Your personal data, including the data of related persons of the juristic person, which is subject to the Process are:
       (i) Personal Information, e.g., name, address, mobile number, email, photo, copy of ID card, ID card number, copy of passport, passport number, age, career, Facebook account, Line account;
       (ii) Information related to your purchase of products or services, e.g., purchase history, claim history, complaints, including the information you gave consented for research, suggestion, or interview;
       (iii) Financial information, e.g., bank account number or other related financial information, taxpayer identification number;
       (iv) Information relating to your transaction, e.g., signature, information on the ID card, copy of ID card or passport, copy of census registration, copy of driver's license, copy of vehicle registration, copy of the power of attorney, invoice, receipt, payment voucher;
       (v) Technical information, e.g., Log file, IP address, geography information, real-time location data, browser, website history, website usage, log-in Log, transaction log, access time, search history, access history, social media usage, information received from Cookie or other relevance technologies; and
       (vi) Record of image, photo, video, and audio recorded by CCTV or any other information that may identify the data subject.

In the event that we obtain Sensitive Personal Data such as race, religion, health information, disability information and such Sensitive Personal Data is not necessary for the operation of the Company, you may conceal such Sensitive Personal Data before submitting the information to the Company or we reserve our right to conceal such Sensitive Personal Data on the received documents. which will be deemed the Company has not collected such Sensitive Personal Data from you. Please be notified that the company has no policy to store your Sensitive Personal Data without your explicit consent or legal basis.

We may collect your Personal Data from:
       (i) Any Operating System (OS), Information System, the Company's website, email, telephone, fax, business card, letter, online, offline, electronics, or other channels which we directly received from you; and
       (ii) Public website, our partner, our contract party, or our affiliates.

In the event that you visit or access our websites, we may use Cookie to collect your Personal Data in accordance with our Cookie Policy.

We may Process your Personal Data for the following purposes;
       (i) For registration of member or customer account with the Company, confirmation or identification to access our services, entering into the agreement with the Company or any contact relating to such agreement, identification of the customer or the representative;
       (ii) For complying with any contract, agreement, or obligation which we have with you, e.g., product preparation, product delivery, invoice, invoice delivery, or other necessary processes;
       (iii) For Information technology management measures to comply with the contract, agreement, or any obligation;
       (iv) For communication and operation to inform, verify, and identify your account, your comment or suggestion, news, or any necessary and appropriate information relating to our services;
       (v) For verification and preservation of our product quality in case our product or service does not comply with our standard or defected;
       (vi) For evaluating and analyzing information or other personal interest related to our business operation e.g., setting up and managing your account, analyzing your usage on our website or application;
       (vii) For analyzing and observing your behavior to improve our services, developing statistics, research, and services, establishing and delivering our marketing communication or advertisement in the Company or relevant targets including delivery of an advertisement, publicizing our activities, promotions, recommendation appropriately and similarly to your interest;
       (viii) For managing and administrating your complaint, comments, and suggestions to adjust and improve the quality of our services and products;
       (ix) For necessity of establishing, complying, and exercising the legal claim or performing any necessary procedures to comply with the applicable laws;
       (x) For internal audit and compliance, investigating the complaints or claims to detect and prevent corruption, fraud, and other inappropriate behavior, including wrongful or illegal acts;
       (xi) For security protocols within our buildings, factory, or any places owned by the Company, including video, photo, or audio records from CCTV;
       (xii) For ensuring the security of you and other users accessing our system, e.g., security measures, Personal Data protection, access control, and limitation, and system access verification; and
       (xiii) For necessity to protect your vital interests in case you are not able to give the consent or whatsoever including the necessity to perform a task carried out in the public interest, exercise of official authority vested in us, or comply with a legal obligation.

We may Process your Personal Data under the following legal basis:
       (i) Contractual Necessity, or to conduct any process or activity in response to your pre-contractual request;
       (ii) Legitimate Interest pursued by us or by a third party, and such interest shall not exceed your fundamental rights in your Personal Data;
       (iii) Legal Obligation in any applicable laws which the Company has to comply with;
       (iv) Consent which the Company received from you for collection, use, and disclosure of your Personal Data; and
       (v) Any other basis which the Company has under any applicable laws.
In case we collect, use, or disclose any of your Sensitive Personal Data under the following legal basis. We shall ensure that:
       (i) We have received your explicit consent in writing from you to collect, use or disclose such Sensitive Personal Data;
       (ii) It is necessary to prevent or protect your vital interests;
       (iii) It is necessary to establish, comply, or exercise our right or legal claim or to perform any necessary procedures to comply with the applicable laws; and
       (iv) It is necessary to comply with the applicable laws, including Personal Data Protection Act.

       The disclosure within the Company and the affiliates.
       We may share or disclose your Personal Data to pursue our Propose of Processing your Personal Data under the relevant legal basis. Therefore, we may share or disclose your Personal Data within our Company or our affiliates either inside or outside of the territory, which may have different personal data protection measures from Thailand. The Company shall ensure that the disclosure of your Personal Data shall comply with Thailand Personal Data Protection Act.

       The disclosure to the third party.

       Upon receiving your consent, the contractual necessity, the legal obligation, or the legitimate interest, the Company may deliver, transfer, or disclose your Personal Data to the third party either inside or outside of the territory. We ensure to comply with the applicable laws and provide the necessary Personal Data protection measures to the following:
       a) Person or juristic person which the Company obliged or ordered by the jurisdiction court, state agency, tax authority, regulator, or the law enforcer to disclose such Personal Data;
       b) Consultant, company's professional advisor including lawyer, banker, auditor, accountant, insurer, a professional service provider on legal, banking, compliance, accounting, or insurance;
       c) Financial institution or financial service provider, e.g., a company that provides you an electronic payment service on each transaction;
       d) External service provider, business partner, social media e.g., IT service provider, marketing company, researching service provider, cloud storage service provider, Facebook or Line etc; and
       e) External auditor, shall independently perform any assessments and review your data as a part of the Company's compliance standard.
We may disclose your Personal Data to an external person or juristic person which we may sell or transfer, in whole or in part, our business or asset or vice versa, we may acquire or merge other business. Nevertheless, in the circumstance of the Company's alteration whether about selling, acquiring, or merging (whatsoever) such alteration may require the use or disclosure of your Personal Data similarly to which stated in this privacy notice.

The security of your Personal Data privacy is the first priority for the Company. We assure you that we implement and use the appropriate security measures on both technical and administration standards to protect your Personal Data and to prevent any possible damages to your Personal Data (e.g., loss, unpermitted access, disclosure, abuse, misuse, modifying, or destruction.) by using an appropriate technology and security measures. We shall ensure that only the permitted person shall have the right to access your Personal Data and that such person has enough knowledge and experience in the Personal Data protection protocol. Such security measures, from time to time, shall be reconsidered, if it deems necessary or the technology transformation occurs, to ensure that decent and appropriate security measures are applied.

We will retain your Personal Data for a necessary period for the purpose we informed you or as described in this privacy notice. In the event that (i) you desire to end your legal relationship or contract with us, (ii) you have no services or transactions with us, or (iii) your Personal Data is no longer necessary for the purpose of Data Processing. Your Personal Data will be retained for the period allowed by the applicable law, prescription, and legal claims. After the retention period ends, we will delete, destroy, or unidentified your Personal Data.

Under the Personal Data Protection Act, your rights as a data subject are the followings:
       (i) Right to withdraw your consent given to us, unless such withdrawal is limited by the applicable law or the contract;
       (ii) Right to access and obtain a copy of your Personal Data under the responsibility of the Company including the right to request the disclosure of the Personal Data acquisition;
       (iii) Right to send or transfer your Personal Data to other Data Controllers;
       (iv) Right to object to the collection, use, or disclosure of your Personal Data;
       (v) Right to delete, destroy, or unidentified your Personal Data;
       (vi) Right to request to restrict the use of your Personal Data;
       (vii) Right to request to edit or modify your Personal Data to be accurate, up-to-date, complete, and not misleading, in the event that your Personal Data retained by us or your Personal Data has been changed; and
       (viii) Right to report or appeal to the authorities if the Company violates or breaches the Personal Data Protection Act.

For your further questions, queries, or requests, please contact our Data Protection Officer below:

Osotspa Public Company Limited.
348 Ramkhamhaeng Rd., Huamak, Bangkapi, Bangkok 10240 Thailand.
Email: [email protected]