Gaysorn Village Member Services (the “Company”, “we”, “us” or “our”) values the importance of data privacy and transparency and knows that the details of how we collected, used, disclosed, and/or cross-border transferred your personal data is what you care about.
During our operation of businesses, we do not intend to collect any personal data as we are a holding company mainly operating our businesses by means of holding shares in other companies, and we do not operate any businesses that directly collect any personal data from the customers. However, we may need to collect, use, disclose and/or cross-border transfer certain personal data for certain purposes relating to the operation of businesses by us and by other companies within Gaysorn Group of Affiliated companies, including personal data of visitors, complainants, emergency contact persons, general public, journalists, persons relating to our Corporate Social Responsibility (CSR) projects, director, shareholders and securities holders, or customers of companies within Gaysorn Group of Affiliated companies (“you” or “your”). Therefore, we have prepared this Privacy Notice (the “Privacy Notice”) to explain how we collect, use, disclose and/or cross-border transfer your personal data.
This Privacy Notice provides important information including:
In this Privacy Notice:
“Personal Data” means any information relating to a natural person, which directly or indirectly identifies such natural person, but excluding the information of deceased natural persons; and
“Data Subject” means the natural person that is identified, whether directly or indirectly, by certain Personal Data.
If you provide Personal Data of any third party to us (e.g., their name, and telephone number for emergency contact, family member income), please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable.
We only collect the Personal Data of minors, quasi-incompetent persons and incompetent persons where their parents or guardian has given their consent, when consent is required. We do not knowingly collect Personal Data from a minor without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent when it is required. In the event that we learn that we have unintentionally collected minor’s, quasi-incompetent person’s and/or incompetent person’s Personal Data without consent from parent or guardian, when consent is required, we will delete such Personal Data in a timely manner or will only collect, use, and/or disclose such Personal Data if we can rely on other legal bases apart from consent.
3.1. The purpose of which you have given your consent:
We do not currently collect, use and/or disclose your Personal Data for any purposes which require your consent.
3.2. The purpose that we may rely on other lawful bases
We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and your interest, fundamental rights and freedoms in relation to the protection of your Personal Data; (4) for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the state authorities (6) for establishment and raising of potential legal claims or other legal bases permitted under applicable laws relating to Personal Data protection (as the case may be). Depending on the context of the relationship with us, we may collect, use and/ or disclose Personal Data for the following purposes:
Where we need to collect, use and disclose your Personal Data as required by law, or for performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to perform the contract we have or are trying to enter into with you. In particular, we may not be able to provide our products and services to you.
Where consent is required for certain activities of collection, use or disclosure of your Personal Data, we will request and obtain your consent for such activities separately.
4.1. Gaysorn Group of Affiliated companies
As the Company is part of a Gaysorn Group of Affiliated companies which all collaborate and partially share internal systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Gaysorn Group of Affiliated companies including subsidiaries and business partners for the purposes set out above.
4.2. Our service providers
The Company may use other companies, agents or contractors to perform services on behalf or to assist with our business operations. We may share your Personal Data to (1) infrastructure, software and website developer and IT service providers; (2) warehouse and logistic service providers; (3) financial institutions and payment service providers; (4) building renovator; (5) marketing, advertising media and communications agencies; (6) concierge or call center; (7) campaign and event organizers; (8) telecommunications and communication service provider; (9) payment, payment system, authentication, and dip chip service providers and agents; (10) outsourced administrative service providers; (11) data storage and cloud service providers; (12) verifying and data checking service providers; (13) dispatchers; (14) printing service providers; (15) insurance company; (16) risk management service provider; (18) auditors and/or (19) law firms.
In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
4.3. Our business partners
We may transfer your Personal Data to our business partners in the process of contract signing and/or service engagement, provided that the receiving business partner agrees to treat your Personal Data in a manner consistent with this Privacy Notice.
4.4. Third parties permitted by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
4.5. Professional advisors
This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.
4.6. Associations
We may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association, Ratchaprasong Square Trade Association and/or the Ratchaprasong Intersection Group.
4.7. Assignee of rights and/or obligations
We may transfer your Personal Data to third parties in the event of any reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock. If any of above events occur, our assignee will comply with this Privacy Notice to respect your Personal Data.
The Company may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties has in place suitable data protection standard and that the transfer is lawfully permitted under the applicable laws.
The Company keeps data on Salesforce’s cloud which is a standardized system, highly secured, generally acceptable, and Salesforce has multiple Data Centers around the world. We use Data Center in Singapore as Server Base, with Backup Base in Hong Kong. Australia prescribes the law for Personal Data protection, called the Privacy Act 1988 and Hong Kong also has a Personal Data protection law called the Personal Data Ordinance, Laws of Hong Kong.
We will retain your Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained them and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law. After the lapse of such retention period, we may erase or destroy your Personal Data or change your Personal Data to be de-identified as appropriate.
In order to prevent unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of your Personal Data, the Company has established and/or opted to use a system to collect, use, and disclose Personal Data, whether in hard copy, electronic files and/or any other form, with appropriate security measures, including organizational measures, technical measures and physical measures, covering the components of the relevant information system, taking into account the security implementation specified by the law on Personal Data protection in order to properly maintain confidentiality, integrity, and availability of the Personal Data according to the level of risk. This includes controlling access to Personal Data and critical information system components, appropriate handling of user access, determining user’s responsibilities, putting in place appropriate measures for audit logging to detect access, alteration, correction or deletion of Personal Data. We also arrange the enhancement of knowledge and understanding related to Personal Data protection and security for personnel concerned.
Subject to applicable laws and exceptions thereof, you may have the following rights and the Company will respond expeditiously:
8.1. Right to Withdraw Consent – For the purposes you have consented to our collection, use or disclosure of your Personal Data, you have the right to withdraw your consent at any time.
8.2. Right to Access – You may have the right to access your Personal Data by asking for its copy from the Company and submitting a request to have the Company disclose the acquisition of your Personal Data which you did not give your consent to us.
8.3. Right to Rectification – You may have the right to ask the Company to correct or complete your Personal Data that is incomplete, inaccurate, misleading, or not up-to-date.
8.4. Right to Erasure – You may have the right to ask the Company to delete your Personal Data or to change it to be de-identified data, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. Sometimes the deletion of your Personal Data causes us to no longer be able to provide service to you.
8.5. Right to Restriction: You may have the right to suspend the use of your Personal Data in the cases below.
8.6. Right to Data Portability: You may have the right to migrate your Personal Data given to us to another data controller or to yourself.
8.7. Right to Object: You may have the right to object the collection, use or disclosure of your Personal Data when you make the following cancellation:
8.8. Right to lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our processing of your Personal Data is unlawful or noncompliance with applicable data protection law.
You can exercise your right to withdraw consent or your right to object by contacting us at our counter desks or using the contact details provided in Section 11 below.
Our products and services may contain links to third-party websites. This Privacy Notice shall govern only products and services belonging to us. If you access to and use such linked websites to another products and services, we urge that you firstly read privacy notices of those third-party websites.
The Company may amend this Privacy Notice from time to time. Where applicable, we may notify you when material changes have been made to this Privacy Notice by means we deem appropriate. We recommend that you periodically revisit or keep track of this Privacy Notice to learn of any changes.
This Privacy Notice was last updated on 05 November 2024.
If you have any questions about this Privacy Notice, protection of your Personal Data, your information kept by the Company, or desire to exercise your rights as a Data Subject, please contact
Name: Gaysorn Group Data Protection Officer (DPO)
999, 4th Floor, Gaysorn Centre, Lumpini, Pathumwan, Bangkok, 10330, Thailand.
Email: dpo@gaysorngroup.com
Phone: 02-656-1149