“Sensitive Personal Data” means details about your religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.
“Personal Data” means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
“We” or “our” or “us” means Convert (Thailand) Co., Ltd.
“You” or “your” means any person who has access to our websites or the registered users of our services.
Types of Personal Data That We Collect from You
We collect Personal Data about you which we have grouped together as follows:
Profile Data which includes your username and password, purchases or orders, and your interests, preferences, feedback and survey responses.
Identity Data which includes first name, maiden name, last name, username or similar identifier, marital status, title, race, date of birth and gender.
Usage Data, which includes information about how you use our websites, products and services, rewards, coupons, cashbacks and other incentive programs provided to you as part of our services.
Transaction Data, which includes details about payments to and from you, and other details of products and services you have purchased from us.
Financial Data, which includes bank account and payment card details.
Technical Data which includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our websites.
Marketing and Communications Data which includes your preferences in receiving marketing from us and our related third parties, and your communication preferences.
We do not collect any Sensitive Personal Data about you nor do we collect any information about criminal convictions and offences unless otherwise required by applicable law.
How We Collect Your Personal Data
We use different methods to collect your Personal Data including through:
Direct interactions. You may give us your Identity Data and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes Personal Data you provide when you apply for our products or services, create an account on our website, subscribe to our service or publications, request marketing to be sent to you, enter a competition, promotion or survey; or give us feedback or contact us or grant us your phone camera access or photo album access to upload profile image or other supporting documents for the purpose of creating an account with us or using our services.
Automated technologies or interactions. As you interact with our websites, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this Personal Data by using cookies, server logs and other similar technologies.
How We Use Your Personal Data
We collect, use, and/or process your Personal Data including but not limited to the following purposes:
– to administer and manage products and/or services to you;
– to communicate with you, including responding to your applications, queries and/or complaints;
– to notify you about important changes/developments to the products and/or services features;
– to comply with regulatory requirements and provide assistance to law enforcement agencies;
– to research and develop products and/or services including improving and developing our services and quality assurance to you;
– to assess/verify your credit worthiness and to maintain your credit history for present and future reference (if deemed necessary); and
– to market and promote other products and services that are offered by our affiliates, agents, related third parties, from time to time.
Disclosure of Your Personal Data
We may disclose your Personal Data with the following classes of third parties for the purposes set out above:
– Internal third parties such as other companies in the group and affiliates.
– External third parties such as service providers who provide IT and system administration services; professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services; regulators and other authorities who require reporting of processing activities in certain circumstances; credit bureaus, credit reporting agencies, debt-collection agencies who assist with debt recovery functions, due diligence functions, etc.
– Other third parties to whom we choose to sell, transfer or merge parts of our business or our assets.
We have put in place appropriate security measures to prevent your Personal Data from misuse and loss from unauthorized access, modification or disclosure. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties on a need to know basis. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your Personal Data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your Personal Data: see your legal rights below for further information.
In some circumstances we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
– Request access to your Personal Data.
– Request correction of your Personal data.
– Request erasure of your Personal Data.
– Request restriction of processing your Personal Data.
– Request transfer of your Personal Data.
– Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights).This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will use our best efforts to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.