This Privacy Policy, hereinafter referred to as the "Policy", first came into effect on September 7, 2023, and the details are as follows:
1. Definitions
Within this policy:
(a) "Website" means the website named INFESTATION SEA and located at www.infestsea.com.
(b) "Data Controller" means the service provider or owner of the website, as defined in this policy, namely TopFair Development Company Limited, registered under corporate registration number 0205566042617, with its registered office at 237/24 Moo 5, Na Kluea Subdistrict, Bang Lamung District, Chonburi Province. Contact at [email protected].
(c) "Data Processor" means an external person who processes data for the benefit or on behalf of the Data Controller.
(d) "Data" means anything that conveys factual information, data, or anything else, regardless of whether the communication is made through the nature of the thing itself or through any method, and regardless of whether it is recorded in the form of a document, file, report, book, chart, map, drawing, photograph, film, image or sound recording, recorded by a machine, computerized, electronic, or any other method that makes the recorded matter visible.
(e) "Personal Data" means information about any ordinary person that enables the identification of that person, whether directly or indirectly.
(f) "Sensitive Data" means the personal data of users related to race, ethnic origin, political opinions, beliefs in religion, or philosophy, sexual behavior, criminal history, health information, disabilities, genetics, biometric data, facial features, fingerprints, eye patterns, or union membership or any other data which the Personal Data Protection Committee, in accordance with personal data protection laws, has declared as sensitive personal data.
(g) "User" means you, visitor, user, or member of the website, who is the owner of personal data under this policy.
(h) "Data Protection Officer" means the officer appointed by the Data Controller to oversee compliance with personal data protection laws.
2. User Consent
By accessing the website, users agree and consent to the collection and use of personal data as follows:
(a) Purpose of Collection and Use of Personal Data
Users acknowledge, agree, and consent to the data controller collecting and using personal data for the following purposes only:
Public relations and marketing through online and offline channels, including telesales.
(b) Types of Personal Data Collected and Used
Users acknowledge, agree, and consent to the data controller collecting and using the following personal data only:
Name, surname, gender, address, country, phone number, email, date of birth.
(c) Duration of Data Collection
Users acknowledge, agree, and consent to the data controller collecting and using personal data for a period of 5 (five) years from the date of consent to the collection and use of personal data in accordance with this policy.
3. Linking User Data with Third-Party Service Providers
Users acknowledge, agree, and consent that the data controller may link user data with third-party service providers. When linking or sharing data with third-party service providers, the data controller will notify users each time which user data will be linked or shared with the third-party service provider. This notification will occur when the user has clearly expressed their intention to authorize such linking or sharing, including but not limited to, by clicking "accept," giving permission, linking, sharing, or any action that explicitly indicates the user's consent to link or share data with the third-party service provider.
4. User Website Usage Behavior Tracking
Users acknowledge, consent, and agree that the data controller may use the following systems and/or technologies to track the usage behavior of users on the website:
Cookies technology, Pixel Tags usage, and Google Analytics Tag.
This will be done solely for the following purposes:
To improve services and present products that align with the preferences of users.
5. User Withdrawal of Consent
Users acknowledge that they have the right to withdraw any consent granted to the data controller under this policy at any time, by taking the following steps:
Selecting "Do Not Agree" in the privacy settings menu directly within the website.
Furthermore, users also acknowledge that upon withdrawing consent, the following consequences will apply:
Users will no longer have access to special services within the website, and will only have the right to visit.
By taking these actions, users agree to accept the consequences of their withdrawal of consent in full.
6. User Accounts
In using the website, the data controller may arrange for each user to have a user account for website access. The data controller alone has the right to approve the opening of user accounts, determine the types of user accounts, specify access rights for each account type, website usage rights, any associated account fees, as well as the roles and responsibilities of the users who own those user accounts.
Users agree to keep their user account name, password, and any of their personal information strictly confidential, and agree not to permit, under any circumstances, the use of their user account by any other person. Users further agree and certify that the use of their user account by any other person is done on behalf of the user and has the same binding effect as if the user had taken the action themselves.
7. User Rights
Upon accessing the website in accordance with this policy and granting any consent as per this policy, users acknowledge their rights as owners of personal data under data protection laws, including but not limited to the following rights:
(a) Users may withdraw their consent granted under this policy at any time by notifying the data controller in writing through the methods and channels specified in this policy.
(b) Users have the right to access and request a copy of their personal data or data related to them that the data controller has collected in accordance with this policy.
(c) Users have the right to be informed by the data controller about the source of their personal data or data related to them that they did not consent to, under circumstances such as:
(d) Users may authorize the data controller to send or transfer their personal data or data related to them to another data controller, including requesting such data sent or transferred directly from the data controller.
(e) Users may object to the collection, use, or disclosure of their personal data or data related to them in the following cases:
(1) When the data controller collects, uses, or discloses the user's personal data as necessary for the legitimate interests pursued by the data controller or by a third party, which the user can demonstrate overrides their interests.
(2) When the data controller collects, uses, or discloses the user's personal data to comply with legal obligations, which the user can demonstrate overrides their interests.
(3) When the data controller collects, uses, or discloses the user's personal data for direct marketing purposes.
(4) When the data controller collects, uses, or discloses the user's personal data without legal consent, regulations, or rules regarding the protection of personal data.
(f) Users have the right to request the data controller to delete, destroy, or make their data unidentifiable, in the following cases:
(1) When personal data is no longer necessary for the purposes for which it was collected, used, or disclosed.
(2) When the user, who is the owner of the personal data, has withdrawn their consent for the collection, use, or disclosure of that personal data, and the data controller has no other legal authority to collect, use, or disclose that data again.
(3) When the user has objected to the collection, use, or disclosure of their data in accordance with the law, regulations, or rules regarding the protection of personal data.
(4) When personal data has been collected, used, or disclosed without legal consent, regulations, or rules regarding the protection of personal data.
(g) If users find that their personal data is incorrect, incomplete, unclear, or misleading, they have the right to request the data controller to correct that data to be accurate, up-to-date, complete, and not misleading.
(h) Users may file a complaint with the expert committee on personal data protection under the data protection laws in cases related to violations or non-compliance with laws, regulations, or rules regarding the protection of personal data by the data controller.
8. Data Security Measures
In collecting and using personal data in accordance with this policy, the data controller will implement appropriate security measures to prevent loss, unauthorized access, use, alteration, or disclosure of data that is not in compliance with the law, through measures, standards, technologies, and/or systems such as:
Providing access rights to relevant parties.
Using data encryption for transmission.
Maintaining security through firewalls and Internet Protocol Security (IPsec).
9. Personal Data Correction and Updates
The data controller will establish a system and measures to ensure the following:
(a) Process to rectify and update personal data to be accurate, current, complete, and not misleading.
(b) Delete or destroy personal data that exceeds the agreed-upon data retention period provided by the user's consent.
(c) Delete or destroy personal data that is unrelated to the aforementioned purpose of personal data usage, as per the user's consent.
10. Collection, Use, and/or Disclosure of Personal Data in Compliance with Personal Data Protection Laws
Users acknowledge and agree that the data controller may collect, use, and/or disclose their information without prior consent, to the extent necessary and for the following specific purposes:
(a) To achieve objectives related to the preparation of historical documents or footnotes for public interest, research, statistics, with appropriate protective measures to safeguard the rights and freedoms of the user's personal data.
(b) To prevent or mitigate threats to the life, body, or health of any person.
(c) When necessary for the performance of a contract in which the user, as the data subject, is a party or for pre-contractual measures at the user's request.
(d) Necessary for compliance with a legal obligation of the data controller or in the exercise of official authority vested in the data controller.
(e) Necessary for the legitimate interests pursued by the data controller or by a third party, provided that such interests outweigh the fundamental rights and freedoms of the user's personal data.
(f) In compliance with applicable laws and regulations by the data controller.
The data controller will record the collection, use, and/or disclosure of the user's personal data as stated in the preceding paragraph as significant.
11. Collection, Use, and/or Disclosure of Sensitive Personal Data
Users acknowledge and agree that, in addition to collecting, using, and/or disclosing personal data provided by the user in accordance with this policy, the data controller may collect, use, and/or disclose sensitive personal data of the user without prior consent, to the extent necessary and for the following specific purposes:
(a) To prevent or mitigate threats to the life, body, or health of the user, where obtaining consent is not possible, regardless of the circumstances.
(b) When the data is publicly disclosed with explicit consent from the data subject.
(c) When necessary for establishing, exercising, or defending legal claims.
(d) When necessary for compliance with a legal obligation to achieve objectives related to:
(1) Preventive medicine, occupational medicine, assessment of employee work capacity, medical diagnosis, provision of health services or social services, medical treatment, health management, or social welfare system, with appropriate measures to protect the confidentiality of personal data as required by professional ethics.
(2) Public health benefits, such as preventing contagious or epidemic diseases that may enter the kingdom or controlling the standards or quality of drugs, medical supplies, or medical equipment, with appropriate measures to protect the fundamental rights and benefits of the user's personal data.
(3) Protection of labor rights, social security, national health insurance, medical benefits of persons entitled by law, protection of persons injured by accidents from vehicles, or social protection, where the collection of personal data of users is necessary for the exercise of the rights or duties of the data controller or data user.
(4) Scientific research in science, history, or statistics, or other public benefits, provided that data collection, use, and/or disclosure is necessary and appropriate measures are in place to protect the fundamental rights and benefits of the user's personal data as declared by the Personal Data Protection Committee.
(5) Significant public benefits, with appropriate measures in place to protect the fundamental rights and benefits of the user's personal data.
The data controller will record the collection, use, and/or disclosure of the user's personal data as stated in the preceding paragraph as significant.
12. Use of the Website by Persons under Guardianship, Custody, or Wardship of Users
Users certify that they are not and will not allow persons with the following characteristics to visit, use, or become members of the website:
(a) Persons with disabilities under the guardianship of the user.
(b) Persons akin to those without legal capacity under the custody of the user.
In cases where the user agrees to allow persons with the aforementioned characteristics to visit, use, or become members of the website, the user agrees to act on behalf of and in the name of the said persons, as the case may be, in accordance with the terms and consent provided in this policy.
13. Sending or Transferring Personal Data Abroad
The data controller may send or transfer the personal data of users to a foreign country in the following cases:
(a) The destination country or international organization receiving the personal data has sufficient standards of data protection as required by the laws, regulations, and regulatory provisions related to personal data protection.
(b) The data subject, being the user, has been informed of and acknowledged the insufficient data protection standards of the destination country or international organization receiving the data, and has provided consent.
(c) It is required by law.
(d) It is necessary for the performance of a contract with the data subject, or for carrying out pre-contractual measures at the data subject's request.
(e) It is necessary for the performance of a contract between the data controller and another person for the data subject's benefit.
(f) It is necessary to protect the life, body, or health of the data subject or any other person when the data subject is unable to give consent at that time.
(g) It is necessary for carrying out a task for an important public interest.
14. Notification of Personal Data Breach
In the event that the data controller becomes aware of a breach of personal data, whether by any individual, the data controller shall take the following actions:
(a) If there is a risk that the breach may affect the rights or freedoms of any individual, the data controller shall promptly notify the Office of the Personal Data Protection Commission without undue delay, to the extent possible within 72 (seventy-two) hours from becoming aware of the incident.
(b) If there is a high risk that the breach may significantly affect the rights or freedoms of any individual, the data controller shall notify the affected individuals and provide guidance for mitigation, in addition to notifying the Office of the Personal Data Protection Commission, without undue delay, to the extent possible within 72 (seventy-two) hours from becoming aware of the incident.
15. Complaints and Reporting of Personal Data Issues
Users may file complaints and report issues regarding personal data, including but not limited to requesting the data controller to update and/or correct the data, objecting to data collection, or suspending data usage, through the following contact:
Email: [email protected]
16. Recording of Important Records
Unless data protection laws provide otherwise, the data controller shall record important details regarding the collection, usage, or disclosure of data in written or electronic form for verification purposes, either from the data owners or from government agencies. This includes, but is not limited to, the following details:
(a) Types of collected personal data
(b) Purposes of collecting each type of personal data
(c) Information about the data controller
(d) Duration of personal data retention
(e) Rights and methods to access personal data, including conditions for individuals who have the right to access such data, and conditions for accessing such data
(f) Collection, usage, or disclosure of personal data that is exempt from requiring consent from the data owners
(g) Rejection of costs and various objections
(h) Details regarding security measures for safeguarding personal data.
17. Amendment of Policy
The data controller may amend and modify the content of this policy at any time, in whole or in part. The data controller will notify users whenever there are changes, to allow users to review and accept electronically or by any other means. If users take action to accept, it shall be considered that the amended policy is a part of this policy.
18. Contractual Relationship
Both parties understand and acknowledge that entering into this policy does not establish an employer-employee relationship or a partnership under labor or corporate laws.
19. Assignment
Unless otherwise explicitly stated in this policy, the parties agree not to transfer rights, duties, and/or liabilities under this policy to any person without the prior written consent from the other party.
20. Waiver
The failure of the data controller to exercise any right or to exercise it belatedly on one occasion shall not be deemed as a waiver, and the partial exercise or waiver of any right on one occasion shall not be deemed as a waiver of any other right or on any other occasion.
21. Severability
If any provision or agreement in this policy is determined to be invalid, incomplete, or unenforceable for any reason, the parties agree that the other provisions and agreements in this policy shall remain valid and enforceable as if the invalid, incomplete, or unenforceable part did not exist in this policy.
22. Applicable Law
This policy shall be governed by the laws of Thailand.
23. Dispute Resolution
In case of any disputes or disagreements arising from this policy, if the parties cannot reach an agreement, the parties agree to bring the dispute to court in Thailand.
Website owner contact information: [email protected]
Topfair Development Co., Ltd.
© 2023 Published by TOPFAIR Development Co., Ltd. All Rights Reserved.