Customer Personal Data Protection Policy
Customer Data Privacy Policy
Jaspal Company Limited
Announced on 1st July 2022
1. Introduction
As
Jaspal Company Limited (“Company”) realizes
the importance of Personal Data and
other information (collectively referred to as “Data”), about
the Company’s customer (“You”), and so that you can be confident that the Company is
transparent and responsible for collection, use or disclosure your data in
accordance with the Personal Data Protection Act B.E. 2562 (2019) (“Personal
Data Protection Law”) including other relevant laws. Therefore, this Customer
Data Privacy Policy (“Policy”) has been established to inform you to know and
understand the practices including objectives of the Company with respect to the collection, use and
disclosure of your Personal Data (collectively referred to as “Processing”),
performed by the Company including related persons on behalf of the Company
with the following matters:
2. Scope of the Policy
This Policy applies to Personal Data
in relation to the Company, both presently and possibly in the future that are/may
be processed by the Company or related parties which the Company has obtained
and collected from your visits, purchase of goods and
services, membership applications, making suggestions, feedback, complaints, completing
surveys or questionnaires, or performing any necessary activities
as required via the Company’s websites, mobile phone applications, social media
channels, stores of the Company and Customer Service
Center (Customer Service). This Policy does not cover your use of websites,
mobile applications, social media channels of third parties which can be linked
to the website, mobile phone applications, social media channels of the Company
and stores which are not managed and supervised by the Company. For these
reasons, the Company advises you to read this Customer Data Privacy Policy in
order to understand and acknowledge the methods, procedures, and purposes of
the Company in relation to the collection, use, and disclosure of your Personal
Data.
3. Definitions
“Company” Jaspal Company Limited.
“Affiliates” Jaspal
& Sons Company Limited.
“Customer” (1) Normal
customers who purchase products and services of the Company, both current and
former customers, including potential
future customers, and (2) Normal customers who are employees, personnel,
officers of the Company and affiliates.
“Personal
Data” Any data
relating to a Person, which enables the identification of that person, whether
directly or indirectly, but not including the data of a deceased Person.
“Sensitive
Data” Personal Data
that is classified as sensitive data as described in Article 26 of the Personal
Data Protection Act which includes data about race, ethnicity, political
opinions, cult beliefs, religion or philosophy, sexual behavior, criminal
record, health data, disability, trade union data, genetic data, biological data
or any other data that affects the Data Subject in a similar manner as
announced by the Personal Data Protection Committee.
“Processing
Personal Data” Any
processing of Personal Data such as collecting, recording, copying, organizing,
storing, updating, changing, issuing, restoring, disclosing, forwarding,
disseminating, transferring, combining, deleting, destroying, etc.
“Data
Subject” An individual
person who owns the personal data that the Company collects, uses or discloses
herein means “you” as a customer in this policy.
“Person” Individual
persons do not include legal entities such as corporations, associations,
foundations or any other organization.
“Company’s
Store” Any stores
under the management or supervision of Jaspal Company Limited as specified in ANNEX 1.
“Company’s
Website” Any websites
under the management or supervision of Jaspal Company Limited as specified in ANNEX
2.
“Social Media
Channels” LINE
and Facebook.
4. Collection
of Your Personal Data by the Company
During
your access or use of the Company’s Websites, mobile phone applications, social
media channels, e-mail, telephone channels, Company’s stores and Customer
Service Center (Customer Service), the Company may need to collect or obtain any
personal data that can identify you as follows:
(1) Personal Data
(1.1)
General Customer Personal Data such as title,
name-surname, gender, date of birth, age, nationality, information on documents
issued by government agencies (e.g. ID card number,
passport number, taxpayer identification number, etc.)
(1.2)
Customer
Personal Data who are Employees, Staff of the Company and its Affiliates such as title, name-surname, gender, date of birth, age,
nationality, employee data (e.g. employee level, job title, employee ID,
workplace, agency), information on documents issued by government agencies
(e.g. ID card number, passport number, taxpayer identification number, etc.)
(2) Contact Information such as telephone
number, mobile phone number, shipping mailing address, billing address, e-mail
address, social media account (e.g. LINE account information, Facebook account,
etc.)
(3) Membership Information such as
membership account information, membership card number, reward points,
membership type, date of membership application, membership period, reward
points redemption history, inquiries, comments, feedback, complaints,
suggestions and other information in relation to membership.
(4) Sale and Purchase
of Goods and Services Transaction Information such as goods purchase order details (e.g.
product purchased, type, size, quantity, price, etc.), details of use of
service, information about receipt of payment from/refunding to you, date of payment, time of payment, amount
of payment, purchase or order number, date/time of receipt or delivery of
goods, feedback message regarding the acceptance of goods, goods warranty
information, complaints and claims and other information related to the
purchase of goods and services.
(5) Financial information such as debit/credit card information (e.g. card number, card holder name, card type, numbers on the back of the card (CVV), expiration date, etc.)
(6) Technical Information such as computer traffic data (Log) and information that the Company collects through cookies (Cookies) or similar technologies (e.g. information about use of website, applications and systems of the Company, device identity, computer IP address, location information, browser type and usage behavior, etc.)
(7) Behavioral Information such as behavioral
information in relation to the purchase of goods and services and feedback regarding
services of the Company.
(8) Other
Information such as voice recordings of telephone
conversations through the Customer Service Center (Customer Service), video and
audio recording from closed-circuit television (CCTV), body temperature.
Data
pertaining to race, ethnicity, religion, fingerprints, facial recognition,
health data or data related to physical or mental conditions, genetic data,
medical history, disability, and criminal history, etc. The Company does not
have a policy to store Sensitive Personal Data unless the Company has obtained
your consent.
4.3 Third Party Personal Data
If you have to provide a Personal Data
such as name-surname, address, contact number of any third party to the Company
e.g. spouse, children, relatives, friends, references and other persons who are
not the Company’s customer as an emergency contact information or to be a beneficiary
or to solicit the purchase of goods or services or to invite to apply for
membership, it is your responsibility to communicate the details of this policy
to such person(s) as well as to obtain their consent if required to disclose
the data to the Company. Furthermore, you must ensure that you have the right
to provide such data of those individuals to the Company in accordance with the
Personal Data Protection Law.
As such, the Company will strictly collect
personal data only to the extent necessary subject to the purposes specified in
Clause 5 of this Policy.
For the collection, use, or
disclosure of your Personal Data, the Company will make a written request for explicit
consent or a request via electronic means prior to or during the collection of
the Personal Data which you have a right not to consent and provide such data.
In the event that you decide not to consent or withdraw any consent, it may
result in the Company being unable to provide all or
part of services to you.
In
addition, the collection of data of any minor, impaired or partially impaired
person, the Company will collect the foregoing Personal Data only if the
Company obtains a written consent from its relevant legal guardian. If it is
explicitly known by the Company, the Company will not collect Personal Data
from any Person whose age is below twenty (20) or who is impaired or partially
impaired person unless consent is obtained from such relevant legal guardian in
the event that consent must be obtained. If the Company is aware that it has unintentionally
collected Personal Data from any person below the age of twenty (20), or who is
impaired or partially impaired person, without obtaining consent from its legal
guardian, the Company will promptly delete such Personal Data or process only that
part of the Personal Data which the Company is entitled to process based on any
legal basis other than the request of consent.
Notwithstanding the foregoing, the
Personal Data given to the Company by you must be correct, complete, and true
and will not cause any confusion and you must keep your Personal Data
up-to-date and also inform the Company of any changes via the contact channel
specified in Clause 14. If you decide not to provide the Company with your
Personal Data or if you choose to withdraw consent for the use of your Personal
Data, it may result in the Company being unable to provide all or part of services
to you.
5. Purposes
of the Collection, Use, and Disclosure of Personal Data
The Company collects Personal Data for the following purposes:
9. Any other
purposes which are required for the proceeding, maintenance, and management of
business and relationships between you and the Company.
The Company will process your
Personal Data only for the purpose for which it has been stated, including in some cases
where the Company may consider it able to
process your Personal Data for other relevant reasons and not contrary to or in
addition to the original purpose provided. Notwithstanding, in the event that
the Company needs to process the data for the purpose other than the original
purpose, the Company will request your consent again for the use of such data
for that new purpose.
6. Disclosure
of Personal Data to Third Parties
The Company may disclose your Personal Data to any third parties as necessary to fulfill the purposes specified in this Policy. The Company may send your Personal Data to the following parties:
7. Sending
or Transferring of Personal Data to Foreign Countries
The Company
may disclose or transfer your Personal Data to foreign countries, third parties
or servers located in foreign countries where such destination countries may or
may not have the same level of data protection standards. In this regard, the
Company will follow various procedures and measures to supervise the transfer
of your Personal Data to be safe and ensure that the persons to receive such
Personal Data have appropriate data protection standards or comply with
conditions or exceptions in accordance with the laws. The Company will ask for
your consent if required by the laws in the event of a transfer of Personal
Data to foreign countries.
8. Connecting
to External Websites or Services
The Company may have connections to third parties’ websites
or services where such websites or services may have their own privacy policies
that differ from this policy. Since the Company is not associated and has no
control over the privacy policies measures of those websites or services and also
cannot be held responsible for the contents, policies, damages or actions
caused by third parties’ websites or services, the Company, therefore,
recommends that you should initially study such privacy policy of those
websites or services before access.
9. Personal
Data Protection Measures
The Company provides
appropriate security measures for preventing the unauthorized or unlawful loss,
access to, use, alteration, correction, or disclosure of Personal Data, and
such measures will be reviewed by the Company when it is necessary, or when the
technology has changed in order to efficiently maintain the appropriate
security and safety.
10. Length
of Time to Store Personal Data
The Company will retain your
Personal Data within the period necessary for the purposes specified in this
Policy except for the case that the longer period of retention is required by
laws. After the expiration of the retention period, or if your Personal Data is
no longer required, the Company will erase, destroy, or anonymize such Personal
Data. Notwithstanding, in the event of a dispute regarding the exercise of
legal rights relating to your Personal Data, the Company reserves the right to
retain such data until the dispute is resolved by court order or judgment.
11. Rights
as the Data Subject
In the event that the Company collects, uses, or discloses your Personal Data subject to the purposes specified in this Policy, you have the following rights pursuant to the Personal Data Protection Law.
You have the right to access and obtain a copy of your Personal Data which is under the responsibility of the Company and ask the Company to disclose the acquisition of your Personal Data in case you have not given your consent.
11.2 Right to Request to Have the Personal Data to be Accurate, Complete, and Up-to-Date
You have the right to request the Company
to make your Personal Data accurate, complete, and up-to-date.
You have the right to request the
Company to delete, destroy or make your Personal Data non-identifiable, however,
the exercise of such rights is subject to the conditions stipulated by law.
You have the right to request the suspension of the use of your Personal Data in the following cases.
11.5 Right
to Object to The Processing of Personal Data
You have the right to object to
collection, use or disclosure of your Personal Data unless the Company has legitimate grounds to refuse the request by
law (For example: The Company can demonstrate that the collection, use or
disclosure of your Personal Data is more legitimate grounds or for the
establishment of a legal claim, the performance or exercise of a legal claim or
for the public benefit of the Company).
11.6 Right to
Withdraw Consent
In the event that you have given
consent to the Company for collecting, using or disclosing your Personal Data
(whether before or after the Personal Data Protection Law comes into force),
you have the right to withdraw your consent at any time, for a period of time
that your Personal Data is retained by
the Company, unless there is a provision of law requiring the Company to
continue retaining it or there is a contract between you and the Company that still
benefits you.
You have the right to obtain your
Personal Data from the Company in a form
that is readable or generally usable with a device or device that works
automatically and can use or disclose Personal Data by automatic method including
may request the Company to transmit or transfer data in such form to other
Personal Data controllers, however, the exercise of this right shall be subject
to the conditions prescribed by law.
In the event that there is a reason
to believe that the Company has violated the Personal Data Protection Law, you
have the right to file a complaint with an expert committee appointed by the
Personal Data Protection Committee in accordance with the rules and procedures
prescribed by the Personal Data Protection Law.
In case you wish to exercise the
foregoing rights, you are required to make a written statement. The Company
will use its best efforts to perform actions in due course and no later than
the period prescribed by law. The Company will strictly comply with the laws
concerning your rights as the Data Subject.
The exercising of rights to request
the erasure, destruction, or anonymization of your Personal Data, temporary
restriction of use, or withdrawal of consent may result in the Company being
unable to provide all or part of services to you.
12. Information
about Cookies
The Company’s Website
uses cookies and other tools to help distinguish you from other users of the
website which this will allow the Company to improve the website and to provide
you with a quality experience when using the website. By continuing to use this
website, you are agreeing to cookies being placed on your computer.
13. Personal
Data Protection Officer
The Company has appointed a Personal
Data Protection Officer to monitor, supervise and advise on the collection, use
or disclosure of Personal Data, including coordinate and cooperate with the
Office of the Personal Data Protection Commission to ensure compliance to
comply with the Personal Data Protection Law.
14. Contact
the Company
If you have any queries in relation
to this Personal Data Protection Policy or if you wish to exercise the rights
specified in Clause 11, please contact the Company at:
- 1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
- Customer
Service Center (Customer Service) Tel: 02 118 2000 or
(2) Data
Protection Officer (DPO)
- 1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
15. Revision
of the Personal Data Protection Policy
The Company reserves the rights to
revise and amend this Personal Data Protection Policy as deemed necessary and
appropriate to comply with the Personal Data Protection Law and/or secondary
laws, regulations, rules, announcements of government agencies that have been
amended. Any revision or amendment will be announced and published on the
Company’s Website or by any other appropriate method.
This Customer Data PrivacyPolicy is prepared in accordance with the Personal Data Protection Act B.E. 2562 (2019) and published in both Thai and English. If there are any discrepancies in terms of meanings or interpretations between the Thai and English versions, the Thai version must prevail.
ANNEX 1
List of Stores under Jaspal Company Limited
(Information as of July 1, 2022)
The stores under the supervision of the Company consist of 16 brands as follows:
• JASPAL
• Misty Mynx
• CPS CHAPS
• CC Double O
• Jelly Bunny
• Royal IvyRegatta
• LYN
• Lyn Around
• LYN BEAUTY
• Fred Perry
• V EYEWEAR
• CPS Coffee
• QUINN
• Asics
• Melissa Jelly Dreams
• Shoebar
ANNEX 2
List of Stores under Jaspal Company
Limited
(Information as of July 1, 2022)
The websites
under the supervision of the Company consist of 11 websites as follows:
• www.my-fashioncard.com
• www.jaspal.com
• www.mistymynx.com
•
www.ccdoubleo.com
• www.cpschaps.com
• www.royalivyregatta.com
• www.iamquinn.com
•
www.jellybunny.com
• www.lynaccs.com
•
www.lynaround.com
•
www.JPSclub.com