Search
Menu
  • Home
  • Privacy Notice for Customers

Privacy Notice for Customers

Personal Data

Gaysorn Village Member Services Co., Ltd. (the “Company, “we, “us or “our) values the importance of data privacy and transparency and knows that the details of how we collected, used, disclosed, and/or cross-border transferred your personal data is what you care about. Therefore, the Company has prepared this Privacy Notice (the “Privacy Notice), which applies to all our customers (“you or “your), to explain how we collect, use, disclose and/or cross-border your personal data. 

This Privacy Notice provides important information including:

  • Definition
  • Personal Data collected by the Company
  • Purposes of collection of your Personal Data
  • Disclosure of your Personal Data
  • Cross-border transfer of your Personal Data
  • Retention of your Personal Data
  • Security of your Personal Data 
  • Cookies
  • Right of Data Subjects
  • Privacy notices of third-party websites
  • Changes to this Privacy Notice
  • Contacting Company
1

Definition

In this Privacy Notice:

 

“Personal Data” means any information relating to a natural person, which directly or indirectly identifies such natural person, but excluding the information of deceased natural persons; and 

“Data Subject” means the natural person that is identified, whether directly or indirectly, by certain Personal Data.

2

Personal Data collected by The company

The Company may collect your Personal Data directly when you apply for a membership with us, participate in our surveys or when you reach out to us through our official communication channels (e.g., our retail stores, websites, mobile applications, concierge, sales representatives, event booths, social networking sites, online communication channels, pick-up registration for goods and/or services and other channels) or indirectly from other sources and through Gaysorn Group of Affiliated companies including subsidiaries or business partners. Personal Data collected by us may include, but are not limited to, the following:

  • Personal details: such as title, name-surname, birthday, age, gender, occupation, qualifications, job title, position, company name, nationality, country of residence, marital status, number of family members and children, information on government-issued cards (e.g., national identification number, photograph of the national identification card, information on the national identification card, social security number, passport number, driver’s license details or similar identifiers), immigration details such as arrival and departure date, signature, voice record, picture, CCTV records, education, insurance details, license plate details, house registration, household income, salary and personal income including your inquiries via social media; 
  • Contact details: such as telephone number, mobile number, fax number, address, email, social media account ID and details provided on your social media accounts and sites;  
  • Membership information: such as account details, member card number, reward points, member ID, member type, customer type, member join/registration date and month, membership period, bank account and payment details, and service and product applications (e.g., membership application, insurance application), earn, redemption, burn and transfer points, transaction, member behavior, co-branded payment cards, social media accounts linked to membership programs; 
  • Financial details: such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, bank account details, prompt pay number payment details and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, suitability of transaction and any other financial details;
  • Transaction details: such as details about payment to and from you, payment date/time, payment amount, details about refund, points, date and location of purchase, purchase/order number, complaints and claims, transaction history, transaction status; 
  • Technical details: such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as international mobile equipment identifier (IMEI), electronic serial number (ESN), mobile equipment identifier (MEID) and serial number (SN)), device model and type, formats of software and hardware of the device when it is activated in the system, network, connection details, access details, single sign-on (SSO), access time and location, time spent on the page, GPS, latitude, longitude, login information, applications downloaded on a communication devices, search history, browsing details, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and other technology on devices you use to access our websites or applications, including any other technical information arising from the use of our platform, application and systems; 
  • Behaviour details: such as information about your behavior and data supplied through the use of our products and services, your favorites, preferences, interests, lifestyle and search history; 
  • Profile details: such as your username and password, profile details and picture, past orders, purchase history, your interests, preferences, comment, feedback and survey responses, satisfaction survey, social media engagement, participation details, your use of discount codes and promotions, customer service;
  • Usage details: such as information on how you browse or use our websites, platforms, applications, products and services, products in customer’s cart, wish list record, remind me flash sale record, follow-shop record, searching information, details of the right accumulation, details of the redemption, and timestamp of last click and Q&A record;
  • Marketing and communication details: such as your preference in receiving marketing from us, our affiliates, third parties, business partners and your communication preferences, information of your interaction with us and marketing data (e.g., information supplied through surveys, polls, feedback, or research activities); and/or
If you provide Personal Data of any third party to us (e.g., their name, and telephone number for emergency contact, family member income), please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable.

We only collect the Personal Data of minors, quasi-incompetent persons and incompetent persons where their parents or guardian has given their consent, when consent is required. We do not knowingly collect Personal Data from a minor without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian’s consent when it is required. In the event that we learn that we have unintentionally collected minor’s, quasi-incompetent person’s and/or incompetent person’s Personal Data without consent from parent or guardian, when consent is required, we will delete such Personal Data in a timely manner or will only collect, use, and/or disclose such Personal Data if we can rely on other legal bases apart from consent.
3

Purposes of collection of your Personal Data

The Company may collect, use and/or disclose your Personal Data for the purposes as follows:

3.1. The purpose of which you have given your consent:

  • Marketing and Communications: We may collect, use and/or disclose your Personal Data, such as name, surname, telephone number and/or other information, to the extent necessary, to provide marketing communications, personalised marketing, information, news, promotion, special offers and privileges about product and services provided by us, Gaysorn Group of Affiliated companies including subsidiaries or our selected business partners, where we cannot rely on other lawful bases.

You may withdraw your consent for the above purposes at any time by contacting us at our counter desks or using the contact details provided in Section 12 below.

We will request your consent for other purposes if required. In certain cases, we will ask for your consent before sending certain marketing communications, and news and information to you if we cannot rely on other legal bases, for example, a marketing of third parties’ products or services, which goes beyond your expectation to receive such marketing.

 

3.2. The purpose that we may rely on other lawful bases

We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and your interest, fundamental rights and freedoms in relation to the protection of your Personal Data; (4) for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the state authorities (6) for establishment and raising of potential legal claims or other legal bases permitted under applicable laws relating to Personal Data protection (as the case may be). Depending on the context of the relationship with us, we may collect, use and/ or disclose Personal Data for the following purposes:

  1. To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to provide the products and services to you (e.g., reserve parking spaces, providing previews of products available at Gaysorn Village) to consider your eligibility and you membership application; to carry out financial transaction and service related to the payments including transaction check and verification and cancellation; to process your orders, to verify warranty period; to provide aftersales services, including maintenance and facility reservation;
  2. Marketing and Communications: such as to provide you with information and required notices; to perform public relations; to send you news and information about the products, services, brands, and operations and to process and update your information to provide privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news, information and any marketing and communications about the products and services from us, Gaysorn Group of Affiliated companies including subsidiaries  and business partners under which meet your legitimate interests or in accordance with preferences you have expressed directly or indirectly. For example, when you purchase products from shops at Gaysorn Village or our mobile application/website, we may send marketing messages on the new products or similar products or any products that could be of your interest, which are offered at Gaysorn Village or our mobile application/website to you via SMS, email or notification in the application or website, to you; 
  3. Promotions, special offer, membership programs, reward programs, prize draws, competitions, and other offer promotions: To allow you to participate or be eligible to special offers, membership programs, reward program, sweepstakes, privilege, prize draws, competitions, and other offer/promotions (e.g., sending you reminder emails and transferring your Personal Data to business partners) to participate in activities, events and seminars. This includes to process and administer your membership, allow you access to our Gaysorn Diamond Lounge, Diamond Closet; for the processing, collection, addition, exchange, earning, redemption, payment, and/or transfer of points; to examine your entire user history, both online and offline; to provide and issue gift vouchers, gift cards, and invoices;
  4. Registration and Authentication: To register, verify, prove, affirm, identify, and/or authenticate you or your identity;
  5. To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, those within Gaysorn Group of Affiliated companies including subsidiaries and business partners; to handle customer service-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services and provide accommodations;
  6. Personalization, profiling and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalised your experience; to learn more about you, the products and services you receive and other products and services you may be interested in receiving; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, market research, surveys, assessments, analysis, behaviour, statistics and segmentation, consumption trends and patterns; profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to learn more about the products and services you receive, and other products and services you may be interested in receiving, including profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you purchased, how you like to be contacted and so onto improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. For this purpose, we will collect, use and disclose your Personal Data for your interest and benefit and for our legitimate interests and businesses;
  7. To improve business operations, products, and services: To evaluate, develop, manage, and improve, research and develop the services, products, system, and business operations for you and all of our customers within The Company, Gaysorn Group of Affiliated companies including subsidiaries and business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, physical measurement of products performance, digital features and marketing campaigns as well as developing business models, model for loan consideration, insurance and debt collection model;
  8. Functioning of the websites, applications, and platforms: To administer, operate, track, monitor, and manage the websites, applications and platforms to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the websites, applications and platforms; improve layout, and content of the websites, applications and platforms;
  9. IT Management: For business management purposes including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
  10. Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide and handle VAT refund service; issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime; 
  11. Protection of our interests and those of others: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business; to protect the rights, property or safety of others.
  12. Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This includes performing sanction list checking, internal audits and records, asset management, system, and other business controls;
  13. Corporate transaction: In the event of sale, transfer, merger, reorganization, or similar event, we may transfer your Personal Data to one or more third parties as part of that transaction;
  14. Risks: To perform risk management, audit performance, and risk assessments; and/or
  15. Life: To prevent or suppress a danger to a person’s life, body, or health.

Where we need to collect, use and disclose your Personal Data as required by law, or for performance of a contract with you and you fail to provide that Personal Data to us, we may not be able to perform the contract we have or are trying to enter into with you. In particular, we may not be able to provide our products and services to you.

Where consent is required for certain activities of collection, use or disclosure of your Personal Data, we will request and obtain your consent for such activities separately.

4

Disclosure of your Personal Data

The Company may disclose your Personal Data to the following third parties who collects, use and/or disclose your Personal Data in accordance with the purpose under this Privacy Notice. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy notices to learn more details on how they process your Personal Data.

  • 4.1. Gaysorn Group of Affiliated companies
    As the Company is part of a Gaysorn Group of Affiliated companies which all collaborate and partially share customer services and systems including website-related services and systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Gaysorn Group of Affiliated companies including subsidiaries and business partners for the purposes set out above.
  • 4.2. Our service providers
    We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to (1) infrastructure, software and website developer and IT service providers; (2) warehouse and logistic service providers; (3) payment service providers; (4) research agencies; (5) analytics service providers; (6) survey agencies; (7) printing service providers; (8) marketing, advertising media and communications agencies; (9) concierge or call center; (10) campaign and event organizers; (11) sale representative agencies; (12) telecommunications and communication service provider; (13) payment, payment system, authentication, and dip chip service providers and agents; (14) outsourced administrative service providers; (15) data storage and cloud service providers; (16) verifying and data checking service providers; (17) dispatchers; (18) auditors and/or (19) law firms.

    In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
  • 4.3. Our business partners
    The Company may transfer your Personal Data to our business partners whom the Company may jointly offer products or services, or whose products or services may be offered to you, provided that the receiving business partner agrees to treat your Personal Data in a manner consistent with this Privacy Notice.
  • 4.4. Social networking sites
    The Company allow you to login on our websites and applications without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g., Facebook, Google, Instagram, youtube ID, Line ID), as well as other data mentioned during use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalised, relevant adverts on your social network account if appropriate.

    We also partner with certain third parties that allow you to enroll in their services or participate in their promotions. For example, certain companies allow you to use your membership program number or online services login to receive or register for their services. Additionally, your social network account provider allows you to connect your social network account to your online services account or log into your online services account from your social network account. When you enroll in those services, we disclose your Personal Data to those third parties. If you do not want to share your Personal Data in this way, do not provide your membership program number to third parties, do not use your online services account to register for third-party promotions and do not connect your online services account with accounts on third-party services. Data shared in this way will be governed by the third party’s privacy notices and not this Privacy Notice.
  • 4.5. Third parties permitted by law
    In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • 4.6. Professional advisors
    This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.
  • 4.7. Associations
    We may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association, Ratchaprasong Square Trade Association and/or the Ratchaprasong Intersection Group.
  • 4.8. Assignee of rights and/or obligations
    We may transfer your Personal Data to third parties in the event of any reorganization, merger, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock. If any of above events occur, our assignee will comply with this Privacy Notice to respect your Personal Data.
5

Cross-border transfers of your Personal Data

The Company may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties has in place suitable data protection standard and that the transfer is lawfully permitted under the applicable laws.

6

Retention of your Personal Data

The Company keeps data on Salesforce’s cloud which is a standardized system, highly secured, generally acceptable and Salesforce has multiple Data Centers around the world. We uses Data Center in Australia as Server Base, with Backup Base in Hong Kong. Australia prescribes the law for Personal Data protection, called the Privacy Act 1988 and Hong Kong also has a Personal Data protection law called the Personal Data Ordinance, Laws of Hong Kong.  

We will retain your Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained them and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law. After the lapse of such retention period, we may erase or destroy your Personal Data or change your Personal Data to be de-identified as appropriate.
7

Security of your Personal Data

In order to prevent unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of your Personal Data, the Company has established and/or opted to use a system to collect, use, and disclose Personal Data, whether in hard copy, electronic files and/or any other form, with appropriate security measures, including organizational measures, technical measures and physical measures, covering the components of the relevant information system, taking into account the security implementation specified by the law on Personal Data protection in order to properly maintain confidentiality, integrity, and availability of the Personal Data according to the level of risk. This includes controlling access to Personal Data and critical information system components, appropriate handling of user access, determining user’s responsibilities, putting in place appropriate measures for audit logging to detect access, alteration, correction or deletion of Personal Data. We also arrange the enhancement of knowledge and understanding related to Personal Data protection and security for personnel concerned.

8

Cookies

8.1 What are the Cookies?
Cookies are Text Files on computer for log keeping of internet information and website visitor behavior. When visiting our websites, your Personal Data may be collected automatically through Cookies or other similar technologies.

For more information about Cookies, you can visit www.allaboutcookies.org/manage-cookies.


8.2 What does the Company use Cookies for?
The Company will collect all visitors’ browsing pattern through Cookies or similar technologies. We use Cookies for efficiency development to the access to our services via internet, including improving the efficiency of the use of our services via internet. We use Cookies in various forms in order to improve your using experience on the websites covering the following aspects:

  • Saving your login information (Log in / sign in) so you can continue using your account;
  • For understanding your usage on our websites.

 

8.3 What types of Cookies are used by the Company?
There are various types of Cookies used. However, for the website, the Company will use Cookies for the following reasons:

  • Necessary Cookies: Necessary cookies are required for the operations of the website to ensure the security, simplicity, and integrity of functional use. They include, for example, cookies that enable basic functions like page navigation or enable the user to log into secure areas of the website. The website cannot function properly without these cookies. These cookies placed on your device do not store any personally identifiable information.
  • Performance Cookies: Performance cookies allow us to count visits and traffic sources so the we can measure and improve the performance of our website. They enable us to understand how the user interacts with the website by collecting and reporting information anonymously and to help us improve user experience of the website. If you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.
  • Targeting Cookies: Targeting cookies may be set through our website by our advertising partners. They record your visit to our website, the pages you have visited and the links you have followed. we will use this information to make our website, and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. If you do not allow these cookies, you will experience less targeted advertising.
  • Functionality Cookies: Functionality cookies may be set by us or by third party providers whose services we have added to our pages. They enable the website to operate in accordance with your preferences, for example, to recognize your username and remember how you customized the site during future visits. If you do not allow these cookies, then some or all of these services may not function properly.
  • Social Media Cookies: We have added sharing tools to the website to enable you to share our content with your friends and networks. They are capable of tracking your browser across other websites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies, you may not be able to use or see these sharing tools.
  • Third Party Cookies: In some special cases, we also use cookies provided by trusted third parties. We use Google Analytics which is one of the most widespread and trusted analytics solutions on the web for helping us to understand how you use the site and ways that the we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content. For more information on Google Analytics cookies, see the official Google Analytics page.

 

8.4 Managing the Cookies
Please see the details at https://www.gaysornvillage.com/en/legal/cookie_policy.php , where you can be described how to delete Cookies from your browser. However, in some cases certain features of us may not be allowed to do so.

9

Rights of Data Subjects

Subject to applicable laws and exceptions thereof, you may have the following rights and the Company will respond expeditiously:

9.1. Right to Withdraw Consent – For the purposes you have consented to our collection, use or disclosure of your Personal Data, you have the right to withdraw your consent at any time.

9.2. Right to Access – You may have the right to access your Personal Data by asking for its copy from the Company and submitting a request to have the Company disclose the acquisition of your Personal Data which you did not give your consent to us.

9.3. Right to Rectification – You may have the right to ask the Company to correct or complete your Personal Data that is incomplete, inaccurate, misleading, or not up-to-date.

9.4. Right to Erasure – You may have the right to ask the Company to delete your Personal Data or to change it to be de-identified data, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims. Sometimes the deletion of your Personal Data causes us to no longer be able to provide service to you.

9.5. Right to Restriction: You may have the right to suspend the use of your Personal Data in the cases below.
  • When we are in the process of examination as requested by you.
  • In the case of Personal Data supposed to be deleted or destroyed, but you ask to hold such deletion or destroying.
  • When there is no necessity to keep Personal Data as per the purpose of its collection, but you are required to have your Personal Data further kept for establishment of legal claims.
  • When we are in the process of proving or investigating to protest against your objection.

9.6. Right to Data Portability: You may have the right to migrate your Personal Data given to us to another data controller or to yourself.

9.7. Right to Object: You may have the right to object the collection, use or disclosure of your Personal Data when you make the following cancellation:
  • In the case of Personal Data collected without your consent;
  • In the case of collecting, using or disclosing your Personal Data for the purpose of direct marketing.

9.8. Right to lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our processing of your Personal Data is unlawful or noncompliance with applicable data protection law.

For marketing activities, we may rely on contractual basis, legitimate interest basis and/or consent basis, as a case maybe. Anyhow, you have the right to object or withdraw your consent if you do not wish to receive marketing messages from us as follows:

You can exercise your right to withdraw consent or your right to object by contacting us at our counter desks or using the contact details provided in Section 12 below.
10

Privacy notices of third-party websites

Our products and services may contain links to third-party websites. This Privacy Notice shall govern only products and services belonging to us. If you access to and use such linked websites to another products and services, we urge that you firstly read privacy notices of those third-party websites.

11

Changes to this Privacy Notice

The Company may amend this Privacy Notice from time to time. Where applicable, we may notify you when material changes have been made to this Privacy Notice by means we deem appropriate. We recommend that you periodically revisit or keep track of this Privacy Notice to learn of any changes.

 

This Privacy Notice was last updated on October 29, 2024.

12

Contacting the Company

If you have any questions about this Privacy Notice, protection of your Personal Data, your information kept by the Company, or desire to exercise your rights as a Data Subject, please contact us

Gaysorn Village Member Services Co., Ltd.

Name: Data Protection Officer (DPO)
Address: 999, 4th Floor, Gaysorn Centre, Lumpini, Pathumwan, Bangkok, 10330, Thailand.
Phone number: 02-656-1149
Email address: dpo@gaysorngroup.com

Subscribe for Gaysorn News & Promotion

This field is for validation purposes and should be left unchanged.
All Search