PRIVACY POLICY (APP)

PRIVACY POLICY

Numeiang Group Company Limited (the “Company” or “we”) recognizes the importance of your personal data protection. Therefore, this Privacy Policy is meant to explain our practices regarding the collection, use or disclosure of personal data including other of your rights as the data subject under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).

Collection of Personal Data

We collect your personal data directly from you via the following channels:

1. Registration for the uses of services on the Company’s application.
2. Payment for the use of services on the Company’s application.
3. Fill-in the survey about your interest and satisfaction for the uses of application, services or products of the Company.
4. Your queries about applications, any products or services of the Company.
5. Your participation in the Company’s activities.
6. Communication via telephone, email, or social media such as Facebook, LINE application, etc.
7. Your communication about your complaint or report of issues related to applications, products or services of the Company.

We may collect your personal data from other available sources such as government authority, other third parties, etc.

Categories of the Collected Personal Data

We collected your personal data that can be used to identify your identity, whether directly or indirectly, as following:

1. Identity data e.g., name, surname, age, date of birth, gender, marital status, etc.
2. Contact data e.g., address, phone number, email, etc.
3. Preference or behavior data.
4. Geolocation data (GPS Location).
5. Social Media data e.g., LINE ID, Facebook account, etc.
6. Technical data e.g., IP Address, Application Activity Log, etc.
7.  Other data e.g., photo, video and any other information that is considered personal data under the PDPA.

We may collect, use or disclose your sensitive personal data when we have obtained explicit consent from you unless permitted by the law, such as health data, religion, biometric information (such as facial recognition data, iris recognition data, fingerprint recognition data, etc.) and any data which may affect your privacy in the same manner as prescribed by the Personal Data Protection Committee.

Minor

If you are under the age of 20 or have legal restrictions, we may require your parents or guardian to provide consent to us or other persons allowed by applicable laws for collecting, using or disclosing your personal data. If we become aware that we have collected personal data from children without consent from the parents or guardian, we will take steps to remove such personal data from our servers immediately.

How is Personal Data being Stored

We will store your personal data in document and electronic form. We store your personal data on the Company’s server and cloud system of cloud service providers.

Purposes of Personal Data Processing

We will collect, use, and disclose your personal data in accordance with your request and/or agreement you entered with the Company, including but not limited to the following purposes: 

1. To proceed with your request before your registration for the use of the Company’s services and to consider the approval of related services including delivery of products and/or services of the Company to you.
2. To register for the participation in any activities hosted by the Company or to register for receiving a gift or benefits provided by the Company.
3. To provide a service on the applications and products of the Company including other related services.
4. To plan the operation, management, internal administration, customization, assessment and improvement of the service content, and advertisement of the Company.
5. To contact you for resolving issues that arise from any complaints.
6. To inform benefits, promotions, marketing activities, invitations of the Company’s activities and to communicate about such activities including to offer any products and services.
7. To gather comments and feedback to use for research, assess, develop and improve the services and features to be more efficient and suit your needs.
8. To prevent and investigate fraud and infringement in security of any activities that may be unlawful and against terms and conditions of use of the Company.
9. To comply with the terms and conditions of the Company and to comply with law or regulation of any related government authorities.

If your personal data collected by the Company as specified above is necessary for the Company’s legal compliance or performance of contract between you and the Company. If you do not provide such information, the Company may not be able to provide you products or services and may not be able to provide you any convenience for using services.

Disclosure of Personal Data

We may disclose your personal data to pursue with the purposes specified above to other persons when obtaining your consent or as permitted by the law to do so, including but not limited to the following person or organizations:

1. Subsidiaries, Group Companies or Affiliate Companies
The Company may disclose your personal data to subsidiaries, group companies or affiliate companies only if necessary to improve and develop your products or services. We may combine information internally across the different products or services under this Privacy Policy.

2. Service Providers
We may disclose your personal data to our service providers as necessary to provide our services such as payments, marketing and products or services development, etc. We are unable to access your payment information you have with our service providers and such information will be governed by the privacy policy of such service providers.  For more information about how our service providers collect and how they use your payment information, please see the privacy policy of such service providers.

3. Business Partners
We may disclose certain personal data to business partners to coordinate and provide our products or services to you and provide necessary information. Moreover, to analyze, develop better services in the future.

4. Business Transfer
We may disclose information, including your personal data, for the reorganization, restructuring, merger or acquisition, or other transfer of assets, provided that the receiving party agrees to respect your personal data in a manner that is consistent with this Privacy Policy and PDPA.

Cross-Border Personal Data Transfer

In certain circumstances, we may transfer your personal data to individuals, organizations or cloud systems of Microsoft Azure located overseas. In this regard, we will implement any measures to ensure that the transfer of your personal data to the destination country provides an adequate security measure or as required by law to protect and maintain your personal data.

Retention Period

We will retain your personal data for as long as necessary during the period you are a customer or under a relationship with us, or for as long as necessary in connection with the purposes set out in this Privacy Policy, unless law requires or permits a longer retention period. We will erase, destroy or anonymize your personal data when it is no longer necessary or when the lapses of period specified by the law.

Data Subject Rights

When you provide your personal data to us, you have a variety of rights that you can exercise your rights free of charge, under the exception of the law. 
Your rights under the PDPA are as follows:

1. Right to withdraw consent: You have the right to withdraw consent you have given to us at any time throughout the period your personal data is available to us. However, the withdrawal of consent shall not affect the processing of personal data you have already given consent to us legally.
2. Right to access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal how we obtain your personal data.
3. Right to data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controllers unless not technically feasible.
4. Right to objection: You have the right to object to the collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
5. Right to erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
6. Right to restriction of processing: You have the right to request us to suspend processing of your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary, and we must erase or destroy your personal data pursuant to relevant laws, but you request us to suspend the processing instead.
7. Right to rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
8. Right to lodge a complaint: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.

You may exercise these rights as the Data Subject by contacting us through the channels set out below of this Privacy Policy. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email address, telephone, registered mail, etc.

Advertising and Marketing

To enable you to receive benefits from using our products or services, we use your personal data to analyze and enhance our products or services, and conduct a marketing effort via notification on our application, Google, Facebook, and others. We use such information to provide you with products or services that would suit your needs. 

Our application may display advertisements from third parties in order to facilitate our service. These third parties may have access to your personal data only for these purposes and have an obligation to not disclose or use the personal data for any other purposes.

We do not use automated decision-making without human intervention, including profiling in a way that may cause significant effects on you.

We may send certain information or newsletter for the purpose of offering an interesting offer to you via your email for the purpose of offering products or services that you may be interested in. If you no longer wish to receive the communications from us, you can click the “unsubscribe” link in the email or contact us via our email.

Security of Personal Data

We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, use, alteration, modification, or disclosure. In addition, we will provide a security measure for personal data that cover the administrative safeguard, technical safeguard, physical safeguard and access controls. In addition, our staff, employees, and external service providers are obliged to maintain confidentiality of your personal data and to strictly comply with the data security standard and policies when your personal data is being used, transferred, transmitted or processed.

Personal Data Breach Notification

In case of a data breach incident, we will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it. If the personal data breach is likely to result in a high risk to your rights and freedoms, we will also notify the personal data breach and the remedial measures to you without delay via the provided channels, such as our pop-up notification on our application, website, SMS, email, telephone or registered mail, etc.

Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy from time to time. You may check the change of this Privacy Policy on the pop-up notification of our application.
This Privacy Policy was last updated and effective on 8th August 2021

Link to Other Websites or Applications

This Privacy Policy is used for the services and the use of our application only. If you visit another website or application even via the application of the Company, the personal data protection of such website or application will be subject to the privacy policy of such website or application which is not related to us. Please check the privacy policy of such websites or applications directly to understand more information. 

Third Party Link

Our application may contain third-party links which may lead to partners’ websites. Any access and use of third-party’s websites is not governed by this policy, but is governed by the policies of those third-party website.

Contact Information

If you have any questions about this Privacy Policy or would like to exercise your rights, you can contact us by using the following details:
Numeiang Group Company Limited
Address: 479/20 Salak Hin Alley, Rong Mueang Sub-district, Pathum Wan District, Bangkok
Email: admin@numeiang.com
Website: www.numeiang.com
Telephone: 02-214-3648