Privacy policy

 

1. Introduction
As Jaspal Public Company Limited (“Company”) realizes the importance of Personal Data and other information (collectively referred to as “Data”), about the Company’s customer (“You”), and so that you can be confident that the Company is transparent and responsible for collection, use or disclosure your data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“Personal Data Protection Law”) including other relevant laws. Therefore, this Customer Data Privacy Policy (“Policy”) has been established to inform you to know and understand the practices including objectives of the Company with respect to the collection, use, and disclosure of your Personal Data (collectively referred to as “Processing”), performed by the Company, including related persons on behalf of the Company, with the following matters:

2. Scope of the Policy
This Policy applies to Personal Data in relation to the Company, both presently and possibly in the future that are/may be processed by the Company or related parties which the Company has obtained and collected from your visits, purchase of goods and services, membership applications, making suggestions, feedback, complaints, completing surveys or questionnaires, or performing any necessary activities as required via the Company’s websites, mobile phone applications, social media channels, stores of the Company and Customer Service Center (Customer Service). This Policy does not cover your use of websites, mobile applications, social media channels of third parties that can be linked to the website, mobile phone applications, social media channels of the Company, or stores that are not managed and supervised by the Company. For these reasons, the Company advises you to read this Customer Data Privacy Policy to understand and acknowledge the methods, procedures, and purposes of the Company in relation to the collection, use, and disclosure of your Personal Data.

3. Definitions

“Company”                              Jaspal Public Company Limited.

“Affiliates”                                Jaspal & Sons Company Limited.

“Customer”                              (1) Normal customers who purchase products and services of the Company, both current and former customers, including potential future customers, and (2) Normal customers who are employees, personnel, officers of the Company, and affiliates.

“Personal Data”                       Any data relating to a Person, which enables the identification of that person, whether directly or indirectly, but not including the data of a deceased Person.

“Sensitive Data”                      Personal Data that is classified as sensitive data as described in Article 26 of the Personal Data Protection Act which includes data about race, ethnicity, political opinions, cult beliefs, religion or philosophy, sexual behavior, criminal record, health data, disability, trade union data, genetic data, biological data or any other data that affects the Data Subject in a similar manner as announced by the Personal Data Protection Committee.

“Processing Personal Data”    Any processing of Personal Data, such as collecting, recording, copying, organizing, storing, updating, changing, issuing, restoring, disclosing, forwarding, disseminating, transferring, combining, deleting, destroying, etc.

“Data Subject”                         An individual person who owns the personal data that the Company collects, uses, or discloses herein means “you” as a customer in this policy.

“Person”                                  Individual persons do not include legal entities such as corporations, associations, foundations, or any other organization.

“Company’s Store”                  Any stores under the management or supervision of Jaspal Public Company Limited, as specified in ANNEX 1.

“Company’s Website”              Any websites under the management or supervision of Jaspal Public Company Limited, as specified in ANNEX 2.

“Social Media Channels”         LINE and Facebook.

4. Collection of Your Personal Data by the Company
During your access or use of the Company’s Websites, mobile phone applications, social media channels, e-mail, telephone channels, Company’s stores and Customer Service Center (Customer Service), the Company may need to collect or obtain any personal data that can identify you as follows:

General Personal Data consists of the following:

4.1   Personal Data

General Customer Personal Data such as title, name-surname, gender, date of birth, age, nationality, information on documents issued by government agencies (e.g., ID card number, passport number, taxpayer identification number, etc.)

Customer Personal Data who are Employees, Staff of the Company and its Affiliates such as title, name-surname, gender, date of birth, age, nationality, employee data (e.g. employee level, job title, employee ID, workplace, agency), information on documents issued by government agencies (e.g. ID card number, passport number, taxpayer identification number, etc.)

Contact information, including telephone number, mobile phone number, shipping mailing address, billing address, email address, and social media account (e.g., LINE account information, Facebook account, etc.).

Membership Information, including membership account details, membership card number, reward points, membership type, date of membership application, membership period, reward points redemption history, inquiries, comments, feedback, complaints, suggestions, and other related information.

Sale and Purchase of Goods and Services Transaction Information such as goods purchase order details (e.g. product purchased, type, size, quantity, price, etc.), details of use of service, information about receipt of payment from/refunding to you, date of payment, time of payment, amount of payment, purchase or order number, date/time of receipt or delivery of goods, feedback message regarding the acceptance of goods, goods warranty information, complaints and claims and other information related to the purchase of goods and services.

Financial information such as debit/credit card information (e.g., card number, cardholder name, card type, numbers on the back of the card (CVV), expiration date, etc.)

Technical Information such as computer traffic data (Log) and information that the Company collects through cookies (Cookies) or similar technologies (e.g., information about use of website, applications and systems of the Company, device identity, computer IP address, location information, browser type and usage behavior, etc.)

Behavioral Information, such as behavioral information in relation to the purchase of goods and services, and feedback regarding the services of the Company.

Other Information, such as voice recordings of telephone conversations through the Customer Service Center (Customer Service), video and audio recordings from closed-circuit television (CCTV), and body temperature.

 4.2   Sensitive Personal Data includes
Data pertaining to race, ethnicity, religion, fingerprints, facial recognition, health data, or data related to physical or mental conditions, genetic data, medical history, disability, and criminal history, etc. The Company does not have a policy to store Sensitive Personal Data unless the Company has obtained your consent.

4.3 Third Party Personal Data
If you have to provide a Personal Data such as name-surname, address, contact number of any third party to the Company e.g. spouse, children, relatives, friends, references and other persons who are not the Company’s customer as an emergency contact information or to be a beneficiary or to solicit the purchase of goods or services or to invite to apply for membership, it is your responsibility to communicate the details of this policy to such person(s) as well as to obtain their consent if required to disclose the data to the Company. Furthermore, you must ensure that you have the right to provide such data of those individuals to the Company in accordance with the Personal Data Protection Law.

As such, the Company will strictly collect personal data only to the extent necessary, subject to the purposes specified in Clause 5 of this Policy.

For the collection, use, or disclosure of your Personal Data, the Company will obtain your explicit consent in writing or via electronic means prior to or during the collection of the Personal Data, unless you have a right not to consent and provide such data. If you decide not to approve or withdraw any consent, it may result in the Company being unable to provide all or part of the services to you.

In addition, the collection of data from any minor, impaired, or partially impaired person requires the Company to obtain written consent from their relevant legal guardian. If the Company explicitly knows that a person is under twenty (20) years of age or is an impaired or partially impaired person, the Company will not collect Personal Data from such person unless consent is obtained from the relevant legal guardian, if consent is required. If the Company is aware that it has unintentionally collected Personal Data from any person below the age of twenty (20), or who is impaired or partially impaired person, without obtaining consent from its legal guardian, the Company will promptly delete such Personal Data or process only that part of the Personal Data which the Company is entitled to process based on any legal basis other than the request of consent.

Notwithstanding the foregoing, the Personal Data given to the Company by you must be correct, complete, and true. They will not cause any confusion, and you must keep your Personal Data up-to-date and also inform the Company of any changes via the contact channel specified in Clause 14. If you decide not to provide the Company with your Personal Data or if you choose to withdraw consent for the use of your Personal Data, it may result in the Company being unable to provide all or part of the services to you. 

5. Purposes of the Collection, Use, and Disclosure of Personal Data

The Company collects Personal Data for the following purposes:

1. The communication and providing necessary information of the Company in relation to goods, updated lists of goods, lists of promotions or campaigns arranged or to be arranged by the Company, and any privileges for your benefits. The provision of information will be conducted via Email, SMS, or any other appropriate method, for which you have consented.
2. The provision of any privileges, including but not limited to, privileges on birthdays and/or in birth months, as well as reward points privileges that can be redeemed for discounts or premiums.
3. The invitation to any events and/or product launches of the Company.
4. The delivery of documents, including but not limited to catalogues and birthday cards.
5. The delivery of goods and acceptance of returned goods purchased by you from the Company.
6. The management and arrangement of completing payments in relation to commercial transactions of the purchase of goods between you and the Company.
7. The process and analysis are deemed appropriate and suitable for improving goods and services to meet a person’s needs as much as possible.
8. Market research, surveys, analysis of internal markets, creating customer data, analysis of customer patterns and choices for purchase of goods, and the planning and analysis of statistics and trends in relation to goods and/or services of the Company.

Any other purposes which are required for the proceeding, maintenance, and management of business and relationships between you and the Company. 

The Company will process your Personal Data only for the purpose for which it has been stated, including in some cases where the Company may consider it able to process your Personal Data for other relevant reasons and not contrary to or in addition to the original purpose provided. Notwithstanding, if the Company needs to process the data for a purpose other than the original purpose, the Company will request your consent again for the use of such data for that new purpose.

6. Disclosure of Personal Data to Third Parties
The Company may disclose your Personal Data to any third parties as necessary to fulfill the purposes specified in this Policy. The Company may send your Personal Data to the following parties:

1. Any agents, affiliates, or related companies located in or outside Thailand.
2. Any agents, contractors, or service providers who are third parties that will render services to the Company and you (such as service providers in relation to the delivery of goods, storage and warehousing, logistics, production and delivery of documents (e.g. catalogues or birthday cards, etc.), consultants or experts, and/or telecommunications, information technology, or marketing and promotions providers, etc.).

Howsoever, the third parties to whom the Company will disclose your Personal Data, the Company will take appropriate measures to ensure that your Personal Data shall be protected and secure such as entering into the execution of agreements with conditions that third parties are entitled to use Personal Data to the extent stipulated in the agreements and the execution of Non-disclosure Agreements for confidentiality of the obtained Personal Data for business operation, etc.

Government officers or government agencies subject to the laws, rules, and regulations prescribed by relevant legislation.

7. Sending or Transferring of Personal Data to Foreign Countries
The Company may disclose or transfer your Personal Data to foreign countries, third parties, or servers located in foreign countries, where such destination countries may or may not have the same level of data protection standards. In this regard, the Company will follow various procedures and measures to ensure the safe transfer of your Personal Data and verify that the persons receiving such Personal Data have appropriate data protection standards or comply with the conditions or exceptions outlined in the relevant laws. The Company will obtain your consent if required by law in the event of a transfer of Personal Data to foreign countries.

8. Connecting to External Websites or Services
The Company may have connections to third-party websites or services, which may have their own privacy policies that differ from this policy. Since the Company is not associated and has no control over the privacy policies and measures of those websites or services, and also cannot be held responsible for the contents, policies, damages, or actions caused by third parties’ websites or services, the Company, therefore, recommends that you should initially study such privacy policy of those websites or services before access.

9. Personal Data Protection Measures
The Company provides appropriate security measures for preventing the unauthorized or unlawful loss, access to, use, alteration, correction, or disclosure of Personal Data, and such measures will be reviewed by the Company when it is necessary, or when the technology has changed, in order to maintain the appropriate security and safety efficiently.

10. Length of Time to Store Personal Data
The Company will retain your Personal Data within the period necessary for the purposes specified in this Policy, except in cases where laws require a longer period of retention. After the expiration of the retention period, or if your Personal Data is no longer necessary, the Company will erase, destroy, or anonymize such Personal Data. Notwithstanding, in the event of a dispute regarding the exercise of legal rights relating to your Personal Data, the Company reserves the right to retain such data until the dispute is resolved by court order or judgment.

11. Rights as the Data Subject
If the Company collects, uses, or discloses your Personal Data subject to the purposes specified in this Policy, you have the following rights pursuant to the Personal Data Protection Law.

11.1 Right to Request to Access to Personal Data
You have the right to access and obtain a copy of your Personal Data, which is under the responsibility of the Company, and ask the Company to disclose the acquisition of your Personal Data in case you have not given your consent.

11.2 Right to Request to Have the Personal Data to be Accurate, Complete, and Up-to-Date
You have the right to request that the Company make your Personal Data accurate, complete, and up-to-date.

11.3 Right to Request Erasure or Destruction of your Personal Data
You have the right to request the Company to delete, destroy, or make your Personal Data non-identifiable; however, the exercise of such rights is subject to the conditions stipulated by law.

11.4 Right to Request the Suspension of the Use of Personal Data
You have the right to request the suspension of the use of your Personal Data in the following cases.

a. During the period that the Company reviews your request to correct, complete, and update the Personal Data.
b. Your Personal Data is illegally collected, used, or disclosed.
c. At the time that your Personal Data is no longer necessary for collection according to the purpose stated by the Company, but you need the Company to continue collecting such data to exercise the legal rights.
d. During the period that the Company is proving legitimate grounds for collecting your Personal Data or investigating the necessity for collecting, using, or disclosing the Personal Data for the public interest due to your exercise of the right to object to the collection, use, or disclosure of Personal Data.

11.5 Right to Object to The Processing of Personal Data
You have the right to object to collection, use or disclosure of your Personal Data unless the Company has legitimate grounds to refuse the request by law (For example: The Company can demonstrate that the collection, use or disclosure of your Personal Data is more legitimate grounds or for the establishment of a legal claim, the performance or exercise of a legal claim or for the public benefit of the Company).

1. Right to Withdraw Consent
   If you have given consent to the Company for collecting, using or disclosing your Personal Data (whether before or after the Personal Data Protection Law comes into force), you have the right to withdraw your consent at any time, for a period of time that your Personal Data is retained by the Company, unless there is a provision of law requiring the Company to continue retaining it or there is a contract between you and the Company that still benefits you.
2. Right to Obtain, Transmit, or Transfer Personal Data
   You have the right to obtain your Personal Data from the Company in a form that is readable or generally usable with a device or device that works automatically and can use or disclose Personal Data by automatic method including may request the Company to transmit or transfer data in such form to other Personal Data controllers, however, the exercise of this right shall be subject to the conditions prescribed by law.
3. Right to File A Complaint
   If there is a reason to believe that the Company has violated the Personal Data Protection Law, you have the right to file a complaint with an expert committee appointed by the Personal Data Protection Committee in accordance with the rules and procedures prescribed by the Personal Data Protection Law.

In case you wish to exercise the foregoing rights, you are required to make a written statement. The Company will use its best efforts to perform actions in a timely manner and no later than the period prescribed by law. The Company will strictly comply with the laws concerning your rights as the Data Subject.

The exercising of rights to request the erasure, destruction, or anonymization of your Personal Data, temporary restriction of use, or withdrawal of consent may result in the Company being unable to provide all or part of the services to you. 

12. Information about Cookies
The Company’s website uses cookies and other tools to help distinguish you from other users of the website, allowing the Company to improve the website and provide you with a quality experience when using it. By continuing to use this website, you are agreeing to cookies being placed on your computer.

13. Personal Data Protection Officer
The Company has appointed a Personal Data Protection Officer to monitor, supervise, and advise on the collection, use, or disclosure of Personal Data, including coordinating and cooperating with the Office of the Personal Data Protection Commission to ensure compliance with the Personal Data Protection Law.

14. Contact the Company
If you have any queries in relation to this Personal Data Protection Policy or if you wish to exercise the rights specified in Clause 11, please get in touch with the Company at:

1. Jaspal Public Company Limited

1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
Customer Service Center (Customer Service) Tel: 02 118 2000 or
E-mail: customerservice@jaspal.co.th

2. Data Protection Officer (DPO)

1054 Soi Sukhumvit 66/1 Prakanongtai Sub-District, Prakanong District, Bangkok 10260
E-mail: dpo@jaspal.co.th

15. Revision of the Personal Data Protection Policy
The Company reserves the right to revise and amend this Personal Data Protection Policy as deemed necessary and appropriate to comply with the Personal Data Protection Law and/or secondary laws, regulations, rules, and announcements of government agencies that have been amended. Any revision or amendment will be announced and published on the Company’s Website or by any other appropriate method.

This Customer Data Privacy Policy is prepared in accordance with the Personal Data Protection Act B.E. 2562 (2019) and published in both Thai and English. If there are any discrepancies in meaning or interpretation between the Thai and English versions, the Thai version shall prevail.

List of Stores under Jaspal Public Company Limited
The stores under the supervision of the Company consist of 14 brands as follows:

• JASPAL
• Misty Mynx
• CPS CHAPS
• CC Double O
• Jelly Bunny
• Royal Ivy Regatta
• LYN
• Lyn Around
• Fred Perry
• CPS Coffee
• QUINN
• Asics
• Shoebar
• Melissa Jelly Dreams

List of Online Stores under Jaspal Public Company Limited
The websites under the supervision of the Company consist of 10 websites as follows:

• www.jaspal.com
• www.cpschaps.com
• www.mistymynx.com
• www.ccdoubleo.com
• www.royalivyregatta.com
• www.lynaround.com
• www.iamquinn.com
• www.jellybunny.com
• www.lynaccs.com
• www.JPSclub.com