Personal Data Protection Policy
Jaspal Company Limited
Announced on 1st July 2022
2. Scope of the Policy
“Company” Jaspal Company Limited.
“Affiliates” Jaspal & Sons Company Limited.
“Customer” (1) Normal customers who purchase products and services of the Company, both current and former customers, including potential future customers, and (2) Normal customers who are employees, personnel, officers of the Company and affiliates.
“Personal Data” Any data relating to a Person, which enables the identification of that person, whether directly or indirectly, but not including the data of a deceased Person.
“Sensitive Data” Personal Data that is classified as sensitive data as described in Article 26 of the Personal Data Protection Act which includes data about race, ethnicity, political opinions, cult beliefs, religion or philosophy, sexual behavior, criminal record, health data, disability, trade union data, genetic data, biological data or any other data that affects the Data Subject in a similar manner as announced by the Personal Data Protection Committee.
“Processing Personal Data” Any processing of Personal Data such as collecting, recording, copying, organizing, storing, updating, changing, issuing, restoring, disclosing, forwarding, disseminating, transferring, combining, deleting, destroying, etc.
“Data Subject” An individual person who owns the personal data that the Company collects, uses or discloses herein means “you” as a customer in this policy.
“Person” Individual persons do not include legal entities such as corporations, associations, foundations or any other organization.
“Company’s Store” Any stores under the management or supervision of Jaspal Company Limited as specified in ANNEX 1.
“Company’s Website” Any websites under the management or supervision of Jaspal Company Limited as specified in ANNEX 2.
“Social Media Channels” LINE and Facebook.
4. Collection of Your Personal Data by the Company
During your access or use of the Company’s Websites, mobile phone applications, social media channels, e-mail, telephone channels, Company’s stores and Customer Service Center (Customer Service), the Company may need to collect or obtain any personal data that can identify you as follows:
4.1 General Personal Data consists of the following:
(1) Personal Data
(1.1) General Customer Personal Data such astitle, name-surname, gender, date of birth, age, nationality, information on documents issued by government agencies (e.g. ID card number, passport number, taxpayer identification number, etc.)
(1.2) Customer Personal Data who are Employees, Staff of the Company and its Affiliates such as title, name-surname, gender, date of birth, age, nationality, employee data (e.g. employee level, job title, employee ID, workplace, agency), information on documents issued by government agencies (e.g. ID card number, passport number, taxpayer identification number, etc.)
(2) Contact Information such astelephone number, mobile phone number, shipping mailing address, billing address, e-mail address, social media account (e.g. LINE account information, Facebook account, etc.)
(3) Membership Informationsuch as membership account information, membership card number, reward points, membership type, date of membership application, membership period, reward points redemption history, inquiries, comments, feedback, complaints, suggestions and other information in relation to membership.
(4) Sale and Purchase of Goods and Services Transaction Informationsuch as goods purchase order details (e.g. product purchased, type, size, quantity, price, etc.), details of use of service, information about receipt of payment from/refunding to you, date of payment, time of payment, amount of payment, purchase or order number, date/time of receipt or delivery of goods, feedback message regarding the acceptance of goods, goods warranty information, complaints and claims and other information related to the purchase of goods and services.
(5) Financial informationsuch as debit/credit card information (e.g. card number, card holder name, card type, numbers on the back of the card (CVV), expiration date, etc.)
(6) Technical Informationsuch as computer traffic data (Log)andinformation that the Company collects through cookies (Cookies) or similar technologies (e.g. information about use of website, applications and systems of the Company, device identity, computer IP address, location information, browser type and usage behavior, etc.)
(7) Behavioral Information such asbehavioral information in relation to the purchase of goods and services and feedback regarding services of the Company.
(8) Other Information such as voice recordings of telephone conversations through the Customer Service Center (Customer Service), video and audio recording from closed-circuit television (CCTV), body temperature.
4.2 Sensitive Personal Data includes
Data pertaining to race, ethnicity, religion, fingerprints, facial recognition, health data or data related to physical or mental conditions, genetic data, medical history, disability, and criminal history, etc. The Company does not have a policy to store Sensitive Personal Data unless the Company has obtained your consent.
4.3 Third Party Personal Data
If you have to provide a Personal Data such as name-surname, address, contact number of any third party to the Company e.g. spouse, children, relatives, friends, references and other persons who are not the Company’s customer as an emergency contact information or to be a beneficiary or to solicit the purchase of goods or services or to invite to apply for membership, it is your responsibility to communicate the details of this policy to such person(s) as well as to obtain their consent if required to disclose the data to the Company. Furthermore, you must ensure that you have the right to provide such data of those individuals to the Company in accordance with the Personal Data Protection Law.
As such, the Company will strictly collect personal data only to the extent necessary subject to the purposes specified in Clause 5 of this Policy.
For the collection, use, or disclosure of your Personal Data, the Company will make a written request for explicit consent or a request via electronic means prior to or during the collection of the Personal Data which you have a right not to consent and provide such data. In the event that you decide not to consent or withdraw any consent, it may result in the Company being unable to provide all or part of services to you.
In addition, the collection of data of any minor, impaired or partially impaired person, the Company will collect the foregoing Personal Data only if the Company obtains a written consent from its relevant legal guardian. If it is explicitly known by the Company, the Company will not collect Personal Data from any Person whose age is below twenty (20) or who is impaired or partially impaired person unless consent is obtained from such relevant legal guardian in the event that consent must be obtained. If the Company is aware that it has unintentionally collected Personal Data from any person below the age of twenty (20), or who is impaired or partially impaired person, without obtaining consent from its legal guardian, the Company will promptly delete such Personal Data or process only that part of the Personal Data which the Company is entitled to process based on any legal basis other than the request of consent.
Notwithstanding the foregoing, the Personal Data given to the Company by you must be correct, complete, and true and will not cause any confusion and you must keep your Personal Data up-to-date and also inform the Company of any changes via the contact channel specified in Clause 14. If you decide not to provide the Company with your Personal Data or if you choose to withdraw consent for the use of your Personal Data, it may result in the Company being unable to provide all or part of services to you.
5. Purposes of the Collection, Use, and Disclosure of Personal Data
The Company collects Personal Data for the following purposes:
- The communication and providing necessary information of the Company in relation to goods, updated lists of goods, lists of promotions or campaigns arranged or to be arranged by the Company, and any privileges for your benefits. The provision of information will be conducted via E-mail, SMS, or any other appropriate method which you have consented.
- The provision of any privileges, including but not limited to, privileges on birthdays and/or in birth months, and reward points privileges which can be redeemed for discounts or premiums.
- The invitation to any events and/or product launches of the Company.
- The delivery of documents, including but not limited to, catalogues and birthday cards.
- The delivery of goods and acceptance of returned goods purchased by you from the Company.
- The management and arrangement of completing payments in relation to commercial transactions of the purchase of goods between you and the Company.
- The process and analysis for the purpose of improving goods and services deemed appropriate and suitable to a Person’s needs, as much as possible.
- Market research, surveys, analysis of internal markets, creating customer data, analysis of customer patterns and choices for purchase of goods, and the planning and analysis of statistics and trends in relation to goods and/or services of the Company.
- Any other purposes which are required for the proceeding, maintenance, and management of business and relationships between you and the Company.
The Company will process your Personal Data only for the purpose for which it has been stated, including in some cases where the Company may consider it able to process your Personal Data for other relevant reasons and not contrary to or in addition to the original purpose provided. Notwithstanding, in the event that the Company needs to process the data for the purpose other than the original purpose, the Company will request your consent again for the use of such data for that new purpose.
6. Disclosure of Personal Data to Third Parties
The Company may disclose your Personal Data to any third parties as necessary to fulfill the purposes specified in this Policy. The Company may send your Personal Data to the following parties:
- Any agents, affiliates or related companies located in or outside Thailand.
- Any agents, contractors, or service providers who are third parties that will render services to the Company and you (such as service providers in relation to the delivery of goods, storage and warehousing, logistics, production and delivery of documents (e.g. catalogues or birthday cards, etc.), consultants or experts, and/or telecommunications, information technology, or marketing and promotions providers, etc.).
Howsoever, the third parties to whom the Company will disclose your Personal Data, the Company will take appropriate measures to ensure that your Personal Data shall be protected and secure such as entering into the execution of agreements with conditions that third parties are entitled to use Personal Data to the extent stipulated in the agreements and the execution of Non-disclosure Agreements for the purposes of confidentiality of the obtained Personal Data for business operation, etc.
- Government officers or government agencies subject to the laws, rules, and regulations prescribed by relevant legislation.
7. Sending or Transferring of Personal Data to Foreign Countries
The Company may disclose or transfer your Personal Data to foreign countries, third parties or servers located in foreign countries where such destination countries may or may not have the same level of data protection standards. In this regard, the Company will follow various procedures and measures to supervise the transfer of your Personal Data to be safe and ensure that the persons to receive such Personal Data have appropriate data protection standards or comply with conditions or exceptions in accordance with the laws. The Company will ask for your consent if required by the laws in the event of a transfer of Personal Data to foreign countries.
8. Connecting to External Websites or Services
9. Personal Data Protection Measures
The Company provides appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction, or disclosure of Personal Data, and such measures will be reviewed by the Company when it is necessary, or when the technology has changed in order to efficiently maintain the appropriate security and safety.
10. Length of Time to Store Personal Data
The Company will retain your Personal Data within the period necessary for the purposes specified in this Policy except for the case that the longer period of retention is required by laws. After the expiration of the retention period, or if your Personal Data is no longer required, the Company will erase, destroy, or anonymize such Personal Data. Notwithstanding, in the event of a dispute regarding the exercise of legal rights relating to your Personal Data, the Company reserves the right to retain such data until the dispute is resolved by court order or judgment.
11. Rights as the Data Subject
In the event that the Company collects, uses, or discloses your Personal Data subject to the purposes specified in this Policy, you have the following rights pursuant to the Personal Data Protection Law.
11.1 Right to Request to Access to Personal Data
You have the right to access and obtain a copy of your Personal Data which is under the responsibility of the Company and ask the Company to disclose the acquisition of your Personal Data in case you have not given your consent.
11.2 Right to Request to Have the Personal Data to be Accurate, Complete, and Up-to-Date
You have the right to request the Company to make your Personal Data accurate, complete, and up-to-date.
11.3 Right to Request for Erasure or Destruction of your Personal Data
You have the right to request the Company to delete, destroy or make your Personal Data non-identifiable, however, the exercise of such rights is subject to the conditions stipulated by law.
11.4 Right to Request the Suspension of the Use of Personal Data
You have the right to request the suspension of the use of your Personal Data in the following cases.
a) During the period that the Company reviews your request to correct, complete and up-to-date the Personal Data.
b) Your Personal Data is illegally collected, used or disclosed.
c) At the time that your Personal Data is no longer necessary for collection according to the purpose stated by the Company, but you need the Company to continue collecting such data in order to exercise the legal rights.
d) During the period that the Company is proving legitimate grounds for collecting your Personal Data or investigate the necessity for collecting, using or disclosing the Personal Data for the public interest due to your exercise of the right to object to the collection, use or disclosure of Personal Data.
11.5 Right to Object to The Processing of Personal Data
You have the right to object to collection, use or disclosure of your Personal Data unless the Company has legitimate grounds to refuse the request by law (For example: The Company can demonstrate that the collection, use or disclosure of your Personal Data is more legitimate grounds or for the establishment of a legal claim, the performance or exercise of a legal claim or for the public benefit of the Company).
11.6 Right to Withdraw Consent
In the event that you have given consent to the Company for collecting, using or disclosing your Personal Data (whether before or after the Personal Data Protection Law comes into force), you have the right to withdraw your consent at any time, for a period of time that your Personal Data is retained by the Company, unless there is a provision of law requiring the Company to continue retaining it or there is a contract between you and the Company that still benefits you.
11.7 Right to Obtain, Transmit or Transfer Personal Data
You have the right to obtain your Personal Data from the Company in a form that is readable or generally usable with a device or device that works automatically and can use or disclose Personal Data by automatic method including may request the Company to transmit or transfer data in such form to other Personal Data controllers, however, the exercise of this right shall be subject to the conditions prescribed by law.
11.8 Right to File A Complaint
In the event that there is a reason to believe that the Company has violated the Personal Data Protection Law, you have the right to file a complaint with an expert committee appointed by the Personal Data Protection Committee in accordance with the rules and procedures prescribed by the Personal Data Protection Law.
In case you wish to exercise the foregoing rights, you are required to make a written statement. The Company will use its best efforts to perform actions in due course and no later than the period prescribed by law. The Company will strictly comply with the laws concerning your rights as the Data Subject.
The exercising of rights to request the erasure, destruction, or anonymization of your Personal Data, temporary restriction of use, or withdrawal of consent may result in the Company being unable to provide all or part of services to you.
12. Information about Cookies
13. Personal Data Protection Officer
The Company has appointed a Personal Data Protection Officer to monitor, supervise and advise on the collection, use or disclosure of Personal Data, including coordinate and cooperate with the Office of the Personal Data Protection Commission to ensure compliance to comply with the Personal Data Protection Law.
14. Contact the Company
If you have any queries in relation to this Personal Data Protection Policy or if you wish to exercise the rights specified in Clause 11, please contact the Company at:
(1) Jaspal Company Limited
- 1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
- Customer Service Center (Customer Service) Tel: 02 118 2000 or
(2) Data Protection Officer (DPO)
- 1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
- E-mail: firstname.lastname@example.org
15. Revision of the Personal Data Protection Policy
The Company reserves the rights to revise and amend this Personal Data Protection Policy as deemed necessary and appropriate to comply with the Personal Data Protection Law and/or secondary laws, regulations, rules, announcements of government agencies that have been amended. Any revision or amendment will be announced and published on the Company’s Website or by any other appropriate method.