Nutrition Sc Public Company Limited (hereinafter referred to as “company”, “we”, “us”, or “our”) recognizes to the importance of your personal data protection. The data subject of such personal data belongs to the person, who is (1) individual customer using our products and services, as well as a former customer, current customer, and potential customer; (2) employees, personnel, officer, representative, shareholder, authorized person, director, visitor, agent and other natural persons related to our corporate customer (collectively referred to as “our customers”), and (3) any natural who the company has obtained the personal data (such as, emergency contact person, spouse, ascendant, descendant, relative, child, employer, agent, beneficiary or reference person). The persons of (1) – (3) shall be collectively referred to as “you” and the persons of (1) and (2) shall be collectively referred to as “customer”. In this regard, the company acknowledges that you consider and take interest in how your personal data will be collected, used, disclosed, sent and/or transferred to a foreign country, where will be used providing and services by the company pursing to your requirements and other significances as deemed appropriately.
This Privacy Notice (“Privacy Notice”) applies to our products and services distributing to customers by our retail store, website, mobile application, sales representative, event kiosk, call center, social media, online channel, registration for reward and/or various services and other channels, where the company collects your personal data. However, please read and understand this Privacy Notice in accompany with the terms and conditions for such services as relating to you.
The company reserves the right, at its sole discretion, to amend this Privacy Notice from time to time. The Company therefore urges you to review and update this Privacy Notice regularly. Any amendment will be effective immediately upon the company’s post on our website or application.
1. Personal Data Collected by the Company
The Company may collect various types of your personal data either directly from you or indirectly from other sources, from the Company, or its business partners throughout your communication with the company and following your requirement in our products and services. The example of personal data, that may be collected, used, disclosed and/or transferred internationally by the company, are including but not limited to the following personal data:
1) Personal information, such as title, name-surname, age, occupation, date of birth, company name, position, salary, work experiences (e.g., type/business of organization, office, position, age of service, department, occupation, job title, shareholding in any company), political status, gender, nationality, marital status. educational background, photographs, audio recording, recording of telephone conversation, signature, recorded from CCTV, shareholding ratio, complaint, your opinions concerning the products and services of the company as well as any inquiries via social media.
2) Contact information, such as, registered address, residential address, business address, e-mail, phone number, business phone number, mobile phone number, fax number, postal code, social media account information (e.g., your LINE account information, Facebook account, and convenience time to contact) and other electronic contact information.
3) identifiable information issued governmental agencies, such as, an identification card number, passport number, tax identification number, social security number, including information from driving license, house registration, company certificate (specifying the name of the Company’s director) or other similar information.
4) Demographic information about you, such as, the number of your children, the age of your children, the number of family members, education level, and family incomes.
5) Behavioral data, such as, information about customer purchasing behavior and information obtained from using our products and services.
6) Financial information, such as, transaction price, fee, payment method (e.g., cash or credit card), cash card number and information, debit and credit card, PromptPay information, account number and type of bank account, bank account history, record of deposit and withdrawal in the bank account, current asset, source of income, payment detail, credit rating and monthly income, and subscription information on products and services (via application).
7) Important transaction information, such as, purchase history, purchase amount, purchasing behavior and/or using the company’s products and services, including your favorite preference and interest, as well as item searching for.
8) Information collected from your electronic device, such as, IP address or Internet Protocol address, web beacon, log, device ID, geographic coordinates (GPS), device model and type, network, connection and access information, Single sign-on (SSO), Login log, access time, duration spending on the Company’s page, cookies, login information, search history, browsing data browser, Browser, time zone setting and location, Plug-In Browser, operating system and platform, and other technologies on the device you use to access the Platform.
9) Vehicle information, such as, vehicle registration number (including vehicle registration number for temporary use), vehicle identification number (VIN), body number, model, model year, year of manufacture, engine size, standard equipment, service history, mileage, oil, or battery status, history of refueling, operation of the electrical system, gear condition, problem or any other information about your vehicle, and performance data of vehicle accessing gas station,
or FIT Auto services, including date and time when and where you booked for a service.
10) Information about marketing and communication channel, such as, your desire to receive our marketing information, including the form or means of communication that you would like to receive for our products and services, information on interaction between you and the company, other communication channels that you are interested in, details of communication between you and the company, and marketing information, for instance, information you provided to the company as indicated in the questionnaire, survey, opinion form or other research activities.
11) Profile information, such as, account identifiers, username and password, PIN ID code for purchasing the company’s products and services.
12) Usage data, such as, information about your use of the website, platform, using of products and services, and how you use or interact with our advertisement (including the content you visited, link clicking to view, and other information).
13) Information concerning relationship management with the Company’s customers,
such as, opening a customer account, operation management, payment, dispute resolution, processing, and reporting on behalf of customer. Such personal data may include your signature and record of communications between you and the company.
14) Other information, such as, information about your relationship history and detail that you have with the company, e.g., information given to the company by you as specified in the contract, registration information, application, survey, research, or information collected when you participated in the Company’s business activities, seminars, training, or social events.
If you have provided personal data (e.g., first-last name, address, and contact information) of another person, such as, emergency contact person, spouse, wife, ascendant, descendant, relative, child, employer, agent, beneficiary, or reference person, in the case that a customer is a natural person or employee, shareholder, director or person related to your organization. In the case of corporate customer, you should ensure that you have authority to provide such personal data and allow the company to use such personal data under this Privacy Notice. In addition, you are responsible for notifying those persons of this Privacy Notice and/or (also) obtain their consent, if necessary, and/or on the ground of another legal basis.
The Company shall not collect personal data of minor (person who is under the age of majority, that is, less than 20 years of age or under the age of marriage as required by law), quasi-incapable, incompetent person and shall not allow such persons to apply for use or purchase our products and services without a consent or without another legal basis. If the company recognizes that the company has accidentally collected personal data from these persons without a consent and without any other legal basis, the company will delete such personal data promptly. The Company in addition to suspend providing a service to these persons, unless
in the case where the company may rely on criteria or legal basis other than a consent.
2. Purpose and legal basis for Processing Personal Data
2.1. Objectives that the Company processes for collecting, using, or disclosing your personal data on the basis of explicit consent:
(1) Marketing and Communications for marketing, communication, sales, offering, special offer, offering promotion, discount, privilege, notification, news and products and services from the company and/or business partners that the Company cannot rely on any other legal basis.
(2) Various purposes for using sensitive personal data, The Company will collect, use and/or disclose sensitive personal data only with your express consent or only when permitted by law.
2.2. Other objectives for collecting, using, or disclosing your personal data, the company may rely on the ground of other legal basis (1) for the contract performance basis; for initiating a contract or entering into a contract or performing a contract with you; (2) for the legal obligations basis according to the company’s rules and regulations; (3) for the legitimate interests basis; (4) for prevention or suppression of harm to life, body or health of a person; and/or (5) for public interest basis to carrying out the tasks for public interest or performing duties in the exercise of state power or other legal basis as permitted by the Personal Data Protection Act, as a case may be, to collect, use and/or disclose your personal data for the following purposes:
(1) To supply products and provide services to you, for example, to fulfill your request before entering into a contract; to enter into a contract and deal with the contractual relationship between the company and you; to bid (quotation) as you request; to provide, maintain, prevent, audit and improve our services; to facilitate your convenience; to support and carry out other activities related to the company’s products and services; to manage your account; to transact financial transaction related to payment, refund, issuance of voucher, receipt and invoice;
to process and track a shipment, receipt, return and replacement of our products and services; including to verify, confirm and cancel of transactions processing your order.
(2) Registration and identical verification, for example, to register, verify, and authenticate your identity.
(3) To select customer, for example, checking customer status and/or other history background, risk assessment relating to you and customer, auditing, screening of job abandoner list, evaluating the suitability and qualification of you and customers, issuing a request for quotation, and invitation for bidding or entering into a contract with you or customer.
(4) To contact and communicate with you, for example, contacting, coordinating, providing services, public relations, presenting marketing information, sales, special offers, promotions, notifications, news and information about our products and services to you; and to process and update your personal data as a current member of company; to handle all aspects related to customer service, whether it is an inquiry, request, feedback, complaint, claim, dispute or indemnification; to provide assistance and troubleshooting technical issues; to notify a troubleshooting and survey your opinion and satisfaction regarding our services or activities, including to update your personal data (such as, customer name) and to store relevant documents that may be referred to you.
(5) Marketing and communication, for example, for marketing, communication, sales, offer a promotion or special offer, discount, privilege, notification of news and information about our products and services and/or business partners pursing to your requested, including products and services information that are close to your interests, history of receiving product and services both in directly and indirectly allowing you to participate in our offer, privilege, campaign, event, seminar, contest, sweepstakes, prize draw, booth, event as well as other promotional and related advertising services; to facilitate you participating in our activities; to cooperate with our brand; and to process and register your account, etc., for providing our best service to the customers.
(6) Profiling and data analytics, for example, for more information about our products and services that you may be interested or the processing of your personal data, e.g., considering the type of products and services that you used; your request to contact in any channels, etc., to explore your satisfaction in our services; to collect information for statistical and behavior analysis; to analyze information of interested customers in each product; time analysis; customer’s office; market trend. For the purpose of promoting marketing, campaign, new product, is to know you better and to resolve a problem occurring from our products and services, as well as to elevate our business.
(7) To improve and upgrade our products and services, for example, to evaluate, develop, manage, upgrade, and develop our products and services providing to you, including but not limited to our system and business operations, our performance, developing and improving our marketing strategies, products, and services. This includes managing, auditing, reporting, controlling, or managing risks, statistical preparation, trend analysis, planning or any other related to or similar activities. In addition to comply with internal data retention, to analyze and manage the company’s business, to conduct market research, surveys, assessments, behaviors, statistical data, market segmentation trends and consumption patterns, to analysis the company’s data for research, evaluation and problem-solving, to improve a quality, safety and security of our products and services, and to develop and improve our new products and services.
(8) To carry out training activities, both in general and electronic training (e-learning) and/or to issue a training certificate.
(9) Information technology management, for example, for the purpose of company managing, conducting public relations within the organization, information technology system management, communication management, security system of organizational information technology, including control and logging of access to the system, system monitoring, devices, and internet system.
(10) Operation of website, mobile application, and platform, for example, to maintain, operate, monitor, and manage the website and platform facilitating and assuring you that the website and platform are operating smoothly, efficiently, and safely; to facilitate your use of our website and platform; to improve our plan and content on the website and platform.
(11) To recommend and personalize content, for example, to know your requirement and adjust our products and services suiting to you.
(12) Compliance with legal obligations and the order of government agencies,
for example, taking legal actions, proceeding following with the order of government agencies and the foreign government agencies and/or cooperating with a court, regulator, government agencies and law enforcement agencies. In the case there is reason to believe that it must comply with or cooperate with the law and/or order, the company may need to disclose your personal data complying with the law, legal process, or the state order strictly. This includes to carry out internal investigative procedures, to prevent crime, fraud and/or to establish legal claims.
(13) The acquisition of organization, for example, in the case of organizational restructuring, merger and acquisition, sales, acquisition, joint venture, assignment, transfer of ownership, divestment, sales of property, stock, or any similar transaction, either partially or completely, the company may disclose your personal data to the assignee of rights and/or obligations of company, whether single or multiple people. Where the disclosure of such personal data is a part of such transaction, the company will comply with this Privacy Notice, in order to respect your personal data.
(14) To protect the Company’s interests and related parties, for example, to maintain the safety and confidence of the company’s business or other related to persons; to exercise their rights and protect their interests or other related to persons when it is necessary and lawful,
e.g., to detect, prevent and act on any fraud, infringement of intellectual property complaint or violation of the law; to manage and prevent loss of property; to ensure compliance with the company’s rules and regulations, the group of company or other related to persons; to detect and prevent wrongdoing within the company’s premise, as well as the use of CCTV to monitor various situation to prevent and report crime; to maintain the security and accuracy of the company’s business, to carry out administration, to prepare a report and internal policy according to the Company’s operation, including the contract enforcement and compliance with internal policy.
(15) To detect a fraud, for example, to verify your identity complying with the laws and other regulations (e.g., to comply with anti-money laundering rules and prevent fraud), including internal audits and internal records, property management, fraud database, system, and others business control.
(16) To prevent or suppress a danger to life, body, or health to a person.
In non-providing your personal data to the company, it may affect to you, that is, the Company may not be able to perform an obligation following your request or according to the contract. In this regard, the company may not be able offering or providing the company’s products and services, whether in whole or in part, to you as well. You may also not be comfortable or did not receive any performance of the contract carrying out by us and may be damaged/lost in some cases. In addition, failure to do so may affect to the compliance with any laws, that are obliged by the company and you, as well as be punished by the law accordingly.
3. The Disclosure or transferring of Your Personal Data
The Company may disclose or transfer your personal data to the following third parties, who may collect, use, or disclose personal data under the purposes stated in this Privacy Notice. However, you may also obligate complying with the privacy notices of those third parties. We thus recommend you read the privacy notices of those third parties to learn more about collecting, using, or disclosing your personal data by them.
3.1. Service Provider
The Company may employ other companies, agents, or contractors to provide a service on the behalf of the company or to facilitate our products and services to you. The Company therefore may disclose your personal data to third party, who is service providers or distributors, as follows, including but not limited to: (1) Developer of infrastructure, internet, web-Site and service provider on information technology (2) Service provider on logistics and freight (3) Service provider on data analytics (4) Communication agent or agency on media advertising, market survey and marketing (5) Service provider on Cloud storage (6) Service provider on training (7) Service provider on travel agency business (8) Service provider on fuel business (9) Service provider on payment and payment systems (10) Service provider on storage and/or Shredders (11) Service provider on printing.
In providing such services, the service provider may have to access your personal data. However, the company will provide your personal data, where is only extent necessary for services, to such service provider and will also request that service provider for non-use your personal data for any other purposes.
3.2 Business Partner
The Company may disclose and/or transfer your personal data to its business partners for the purposes of conducting its business and services in connection with banking, finance, e-wallets, insurance, loyalty program, including other service providers and vendors offering products and services to you. Any disclosure or transfer therein shall be subject to a third-party privacy notice unless this privacy notice.
3.3 Third person
In some cases, the company may be required to disclose and/or transfer your personal data to governmental agencies, law enforcement agencies, courts, officials, regulator, or other persons, in the event that there is a reasonable reason to believe that the company is necessary to comply with legal obligations or law; or to protect the rights of the company and others;
or for the safety of person; or to investigate, prevent, or handle with fraud issues or in terms of security or safety.
3.4. Assignee of rights and/or obligations
In the case of organizational restructuring, merger and acquisition, sales, acquisition, joint venture, assignment, transfer of ownership, divestment, sales of property, stock, or any similar transaction, either partially or completely, the assignee of rights and/or obligations of the company will abide by this Privacy Notice, in order to respect your personal data.
4. Transferring of Personal Data to a Foreign Country
We may transfer your personal data to a foreign country, where the destination country may provide the standard of personal data protection higher or lower than provisions in Thailand. In this regard, where it is necessary to transfer your personal data to a foreign country in which there are lower standards of personal data protection, the company will observe all instructions and measures ensuring that your personal data is protected in sufficient level. The person receiving such personal data provides the appropriate personal data protection standards as required by law and if it is necessary, in addition, the company may request your consent transferring your personal data to a foreign country where is required by law.
5. Retention Period for your Personal Data
We will retain your personal data for a period as reasonably necessary to use following the purposes of collection provided herein, nevertheless, we may retain your personal data longer, where is necessary and/or where is required by the applicable law.
6. The Right of Personal Data Subject
You are entitled to exercise the rights of data subject in accordance with the laws on Personal Data Protection, whereby the Company will respect your rights and proceed complying with the law, statute or regulation relating to the processing of your personal data under certain circumstances promptly. You have the rights to process your personal data as follows:
6.1 Right to withdraw consent
In the event that the company processes your personal data pursuing to your consent, you have the right to withdraw your consent for processing your personal data to the company at any time. The company may however continue to process your personal data on the ground of another lawful basis.
6.2 Right of access
You have right to request for a copy of your personal data from the company.
6.3 Right to rectification;
You have right to rectify your personal data to be accurate, up-to-date and complete.
6.4 Right to erasure
You have the right to request the company to delete, destroy, or anonymize your personal data in the circumstances that there is no reasonable reason for the company to continue processing your personal data. In addition, you can require the company to delete as well as exercise the right to object where is stipulated in the next Article. Nonetheless, the exercise of right hereof shall not be for the purpose of erasure all personal data, and the company shall carefully consider each request by the laws on processing your personal data.
6.5 Right to object
You have the right to raise an objection to the processing of your personal data in certain circumstances prescribed under the laws on personal data protection. Besides, you have the right to object to the processing of your personal data in the case that the company processes your personal data for marketing purposes, recording and analyzing the psychological and behavioral characteristics of individuals (Profiling).
6.6 Right to restriction
You have the right to request the company to restrict of processing of your personal data temporarily, for instance, when you wish the company to correct your personal data or when you request the company to justifying the lawful basis for processing under the laws on personal data processing.
6.7 Right to data portability
In some cases, you may request the company to transfer or transmit your general personal data to other data processor via electronics. However, this right is particularly in the case of your personal data submitted to the company by consent basis, or where such personal data is required to be processed in order to fulfil the obligation under the contract.
6.8 Right to lodge a complaint
You have the right to lodge a complaint to the governmental agencies as well as the Personal Data Protection Committee in the case that you believe that the Company, its employees, or service provider violates or fails to comply with the law on personal data protection or other announcements issued by the virtue of such a law.
At any time, you may exercise your rights by contact the company following information provided in Article 8. of this privacy notice.
The Company may request some certain information from you to verify your identity and ensure your right to access personal data (or to exercise any other rights) to observe the security measures ensuring that your personal data will not be disclosed to any person,
who is not entitled to access such information
The Company will endeavor responding to all legitimate requests within 30 days. In some cases, the Company may take more than 30 days if your request is complicated, or you are submitting more than a request. Following to such event, the Company will notify and keep you posted the status of your request at all the times.
7. Security for your Personal Data
We have furnished the appropriate security measures covering the administrative safeguards, technical safeguards as well as physical safeguards in the purpose to protect loss of personal data or control the access of personal data to protect from loss, unauthorized access, alteration, modification, or disclosure without authorization in accordance with our Information Security Policy and Practice.
Additionally, with the purpose of retention your personal data as a confidentiality, integrity, and availability, we have also publicly established Privacy Notice in accompany with guidelines for security in the collection, use or disclosure of personal data, which will be reviewed from time to time suitably. In this regard, we will consider upon and abide by the Laws on Personal Data Protection, the Announcement of the Ministry of Digital Economy and Society concerning the Requirements for Personal Data Security Standards B.E. 2563 and the Announcement of the Ministry of Digital Economy and Society concerning the Requirements for Personal Data Security Standards (No.2) B.E. 2564, as well as other announcements or orders of the Office of the Personal Data Protection Commission.
8. Contact Us
If you have any concerns or questions about any aspect of the Company’s practices in relation to your personal data, you may contact the company using the contact information provided below: