Sinority Customer’s Privacy Policy
(Sinority Privacy Policy)
Latest updated: 24/01/2023
Abstract
Sinority Co., Ltd. (“Sinority “we”, “us” and “our”) processes personal data of customer’s (collectively referred to as “customer”, “customers”, “you” and “your”) with the reasonable measures to act in compliance with the Thailand’s Personal Data Protection Act B.E. 2562 (“PDPA”). You may find the full version of Sinority customer’s Privacy Policy (“Privacy Policy”) through the attached QR code, however the summary of the Privacy Policy is shown below.
Topic | Overview |
What data do we process? | We process collected personal data including, but not limited to, identity data, address/contact data and IT data. |
How do we use those data? | We process personal data according to our purposes and scope, and with the legal bases as explained in our Privacy Policy. |
Who do we transfer information to? | In some circumstances, we may be required to disclose and/or transfer your personal data to third – party organisations, which are clarified in our vendors/partners list. |
What are your rights as a data subject? | As a data subject, you are entitled to the data subject rights which include, but not limited to, right of access, right to rectification and right to erasure. |
Revision of the policy | Any revision made will be notified to all related parties under this Privacy Policy. |
Sinority Privacy Policy
1. Purposes and Scope of the Privacy Policy
2. Personal Data We Collect
3. How We Collect Your Personal Data
4. How We Process Your Personal Data
5. Usage of Personal Data with Third-Party Organisations
6. Transferring of Personal Data to Foreign Countries
7. Security Measures for Personal Data Protection
8. Time Period of Personal Data Storage
9. Customer’s Personal Data Rights
10. Policy Revision
1. Purposes and Scope of the Privacy Policy
This Privacy Policy applies to all our customers. In this regard, we mainly act as the data controller under the PDPA. Therefore, we are committed to collect and process
customer’s personal data in accordance with our purposes and scope as specified herein this Privacy Policy.
Data Controller Contact Information Sinority Co., Ltd. 8/3 Soi Chang Akat Uthit 10 Intersection 1-2, Don Mueang Subdistrict, Don Mueang District, Bangkok 10210 Email: [email protected] |
Data Protection Officer (DPO) Contact Information Millibhu Ratanaprathum Email: [email protected] |
This Privacy Policy covers data subjects who are our customer, including customers and prospective buyers.
As used in this Privacy Policy, the following terms shall have the meanings set forth below:
“Process” means anything done with customer’s personal data, including collection, storage, use, disclosure, and deletion of personal data.
“Legal bases” means justifiable reasons to process personal data in accordance with
Article 24 and Article 26 of the PDPA.
This Privacy Policy may be revised at any given time as notified to customer through appropriate channels.
2. Personal Data We Collect
We collect the following categories of customer’s personal data;
- identity data, including, but not limited to, full- name;
- address/contact data, including, but not limited to, telephone number, email and
- IT data, including, but not limited to, Cookie ID;
3. How We Collect Your Personal Data
In general, we will directly collect customer’s personal data through these processes (or channels) including, but not limited to;
- When customers directly fill data into our website
- When customers visit our website
We currently do not collect any additional data from third – party organisations.
4. How We Process Your Personal Data
We process customer’s personal data to carry out tasks per our scope and purposes of providing groups of activities.
Group of Activities |
Group of PIIs |
Legal Bases |
Collecting duration |
Product offering |
|
|
|
Website visit |
|
|
|
We will process customer’s personal data according to the stated purposes and scope. If there came upon a case where customer’s personal data were to be processed for other purposes, and it is unlikely to rely on other legal bases, we would ask for new consent to process customer’s personal data on such uses.
5. Usage of Personal Data with Third-Party Organisations
We may be required to disclose and/or transfer customer’s personal data to third-party organisations, in order for such organisations to process personal data in accordance with agreements with us and/or legal obligations, such as F22 Image Co., Ltd., etc.
For the cases where personal data are being disclosed and/or transferred to third-party organisations, we will ensure that the minimum amount of personal data are being disclosed and/or transferred, and may consider anonymization and pseudonymization techniques for greater security. Further, the third-party organisations who will process customers’ personal data for us will be required to have in place an appropriate privacy policy. We do not permit these third-party organisations to use customers’ personal data in a way that diverges from the agreed scope and purposes.
6.Transferring of Personal Data to Foreign Countries
According to the scope and purposes specified herein this Privacy Policy, we are currently not required to pass on personal data to foreign countries.
However, we will only disclose or transfer customers’ personal data only when any of these requirements has been met. The requirements include;
- the receiving foreign country has adequate personal data protection standards as certified by the Personal Data Committee;
- the receiving organisation has in place a comprehensive privacy policy which has been certified by the Personal Data Committee;
- the receiving organisation is obligated to follow a substantial privacy policy with sufficient remedial measure in accordance with the procedures identified by the Personal Data Committee including, but not limited to, standard contractual clauses and code of conduct.
- a pre-requisite to the exercise of legal rights;
- consent has been obtained from customer who is well-aware of the inadequate personal data protection standards of the receiving countries or international organisations;
- a requirement for the execution of an agreement to which customer is a party of, or the fulfillment of a request customer made prior to entering into the agreement;
- a necessary task to carry out under a contractual obligation between us and other persons or entities for the benefits of customer;
- to ensure the safety or limit further damage to an individual’s health who cannot give consent at the current time; and
- a necessary task for the good of the public.
7. Security Measures for Personal Data Protection
We have implemented certain security measures to ensure the security of customers’ personal data. In this connection, third-party organisations are required to carry out the processing of personal data in accordance with our security policy, and to ensure the security of customer’s personal data (More details are available at [Please provide the link to “Sinority IT Security Policy”, if any]).
8. Time Period of Personal Data Storage
We will store customer’s personal data throughout appropriate period according to our scope and purposes, including other important matters such as legal requirements, accounting, and auditing purposes. (More details are available at [Please provide the link to “Sinority Data Retention Schedule”, if any]).
9. Customer’s Personal Data Rights
Your personal data rights include:
- right to revoke consent – for the case where we have obtained your consent in order to process your personal data;
- right of access – you have the right to request a copy of all your personal data and assess if we are processing your personal data in accordance with relevant laws;
- right to data portability – for the case where we have in place an automated platform allowing you to access your personal data automatically:
- you have the right to ask for your personal data to be transferred automatically to other organisations, and
- you have the right to request for your personal data in such a format that has been transferred from us to other organisations, except for the case where there is a technological limitation;
- right to object – you have the right to object to any data processing activity of your personal data which has been relied on certain legal bases and/or processing purposes, including:
- public task or legitimate interest
- direct marketing purposes, and
- scientific, historical or statistic research purposes, unless the processing is necessary for public task;
- right to erasure – you have the right to request for data deletion or anonymization,
in accordance to the following cases:- where processing required terms become expired
- where consent has been withheld, and we cannot rely on other legal bases to process your personal data
- where there is objection raised against data processing activity, and
- where data processing activity is not in accordance with relevant laws;
- right to restrict processing – you have the right to restrict any data processing activity in accordance with the following cases:
- during pending examination process
- for cases related to personal data which shall initially be deleted and/or destroyed, but was followed by an additional request of processing restriction instead
- for cases where the data processing terms have passed, but you have requested for processing restriction due to legal reasons, and
- during the process of data processing objection verification; and
- right to rectification – you have the right to edit your personal data to be correct and concurrent to the present. If any mistake was detected, we might not edit this ourselves.
In the cases where we may not be able to carry out and support exercise of your rights, including, but not limited to, the cases where a legal process is taking place, you will continue to have the right to retract your consent by emailing all related parties. we will therefore be required to terminate all processes as soon as possible. However, the retraction only applies to the data processing carried out thereafter. Any data processing activity carried out before the retraction will not be reversed.
Please be informed that we do record all requests to ensure all issues are resolved. For any queries regarding your personal data protection and rights, more details are available at: https://www.law.chula.ac.th/event/9705/
In the case where you have the intention to exercise your personal data protection rights, or to file complaint against your personal data processing, please contact our DPO (contact details have been provided above). We will process this request in a secure and timely manner. Also, in case we fail to preserve your rights under the PDPA, you can file a complaint to the Office of the Personal Data Protection Commission (“PDPC”).
10. Policy Revision
This Privacy Policy applies to all of our customers and was last updated on 24/01/2023. We hold the right to review and edit this Privacy Policy as we see fit. Any revision made will be notified to all related parties under this Privacy Policy.