Privacy Policy

Introduction

Kasemsubsiri Co., Ltd. (the “Company,” “we,” “us,” or “our”) commits to safeguard your Personal Data (as defined below). We know you care how information about you is collected, used, disclosed, and/or transferred outside of Thailand. The information you share with us allows us to provide the products and services you need and want appropriately tailored for you, not only from us, but also those within Kasemsubsiri Group (as defined below). We appreciate your trust that we will carefully and sensibly handle your Personal Data while giving you the personalized experience and customer services from us.

This Privacy Notice (“Notice”) explains the collection, use, disclosure and transfer of Personal Data (as defined below) and the data protection rights of individuals outside our organization with whom we interact and whose Personal Data (as defined below) we handle in the course of our businesses or in connection with the products and services we provide, including: (i) individual customers; (ii) contact persons, employees, personnel, authorized persons, representatives, agents, directors, shareholders or any persons, who have the power to establish business relationship or engage in a transaction on behalf of our) corporate customers and their affiliates; (iii) users and visitors of our websites; (iv) other recipients of our products and services; and (v) any other individuals about whom we obtain Personal Data (as defined below) (together, “you” or “your”). This Privacy Policy also applies to our websites, mobile applications, social networking sites, online communication channels, events and activities, and other locations where we collect your Personal Data. However, please read this Privacy Policy in conjunction with the terms and conditions of particular service that you use, which may set out separately regarding the personal information we collect about you.

We may review and amend this Privacy Policy from time to time to reflect changes in applicable laws and the way we handle Personal Data. You are encouraged to revisit our Privacy Policy from time to time to keep yourself updated on these changes. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website, application or other communication channels. We will provide additional notice of significant updates.

1. What Personal Data we collect

“Personal Data” means any identified or identifiable information about you as listed below. In order to offer you with our products and services, we may collect Personal Data directly (e.g. through our representatives, officers, [relationship manager], salesperson, staff, call center, application) or indirectly from you or other sources (e.g. social media, third party’s online platforms, and other publicly available sources) or through our parent company, affiliates, subsidiaries, business partners, official authorities, or third parties. The specific type of data collected will depend on the context of your interactions with us, and the services or products you need or want from us and within Kasemsubsiri Group.

“Sensitive Data” means Personal Data classified by law as sensitive data. We will only collect, use, disclose and/or cross-border transfer Sensitive Data if we have received your explicit consent or as permitted by law.

The following Personal Data is categorized under the variety nature of businesses of Kasemsubsiri Group.

 1.1. Commercial building

1. Personal details, such as title, full name, gender, age, nationality, date of birth, job title, position, workplace, work history, information on government-issued cards, issuing and expiry date (e.g., national identification number, passport number), information on house registration, work permit, license plate number, photograph, your hobbies and interests;
2. Contact details, such as postal address, telephone number, location data, email address, LINE ID, WhatsApp ID, WeChat ID , Facebook account;
3. Financial details, such as income, salary, bank account details (e.g., bank account number, bank name, branch, account type), and other financial related information;
4. Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin), health data, biometric data (e.g. fingerprints, facial recognition, retinal scans).

1.2. Department store

1. Personal details, such as title, full name, gender, age, nationality, date of birth, job title, position, workplace, work history, information on government-issued cards, issuing and expiry date (e.g., national identification number, passport number), information on house registration, work permit, license plate number, photograph;
2. Contact details, such as postal address, telephone number, location data, email address, LINE ID, WhatsApp ID, WeChat ID, Facebook account, QR code;
3. Financial details, such as income, salary, bank account details (e.g., bank account number, bank name, branch, account type), and other financial related information;
4. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount and method, details about redemption transaction, date and location of purchase;
5. Technical details, such as Internet Protocol (IP) address, Mac address;
6. Behaviour details, such as information about your behavior, lifestyle, hobbies, interests, attitudes and convictions and interaction data;
7. Profile details, such as application membership number;
8. Others person information: name of parents
9. Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin), health data, disability, biometric data (e.g. fingerprints, facial recognition, retinal scans), criminal records.

1.3. Co-working

1. Personal details, such as title, full name, gender, age, nationality, date of birth, job title, position, workplace, work history, educational background, language preference, information on government-issued cards (e.g., national identification number and valid date, passport number, driver’s license details), student ID number and valid date, information on house registration, photograph, video footage, sound recording, geolocation data;
2. Contact details, such as postal address, billing address, telephone number, email address, social media accounts;
3. Financial details, such as income, bank account details, payment details, credit/debit card details
4. Behaviour details, such as information about your behavior, lifestyle, attitudes and convictions and interaction data;
5. Profile details, such as access card ID, username, display name, password, user preferences;
6. Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin), health data, disability and biometric data (e.g. fingerprints, facial recognition, retinal scans).

1.4 Retails

1. Personal details, such as title, full name, gender, age, nationality, date of birth, information on government-issued cards (e.g., national identification number, passport number) information on house registration;
2. Contact details, such as postal address, telephone number, email address, LINE ID;
3. Financial details, such as income, income range, bank account details, payment details, credit/debit card details, and other financial related information;
4. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount and method, details about redemption transaction, date and location of purchase;
5. Behaviour details, such as information about your behavior, interests, hobbies, lifestyle, attitudes and convictions and interaction data;
6. Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin)

1.5  Software Application

1. Personal details, such as title, full name, gender, age, nationality, date of birth, information on government-issued cards (e.g., national identification number, passport number) information on house registration,;
2. Contact details, such as postal address, telephone number, email address, LINE ID;
3. Financial details, such as income, income range, bank account details, payment details, credit/debit card details, and other financial related information;
4. Transaction details, such as details about payment to and from you, payment date and/or time, payment amount and method, details about redemption transaction, date and location of purchase;
5. Behaviour details, such as information about your behavior, interests, hobbies, lifestyle, attitudes and convictions and interaction data;
6. Sensitive data, such as sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin)

Where applicable, we may also collect other information, such as cookies, and internet browsing behaviour, login data, search history browsing type, browsing language, IP address, information about how you use and interact with our online services or advertising (including web page viewed, content viewed, links clicked and features used), when and how often you use our online services, the webpage from which you clicked a link to come to our online services (e.g., the referrer URL), and crash reports. If it is possible to combine any information with your personal information, or if other information is used to build a profile of an individual, we will treat such other information and combined information as personal data. Nevertheless, subject to our Cookies Policy, you can reject or delete cookies at any time in your web browser’s privacy setting. You can choose to reject cookies either in whole or in part. By using the website without deleting or rejecting, you agree to our use of cookies and store on your device. You can review our Cookies Policy here

If you provide Personal Data of any third party to us, e.g., their name, family name, address details, and telephone number for emergency contact, family member income; please provide this Privacy Policy for their acknowledgement and/or obtaining consents where applicable. 

We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.

We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian’s consent. In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.  

2. The Purpose of collection, use or disclosure of your Personal Data

We may collect, use, disclose and/or cross-border transfer your Personal Data and Sensitive Data for the following purposes.

2.1 Purpose for which consent is required 

We rely on your consent for the following purposes:

2.1.1 Commercial building

1. Marketing and Communications: To provide marketing communications, sales, special offers, promotions, notices, news, and information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries, third parties and/or business partners which we cannot rely on other legal bases;
2. Analytic services: To conduct data analytic services on your personal data within Kasemsubsiri Group, our affiliates, subsidiaries, or to third parties;
3. Sensitive Data: We may use your sensitive data for the following purposes:

• – Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose;
• – Health data and disability for coordinating with medical service providers;
• – Biometric data (e.g. fingerprints, facial recognition, retinal scans) for providing access our premises, security purposes and providing elevator access control system.

2.1.2 Department store

1. Marketing and Communications: To provide marketing communications, sales, special offers, promotions, notices, news, and information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries, third parties and/or business partners which we cannot rely on other legal bases;
2. Analytic services: To conduct data analytic services on your personal data within Kasemsubsiri Group, our affiliates, subsidiaries, or to third parties;
3.  Sensitive Data: We may use your sensitive data for the following purposes:

• – Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose;
• – Biometric data (e.g. fingerprints, facial recognition, retinal scans) for accessing premises and security purpose;
• – Health data and disability for coordinating with medical service providers;
• – Criminal records: for security purpose.

2.1.3 Co-working

1. Marketing and Communications: To provide marketing communications, sales, special offers, promotions, notices, news, events and information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries, third parties and/or business partners which we cannot rely on other legal bases; and/or
2. Sensitive Data: We may use your sensitive data for the following purposes:

• – Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose;
• – Biometric data (e.g. fingerprints, facial recognition, retinal scans) for accessing premises and security purpose;
• – Health data and disability for coordinating with medical service providers.

2.1.4 Retails 

1. Marketing and Communications: To provide marketing communications, sales, special offers, promotions, notices, news, events and information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries, third parties and/or business partners which we cannot rely on other legal bases;
2. Analytic services: To conduct analytic services on your personal data within Kasemsubsiri Group, our affiliates, subsidiaries, or to third parties; and/or
3.  Sensitive Data: We may use your sensitive data for the following purposes:

• – Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose.
• – Biometric data (e.g. fingerprints, facial recognition, retinal scans) for accessing premises and security purpose;
• – Health data and disability for coordinating with medical service providers.

2.1.5 Software Application

1. Marketing and Communications: To provide marketing communications, sales, special offers, promotions, notices, news, events and information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries, third parties and/or business partners which we cannot rely on other legal bases;
2. Analytic services: To conduct analytic services on your personal data within Kasemsubsiri Group, our affiliates, subsidiaries, or to third parties; and/or
3.  Sensitive Data: We may use your sensitive data for the following purposes:

• – Sensitive data as shown in the identification document (e.g., religion, racial or ethnic origin): for verification and authentication purpose.
• – Biometric data (e.g. fingerprints, facial recognition, retinal scans) for accessing premises and security purpose;
• – Health data and disability for coordinating with medical service providers.

Where legal basis is consent, you have the right to withdraw your consent at any time. This can be done so, by contacting us at the Contact Details below. The withdrawal of consent will not affect the lawfulness of the collection, use, and disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn.

2.2 The purposes we may rely on and other legal grounds for processing your Personal Data

We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.

2.2.1 Commercial building

We may collect, use, and/or disclose your Personal Data for the following purposes:

1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to carry out contract details, financial transaction and services related to the payments including transaction checks, verification, and cancellation; to make appointment of sales gallery visit; to process on receipt and invoice issuance, cash disbursement, account payable, and proof of purchase; to keep evidence records; to manage the use of access card; and to invite you to participate in events and our services, to organize events, place and other services for you;
2. Marketing and Communications: To provide marketing, communications, special offers, privilege, promotions, notices, news, events information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries and/or business partners in accordance with preferences you have expressed directly or indirectly;
3. Prize drawing, competitions, and other offers/promotions: To allow you to participate to promotions, special offers, competitions, prize drawing, privilege on such using exclusive spaces, and other offers/promotions;
4. Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
5. To communicate and manage our relationship with you: To communicate with you in relation to the products and services you obtain from us and receive information about the products and services from you; to process and update your information; to facilitate your use of the products and services; to handle customer service-related queries, request, feedback, complains, warranty claims, disputes or indemnity; to deal with technical issues and commercial terms;
6. To process transactions and or payments: such as to process payments or transactions, billing, processing, clearing, refunding, or reconciliation activities. This includes all financial, transaction or payment related record keeping, issuance of bills, tax invoice, payment receipts and delivery of such;
7. Profiling and data analytics: to undertake data analytics for products and services development, market research, surveys, assessments, and behaviour; to perform data analytic to improve our marketing performances and the offerings and sales of our products and services; to evaluate your interest on the solutions; to perform data analytic for system improvement (e.g. develop model classifying customer group for better service provision); to perform data analytic to increase business opportunity; to evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers;
8. Carrying out business purposes:  such as to update your customer data; to maintain data accuracy; to perform data analytic for risk prevention (e.g. develop a model to predict the possibility of non-performing loan, or predict the chances of accident); to perform customer risk assessments; to perform institutional risk control, auditing and audit record keeping, analyzing credit risk; to keep business records and otherwise to operate, manage, and maintain our business operations; to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures; to keep record of the frequency of visits;
9. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; to provide and handle tax declaration; to contact with tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
10. Functioning of our sites and platform: such as to administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to access our available systems and provide technical assistance
11. Protection of our interests: To protect the security and integrity of our business; to detect and prevent misconduct within our premises, for example, to detect, prevent, and respond to fraud claims, and to determine fraud risk and identify fraudulent transactions, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation;
12. Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
13. Life: To prevent or suppress a danger to a person’s life, body, or health.

2.2.2 Department store

We may collect, use, and/or disclose your Personal Data for the following purposes:

1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to carry out contract details, financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process on receipt and invoice issuance, cash disbursement, account payable, and proof of purchase; to keep evidence records; to process on redemption programme; and to invite you to participate in events and our services, to organize events, place and other services for you;
2. Marketing and Communications: To provide marketing, communications, special offers, privilege, promotions, notices, news, events information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries and/or business partners in accordance with preferences you have expressed directly or indirectly;
3.  Prize drawing, competitions, and other offers/promotions: To allow you to participate to promotions, special offers, competitions, prize drawing, privilege on such using exclusive spaces, and other offers/promotions;
4. Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
5. To communicate and manage our relationship with you: To communicate with you in relation to the products and services you obtain from us and receive information about the products and services from you; to process and update your information; to facilitate your use of the products and services; to handle customer service-related queries, request, feedback, complains, warranty claims, disputes or indemnity; to deal with technical issues and commercial terms;
6. To process transactions and or payments: such as to process payments or transactions, billing, processing, clearing, refunding, or reconciliation activities. This includes all financial, transaction or payment related record keeping, issuance of bills, tax invoice, payment receipts and delivery of such;
7. Profiling and data analytics: to undertake data analytics for products and services development, market research, surveys, assessments, and behaviour; to perform data analytic to improve our marketing performances and the offerings and sales of our products and services; to evaluate your interest on the solutions; to perform data analytic for system improvement (e.g. develop model classifying customer group for better service provision); to perform data analytic to increase business opportunity; to evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers;
8. Carrying out business purposes:  such as to update your customer data; to maintain data accuracy; to perform data analytic for risk prevention (e.g. develop a model to predict the possibility of non-performing loan, or predict the chances of accident); to perform customer risk assessments; to perform institutional risk control, auditing and audit record keeping, analyzing credit risk; to keep business records and otherwise to operate, manage, and maintain our business operations; to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures; to keep record of the frequency of visits;
9. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; to provide and handle tax declaration; to contact with tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
10. Functioning of our sites and platform: such as to administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to access our available systems and provide technical assistance
11. Protection of our interests: To protect the security and integrity of our business; to detect and prevent misconduct within our premises, for example, to detect, prevent, and respond to fraud claims, and to determine fraud risk and identify fraudulent transactions, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation;
12. Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
13. Life: To prevent or suppress a danger to a person’s life, body, or health.

2.2.3 Co-working

We may collect, use, and/or disclose your Personal Data for the following purposes:

1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to carry out contract details, financial transaction and services related to the payments including transaction checks, verification, and cancellation; to manage the use of access card; to process on your membership; to keep evidence records; and to invite you to participate in events and our services, to organize events, place and other services for you;
2. Marketing and Communications: To provide marketing, communications, special offers, privilege, promotions, notices, news, events information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries and/or business partners in accordance with preferences you have expressed directly or indirectly;
3. Prize drawing, competitions, and other offers/promotions: To allow you to participate to promotions, special offers, competitions, prize drawing, privilege on such using exclusive spaces, and other offers/promotions;
4. Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
5. To communicate and manage our relationship with you: To communicate with you in relation to the products and services you obtain from us and receive information about the products and services from you; to process and update your information; to facilitate your use of the products and services; to handle customer service-related queries, request, feedback, complains, warranty claims, disputes or indemnity; to deal with technical issues and commercial terms;
6. To process transactions and or payments: such as to process payments or transactions, billing, processing, clearing, refunding, or reconciliation activities. This includes all financial, transaction or payment related record keeping, issuance of bills, tax invoice, payment receipts and delivery of such;
7. Profiling and data analytics: to undertake data analytics for products and services development, market research, surveys, assessments, and behaviour; to perform data analytic to improve our marketing performances and the offerings and sales of our products and services; to evaluate your interest on the solutions; to perform data analytic for system improvement (e.g. develop model classifying customer group for better service provision); to perform data analytic to increase business opportunity; to evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers;
8. Carrying out business purposes:  such as to update your customer data; to maintain data accuracy; to perform data analytic for risk prevention (e.g. develop a model to predict the possibility of non-performing loan, or predict the chances of accident); to perform customer risk assessments; to perform institutional risk control, auditing and audit record keeping, analyzing credit risk; to keep business records and otherwise to operate, manage, and maintain our business operations; to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures; to keep record of the frequency of visits;
9. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; to provide and handle tax declaration; to contact with tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
10. Functioning of our sites and platform: such as to administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to access our available systems and provide technical assistance
11. Protection of our interests: To protect the security and integrity of our business; to detect and prevent misconduct within our premises, for example, to detect, prevent, and respond to fraud claims, and to determine fraud risk and identify fraudulent transactions, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation;
12. Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
13. Life: To prevent or suppress a danger to a person’s life, body, or health.

2.2.4 Retails 

We may collect, use, and/or disclose your Personal Data for the following purposes:

1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to carry out contract details, financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process on receipt and invoice issuance, cash disbursement, and account payable; to process on your membership; to keep evidence records; to invite you to participate in events and our services, to organize events, place and other services for you;
2. Marketing and Communications: To provide marketing, communications, special offers, privilege, promotions, notices, news, events information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries and/or business partners in accordance with preferences you have expressed directly or indirectly;
3. Prize drawing, competitions, and other offers/promotions: To allow you to participate to promotions, special offers, competitions, prize drawing, privilege on such using exclusive spaces, and other offers/promotions;
4. Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
5. To communicate and manage our relationship with you: To communicate with you in relation to the products and services you obtain from us and receive information about the products and services from you; to process and update your information; to facilitate your use of the products and services; to handle customer service-related queries, request, feedback, complains, warranty claims, disputes or indemnity; to deal with technical issues and commercial terms;
6. To process transactions and or payments: such as to process payments or transactions, billing, processing, clearing, refunding, or reconciliation activities. This includes all financial, transaction or payment related record keeping, issuance of bills, tax invoice, payment receipts and delivery of such;
7. Profiling and data analytics: to undertake data analytics for products and services development, market research, surveys, assessments, and behaviour; to perform data analytic to improve our marketing performances and the offerings and sales of our products and services; to evaluate your interest on the solutions; to perform data analytic for system improvement (e.g. develop model classifying customer group for better service provision); to perform data analytic to increase business opportunity; to evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers;
8. Carrying out business purposes:  such as to update your customer data; to maintain data accuracy; to perform data analytic for risk prevention (e.g. develop a model to predict the possibility of non-performing loan, or predict the chances of accident); to perform customer risk assessments; to perform institutional risk control, auditing and audit record keeping, analyzing credit risk; to keep business records and otherwise to operate, manage, and maintain our business operations; to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures; to keep record of the frequency of visits;
9. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; to provide and handle tax declaration; to contact with tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
10. Functioning of our sites and platform: such as to administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to access our available systems and provide technical assistance
11. Protection of our interests: To protect the security and integrity of our business; to detect and prevent misconduct within our premises, for example, to detect, prevent, and respond to fraud claims, and to determine fraud risk and identify fraudulent transactions, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation;
12. Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
13. Life: To prevent or suppress a danger to a person’s life, body, or health.

2.2.5 Software Application

1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to carry out contract details, financial transaction and services related to the payments including transaction checks, verification, and cancellation; to manage the use of access card or QR Code; to process on your access or membership; to keep evidence records; and to invite you to participate in events and our services, to organize events, place and other services for you;
2. Marketing and Communications: To provide marketing, communications, special offers, privilege, promotions, notices, news, events information about products and services from us, Kasemsubsiri Group, our affiliates, subsidiaries and/or business partners in accordance with preferences you have expressed directly or indirectly;
3. Prize drawing, competitions, and other offers/promotions: To allow you to participate to promotions, special offers, competitions, prize drawing, privilege on such using exclusive spaces, and other offers/promotions;
4. Registration and Authentication: To register, verify, identify, and authenticate you or your identity;
5. To communicate and manage our relationship with you: To communicate with you in relation to the products and services you obtain from us and receive information about the products and services from you; to process and update your information; to facilitate your use of the products and services; to handle customer service-related queries, request, feedback, complains, warranty claims, disputes or indemnity; to deal with technical issues and commercial terms;
6. To process transactions and or payments: such as to process payments or transactions, billing, processing, clearing, refunding, or reconciliation activities. This includes all financial, transaction or payment related record keeping, issuance of bills, tax invoice, payment receipts and delivery of such;
7. Profiling and data analytics: to undertake data analytics for products and services development, market research, surveys, assessments, and behaviour; to perform data analytic to improve our marketing performances and the offerings and sales of our products and services; to evaluate your interest on the solutions; to perform data analytic for system improvement (e.g. develop model classifying customer group for better service provision); to perform data analytic to increase business opportunity; to evaluate, develop, manage, improve, research and develop the services, products, system, and business operations for you and all of our customers;
8. Carrying out business purposes:  such as to update your customer data; to maintain data accuracy; to perform data analytic for risk prevention (e.g. develop a model to predict the possibility of non-performing loan, or predict the chances of accident); to perform customer risk assessments; to perform institutional risk control, auditing and audit record keeping, analyzing credit risk; to keep business records and otherwise to operate, manage, and maintain our business operations; to maintain our IT operations, management of communication system, operation of IT security and IT security audit; and to maintain internal business management for internal compliance requirements, policies, and procedures; to keep record of the frequency of visits;
9. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders; to provide and handle tax declaration; to contact with tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
10. Functioning of our sites and platform: such as to administer, operate, track, monitor, and manage our sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and platform; improve the layout and content of our sites and platform; to allow you to access our available systems and provide technical assistance
11. Protection of our interests: To protect the security and integrity of our business; to detect and prevent misconduct within our premises, for example, to detect, prevent, and respond to fraud claims, and to determine fraud risk and identify fraudulent transactions, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to perform sanction list checking, risk management, internal audits and records, asset management, system, and other business controls; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; for reference and evidence related to claims or litigation;
12. Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
13. Life: To prevent or suppress a danger to a person’s life, body, or health. If you fail to provide your Personal Data when requested, we may not be able to provide our products and services to you.
14. Functional Purpose: To operate our website on the Web server. In addition, the short-term storage of log files is expedient in order to subsequently investigate attempted attacks on the Web server or any misuse.
15. Cookies: Please see our Cookies Policy here
16. Web Analytics Services: Please see our Cookies Policy regarding Web Analytics Services here

3. To whom we may disclose or transfer your Personal Data

 We may disclose or transfer your Personal Data to the following third parties who collects, uses and discloses Personal Data in accordance with the purpose under this Policy. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy policy to learn more details on how they collect, use and disclose your Personal Data as you are also subject to their privacy policies.

3.1 Kasemsubsiri Group ‘s data ecosystem

As Kasemsubsiri Co., Ltd. is part of a One Bangkok Co., Ltd., One Bangkok Holdings Co., Ltd., One Bangkok Ventures Co., Ltd., TCC Assets Co., Ltd., Frasers Property Holding (Thailand) Co., Ltd., Frasers Property Limited, Frasers Property Management Services (Thailand) Co., Ltd. (Collectively referred to as “Kasemsubsiri Group”) which all collaborate and partially share customer services and systems including website-related services and systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Kasemsubsiri Group for the purposes set out in this Privacy Policy. This will allow other companies within Kasemsubsiri Group to rely on consent obtained by Kasemsubsiri Co., Ltd.

3.2 Our service providers

We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) computer program developer, software developer, IT service providers and IT support company; (2) marketing, advertising media, designer, creative, and communications agencies; (3) campaign, event, and market organizers, and CRM agency; (4) data storage and cloud service providers; (5) property management service provider; (6) sale agencies; (7) logistic and courier service providers; (8) payment and payment system service providers; (9) research agencies; (10) analytics service providers; (11) survey agencies; (12) call center; (13) telecommunications and communication service providers; (14) outsourced administrative service providers; (15) printing service providers.

In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that the service providers we work with will keep your Personal Data secure as required under the laws.

3.3 Our business partners

We may disclose your personal data to companies that we have partnered with to offer or enhance products and services for our customers or prospective customers, for example, financial institution partner, access solution company, telecommunication company, sponsors, co-branded partners and other third parties that we conduct joint marketing and cross promotion with.

3.4 Third parties required by law

In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.

3.5 Professional advisors

This includes asset management service providers, lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.

3.6 Assignee of rights and/or obligations

Third parties as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction; will comply with this Privacy Policy to respect your Personal Data.

4. International transfers of your Personal Data

We may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place suitable data protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.

5. How long do we keep your Personal Data

We keep your Personal Data only for so long as we need the Personal Data to fulfil the purposes we collected it for, and to satisfy our business and/or our legal and regulatory obligations. How long we keep your Personal Data depends on the nature of the data. Some information may be retained for longer, where we are required to do so by law.

6. Your rights as a data subject

Subject to applicable laws and exceptions thereof, you may have the following rights to:

1. Access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
2. Rectification: You may have the right to have incomplete, inaccurate, misleading, or or not up-to-date Personal Data that we collect, use and disclose about you rectified.
3. Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are processing such data on the basis of your consent or to perform a contract with you.
4. Objection: You may have the right to object to certain collection, use and disclosure of your Personal Data such as objecting to direct marketing.
5. Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
6. Withdraw Consent: For the purposes you have consented to our collecting, using and disclosing of your Personal Data, you have the right to withdraw your consent at any time.
7. Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use and disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
8. Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use and disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.

7. Our Contact Details

If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer at:

Kasemsubsiri Co., Ltd.

• 57, Park Venture Ecoplex, 19^th Floor, Wireless Road, Lumphini Sub-District, Pathum Wan District, Bangkok, Thailand.
• Telephone: +66 (0) 2 081 3500
• Email: enquiry@theparq.com