pdpa

PERSONAL DATA PROTECTION POLICY OF GOPOMELO (PRIVACY POLICY)

GoPomelo (the “Company”) is committed to collecting and using personal data in a lawful manner. GoPomelo will ensure that, when it collects or uses personal data, such collection or use is allowed under applicable data protection law, including, for example, the EU General Data Protection Regulation (GDPR), Thailand Personal Data Protection Act, Hong Kong Personal Data (Privacy) Ordinance, Singapore Personal Data Protection Act, Malaysia Personal Data Protection Act, and California Consumer Privacy Act where such laws govern.

We recognise the importance of protecting your Personal Data including exchanging your Personal Data to other parties, and hereby conduct this Personal Data Protection Policy for you in order to lawfully collect, use and disclose your Personal Data. 

1. Personal Data

“Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular.

“Sensitive Personal Data” means Personal Data which such information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data or of any data which may affect the Data Subject in the same manner. 

“Data Subject” means an individual who owns Personal Data that the Company collects, uses or discloses.

“Data Controller” means a person or entity having the authority to make decisions regarding the collection, use or disclosure of Personal Data.

“Data Processor” means a person or entity who performs the collection, use or disclosure of Personal Data from the order or on behalf of the Data Controller providing that such person or entity that doing so is not the Data Controller.

2. Scope of this Privacy Policy

This Privacy Policy applies to the Personal Data which relates to the Company which may be processed by the Company, its officers, employees, business units or other forms of entities which are operated by the Company. This also includes the Company’s parties or third parties who process Personal Data (the “Data Processor”) on behalf of the Company such as Company’s product, websites, application systems, documents or other forms of services (collectively, the “Services”).

Individuals who are related to the Company under the provisions of the above paragraph includes:

    1. Individual customers
    2. Officers or operators
    3. Individual vendors and service providers
    4. Directors, attorneys, representatives, agents, shareholders, employees or other individuals that are related to the business of the Company
    5. Users of the Company’s products or Services
    6. Visitors or users of the Company’s website www.gopomelo.com including systems, applications, devices or other communication channels which controlled by the Company
    7. Other individuals whose the Company collects the Personal Data from, such as job applicants, relatives of the employees and beneficiaries in the insurance policy, etc.

      No.1 - No. 7 collectively called “You”

In addition to this Privacy Policy, the Company may specifically impose a privacy notice (“Notice”) for its certain Services in order to inform you regarding details of Personal Data which will be being processed by the Company, including the purposes and legitimate grounds for processing, retention period and your rights.

In the event that there is a conflict in relation to contents between this Privacy Policy and Notice, the contents of the Notices shall prevail.

3. Personal Data that the Company collects

The Company may collect or obtain the following Personal Data from you. This depends on the Services that you retain from the Company and any other considerations that apply to the collection of your Personal Data. The types of Personal Data listed below are the general framework of the Company’s collection of your Personal Data, providing that only Personal Data that relates to the Company Services will only be processed in compliance with the principle of proportionality and minimization.

Types of Personal Data Descriptions and Examples
Personal Data

Your identifier or information from official documents that identify you personally, such as your first name, last name, middle name, nickname, signature, ID card number, nationality, driver's license number, passport number, house registration information, professional license number (for each occupation), insurance identification number and social security number, etc.

Personal Characteristic Information

Detailed information about yourself such as date of birth, gender, height, weight, age, marital status, military service status, photographs, languages, data behavior, preferences, bankruptcy information and information on being a incompetent or quasi-incompetent, etc.

Contact Information Contact information such as your home phone number, mobile phone number, fax number, e-mail address, home mailing address, username in social networks (Line ID, Instagram, Facebook) and accommodation location, etc.
Employment and Educational Information Employment details including work history and educational background such as type of employment, occupation, rank, position, function, expertise, work permit status, reference information, tax identification number, tenure history, salary information, employment start date, employment leave date, assessment results, benefits and benefits items in the possession of the persons, bank account number, educational institutions, educational qualifications, educational results and graduation date, etc.
Insurance Policy Information

Details about insurance policy, such as assured insure, beneficiary policy number, policy type, protection limitation information about claims, etc.

Social Relationship Information Information about your social relationships such as political status, political position, relationship with the Company's employees, information on being a contractor/vendor/customer of the Company and information on being a stakeholder in the business with the Company, etc.

Use of Company’s Service Information

Details about the Company's products or Services, such as account name, password, PIN number, Single Sign-on (SSO ID) information, OTP, computer traffic information, geolocation data, photos, videos, audio recordings, usage behavior data (websites in the care of the Company such as www.gopomelo.com or other various applications), browsing history, cookies or similar technologies, device ID (Device ID), device type, connection details, browser information, language use and operating system, etc.

Sensitive Personal Data

Information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect you in the same manner. 

Please note that the Company may not be able to provide you certain Services, in the event that you do not give consents to the Company for the data processing for your Personal Data which is necessary to build the relationship between you and the Company. This may also lead to the result that the Company may not be able to enter into the agreement, perform its obligations under the agreement, or unable to perform its duties under the relevant laws.

4. Personal Data of the minor, incompetent and quasi-incompetent,

In the event that the Company knows that Data Subject is a minor, incompetent or quasi-incompetent person, the Company will not collect such Personal Data until obtained consent from the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, in accordance with the conditions prescribed by law.

In the event that the Company did not know beforehand that the Data Subject is a minor,  incompetent, or quasi-incompetent person and later found out that the Company has collected the information of such Data Subject without the consent of the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, the Company will delete and destroy that Personal Data as soon as possible in the event that the Company has no legitimate grounds to collect the Personal Data.

5. Source of the Receipt of Your Personal Data 

The Company may receive your Personal Data via the following channels:

  1. Personal Data that the Company collected directly from you through various channels such as the process of job application, signing contracts, documenting, completing surveys or using Services or other controlled service channels which maintained by the Company or when you communicate with the Company at the office or through telephone, email, post or other communication channels supervised by the Company, etc.

  2. Personal Data that the Company collected via website behavior tracking, products or services of the Company through the use of cookies (Cookies) or from software on your device when you access the Company’s website, etc.

  3. Personal Data that the Company received from other sources, by which such sources have the authority, acquire the legitimate grounds or have already obtained consents from the Data Subject, to provide such Personal Data to the Company, i.e. public governmental website who provide comprehensive public benefit services to the Data Subject, receipt of Personal Data from other government agencies on the ground that the Company has its contractual obligation to conduct a central information exchange center to support the operation of government agencies via the digital system, including services as deemed necessary under a contractual obligations by which the Personal Data may be exchanged with such contractual entities.

In addition, the above mentioned also includes the Personal Data of any third parties provided by you to the Company where you are responsible to provide this Privacy Policy or Notice as the case may be, to such third parties, including request for consent from third parties, in the event that consent is required to disclose information to the Company.

The Company may not be able to provide the Data Subject certain Services, in whole or in part, in the event that the Data Subject does not give consent to the Company for the data processing whereby the Personal Data is necessary to build the relationship between you and the Company. 

6. Purpose for Personal Data Collection

The Company process your Personal Data under the activities and purposes as followings:

1

The Company may use and process your Personal Data for the performance of contract

  • To verify your identification
  • To contact you for providing services or conducting transactions in relation to the sale and purchase between you and the Company
  • To use Company’s legal rights in relation to transactions regarding the sale and purchase between you and the Company
  • To request you  for products or services fee
  • To communicate with you about  the Company’s products and/or services
  • To identify issues in relation to existing products or services

2

The Company may obtain your consent to collect, utilize, process and disclose your Personal Data

  • To deliver information, advertisement in relation to products or services of the Company (including the Company’s affiliates or partners/
  • To conduct direct marketing to propose products or services promotion of the Company (including the Company’s affiliates or partners)/
  • To analyse your behavior on the use of products or services of the Company (including the Company’s affiliates)
  • To track your behavior in relation to your access to the Company’s website by using cookies* and tracking technologies to measure and improve the Company’s services
  • To propose to you any content that you are interested in from your website access behavior/
  • To perform the obligations under the agreement or to conduct any actions before the Company enters into an agreement with you

3

The Company may collect, utilize, disclose, process or transfer your Personal Data for legitimate interest or legal compliance


  • To contact you to propose products of services to you after you have provided the Company suggestions, feedback or request the Company to improve on products or services
  • To track your access to the Company’s website or your usage on online services in order to improve the Company’s website or to improve the Company online presentation for products or services
  • To inspect or clarify the accuracy of your identification for security purpose and to prevent fraudulent behavior
  • To disclose your Personal Data in the event of necessary for inspection, prevention or any retaliation in the event that the Company suspect that such behavior is deemed illegal or may cause fraudulent or to protect the safety, rights and assets of the Company or other third parties/
  • To use your Personal Data to protect the legal rights of the Company, including but not limited to, defend, analyse, investigate, negotiate, agree and resolve any disputes or legal issues
  • To disclose your Personal Data for the purpose of Company’s internal inspection
  • To comply with related laws
  • To comply with internal management operation
  • To achieve the continuity of the Company’s business and safety
  • To collect data from CCTV for securities purpose

4

The Company may disclose, process or transfer your Personal Data for the purpose of legal compliance with the related laws


  • To disclose or provide your Personal Data to governmental authorities or any other authorities that may use their legal power to access to your Personal Data as requested by such authorities in order to comply with the enforcement of the related laws
  • To comply with requests based on the rights you have with your Personal Data in the Company’s possession
  • To store documents for inspection/ for reference

In the event that it is necessary for the Company to collect your Personal Data for the performance of the contract basis, legal compliance basis or legitimate interest basis and you refuse to provide your Personal Data or refuse the Company to process your Personal Data, the Company may be unable to provide certain services in whole or in part to you.

7. Disclosure of your Personal Data

The Company shall not disclose your Personal Data to any third parties for the purpose of direct marketing, in the event that the Company has not obtained your prior consent. In the event that the Company has obtained your consent or received your approval to disclose your Personal Data in any other cases, the Company is entitled to disclose your Personal Data only for the purpose that you have provided your consent to or agreed to disclose to.

However, the Company may need to disclose your Personal Data to the Company’s affiliates under the obligations of the Company to provide certain Services to you under the agreement made between you and the Company or the Company’s affiliates. Therefore, in order to provide the Services to you, the followings are the names and details of the Company’s affiliates:

      • GoPomelo Holding  Co,. Ltd.
      • GoPomelo Co., Ltd.
      • GoPomelo Holding Pte. Ltd.
      • GoPomelo Vietnam Co., Ltd.
      • GoPomelo Pte. Ltd.
      • GoPomelo X Co., Ltd.
      • GoPomelo Sdn. Bhd.

By disclosing your Personal Data to the above mentioned,  the Company will ensure that those above mentioned shall keep your Personal Data confidential and shall not be used for any purpose other than the scope specified in the agreement. For the benefit of the service, storage, safety, data retrieval, and for backup, Personal Data that the Company received from you is stored on the data center (Cloud) of a third party data processor which servers are located in the other countries. In this regard, the Company has carefully examined the data processor and has entered an agreement with the data processor to make sure that data security measures and scope of data processing are in place. You will be deemed to have given your consent to the cross-border transfers and storage of your personal data abroad for the above purposes.

In addition, the Company may require to disclose your Personal Data for investigation or legal action as may be requested from any governmental authorities or regulatory authorities, including transfer your Personal Data to the credit bureau authorities for inspection in order to prevent fraud or corruption conducts.

8. Sending or Transferring of Personal Data Overseas

Your Personal Data is disclosed to our Data Processor who provides cloud storage service and that the data is stored in Singapore. The Company has ensured that the system has adequate and international security measures including personal data protection standards which are equivalent to the relevant laws.

9. Storage of Personal Data and Duration of Storage of Personal Data

The Company is obliged to keep your Personal Data only for as long as it is necessary for the purpose for which it was collected as detailed in this Privacy Policy, Notice or in accordance with the relevant laws. After the expiration of the period and that your Personal Data is no longer necessary for the purposes which it was collected, the Company will delete and destroy your Personal Data or make your Personal Data unidentifiable in accordance with the forms and standards for the destruction of Personal Data that the Personal Data Protection Committee or the law that will announce in the future or in accordance with international standards. However, in the event of disputes, or to exercise rights or conduct lawsuits related to your Personal Data, the Company reserves the right to retain your Personal Data until the dispute has been finalized by court order or judgment.

The Company shall not store your Personal Data longer than it is necessary for the purposes as specified in this statement, providing however that in the event that the related laws required the Company to store your Personal Data beyond the retention period, the Company shall continue to protect your Personal Data.

10. Services provided by third parties or sub-provider

The Company may assign or procure third parties (Data Processor) to process Personal Data on behalf of the Company in certain services such as hotsing, outsourcing, or cloud computing service/provider or any other ways.

By assigning third parties to process Personal Data as a Data Processor, the Company, as a Data Controller, shall provide an agreement to the Data Processor specifying duties and rights of the Data Processor. The Company shall identify details in relation to types of Personal Data that the Data Processor is entitled to process, including purposes, scopes of Data Processing and other related terms and conditions that the Data Processor is obliged to, to the extent specified in the agreement between the Company and the Data Processor.

In the event that a Data Processor assigned a sub-processor to process Personal Data on behalf of the Data Processor, the Company shall direct the Data Processor to provide the Company the document or agreement between the Data Processor and such sub-processor in the form and standards that shall no lower than the agreement between the Company and the Data Processor.

11 . Connecting to external websites of services

The Services of the Company may contain links to third-parties’ websites or services, which such websites or services may contain the privacy policy that is different to the content of this Privacy Policy. The Company recommends you to study the privacy policy of such websites or services in order to understand the details of such privacy policy before accessing to such websites or services. The Company is not associated with and has no control over the privacy protection measures of such websites or services and cannot be held responsible for the content, policy, damages or actions caused by third-parties’ websites or services.

12. Security of your Personal Data

12.1 The Company has implemented technical measures and data management methods to appropriately maintain the security of your Personal Data and to keep your Personal Data confidential, prevent the loss and unlawful access, destruction, use, change, alteration or disclosure of your Personal Data.

12.2 In the case where certain transactions on the website or application or social networks are necessary to use a password to log in (Log-in), you are responsible for keeping such passwords confidential. The Company will not be responsible in the event that your Personal Data is leaked or violated from the fact that you give your password to another person/

12.3 If you use a computer or mobile phone by sharing with other people or use a public computer, the Company recommends you to not choose the computer to automatically remember the user account name and password and you will have to log out every time when you stop using such computer or mobile phone. In the case where you use the website or application or the Company's social network, you should set your privacy settings as deemed appropriate for yourself.

13. The Rights of the Owner of the Personal Data

The Company warrants that during the retention period, you reserves the rights to conduct as follows:

    • withdraw any consents that you have provided to the Company
    • request access for your Personal Data, obtain copy of your Personal Data that is under the responsibilities of the Company or request for disclose the method of acquiring your Personal Data that you have not give the consent to the Company
    • request to obtain your Personal Data from the Company and request the Company to deliver or transfer your Personal Data to another recipient, including request the Company to receive your Personal Data that the Company has sent or transferred
    • reject the collection, utilization or disclosure of your Personal Data in the event that your Personal Data has been collected without your consent or for the purpose in relation to direct marketing
    • request the Company to delete or destroy or to encrypt your Personal Data in the event that the Company is no longer required to store your Personal Data
    • request the Company to suspend the use of your Personal Data in the event that the Company is no longer required to retain your Personal Data for the purposes for which it was collected
    • request the Company to maintain your Personal Data in accurate, up to date, complete and in a not misleading basis
    • make a complaint to any related entities in the event that there is illegal conduct under the related laws
    • You reserve the right to request the Company to delete or suspend the utilization of your Personal Data, to transfer your Personal Data to other recipients as you desire, including to reject the processing of your Personal Data under reasonable ground. In addition, you reserve the right to file a complaint to the Personal Data Protection Committee, in the event that there is a breach of the Personal Data Protection laws.

However, your exercise of rights must be in accordance with the laws and the Company may refuse to exercise your rights as stipulated by the law, in the event that the Company is able to claim another legitimate basis, providing however that the Company shall provide you the reason for such refusal.

The Company shall not charge for a fee in relation to your exercise of right, however, the Company may charge you for a fee as deemed necessary, in the event that your request for the access of Personal Data is not reasonable or excessive.

You may contact the DPO at all time to file a complaint for your request of your rights via the channel as the Company specified above in Data Subject Right Form. The Company shall consider and notify your request within thirty (30) days from the date of the receipt of your request.  

14. Cookies*

Cookies are small pieces of information sent from the website, which will be stored on your computer. Cookies help record the Company's website browsing activities, such as preferred languages, favorite lists, general use and other settings to customize the website to suit your needs and make your internet access activities faster and more convenient.

You may set your browser's settings to deactivate cookies. However, cancellation may affect the quality of use on the website or may cause difficulties in making transactions with the company through the website.

When you visit the Company's website, the Company may place cookies on your device and use them to collect your Personal Data in order to improve the Company’s website for your better experience when browsing through our websites. You can manually set or delete the use of cookies from your Web Browser.

15. Contact Channel to the Company

GoPomelo Co., Ltd

Contact Address: No. 6/1 Campus Building, 1st Floor, Soi Punnawithi 11, Bangchak, Phrakanong, Bangkok 10260, Thailand

Telephone Number: (+66) 2-030-0082

Email Address: support@gopomelo.com

Data Protection Officer (DPO)

GoPomelo Co., Ltd

Contact Address: No. 6/1 Campus Building, 1st Floor, Soi Punnawithi 11, Bangchak, Phrakanong, Bangkok 10260, Thailand

Telephone Number: (+66) 2-030-0082

Email Address: woraphat@gopomelo.com,legal@gopomelo.com

16.  Amendments on Personal Data Protection Policy

The Company reserves the rights to review the Personal Data Privacy Policy regularly in order to comply with related guidelines and applicable laws and regulations. In the event that the Personal Data Privacy Policy is changed,  the Company shall notify you by updating the information on our website as soon as possible for your consideration and acceptance by electronic or any other means. And if you, as a user, have proceeded to accept such changes, the revised policy shall be considered a part of this Personal Data Privacy Policy.

This Personal Data Privacy Policy is currently reviewed last time as of 23rd December 2021

The Company will notify you of any changes to this Privacy Policy on the Company’s Website.