X

AEON THAI MOBILE
AEON Thana Sinsap (Thailand) PLC FREE -On The App Store

Open

Privacy Policy

Privacy Policy Statement

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our existing customers and prospect customers, and how we protect personal information and properly handle such information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal data will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our officers and employees regarding the importance of protecting personal information to ensure that they handle customers’ personal information in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

– Identity data (for example, name, surname, identification card number, passport number, birthdate, gender, nationality, marital status, online identity (e.g. IP address, cookie, device ID), and in some cases AEONTS may process sensitive data such as biometric data for face recognition only with your explicit consent or when permitted by law)
– Contact data (for example, address, telephone number, email)
– Transaction data (for example, credit card number, member card number, income information, financial statement, data of transaction via AEONTS products or services, credit history, debt payment history, asset information)
– Communication data (for example, images, video or voice recordings when communicating with us)

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Procedures for applications for using our services, contract signing, form filling, questionnaires, registrations or submission of claims or requests
– Your communication with us via our contact channels, e.g. telephone, e-mail, etc.
– Automatic system, e.g. when you use our website or application, etc.

(2) Collect information from other sources, for example:
– Our customers, agents or service providers
– Our group companies or our business partners
– Government authorities or other publicly available sources, such as company website, information made available on the internet or social media platforms (e.g. Facebook, Twitter, LinkedIn, etc.)

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
To consider applications for using our products or services
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
To conduct e-KYC authentication for verifying customer identity
  • Consent
To conduct KYC authentication for verifying customer identity
  • Compliance with a law
To use our products or services and comply with our internal procedures (e.g. delivery of documents between you and AEONTS).
  • Performance of a contract
  • Legitimate interest
To evaluate, improve and develop our products, services and sales promotion.
  • Legitimate interest
  • Consent
To comply with legal obligations and law enforcement requests, and to report information to government authorities as required by laws (e.g. Bank of Thailand, Revenue Department) or upon receiving an order or a writ of attachment from police officers, government authorities or courts.
  • Compliance with a law
To establish, comply or exercise the rights to legal claims or defend against the rights to legal claims
  • Legitimate interest
To conduct business planning, reporting, and forecasting
  • Legitimate interest
To prevent and detect fraud, money laundering, financing of terrorism and other illegal actions
  • Performance of a contract
  • Compliance with a law
  • Legitimate interest
To trace and collect debts
  • Performance of a contract
  • Legitimate interest
To legally assign any rights, duties and benefits under contract between you and AEONTS, including transfer or selling of debts or transfer due to securitization
  • Performance of a contract
  • Legitimate interest
To support inspection, investigation or other legal proceedings
  • Performance of a contract
  • Legitimate interest
To monitor security in and around our head office, regional offices, branches or premises, including ID card deposits when entering our premises and using CCTV to collect videos of those who contact in person
  • Legitimate interest
To manage risks and undertake internal audit and administration
  • Legitimate interest
To manage our relationship with you, for example to manage claims, to offer benefits without marketing purposes
  • Legitimate interest
  • Consent
To analyze, research and develop our products and services to meet your requirements
  • Consent
To analyze your spending or service using history and your preferences to enhance benefits and offering our products or services available currently and in the future
  • Consent
To inform you of benefits and sales promotion for marketing purposes, to send activity invitations, to inform product or service information, including other notifications without marketing purpose
  • Consent
  • Legitimate interest
To verify customer’s identity for access to AEONTS lounge
  • Consent
To offer insurance products
  • Consent
To disclose to our agencies, contractors/sub-contractors and/or service providers for their implementation and procedure
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent
To disclose to our co-branded partners and business partners in order to enhance benefits and offering of existing and developing products or services of AEONTS and our co-branded partners and business partners, and to inform benefits and sales promotion
  • Consent
To disclose to our group companies and business partners for marketing purposes, including offering products, services, benefits and other special offers
  • Consent

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: (i) we retain the personal information for the duration we have an ongoing relationship with you and provide the service to you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Our subsidiaries, affiliates and any related companies (as per the names shown in List affiliate /third party disclose customer’s personal information) for business purposes, internal management, offering for sale of products or services which you may be interested in, including undertaking any other activity as set out in this Privacy Policy Statement

5.2 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Securities and Exchange Commission, Bank of Thailand, Anti-Money Laundering Office, Revenue Department.

5.3 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure, such as
– Carriers, providers of card issuing or destruction, document storage and destruction service providers, printing house, marketing agency, research companies, IT development companies
– Debt collection service provider (in the case where AEONTS assigns such debt collection service provider for trace and collection procedure and/or legal execution)
– National Credit Bureau Company Limited
– Auditors, lawyers, legal advisers, and consultants

5.4 Assignees of AEONTS’ rights, duties and benefits, including their attorneys, for example in case of corporate restructuring, merger, acquisition, sale of assets, debt transferring or selling, securitization, etc.

5.5 Co-branded partners and business partners of AEONTS or other third parties as per your consent or contractual requirements or legal requirements, as the case may be

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in using our products or services, or may not receive our benefits or special offers.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Data Portability

Where AEONTS arranges your personal information to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you have the right to receive your personal information and are also entitled to:

(a) request us to send or transfer your personal information in such formats to other data controllers if it can be done by the automatic means;

(b) request to directly obtain your personal information in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.

(4) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information for direct marketing purposes or on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(5) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(6) Right to Restriction of Processing

You have the right to request AEONTS to restrict the use of your personal information under certain circumstances where you believe such personal information to be inaccurate, our processing is unlawful; or we no longer need to process such personal information for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

(7) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
– Privacy setting page (via this website or mobile application)
– Notification setting page (via this website or mobile application)
– Contact Center at 02-655-0123 for (1)Right to Withdraw Consent and (7)Right to Rectification
– Other channels as specified in Clause 8 below for your right (2)-(6)
Nonetheless, if we reject your request, we will inform you of the reasons.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Junji Noda)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the sales of products or provision of services and use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website, notification on your device or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

Privacy Policy Statement (For third parties)

AEON Thana Sinsap (Thailand) Public Company Limited

1. Introduction

1.1 AEON Thana Sinsap (Thailand) Public Company Limited (“AEONTS” or “we”) has established and discloses this privacy policy statement (the “Privacy Policy Statement”) as our approach to explain how we, as the data controller, collect, use, disclose or otherwise process personal information of our [vendors, dealers, services providers and business partners, including their authorized directors, representatives and contact persons] and how we protect personal information and properly handlesuch information once the provisions under the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) with respect to the processing of personal information become effective.

1.2 AEONTS recognizes the importance of protecting personal information, and complies with the PDPA and other relevant laws and regulations as well as internal regulations of AEONTS including this Privacy Policy Statement, and AEONTS strives to properly protect and handle personal information.

1.3 AEONTS collects personal information through appropriate and lawful means, and only to the extent necessary to achieve the purpose of utilization. Such collection, use, disclosure or otherwise processing of personal information will be in accordance with the provisions of relevant laws only.

1.4 AEONTS specifies the purpose of collection, use, disclosure or otherwise processing of personal information, and collects such information to the extent necessary in relation to the purpose. In cases where the purpose of collection, use, disclosure or otherwise processing of specific personal information is limited by relevant laws and regulations, AEONTS does not use such personal information beyond such limitations of the purpose. You may find details of purpose of collection, use, disclosure or otherwise processing of personal information in this Privacy Policy Statement.

1.5 AEONTS does not disclose personal information to any third party, except where the person concerned has granted prior consent in that regard, or where disclosure of personal information is based on laws.

1.6 AEONTS takes appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure, of personal information. When appointing any third party to process personal information on behalf of AEONTS, AEONTS appropriately oversees such third party.

1.7 AEONTS reviews the content of this Privacy Policy Statement as necessary, and strives to bring about continuous improvement such as to our systems and approaches for protecting personal information.

1.8 AEONTS trains and educates our employees regarding the importance of protecting personal information to ensure that they handle the personal information in an appropriate manner.

1.9 AEONTS responds in an appropriate and swift manner to requests for exercising data subject rights, any opinions or requests concerning its collection, use, disclosure or otherwise processing of personal information. Please see relevant details shown in this Privacy Policy Statement or please contact AEONTS at contact details shown below.

2. Personal Information We Collect, Use, Disclose or Process and Its Sources

2.1 What is personal information?

Personal information means any information relating to an individual, which enables the identification of such individual, whether directly or indirectly,

2.2 Personal information we collect, use, disclose or process

AEONTS collects several types of personal information, including:

– Identity data (for example, name, surname, identification card number, passport number, birthdate, and in some cases, AEONTS may process sensitive data such as finger vein biometric data only with your explicit consent or when permitted by law)
– Contact data (for example, address, telephone number, email)
– Financial data (for example, bank account, credit bureau, bankruptcy, anti-money laundering information)
– Data about your background verification
– Identity and contact data of your contact person indicated by you
– Any other information contained in your company profile, website, annual report and social media platforms
– Information obtained through video recordings during your work performance such as videos caught on CCTV

2.3 Sources of information

AEONTS may collect your personal information from various sources as follows:

(1) Collect information directly from you, for example:
– Vendor checklist and verification, registration procedures, contract signing, form filling, registrations or submissions of claims or requests for exercising your rights
– Your communication via our contact channels, for example, telephone, email, etc.
– Security procedure such as ID Card deposit when entering our premises

(2) Collect information from other sources, for example:
– Our vendors, dealers, service providers or business partners of which you hold a position as authorized directors, representatives, or employees
– Government authorities and supervising authorities such as Royal Thai Police, Anti-money Laundering Office, or other publicly available sources such as company website, information made available on the internet or social media platforms

3. Purposes of Collection, Use, Disclosure or Processing of Personal Information

AEONTS collects, uses, discloses or processes your personal information as a registrant to be vendor, vendor, dealer, service provider or business partner, or an authorized director, representative or employee acting on behalf of the individual or the aforementioned legal entity for various purposes depending on relationship between you and AEONTS as follows:

Processing purposes Lawful basis
To consider applications for using our products or services
  • Performance of a contract or taking steps at your request before entering into a contract
  • Legitimate interest
  • Consent for sensitive data (if any)
To enter into an agreement with you or your personnel
  • Performance of a contract
  • Legitimate interest
  • Consent for sensitive data (if any)
To perform contractual obligations between AEONTS and you or your personnel as AEONTS’s vendors, dealers, service providers or business partners, including issuing purchase order, purchase requisition or invoice, maintaining records of AEONTS’s vendors, dealers, service providers or business partners, managing relationship (e.g. granting access to AEONTS’s database or AEONTS’s premises), and monitoring and evaluating performance of AEONTS’s vendors, dealers, service providers or business partners
  • Performance of a contract
  • Legitimate interest
To prevent, detect and investigate fraud, unlawful activity, omission or misconduct, money laundering, financing of terrorism and other illegal actions
  • Legitimate interest
  • Compliance with a law
To manage risks and undertake internal audit and administration
  • Legitimate interest
To legally assign any rights, duties and benefits under relevant agreement between you or your personnel and AEONTS
  • Performance of a contract
  • Legitimate interest
To comply with legal obligations and law enforcement requests, and to report information to government authorities as required by laws (e.g. anti-money laundering law, tax law, etc.) or upon receiving an order or a writ of attachment from police officers, government authorities or courts.
  • Compliance with law
To establish, comply or exercise the rights to legal claims or defend against the rights to legal claims
  • Legitimate interest
  • Consent for sensitive data (if any)
To monitor security in and around our head office, regional offices, branches or premises including ID card deposit before accessing such areas, and using CCTV to collect videos of those who contact us at our premises
  • Legitimate interest
To facilitate, deal with and/or administer external audit(s) or internal audit(s) for any operations of AEONTS
  • Legitimate interest
To store, back up (whether for disaster or otherwise) of your and your personnel’s personal information
  • Performance of a contract
  • Legitimate interest
  • Consent for sensitive data (if any)

4. Data Retention Period

AEONTS retains your personal information for as long as is considered necessary for the purpose for which it was collected, used, disclosed or processed as set out in this Privacy Policy Statement. The criteria used to determine our retention periods include: we retain the personal information for the duration we have an ongoing relationship with you; or we may retain the personal information for a longer period as necessary to comply with applicable laws, or to be in accordance with legal prescription, or to establish, comply with or exercise the rights to legal claims or defend against the rights to legal claims, or to be complied with, for any other cause, our internal policies and regulations.

5. Data Disclosure

AEONTS may disclose your personal information in certain circumstances, for the purposes set out in this Privacy Policy Statement, to:

5.1 Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, Revenue Department.

5.2 Agencies, contractors/sub-contractors and/or service providers for their implementation and procedure, such as auditors, lawyers, legal advisers, and consultants.

5.3 Assignees of AEONTS’ rights, duties and benefits, including their attorneys, for example in case of transfer of rights and/or obligations under the relevant agreement, corporate restructuring, merger, acquisition, sale of assets, etc.

5.4 Our customers or other third parties as per contractual requirements or legal requirements, as the case may be.

6. Data Subject Rights

6.1 Your rights under the PDPA

According to the PDPA, you have certain rights relating to your personal information as follows:

(1) Right to Withdraw Consent

You have the right to withdraw consent given to us for collecting, using or disclosing your personal information at any time, unless there is a restriction of the withdrawal of consent by law or the contract which gives benefits to you.

However, the withdrawal of consent shall not affect the collection, use or disclosure of personal information you have already given consent legally. In addition, where you withdraw consent, you may experience less convenience in rendering services, performing tasks or pursuing contractual or business relationship with AEONTS, or may not be able to maintain your status as our vendors, dealers, services providers and business partners.

(2) Right to Access

You have the right to request access to and obtain a copy of your personal information, which is under our responsibility, or to request the disclosure of the acquisition of the personal information obtained without your consent. At our discretion, we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable processing fee.

(3) Right to Object

You have the right to object to the collection, use, disclosure or otherwise processing of your personal information on grounds stipulated by law. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process your personal information for the establishment, exercise or defense of a legal claim.

(4) Right to Erasure

You have the right to request AEONTS to erase, destroy or make your personal information become unidentifiable data, under certain circumstances unless we are required to retain your personal information in order to comply with a legal obligation or to establish, exercise or defend legal claims.

(5) Right to Rectification

AEONTS will ensure that your personal information remains accurate, up-to-date, complete, and not misleading. However, if you consider that your personal information is inaccurate or changed, you have the right to request AEONTS to rectify your personal information to be accurate, up-to-date, complete, and not misleading.

6.2 How to exercise your rights

You may exercise the data subject rights listed above via the following channels:
– Privacy setting page (via this website or mobile application)
– Notification setting page (via this website or mobile application)
– Call Center at 02-655-0123 for (1)Right to Withdraw Consent and (5)Right to Rectification
– Other channels as specified in Clause 8 below for your right in Clause 6.1 (2)-(4)
Nonetheless, if we reject your request, we will inform you of the reasons.

6.3 Processing time

AEONTS will process your request within 30 days upon receipt of your valid request together with complete supporting documents. Until then, your personal information will still be unchanged in our database and may still be processed or you may be contacted by us, our partners or those who have retained your personal information as of the date of your request.

7. Data Protection Security Measures

7.1 Implementation of Security Measures

AEONTS implements appropriate security measures for preventing unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal information.

7.2 Disclosure of Personal Information to Data Processor

AEONTS properly supervises third parties to which AEONTS has appointed to process personal information pursuant to our orders or on our behalf.

8. Contact information

If you have any questions or inquiries about the protection of your personal information, collection, use or disclosure of your personal information, or exercise of your rights, or have any claims, please contact us at:

AEON Thana Sinsap (Thailand) Public Company Limited and Data Protection Officer (Mr. Junji Noda)

Address: 388 Exchange Tower, 27th Floor, Sukhumvit Road, Kwaeng Klongtoey, Khet Klongtoey, Bangkok 10110
Tel: DPO Office 02-302-4656
E-mail: [email protected]

You also have the right to file a complaint with the relevant Personal Data Protection Committee if AEONTS violates or do not comply with the PDPA or other regulations or notifications issued in accordance with the PDPA.

9. Third Party Links

This Privacy Policy Statement applies to the use of website, mobile application and LINE account of AEONTS only. When you link to third party websites via AEONTS Website, the personal information protection shall be in accordance with the privacy policy statement of such third party websites which are not related to AEONTS.

10. Update to this Privacy Policy Statement

AEONTS regularly reviews and, if appropriate, updates this Privacy Policy Statement from time to time to ensure that your personal information is properly protected. In case of any update to this Privacy Policy Statement, AEONTS will inform you through Privacy Policy Statement on this website, notification on your device or other appropriate methods. Please refer to this page for the updated Privacy Policy Statement.

Last updated on 26 November 2020