KOIKEYA (THAILAND) CO., LTD., KOIKE-YA Inc.(the parent company of KOIKEYA (THAILAND) CO., LTD) and KOIKE-YA Inc.’s subsidiaries (hereinafter collectively referred to as "KOIKE-YA Group") provides information on the processing of personal data in the context of the activities in the Kingdom of Thailand in connection with its relationship with existing and potential customers, existing and potential employees, any third party related to such customers or employee and other persons with whom KOIKE-YA Group maintains or is considering to create a relationship pursuant to the Personal Data Protection Act of Thailand B.E.2562 (A.D.2019)(PDPA).
|Applicable privacy legislation
||Personal Data Protection Act of Thailand B.E.2562 (A.D.2019); Japanese Act on the Protection of Personal Data.
||Personal Data Protection Act of Thailand B.E.2562 (A.D.2019)
||A natural or legal person who has decision-making authority over the collection, use, and disclosure of personal data.
||Information that directly or indirectly identifies an individual is considered personal information. Sensitive information about individuals is also managed under PDPA.
||An identified or identifiable natural person whose personal data is processed by the controller who processes it.
||A natural or legal person which processes personal data on behalf of the controller.
Name and address of the controller and representative of the controller
Koikeya (Thailand) Co., Ltd.
159/39 Serm-Mit Tower Unit No.2502/1 25th Fl.,
Sukhumvit 21 Rd. (Asok), North-Klongtoey, Wattana, Bangkok 10110
Name and address of the principal supervisory body
If you believe KOIKE-YA Group are processing your personal data not in accordance with applicable laws, you can complain to the Expert Committee of Thailand.
The data subject has the right to lodge a complaint with the supervisory authority mentioned above at any time. However, KOIKE-YA Group would ask that the data subject contact the administrator mentioned in 2 above in advance to give us the opportunity to deal with the complaint before contacting the supervisory authority.
Types of personal data
KOIKE-YA Group collect the following information about you:
Information which you choose to provide to us:
- Profile Information: such as name, mailing address, phone number, email address, login name, login passwords, identification information (such as Identification number, passport number, driver’s license number), date of birth, gender, and photo;
- Information of Communication with us: such as information about the communications between you and us including your inquiry, compliments, and other contact to us;
Information collected as you use our websites:
- Usage Information: such as access dates and times, pages viewed, apps and other system activity, and type of browser.
- Device Information: such as information about the devices you use to access, including the hardware models, device IP address, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information;
Information provided from third parties:
- We may collect information about you to be provided from third parties such as business partners, distributors, transporters, our service providers, and relevant government officials due to your consent. We may also collect and use information of how your usage activities on third-party’s services from marketing service providers;
- In the event that we collect your Personal Data from a third party, we will notify you of the detail of the collected Personal Data and the detail of the third party. Such notification will be made within 30 days from the date of the collection.
Purposes of processing personal data.
KOIKE-YA Group process personal data only for the following purposes:
- when required for authentication to use KOIKE-YA Group 's website;
- when required to register for e-mail newsletter distribution services;
- when required to apply for gifts, campaigns, etc., and to send prizes to winners;
- when required for the purchase of products on the mail-order websites;
- when required for product development and other service improvements and enhancements;
- when required for inquiries to KOIKE-YA Group;
- when required for the delivery of behaviorally targeted advertisements (To deliver advertisements that are linked to the content viewed by the customer based on the customer's browsing history, usage history, etc., of the website operated by KOIKE-YA Group) using an ad-serving company;
- when required to analyze attribute information, behavioral history, etc. obtained by KOIKE-YA Group in order to understand the interests, preferences, etc. of customers;
- when required for the use of KOIKE-YA Group 's website services;
- when required for business-related communications, contract execution, business negotiations, etc.;
- when required to exercise rights or fulfill obligations under corporate law;
- when required to contact and provide information to applicants for employment or recruiting activities, or for other recruitment or recruiting activities; and
- when required for business communication, payment of compensation (wages, bonuses, benefits, etc.), performance of personnel and labor management, provision of benefits, and health management for employees.
Legal basis for processing personal data.
The legal basis for processing is as follows:
- where the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
*If the processing is based on the consent of the data subject under (i) above, the data subject concerned has the right to withdraw this consent;
- where the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
- where the processing is necessary for compliance with a legal obligation to which the controller is subject;
- where the processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- where the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; and
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
*(vi)Where legitimate interests are the lawful basis for processing include the following cases:
Marketing to customers (direct marketing);
Customer service to customers; and
applying for employment with the Company.
The rights of the data subject
Under applicable privacy legislation, including the PDPA, data subjects have the following rights. To assert these rights, the data subject may contact our appointed the administrator at any time:
- withdraw consent regarding personal data. However, one may not revoke the collection, use or disclosure of personal data that has already been made on the basis of consent;
- request access to or obtain a copy of personal data maintained by a personal data controller;
- receive personal data or request to send or transfer personal data to other data controllers by automatic means;
- object to the collection, use, or disclosure of personal data;
- request a data controller to erase, destroy, anonymize personal data, or to prevent third parties from identifying the data holder from such data, in the following cases:
- When the storage of personal data is no longer necessary in light of the purpose of the consent; and
- When the personal data holder withdraws consent.
- request the personal data controller to stop using the personal data;
- request the personal data controller to keep the personal data accurate, complete, and up-to-date; and
- file a complaint to the Expert Committee if a personal data controller, personal data handler, or an employee or contractor of such persons violates PDPA and fails to comply with its contents.
Security control measures.
As a controller, KOIKE-YA Group have implemented adequate technical and organisational safeguards with regard to the protection of personal data. Where a data subject has concerns, e.g. with regard to a particular data transfer method, KOIKE-YA Group will take adequate alternative measures.
Disclosure, Share, or Cross-border data transfers
- KOIKE-YA Group may share the personal data with the following categories of recipients:
- KOIKE-YA Group’s Affiliates;
- third-party service providers performing functions or services on behalf of KOIKE-YA Group, such as customer support, technical support, or customer management;
- third-party IT service providers, such as provider of data storage service or business communication platform service; and
- third-party advertising service providers.
- Except for the recipients prescribed above, KOIKE-YA Group will not disclose the personal data to any third party without the data subject’s prior consent, except where KOIKE-YA Group collected the personal data based on any of the legal basis prescribed in 7.
- KOIKE-YA Group may transfer the personal data of data subjects from our establishments in the Kingdom of Thailand to our overseas offices of the Group or our subcontractors where the destination country has appropriate data protection standards and the transfer is made in accordance with the regulations established by the Personal Data Protection Committee, except in the following circumstances:
- where it is for legal compliance;
- where the consent of the data subject has been obtained;
- where it is necessary for the performance of a contract entered into by the data subject;
- where it is to comply with a contract concluded by the controller for the benefit of the data subject;
- where it is to prevent danger to the life, body or health of the data subject;
- where it is necessary for the vital interests of the public;
- where it is for transfers within a company or business group in accordance with a personal data protection policy that has been reviewed and certified by the Personal Data Protection Committee for transfers outside of the country; and
- where it is to provide appropriate safeguards to enable the data subject to exercise his/her rights in accordance with the rules and methods established by the Personal Data Protection Committee.
Period of storage of personal data
Personal data is stored for the legal retention period in the countries where the personal data stored, and personal data is securely deleted as soon as possible after the end of the legal retention period, unless it is necessary to retain the whole of part of the personal data for the purpose of establishment, compliance, or exercise of legal claims, defense of legal claims, performance of a contract, or the purpose of compliance with the law.
Notification to the principal supervisory body
KOIKE-YA Group may notify the principal supervisory body when required under the applicable privacy legislation.