personal Data. For example:
- Some of our purchase and/or services require you to create an account or apply for membership. When creating your accounts or applying for membership, we may ask you to provide a range of information, such as your name, date of birth, contact details, payment information, feedback information (e.g., feedback, complaint, survey), log data and device information, membership information, interests and account and newsletter preferences.
- When you purchase, register, send for repair or return one of our products or receive any service from us, we may record the call or chat and/or ask you to provide information such as your contact details, delivery date and place of purchase and payment information.
- When you contact our customer service centres for assistance, we may keep information about the conversation, including your name, contact details, the product(s) you bought or any services you receive, the reason to why you contacted us and the advice we gave you.
- When you join one of our loyalty programs, we may collect information relating to your use of the loyalty program and the rewards that you claim.
- When you visit us at a public event, such as trade show or exhibition or participate in one of our surveys, competitions, prize draws or workshops, we may ask for information, such as your business card, name, contact details, interests and preferences.
- When you use our online services, such as websites or applications, we may receive content that you choose to upload, such as product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to tell us about, for example, when you select the services that you wish to receive. In addition, when you browse websites, we may receive content related to your browsing activity, the time of your visit, the preferred language, what items were clicked on a page, how much time you spent on a page, what items you place in your shopping basket in our webstore, what products and services you purchased or interested in, and how much was paid).
- When you participate in surveys and research, we may ask you for information, such as your email address and information about you.
- When you apply for a job position offered by us, we may ask you for information such as your name, contact details, education and employment history.
- When you submit your Personal Data to us for any other reason.
2.1.2 Please take care when submitting information to us, in particular when completing free text fields or uploading documents and other materials. Some of our services are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
2.1.3 You are not required to provide the Personal Data. However, if you do not do so, we may not be able to provide you with our products or services, communicate with you or respond to your enquiries. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct because it may result in our inability to provide you with the products and services you have requested.
2.1.4 If you provide us with any Personal Data relating to a third party (e.g., information of your spouse, children, parents, and/or employees), by submitting such Personal Data to us, you represent to us that you have obtained the required consent of the third party to provide us with their Personal Data.
2.2 Information that we may collect from other sources:
2.2.1 We may also collect your Personal Data from publicly available sources and third parties, including:
- When you seek to make a purchase from us, we may carry out credit and financial checks to ensure payment is not made fraudulently and that you have a suitable credit rating.
- If you purchase products or services from us or other retailer, we may receive certain information about your purchase from that retailer.
- We may also receive information about you from other our group companies that you interact with. In particular, when you link your accounts for certain our group services.
- When carrying out business to business sales calls, we may use business contact details that are publicly available.
- When carrying out research and development, we may use information about you that are publicly available.
2.2.2 We may also collect your Personal Data from other sources may include but not limited to:
- Data obtained by us from persons related to you (e.g. your family, friends, referees).
- Data obtained by us from governmental authorities, regulatory authorities, and/or third-party service providers.
In case you have given any Personal Data of any other person to us in executing transactions with us or any purposes, you shall notify such person of the details relating to the collection, use and disclosure of Personal Data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or relied on another legal basis to provide personal data to us.
2.3 Information we may collect in relation to social networks
2.3.1 If you use any of our social network applications, pages or plugins or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:
- If you log-in to one of our websites or services using your social network account, we may receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings, however, they might include your social network ID, name, profile picture, gender and locale. We may also receive additional information from your profile if you give us permission to access it.
- If you click on a ‘like’, ‘+1’ or ‘tweet’ or similar button in one of our websites or services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you.
- If you ‘like’, ‘+1’ or similar one of our pages on a social network site, we may receive information about your social network profile, depending on your social network account privacy settings.
2.4 Information we may collect when you use websites, products and services from us
2.4.1 Some of our websites, internet-enabled products and online services provide us with information about your use of them, including:
- Details of the content that you view and interact with. For example, when you use our website, we may collect information about your visit, such as your browser software, which pages you view and which items you ‘clicked’ on or added to your shopping basket.
- Service, product or server logs, which hold information about your use of our service, product or websites, such as your IP address, browser information (including HTTP user agent strings), HTTP client request information and the time and location of your activities, domain, device and application settings, errors and hardware activity.
- Device information such as your device ID(s) and/or information about where your device is physically located. For example, when you are using a geo-location service or application and you have provided consent to your location being shared.
- Interests and preferences that you specify during setup of the Internet enabled product or service.
- Communications that you have with our customer service centres or our personnel may be monitored and logged.
- In general, this information is collected using digital identifiers such as a device number, browser cookie or your IP address, HTTP headers and other internet transfer protocol signals, user-agent strings, device type, screen resolution, device geolocation, operating system version and device identifiers, such as Apple IDFA or Android Advertising ID. These identifiers are used to distinguish the information provided by your browser or device from that of another user’s browser or device,
- We may associate the collected information with one or more of your accounts, if for instance you are logged into a service when the information is collected.
2.5 Sensitive Data
We will not process special categories of Personal Data concerning you (“Sensitive Data”) except where we are able to do so under applicable laws or with your explicit consent. Sensitive Data refers to Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner as prescribed by laws.
3. Purpose of Collection, Use and Disclosure of Your Personal Data
3.1 Generally, we collect, use and disclose your Personal Data for the following purposes or described when we are seeking your consent, where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your Personal Data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Through your use of the Services, we will only collect, use and disclose Personal Data. In any case, you will be either asked to explicitly consent to collection and further processing of your Personal Data or at least be informed that such processing is based on another lawful basis. We do not collect and process more or other types of Personal Data than necessary to fulfill the respective purposes. We will only process Personal Data as set forth in this Policy, unless you have specifically provided your consent to additionally processing your Personal Data. If we intend to process your Personal Data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, process your Personal Data for a different purpose only with your permission.
3.1.1 Service provision
When we use personal information to offer our products and services to you, the processing is based on an agreement between you and us. We may use personal information to provide services to you including:
- To provide you with a product or service you have requested, including checking that a payment is not made fraudulently, delivering your purchase or repaired products to you or ensuring that you benefit from any relevant special offer or promotion (and fulfil its obligations under any other agreement it may have with you).
- To facilitate and process your searches and requests for information when you contact us about us and our products and services.
- To resolve complaints, respond, and handle requests and enquiries.
- To provide customer care, warranty, returns and other after sales services.
- To verify your identity when you contact us.
- To provide our checkout assistance service. When you use our online stores, details of any products that you seek to purchase and your email address may be collected as you fill in the checkout form. If you do not complete your purchase, we may contact you using these details to offer our assistance (in case, for instance, you were suffering from technical difficulties). This is an optional service. You can choose not to receive our checkout assistance emails at any time by following the link at the bottom of each assistance email.
3.1.2 Product and service development
We work constantly to improve our products and services. We either base this processing on our legitimate interests to develop our products and services to better meet customer requirements, to ensure data quality, to develop identity management, and to strengthen network and information security, or on your prior consent. We may use Personal Data for product and service development purposes such as:
- For staff training and quality assurance purposes, particularly in relation to our customer relations staff at our call, email and other support centres. For example, we may monitor and record your phone calls and customer-facing interaction.
- To measure our performance, troubleshoot and improve and enhance our products and services and effectiveness, fix errors, or ask for your opinions on our products and services and conducting product surveys.
- To carry out research and development and statistical analysis and marketing research activities to and create and improve new and existing our products and services, recommendations, advertisements and other communications and learn more about customers in general.
- To analyse, develop, improve and optimize the use, function and performance of our services and to conduct our relationship managements (e.g. to serve customers, to conduct customer survey, to manage customer segmentation, to handle complaints).
We will use your Personal Data to offer you products and services we believe may interest you. These products and services may be offered by us, our related companies, our other business partners or our service providers. Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
When we use Personal Data for marketing purposes, we base the processing on either our legitimate interests to know our customers, keep you up-to-date about our latest products and services, and to personalise your customer experience, or on your prior consent, e.g. for sending marketing messages and to personalise your customer experience.
Scenarios that we may use your Personal Data for marketing purposes include:
- To provide you with newsletters and other communications by post, email, telephone, text message (SMS), social network, or instant message if you have provided your prior consent or we are otherwise permitted to do so under applicable law. These communications may include, for instance, details about our latest products and services, including upgrades and special offers in which you may be interested.
- Conduct prize draws, contests and organize any other promotional offers or events.
- Create anonymous, aggregated statistics about the use of our websites, products, services and loyalty programs, which we may share with third parties and/or make available to the public as well as proceed customer grouping and segmentation based on demographic, geographic and behavioural characteristics, in order to better understand the interests and preferences of our (potential) customers, and so communicate with them more effectively.
- Use our product or service reviews, comments or content you have uploaded to our websites or services and made publicly visible to link to, publish or publicise elsewhere including in our own advertisements. Each time you create or reply to a post or thread on a website forum from us, in addition to providing this forum service, we may also record the forum name and the time and date of your post or thread with your account details. We do this to better understand the ‘typical users’ of our forums and to select or tailor our marketing communications to reflect your forum activity. We do not use the content of your forum posts or threads for these additional purposes.
3.1.4 Security, fraud prevention and investigation
- We may use your Personal Data collected from monitoring our websites, online services, our website browsing and emails for security purposes. We may also use your Personal Data to analyse, troubleshoot, investigate, handle, or resolve any security matters and technical and functional management or any vulnerability. This information may be passed to the police or to other appropriate authorities. We base this processing on our legitimate interests to protect you and our company, systems, employees and partners, or on a legal obligation to cooperate with competent authorities.
- We may use Personal Data to prevent, detect, and investigate commercial crime, dispute or fraud, to investigate any violations of our policies, and to conduct audit, due diligence or to analyze, prevent and manage commercial risks to us. For example, we may use your information such as your device ID(s) to ensure that any vouchers or discounts relating to any promotions or campaigns are not being redeemed fraudulently, and to check that a payment is not made fraudulently. In this case, we base the processing of personal information on our legitimate interest to prevent fraud and to provide benefits only to our customers.
- We may also use your Personal Data to comply with applicable laws, regulations and court orders, including conducting identity verification, background checks and credit checks, Know Your Customer (KYC) process, Customer Due Diligence (CDD) process, other checks and screenings (including screening against publicly available database of regulatory authorities and/or official sanctions lists), and to comply with valid legal information requests from such bodies. We may use your Personal Data to enforce or defend the legal rights of any of our group company or the terms and conditions of any of our products or services including obtaining legal advice and dispute resolution. In this case, we base the processing on a legal obligation to which we is subject or on our legitimate interest to defend our legal rights.
- We may ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building areas, including but not limited to head office and branches.
- We record images, videos and/or voices relating to the meetings, trainings, seminars, recreations or activities (e.g. marketing activities, corporate social responsibility activities, activities to support customer’s business) and use such recorded images, videos and/or voices for the purpose of making internal and/or external public relations relating to such meetings, trainings, seminars, recreations or activities.
- We are required to ensure business continuity and to contact you prior to your entering into a contract with us.
3.1.5 Other purposes
- We may use your Personal Data for other purposes which are reasonably related to the above purposes.
- When you apply for a job position offered by us, we will use your Personal Data for recruitment purposes. We base this processing on consent.
- We may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for those additional purposes as well, unless we have specifically notified you otherwise.
- We may use your Personal Data for managing our administrative and business operations and complying with internal policies and procedures. We base this processing on legitimate interests.
- We may use your Personal Data to facilitate business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the related our corporations or affiliates. We base this processing on consent.
- We may process your Personal Data using an artificial intelligence or automated
decision-making tool for the purposes specified herein. We will not do so if the activity is prohibited by local laws.
- Your Personal Data may also be combined or linked via a unique identifier, such as a cookie, account number, email address and we may also match any of your Personal Data for any of the purposes listed herein. It is for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide a more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and advertisements.
4. Processing of Children Data
4.1 We consider a child to be anyone under the age of 10. We do not knowingly seek or collect Personal Data from or about children without the consent of a parent or guardian.
4.2 If we become aware that Personal Data that has been submitted to us relates to a child without the consent of a parent or guardian, we will use reasonable efforts to:
- Delete that Personal Data from its files as soon as possible.
- Ensure, where deletion is not possible, that this Personal Data is not used further for any purpose, nor disclosed further to any third party.
5. Retention of your Personal Data
- until you, as the data subject, objects to such processing and the option to object will be provided in each communication – in case we process your Personal Data based on our legitimate interest in cases where the objection is justified;
- until the expiration of our legitimate interest in case we process your Personal Data in order to secure our legitimate interest in case the objection is not justified, e.g. to secure execution of possible obligations and to prevent a fraud;
- as long as the legal obligation is in place – in case we process your Personal Data based on the legal obligation;
- as long as the service and/or action requested by you is completed or you withdraw from the service/action – in case we process data in connection with services we render to you and there is no other purpose for keeping the data; and
- until the consent for processing is withdrawn – in case we rely only on your consent for processing the user’s Personal Data and there is no legal interest for keeping Personal Data (and the option to withdraw the consent will be provided in each communication).
5.2 In general, we will delete the Personal Data we collected from you if it is no longer necessary to keep such Personal Data and once you have ended the relationship with us to achieve the purposes for which they were originally collected. We will only keep your Personal Data for a period of time that is appropriate and necessary for each type of Personal Data and for the purposes as specified by laws. However, we may be required to store your Personal Data for a longer period due to requirements by law.
5.3 We are entitled to continue collecting and using your Personal Data, which has previously been collected by us before the effectiveness of Personal Data Protection Act B.E. 2562 (2019) in relation to the collection, use and disclosure of Personal Data, in accordance with the original purposes. If you do not wish us to continue collecting and using your Personal Data, you may notify us to withdraw your consent at any time.
6. Disclosing and Transferring of Personal Data
6.1 Subject to the provisions of any applicable law, we may disclose or transfer your Personal Data to the following parties for the purposes listed above:
- Our related corporations or affiliates and their employees to provide content, products and services to you or us.
- agents, contractors or third party service providers who provide services to us.
- commercial shops and retailers in relation to providing rewards and benefits.
- any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of our related corporations or affiliates.
- our professional advisers such as auditors, financial advisers and lawyers.
- relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority.
- any person or party in case of protection of our legitimate interests or if it is required or permitted by law or if you give your explicit consent for such transfer of your Personal Data.
- any other party to whom you specifically authorise us to disclose your Personal Data.
7. Security measures
7.1 We take appropriate and commercially reasonable technical, physical, and administrative measures to protect your Personal Data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access in accordance with applicable laws. These processes and systems include:
8. Cookies, web beacons and embedded scripts
8.2 A “web beacon” (also known as image tag, pixel tag, clear GIF or web bug) is a small piece of code used to collect advertising data, such as counting page views, promotion views or advertising responses. Web beacons or similar technologies may be used for various purposes, including, without limitation, to count visitors to our websites and to monitor how users navigate our websites.
8.3 An “embedded script” is programming code that is designed to collect information about your interactions with our websites, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third-party service provider, is active only while you are connected our websites, and is deactivated or deleted thereafter.
Please review Cookies Policy [hyperlink]
9. Data subject rights
9.1 Under Personal Data Protection Act B.E. 2562 (2019), as a data subject you may have the right to
- access or obtain a copy of your data;
- have your data deleted, destroyed or anonymized;
- have your data corrected where it is inaccurate;
- object to your data being processed or to restrict processing;
- withdraw consent to having your data processed; and
- have your data provided in a format which is readable or commonly used or have it transferred to other data controllers.
9.2 In certain situations we may not be able to give you access to all or some of your Personal Data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
9.3 Should you decide to revoke your permission given to us to provide you with any marketing and advertising content, please note that we may still be required to send you emails, mails, calls, facsimiles and/or any other form of communication regarding factual transactional and/or service information in connection with products or services that we provided to you or the organisation through whom you are known to us.
9.4 To the extent to Personal Data processing is necessary for the purpose of freedom of expression, for the performance of a contract, the purpose of establishment, compliance or exercise of legal claims, or defense of legal claims, or other purposes permissible by and in compliance with the law, you acknowledge and agree that you may not exercise the above right and we will advise you of the reason for the refusal.
10.1 If you have any questions, comments, concerns, or requests to withdraw your consent, make access or corrections to your Personal Data records or exercise any of your rights, you may contact us as follows:
Email: firstname.lastname@example.org (Note: Not for Product inquiry)
Write in to: Data Protection Officer
No. 1, Soi Pattanakarn 46, Pattanakarn Road, Suanluang, Bangkok 10250 Thailand
To the extent permitted by law, we will make our best effort to respond to your queries and/or requests within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.
10.2 Unless otherwise there is a restriction on the withdrawal of consent by law or pursuant to a contract which gives benefits to you, should you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be able to continue to provide its products and/or services to you. In addition, there are some circumstances in which we are not required to give you access to your personal information. The withdrawal of your consent will not affect the lawfulness of processing based on consent before such withdrawal.
If you remain unsatisfied with the way in which we have handled your privacy issue, you may contact the Personal Data Protection Committee.