Burapa Tasna (1999) Company Limited (the “Company”) is the owner and the developer of Website (www.kaohooninternational.com) (the “Platform”). By signing up and registering to be the user to use the service of the Platform (“User”), the User acknowledges and understands that the Company would need to process the personally identifiable information (the “PII”) of such particular User. Thus, the Company announces this Privacy Policy to notify the User of the rights and obligations as well as the conditions for the collection, use, process and disclosure of the User’s PII.
This Privacy Policy is only applicable to the use of the Platform and shall not apply to the PII process undertaken by other application or website developed and operated by any other third-party that the Company does not have any control over (the “Third Party”) that being displayed or connected to the Platform. The User understand and agree that the User shall study and agree on the privacy policy announced by those Third Party that are separated from this Privacy Policy.
If the User does not accept this Privacy Policy and any amendment thereof, the Company reserves the rights to refrain from providing any services to those Users since the processing of the PII defined hereunder are critical for the provisions of the Platform services by the Company to the User. By continuing to use the Platform, the relevant User shall be deemed to always accept and agree to the Privacy Policy.
The Company may amend or revise this Privacy Policy at any time to assure the compliance with the relevant laws and regulations and to assure the updates in the Platform at any time; provided that the Company will communicate the amendments or revisions made on the Platform and the amendment or revisions shall become effective once communicating on the Platform.
What kind of PII is being Processed?
In order to perform the required services and features defined on the Platform, the Company would need to collect and process the following PII from the User:
1 Directly Identifiable PII such as name, age, nationality and date of birth
2 Contact information such as address, phone number, and e-mail address
3 Payment information such as the payment transaction information, bank account information and credit card information
4 Transactional data, such as username – password and logs, transaction number and history that the User transact and use the Service, including the gathered preference and interest from the transactional behavior
5 Technical PII such as IP address number, the Service usage information, and web browser status and setting that have been used to connect to the Service.
How the Platform is processing the User’s PII?
1 The Company would need to collect, restore and use the PII of the User in order to perform any services or features of the Platform as defined under the Terms of Use, including without limitation (i) to verify the identity and eligibility of the User; (ii) to monitor the transaction undertaken on the Platform executed by the User; (iii) to contact the relevant User; and (iv) to display the relevant PII on the Platform interface in accordance with the scope of services provided under the Terms of User / Terms of Services;
2 The Company would need to collect and analyze the PII of the User in order to assess the User’s interest with an aim to provide customized and personalized privileges or service that would meet your interest and preference and to improve our customer’s experience with each relevant User;
3 The Company would need to collect and restore the User’s PII in order to assure the appropriate after-sale service provided by the Company in various forms, including the satisfaction survey or the support and complaint redress function;
4 The User would need to collect and restore the User’s PII as obliged under the applicable laws and regulations, for instance, for the withholding tax payment purpose.
The Company represent that the Platform does not adopt the automated function of PII processing regarding the individual decision making, including profiling.
The Company would need to collect and store the PII of each relevant User for the defined purposes for as long as the User is still the registered User on the Platform and for 3 (three) years after the User termination, except the relevant laws and regulations defined otherwise. The storage of the PII after the User termination would be necessary for the legitimate interest of the Company in the legal proceedings that the Company may have against the relevant User.
Disclosure of the PII
In order to assure the performance of the Platform as committed, the Company may need to disclose the User’s PII in the following circumstances:
1 To disclose the User’s PII to the outsourced service providers engaged in the performing direct service to the Platform, including without limitation the advisors and auditors as well as the logistic service provider; provided that the Company shall only disclose the User’s PII to the relevant recipient strictly on the need to know basis in strict compliance with the defined objectives for PII process defined;
2 To disclose the User’s PII in the usage of the storage service on Computer System On-premise;
3 To disclose the User’ PII to third party in the legal proceedings to protect the Company’s legitimate rights or to detect and prevent any fraud on the Platform; provided that such disclosure shall be done on the limited and specific purposes as defined.
4 In case that the Company is obliged under the applicable laws, court judgment or administrative order to disclose any PII of any particular users, the Company would need to do so only on the necessary basis.
Representation on the Privacy Security
The Company represents and guarantees that the Company shall adopt the ‘Privacy-by-Design’ concept and shall use the most appropriate security measures to prevent the unauthorized access, amendment or disclosure of the PII in any form or in any circumstance by either internal or external persons and the Company commits to review those measures on the regular basis with the strong commitment to use the best industrial practice and to be in strict compliance with the applicable laws.
Data Subject Rights
The Company acknowledges and accepts the User’s rights as the data subject over their PII as defined under the applicable laws that include the following rights:
1 Right to withdraw consent: Users can withdraw their consent and request the processors to stop collecting their personal data.
2 Right of Access: Users can submit data access requests, which oblige processors to provide a copy of any personal data they hold regarding data subjects. This includes a request for a disclosure of platforms and methods in which the processors collected the data from.
3 Right of Rectification: Users can request an update on an inaccurate or incomplete personal data.
4 Right to Restriction of Processing: Users can request the service provider to limit the way their personal data is used.
5 Right to be informed: Users have the right to be notified about the collection of their personal data such as storage periods and purposes.
6 Right to Object: Users can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.
7 Right to Data Portability: Users are permitted to obtain and reuse their personal data for their own purposes across different services.
8 Right to Erasure: Users can request that the service provider erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or is no longer meeting the lawful ground for which it was collected. This includes the instance where the individual withdraws consent.
9 Right not to be subject to automated individual decision-making: significant decision will not be solely based on automated means.
The User can contact the Company in order to make the request to exercise any defined rights through the defined channel without any charge and the Company will consider and notify the User of the Company’s determination within 30 days after the receipt of the User’s valid request.
What are Cookies that the Company is using on the Platform?
Cookies are text files stored on the User’s computer browser directory or program data subfolder in order to keep data log of the User’s internet usage and the User’s behavior or interaction on the Platform. For the performance of the Platform, the Company need to use various types of Cookies for various purposes as defined below:
1 Functionality Cookies being used to record information about choices the User have made in the Platform such as personal settings, languages, and fonts so this would allows the Company to tailor our Platform features that would match the User’s preference setting;
2 Advertising Cookies being used to record the User’s on-site behavior and history of the Platform visited and this would allow the Company to provide the User the services and products that suit the User’s preferences and to assess the success of each function of the Platform.
3 Strictly Necessary Cookies are essential for the User to browse the Platform and use its features, such as accessing secure areas of the Platform.
Even though the use of Cookies would enhance the performance in providing services in any features of the Platform to the User, the User shall be entitled to disable the Cookies setting on the User’s browser at their own will; provided that the User shall acknowledge that the Cookies-disabled setting may impact the efficiency and the performance of the Platform as defined in details for each type of Cookies above.
Contact Us
Data Controller
Name: Burapa Tasna (1999) Co., Ltd.
Address: 48/5-6, 2nd Floor, Rungruang Alley, Ratchadapisek Road, Samsennok Sub-District, Huaykwang District, Bangkok, 10320
Contact detail: 026934555
Email address: [email protected]