Personal Data that the Company collects
Personal Data of the minor, incompetent and quasi-incompetent
Source of the Receipt of Your Personal Data
Purpose for Personal Data Collection
Disclosure of your Personal Data
Sending or Transferring of Personal Data Overseas
Storage of Personal Data and Duration of Storage of Personal Data
Services provide by third parties or sub-provider
Connecting to external websites of services
Security of your Personal Data
The Rights of the Owner of the Personal Data
Amendments on Personal Data Protection Policy
GoPomelo (the “Company”) is committed to collecting and using personal data in a lawful manner. GoPomelo will ensure that, when it collects or uses personal data, such collection or use is allowed under applicable data protection law, including, for example, the EU General Data Protection Regulation (GDPR), Thailand Personal Data Protection Act, Hong Kong Personal Data (Privacy) Ordinance, Singapore Personal Data Protection Act, Malaysia Personal Data Protection Act, and California Consumer Privacy Act where such laws govern.
We recognise the importance of protecting your Personal Data including exchanging your Personal Data to other parties, and hereby conduct this Personal Data Protection Policy for you in order to lawfully collect, use and disclose your Personal Data.
“Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular.
“Sensitive Personal Data” means Personal Data which such information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data or of any data which may affect the Data Subject in the same manner.
“Data Subject” means an individual who owns Personal Data that the Company collects, uses or discloses.
“Data Controller” means a person or entity having the authority to make decisions regarding the collection, use or disclosure of Personal Data.
“Data Processor” means a person or entity who performs the collection, use or disclosure of Personal Data from the order or on behalf of the Data Controller providing that such person or entity that doing so is not the Data Controller.
Individuals who are related to the Company under the provisions of the above paragraph includes:
- Individual customers
- Officers or operators
- Individual vendors and service providers
- Directors, attorneys, representatives, agents, shareholders, employees or other individuals that are related to the business of the Company
- Users of the Company’s products or Services
- Visitors or users of the Company’s website www.gopomelo.com including systems, applications, devices or other communication channels which controlled by the Company
- Other individuals whose the Company collects the Personal Data from, such as job applicants, relatives of the employees and beneficiaries in the insurance policy, etc.
No.1 - No. 7 collectively called “You”
3. Personal Data that the Company collects
The Company may collect or obtain the following Personal Data from you. This depends on the Services that you retain from the Company and any other considerations that apply to the collection of your Personal Data. The types of Personal Data listed below are the general framework of the Company’s collection of your Personal Data, providing that only Personal Data that relates to the Company Services will only be processed in compliance with the principle of proportionality and minimization.
|Types of Personal Data||Descriptions and Examples|
Your identifier or information from official documents that identify you personally, such as your first name, last name, middle name, nickname, signature, ID card number, nationality, driver's license number, passport number, house registration information, professional license number (for each occupation), insurance identification number and social security number, etc.
|Personal Characteristic Information||
Detailed information about yourself such as date of birth, gender, height, weight, age, marital status, military service status, photographs, languages, data behavior, preferences, bankruptcy information and information on being a incompetent or quasi-incompetent, etc.
|Contact Information||Contact information such as your home phone number, mobile phone number, fax number, e-mail address, home mailing address, username in social networks (Line ID, Instagram, Facebook) and accommodation location, etc.|
|Employment and Educational Information||Employment details including work history and educational background such as type of employment, occupation, rank, position, function, expertise, work permit status, reference information, tax identification number, tenure history, salary information, employment start date, employment leave date, assessment results, benefits and benefits items in the possession of the persons, bank account number, educational institutions, educational qualifications, educational results and graduation date, etc.|
|Insurance Policy Information||
Details about insurance policy, such as assured insure, beneficiary policy number, policy type, protection limitation information about claims, etc.
|Social Relationship Information||Information about your social relationships such as political status, political position, relationship with the Company's employees, information on being a contractor/vendor/customer of the Company and information on being a stakeholder in the business with the Company, etc.|
|Use of Company’s Service Information||
Details about the Company's products or Services, such as account name, password, PIN number, Single Sign-on (SSO ID) information, OTP, computer traffic information, geolocation data, photos, videos, audio recordings, usage behavior data (websites in the care of the Company such as www.gopomelo.com or other various applications), browsing history, cookies or similar technologies, device ID (Device ID), device type, connection details, browser information, language use and operating system, etc.
|Sensitive Personal Data||
Information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect you in the same manner.
Please note that the Company may not be able to provide you certain Services, in the event that you do not give consents to the Company for the data processing for your Personal Data which is necessary to build the relationship between you and the Company. This may also lead to the result that the Company may not be able to enter into the agreement, perform its obligations under the agreement, or unable to perform its duties under the relevant laws.
4. Personal Data of the minor, incompetent and quasi-incompetent,
In the event that the Company knows that Data Subject is a minor, incompetent or quasi-incompetent person, the Company will not collect such Personal Data until obtained consent from the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, in accordance with the conditions prescribed by law.
In the event that the Company did not know beforehand that the Data Subject is a minor, incompetent, or quasi-incompetent person and later found out that the Company has collected the information of such Data Subject without the consent of the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, the Company will delete and destroy that Personal Data as soon as possible in the event that the Company has no legitimate grounds to collect the Personal Data.
5. Source of the Receipt of Your Personal Data
The Company may receive your Personal Data via the following channels:
- Personal Data that the Company collected directly from you through various channels such as the process of job application, signing contracts, documenting, completing surveys or using Services or other controlled service channels which maintained by the Company or when you communicate with the Company at the office or through telephone, email, post or other communication channels supervised by the Company, etc.
- Personal Data that the Company received from other sources, by which such sources have the authority, acquire the legitimate grounds or have already obtained consents from the Data Subject, to provide such Personal Data to the Company, i.e. public governmental website who provide comprehensive public benefit services to the Data Subject, receipt of Personal Data from other government agencies on the ground that the Company has its contractual obligation to conduct a central information exchange center to support the operation of government agencies via the digital system, including services as deemed necessary under a contractual obligations by which the Personal Data may be exchanged with such contractual entities.
The Company may not be able to provide the Data Subject certain Services, in whole or in part, in the event that the Data Subject does not give consent to the Company for the data processing whereby the Personal Data is necessary to build the relationship between you and the Company.
6. Purpose for Personal Data Collection
The Company process your Personal Data under the activities and purposes as followings:
The Company may use and process your Personal Data for the performance of contract
The Company may obtain your consent to collect, utilize, process and disclose your Personal Data
The Company may collect, utilize, disclose, process or transfer your Personal Data for legitimate interest or legal compliance
The Company may disclose, process or transfer your Personal Data for the purpose of legal compliance with the related laws
In the event that it is necessary for the Company to collect your Personal Data for the performance of the contract basis, legal compliance basis or legitimate interest basis and you refuse to provide your Personal Data or refuse the Company to process your Personal Data, the Company may be unable to provide certain services in whole or in part to you.
7. Disclosure of your Personal Data
The Company shall not disclose your Personal Data to any third parties for the purpose of direct marketing, in the event that the Company has not obtained your prior consent. In the event that the Company has obtained your consent or received your approval to disclose your Personal Data in any other cases, the Company is entitled to disclose your Personal Data only for the purpose that you have provided your consent to or agreed to disclose to.
However, the Company may need to disclose your Personal Data to the Company’s affiliates under the obligations of the Company to provide certain Services to you under the agreement made between you and the Company or the Company’s affiliates. Therefore, in order to provide the Services to you, the followings are the names and details of the Company’s affiliates:
- GoPomelo Holding Co,. Ltd.
- GoPomelo Co., Ltd.
- GoPomelo Holding Pte. Ltd.
- GoPomelo Vietnam Co., Ltd.
- GoPomelo Pte. Ltd.
- GoPomelo X Co., Ltd.
- GoPomelo Sdn. Bhd.
By disclosing your Personal Data to the above mentioned, the Company will ensure that those above mentioned shall keep your Personal Data confidential and shall not be used for any purpose other than the scope specified in the agreement. For the benefit of the service, storage, safety, data retrieval, and for backup, Personal Data that the Company received from you is stored on the data center (Cloud) of a third party data processor which servers are located in the other countries. In this regard, the Company has carefully examined the data processor and has entered an agreement with the data processor to make sure that data security measures and scope of data processing are in place. You will be deemed to have given your consent to the cross-border transfers and storage of your personal data abroad for the above purposes.
In addition, the Company may require to disclose your Personal Data for investigation or legal action as may be requested from any governmental authorities or regulatory authorities, including transfer your Personal Data to the credit bureau authorities for inspection in order to prevent fraud or corruption conducts.
In some cases, the Company may be required to send or transfer your Personal Data abroad in order to perform and provide service to you, for example, to transfer your Personal Data to the cloud system where the platform or the server is located in a foreign country (eg. Singapore or the United States, etc.) to support information technology systems located outside of Thailand, however, this is depending on the Services of the Company you used or involved in on a case-by-case basis.
- Complying with the law that requires the Company to send or transfer Personal Data abroad;
- Informing you and obtaining your consent in the event that the destination country has insufficient standards for Personal Data Protection as the list of countries announced by the Data Protection Committee;
- Performing as necessary to perform the Company’s obligations under the contract between you and the Company or complying with your request before entering into such contract;
- Complying with the obligations under the contract between the Company and other persons or juristic entities for your benefits;
- Preventing or suppressing a danger to life, body or health of you or other persons when you are unable to provide the consent at that time to the Company
- Performing as necessary for public interest or upon assignment of official authorities
9. Storage of Personal Data and Duration of Storage of Personal Data
The Company shall not store your Personal Data longer than it is necessary for the purposes as specified in this statement, providing however that in the event that the related laws required the Company to store your Personal Data beyond the retention period, the Company shall continue to protect your Personal Data.
10. Services provided by third parties or sub-provider
The Company may assign or procure third parties (Data Processor) to process Personal Data on behalf of the Company in certain services such as hotsing, outsourcing, or cloud computing service/provider or any other ways.
By assigning third parties to process Personal Data as a Data Processor, the Company, as a Data Controller, shall provide an agreement to the Data Processor specifying duties and rights of the Data Processor. The Company shall identify details in relation to types of Personal Data that the Data Processor is entitled to process, including purposes, scopes of Data Processing and other related terms and conditions that the Data Processor is obliged to, to the extent specified in the agreement between the Company and the Data Processor.
In the event that a Data Processor assigned a sub-processor to process Personal Data on behalf of the Data Processor, the Company shall direct the Data Processor to provide the Company the document or agreement between the Data Processor and such sub-processor in the form and standards that shall no lower than the agreement between the Company and the Data Processor.
11 . Connecting to external websites of services
12. Security of your Personal Data
12.1 The Company has implemented technical measures and data management methods to appropriately maintain the security of your Personal Data and to keep your Personal Data confidential, prevent the loss and unlawful access, destruction, use, change, alteration or disclosure of your Personal Data.
12.2 In the case where certain transactions on the website or application or social networks are necessary to use a password to log in (Log-in), you are responsible for keeping such passwords confidential. The Company will not be responsible in the event that your Personal Data is leaked or violated from the fact that you give your password to another person/
12.3 If you use a computer or mobile phone by sharing with other people or use a public computer, the Company recommends you to not choose the computer to automatically remember the user account name and password and you will have to log out every time when you stop using such computer or mobile phone. In the case where you use the website or application or the Company's social network, you should set your privacy settings as deemed appropriate for yourself.
13. The Rights of the Owner of the Personal Data
The Company warrants that during the retention period, you reserves the rights to conduct as follows:
- withdraw any consents that you have provided to the Company
- request access for your Personal Data, obtain copy of your Personal Data that is under the responsibilities of the Company or request for disclose the method of acquiring your Personal Data that you have not give the consent to the Company
- request to obtain your Personal Data from the Company and request the Company to deliver or transfer your Personal Data to another recipient, including request the Company to receive your Personal Data that the Company has sent or transferred
- reject the collection, utilization or disclosure of your Personal Data in the event that your Personal Data has been collected without your consent or for the purpose in relation to direct marketing
- request the Company to delete or destroy or to encrypt your Personal Data in the event that the Company is no longer required to store your Personal Data
- request the Company to suspend the use of your Personal Data in the event that the Company is no longer required to retain your Personal Data for the purposes for which it was collected
- request the Company to maintain your Personal Data in accurate, up to date, complete and in a not misleading basis
- make a complaint to any related entities in the event that there is illegal conduct under the related laws
- You reserve the right to request the Company to delete or suspend the utilization of your Personal Data, to transfer your Personal Data to other recipients as you desire, including to reject the processing of your Personal Data under reasonable ground. In addition, you reserve the right to file a complaint to the Personal Data Protection Committee, in the event that there is a breach of the Personal Data Protection laws.
However, your exercise of rights must be in accordance with the laws and the Company may refuse to exercise your rights as stipulated by the law, in the event that the Company is able to claim another legitimate basis, providing however that the Company shall provide you the reason for such refusal.
The Company shall not charge for a fee in relation to your exercise of right, however, the Company may charge you for a fee as deemed necessary, in the event that your request for the access of Personal Data is not reasonable or excessive.
You may contact the DPO at all time to file a complaint for your request of your rights via the channel as the Company specified above in “Data Subject Right Form”. The Company shall consider and notify your request within thirty (30) days from the date of the receipt of your request.
Cookies are small pieces of information sent from the website, which will be stored on your computer. Cookies help record the Company's website browsing activities, such as preferred languages, favorite lists, general use and other settings to customize the website to suit your needs and make your internet access activities faster and more convenient.
You may set your browser's settings to deactivate cookies. However, cancellation may affect the quality of use on the website or may cause difficulties in making transactions with the company through the website.
15. Contact Channel to the Company
GoPomelo Co., Ltd
Contact Address: No. 6/1 Campus Building, 1st Floor, Soi Punnawithi 11, Bangchak, Phrakanong, Bangkok 10260, Thailand
Telephone Number: (+66) 2-030-0082
Email Address: email@example.com
Data Protection Officer (DPO)
GoPomelo Co., Ltd
Contact Address: No. 6/1 Campus Building, 1st Floor, Soi Punnawithi 11, Bangchak, Phrakanong, Bangkok 10260, Thailand
Telephone Number: (+66) 2-030-0082
16. Amendments on Personal Data Protection Policy