PRIVACY NOTICE FOR EXTERNAL PARTY

through tasteful bites and savory stories

Gaysorn Village Member Services (the “Company”, “we”, “us” or “our”) values the importance of data privacy and transparency and knows that the details of how we collected, used, disclosed, and/or cross-border transferred your personal data is what you care about.

 

During our operation of businesses, we do not intend to collect any personal data as we are a holding company mainly operating our businesses by means of holding shares in other companies, and we do not operate any businesses that directly collect any personal data from the customers. However, we may need to collect, use, disclose and/or cross-border transfer certain personal data for certain purposes relating to the operation of businesses by us and by other companies within Gaysorn Group of Affiliated companies, including personal data of visitors, complainants, emergency contact persons, general public, journalists, persons relating to our Corporate Social Responsibility (CSR) projects, director, shareholders and securities holders, or customers of companies within Gaysorn Group of Affiliated companies (“you” or “your”). Therefore, we have prepared this Privacy Notice (the “Privacy Notice”) to explain how we collect, use, disclose and/or cross-border transfer your personal data.

 

This Privacy Notice provides important information including:

  • Definition
  • Personal Data collected by the Company
  • Purposes of collection of your Personal Data
  • Disclosure of your Personal Data
  • Cross-border transfer of your Personal Data
  • Retention of your Personal Data
  • Security of your Personal Data
  • Right of Data Subjects
  • Privacy notices of third-party websites
  • Changes to this Privacy Notice
  • Contacting the Company
1

Definition

In this Privacy Notice:

Personal Data” means any information relating to a natural person, which directly or indirectly identifies such natural person, but excluding the information of deceased natural persons; and
Data Subject” means the natural person that is identified, whether directly or indirectly, by certain Personal Data.

2

Personal Data collected by the Company

The Company may collect your Personal Data directly when you interact with us or reach out to us or indirectly from other sources and through Gaysorn Group of Affiliated companies including subsidiaries or business partners. Personal Data collected by us may include, but are not limited to, the following:
  • Personal details: such as title, name-surname, birthday, age, gender, occupation, qualifications, job title, position, company name, nationality, country of residence, marital status, number of family members and children, information on government-issued cards (e.g., national identification number, photograph of the national identification card, information on the national identification card, social security number, passport number, driver’s license details or similar identifiers), signature, voice record, picture, CCTV records, education, insurance details, house registration, household income, salary and personal income; details regarding holding of shares or securities (e.g., registration number of shareholders or securities holders, number of shares or securities, and amount of dividend; qualifications, personal background check information (e.g., insolvency check, litigation check), performance and disciplinary information, location information, and position in any associate or professional organization;
  • Contact details: such as telephone number, mobile number, fax number, address and email;
  • Financial details: such as debit/credit card or bank account information, salary, wages and allowances, incentive, bonus;
  • Transaction details: such as details from transactions documents;
  • Technical details: such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as international mobile equipment identifier (IMEI), electronic serial number (ESN), mobile equipment identifier (MEID) and serial number (SN)), device model and type, formats of software and hardware of the device when it is activated in the system, network, connection details, access details, single sign-on (SSO), access time and location, time spent on the page, GPS, latitude, longitude, login information, applications downloaded on a communication devices, search history, browsing details, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and other technology on devices you use to access our websites or applications, including any other technical information arising from the use of our platform, application and systems;
  • Employment-related details, such as your job/employment application form, type of employment, employment terms and condition, period of contract, position, title, department, origin company, workplace, nature of business, job description, working hours, time attendance record, commencement date, current employment record, leave related information and records, reasons for termination and/or resignation of employment contract, career achievement, transportation/gasoline expense, password; and/or

If you provide Personal Data of any third party to us (e.g., their name, and telephone number for emergency contact, family member income), please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable.

 

We only collect the Personal Data of minors, quasi-incompetent persons and incompetent persons where their parents or guardian has given their consent, when consent is required. We do not knowingly collect Personal Data from a minor without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent when it is required. In the event that we learn that we have unintentionally collected minor’s, quasi-incompetent person’s and/or incompetent person’s Personal Data without consent from parent or guardian, when consent is required, we will delete such Personal Data in a timely manner or will only collect, use, and/or disclose such Personal Data if we can rely on other legal bases apart from consent.

3

Purposes of collection of your Personal Data

The Company may collect, use and/or disclose your Personal Data for the purposes as follows:

3.1. The purpose of which you have given your consent:

We do not currently collect, use and/or disclose your Personal Data for any purposes which require your consent.

 

3.2. The purpose that we may rely on other lawful bases

We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and your interest, fundamental rights and freedoms in relation to the protection of your Personal Data; (4) for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the state authorities (6) for establishment and raising of potential legal claims or other legal bases permitted under applicable laws relating to Personal Data protection (as the case may be). Depending on the context of the relationship with us, we may collect, use and/ or disclose Personal Data for the following purposes:

  1. To operate our businesses: To provide support and assistance as you may request; enter into a contract with our customers, suppliers, vendors and/or other third parties; to select and appoint directors; to issue power of attorney; to proceed with financial transactions; to monitor performance and responsibilities, allocate and mange company resources, impose disciplinary sanction;
  2. Registration and Authentication: To register, verify, prove, affirm, identify, and/or authenticate you or your identity;
  3. To manage our relationship with you: To contact and communicate with you on business/ work related news and updates; to set meeting appointments; to handle queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to manage accounts; to process and update your information; to proceed with the activities or operation for us or on behalf of us as set out in our agreement, work rules or any document related to HR management and development;
  4. To provide compensation and benefits: To provide dividend payment, payroll, tax reduction, provision of provident fund, social security provision, expenses reimbursement, medical and medication expenses reimbursement, provision of insurance, severance payment and other benefit.
  5. Functioning of the websites, applications, and platforms: To administer, operate, track, monitor, and manage the websites, applications and platforms to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the websites, applications and platforms; improve layout, and content of the websites, applications and platforms;
  6. IT Management: For business management purposes including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
  7. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
  8. Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property, the properties of our affiliates and subsidiaries under Gaysorn Group; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
  9. Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent and investigate fraud, illegal activities, omission of duties or misconduct). This includes performing sanction list checking, internal audits and records, asset management, system, and other business controls;
  10. Corporate transaction: In the event of sale, transfer, merger, reorganization, or similar event, we may transfer your Personal Data to one or more third parties as part of that transaction;
  11. Risks: To perform risk management, audit performance, and risk assessments; and/or
  12. Life: To prevent or suppress a danger to a person’s life, body, or health.

Where we need to collect, use and disclose your Personal Data as required by law, or for performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to perform the contract we have or are trying to enter into with you. In particular, we may not be able to provide our products and services to you.

 

Where consent is required for certain activities of collection, use or disclosure of your Personal Data, we will request and obtain your consent for such activities separately.

4

Disclosure of your Personal Data

The Company may disclose your Personal Data to the following third parties who collects, use and/or disclose your Personal Data in accordance with the purpose under this Privacy Notice. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy notices to learn more details on how they process your Personal Data.

4.1. Gaysorn Group of Affiliated companies

As the Company is part of a Gaysorn Group of Affiliated companies which all collaborate and partially share internal systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Gaysorn Group of Affiliated companies including subsidiaries and business partners for the purposes set out above.

 

4.2. Our service providers

The Company may use other companies, agents or contractors to perform services on behalf or to assist with our business operations. We may share your Personal Data to (1) infrastructure, software and website developer and IT service providers; (2) warehouse and logistic service providers; (3) financial institutions and payment service providers; (4) building renovator; (5) marketing, advertising media and communications agencies; (6) concierge or call center; (7) campaign and event organizers; (8) telecommunications and communication service provider; (9) payment, payment system, authentication, and dip chip service providers and agents; (10) outsourced administrative service providers; (11) data storage and cloud service providers; (12) verifying and data checking service providers; (13) dispatchers; (14) printing service providers; (15) insurance company; (16) risk management service provider; (18) auditors and/or (19) law firms.

In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.

 

4.3. Our business partners
We may transfer your Personal Data to our business partners in the process of contract signing and/or service engagement, provided that the receiving business partner agrees to treat your Personal Data in a manner consistent with this Privacy Notice.


4.4. Third parties permitted by law
In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.


4.5. Professional advisors
This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.


4.6. Associations
We may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association, Ratchaprasong Square Trade Association and/or the Ratchaprasong Intersection Group.


4.7. Assignee of rights and/or obligations
We may transfer your Personal Data to third parties in the event of any reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock. If any of above events occur, our assignee will comply with this Privacy Notice to respect your Personal Data.

5

Cross-border transfers of your Personal Data

The Company may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties has in place suitable data protection standard and that the transfer is lawfully permitted under the applicable laws.

6

Retention of your Personal Data

The Company keeps data on Salesforce’s cloud which is a standardized system, highly secured, generally acceptable, and Salesforce has multiple Data Centers around the world. We use Data Center in Singapore as Server Base, with Backup Base in Hong Kong. Australia prescribes the law for Personal Data protection, called the Privacy Act 1988 and Hong Kong also has a Personal Data protection law called the Personal Data Ordinance, Laws of Hong Kong.

 

We will retain your Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained them and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law. After the lapse of such retention period, we may erase or destroy your Personal Data or change your Personal Data to be de-identified as appropriate.

7

Security of your Personal Data

In order to prevent unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of your Personal Data, the Company has established and/or opted to use a system to collect, use, and disclose Personal Data, whether in hard copy, electronic files and/or any other form, with appropriate security measures, including organizational measures, technical measures and physical measures, covering the components of the relevant information system, taking into account the security implementation specified by the law on Personal Data protection in order to properly maintain confidentiality, integrity, and availability of the Personal Data according to the level of risk. This includes controlling access to Personal Data and critical information system components, appropriate handling of user access, determining user’s responsibilities, putting in place appropriate measures for audit logging to detect access, alteration, correction or deletion of Personal Data. We also arrange the enhancement of knowledge and understanding related to Personal Data protection and security for personnel concerned.

8

Rights of Data Subjects

Subject to applicable laws and exceptions thereof, you may have the following rights and the Company will respond expeditiously:

8.1. Right to Withdraw Consent – For the purposes you have consented to our collection, use or disclosure of your Personal Data, you have the right to withdraw your consent at any time.


8.2. Right to Access – You may have the right to access your Personal Data by asking for its copy from the Company and submitting a request to have the Company disclose the acquisition of your Personal Data which you did not give your consent to us.


8.3. Right to Rectification – You may have the right to ask the Company to correct or complete your Personal Data that is incomplete, inaccurate, misleading, or not up-to-date.


8.4. Right to Erasure – You may have the right to ask the Company to delete your Personal Data or to change it to be de-identified data, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. Sometimes the deletion of your Personal Data causes us to no longer be able to provide service to you.


8.5. Right to Restriction: You may have the right to suspend the use of your Personal Data in the cases below.

  • When we are in the process of examination as requested by you.
  • In the case of Personal Data supposed to be deleted or destroyed, but you ask to hold such deletion or destroying.
  • When there is no necessity to keep Personal Data as per the purpose of its collection, but you are required to have your Personal Data further kept for establishment of legal claims.
  • When we are in the process of proving or investigating to protest against your objection.

8.6. Right to Data Portability: You may have the right to migrate your Personal Data given to us to another data controller or to yourself.


8.7. Right to Object: You may have the right to object the collection, use or disclosure of your Personal Data when you make the following cancellation:

  • In the case of Personal Data collected without your consent;
  • In the case of collecting, using or disclosing your Personal Data for the purpose of direct marketing.

8.8. Right to lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our processing of your Personal Data is unlawful or noncompliance with applicable data protection law.


You can exercise your right to withdraw consent or your right to object by contacting us at our counter desks or using the contact details provided in Section 11 below.

9

Privacy notices of third-party websites

Our products and services may contain links to third-party websites. This Privacy Notice shall govern only products and services belonging to us. If you access to and use such linked websites to another products and services, we urge that you firstly read privacy notices of those third-party websites.

10

Changes to this Privacy Notice

The Company may amend this Privacy Notice from time to time. Where applicable, we may notify you when material changes have been made to this Privacy Notice by means we deem appropriate. We recommend that you periodically revisit or keep track of this Privacy Notice to learn of any changes.

This Privacy Notice was last updated on 05 November 2024.

11

Contacting the Company

If you have any questions about this Privacy Notice, protection of your Personal Data, your information kept by the Company, or desire to exercise your rights as a Data Subject, please contact

Gaysorn Village Member Services Co., Ltd.

Name: Gaysorn Group Data Protection Officer (DPO)
999, 4th Floor, Gaysorn Centre, Lumpini, Pathumwan, Bangkok, 10330, Thailand.

Email: dpo@gaysorngroup.com
Phone: 02-656-1149

Subscribe for Gaysorn News & Promotion

This field is for validation purposes and should be left unchanged.
All Search