28 April 2022
We, the GoodieBox Company Limited (hereinafter referred to from time to time as “we”, “us”, “our”, or “the Company”), value your privacy and strive to protect your personal data in compliance with the laws and regulations governing personal data protection, including those that are enforceable in Thailand.
1. Collection of Personal Data
We use many different kinds of personal data. The type of data that we collect depends on the data collection methods. We may need to collect the following personal data:
a) Personal details: these include any information concerning your identity, such as your given name(s), preferred name(s), gender, date of birth, personal identification number or information, passport number(s) and other government issued number(s), tax identification number(s), nationality, images of passports, driving licenses, signatures, authentication data such as passwords, PINs, e-signatures, facial recognition data, photographs and visual images, names and contact details of your family members or next of kin, or other identification information;
b) Personal contact information: this includes any information you provide to us that would allow us to contact you, such as postal address, email address, social network details, or landline and mobile numbers;
c) Details of others provided by you: these include any information that you have provided us about other persons with whom we may or may not have direct legal relationship, such as their personal details or personal contact information; such details of others could include your beneficiaries of your insurance policy.
d) Information from digital device: any information about the computer system or other technological device that you use to access any of our or third parties’ channels, applications, websites or social media, in order to contact, communicate, visit or interact with us, such as IP addresses, operating system type, network information, web browser type and version, cookies, activity logs, online identifiers, unique device identifiers, geo-location data, photographs, videos, voice recordings, type and features of device, apps loaded on the device, among others.
e) Website/communication usage information: as you use or navigate through and interact with our Sites, we use automatic data collection technologies.
f) Account login information: any information that is required to give you access to your specific account profile.
g) Users’ Feedback: any information that you voluntarily share with us about your experience of using the products and/or services offered by us, such as your needs and interests, information and opinions expressed when participating in a market research and/or survey, or contact information that you provide to us in order to receive news and updates from us;
h) Our customer support services: any communications with our member of staff, such as record of contact, complaints and/or disputes, emails or letters you send to us, record of your feedback, and record of advice that we may have given.
i) Audio-visual information and images: such as image and/or VDO recordings from surveillance videos during our events or image and/or VDO recordings taken by us in other events.
j) Information we collect from other sources such as ITRA.run
k) Public sources: any information from other publicly available sources.
If you do not provide the necessary data or consent to the processing of data, which we indicate to you is mandatory, we may not be able to provide you with the products and/or services you require, or meet all our obligations we have with you, enter into a contract with you, or fulfil legal duties imposed on us by law. In such cases, our service to you may be limited, restricted, suspended, cancelled, prevented or prohibited, as the case may be.
If you give us personal data of other persons, or you request us to share their personal data with third parties, you confirm that such persons understand the information in this Privacy Notice about how we will use their personal data and that you have the rights to share their personal data to us.
We collect your personal data for the purposes that are within the scope of one or more lawful grounds described in Section 2, below.
2. Use of Personal Data
We may only collect, use and share (to be called collectively as “process”) personal data fairly and lawfully and for specified purposes. The applicable data protection law restricts our actions regarding personal data to specified lawful purposes. These restrictions are not intended to prevent the processing of personal data, but to ensure that we process personal data fairly and without damaging your interests.
The lawful grounds for processing available under the applicable data protection law vary depending on the nature and purpose of the processing activities and the types of data being processed. We will rely on one or more of the following lawful grounds when processing personal data.
a) to verify and authenticate your identity
b) to provide National Digital ID verification service.
c) to do statistical reports
d) to perform contractual obligations that we have with you or take steps at your request
e) to deliver our products and/or services to you
f) to execute your instructions
g) when it is our legal duty
h) when it is in our legitimate interest
i) when it is necessary to prevent harms to your life, body, or health
j) to provide service notifications or reminders of your benefits
k) to communicate with you about our products and/or services
l) to facilitate insurance services
m) to comply with applicable laws and regulations
n) to comply with orders or requests of the relevant authorities
o) to retain documents for evidentiary purposes
3. Disclosure of Personal Data
We may share your personal data or personal data relating to the individuals connected to your business with third parties where it is lawful to do so, including where we or they:
a) need to have access to your personal data in order to provide you with the products and/or services you have requested (e.g. fulfilling a payment request)
b) have a public or legal duty to do so (e.g. vaccination records)
c) need to prevent harms to your life, body, or health;
4. Retention of Personal Data
We collect your data for as long as it is necessary to carry out the purposes for which it was collected, for business, legal and legitimate interest purposes or compliance with applicable laws.
We may keep your data for up to 10 years after you stop being our customer or counterparty (that is, after our relationship with you has ended) to ensure that contractual disputes can be processed within that time. However, for legal, regulatory or technical reasons, we may keep your data for longer than 10 years. This includes circumstances where we keep records of any person exercising the rights under the applicable data protection laws; for example, where a person has requested us to erase personal data. If we do not need to retain personal data for longer than the period that is legally necessary, we will destroy, delete or anonymize your personal data according to our deletion cycles.
Where you receive products and/or services from third parties (e.g. ITRA.run) who the Company has introduced you to, those third parties may keep your personal data, or personal data relating to the individuals connected to your business, in line with additional terms and conditions that apply to their product and/or services.
5. Accuracy of Your Personal Data
To ensure that your personal data is current, complete, and accurate, please inform us of any changes to your personal data.
We will occasionally request updates from you and we may, in certain circumstances, proceed with such updates without your request to ensure the personal data we use to fulfil the purposes of the collection, use and disclosure is updated, complete and accurate.
6. Your Data Subject Rights
Subject to the conditions and exceptions set out in the applicable data protection law, you have the following rights:
a) Right to Withdraw Consent: This enables you to withdraw consent that you have already given to us. The withdrawal of your consent will not affect any processing of your personal data carried out prior to your withdrawal being effective. Where your consent is not mandatory, the withdrawal thereof may partially or completely impede our ability to provide you with full benefits or experience relating to the products and/or services you receive. Where your consent is mandatory, the withdrawal thereof may render our service limited, restricted, suspended, cancelled, prevented or prohibited or render us unable to perform our contractual obligations with you or take steps at your request prior to entering into an agreement with you, as the case may be. For either case, we will not be liable to you for any losses incurred, and our legal rights are expressly reserved in respect of such limitation, restriction, suspension, cancellation, prevention or prohibition.
b) Right to Access: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
c) Right to Correct: This enables you to have any incomplete or inaccurate data we hold about you corrected.
d) Right to Delete: This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to the processing of your personal data (see below).
e) Right to Portability: Request the transfer of your personal data to another party.
f) Right to Complain: You may lodge a complaint with the local data protection authority if you believe that we have not complied with the applicable data protection laws.
7. Security of Your Personal Data
We value your privacy; therefore, we place great emphasis on ensuring the security of your personal data. We regularly review and implement reasonable and appropriate physical, technical and organizational security measures when processing your personal data.
8. Contact Us
Please contact us at 061-346-3891 , or email us at firstname.lastname@example.org