Collection of Personal Data
We will collect your personal data that receive directly from you as following:
- your account registration
- email address
- Facebook Login
- Google Login
- LINE Login
- Twitter Login
- LinkedIn Login
We may collect your personal data that we can access from the other source not directly from you such as search engines, social media, government authorities, third parties, etc.
Types of Data Collected
Personal data such as name, surname, age, date of birth, nationality, identification card, passport, etc.
Contact information such as address, telephone number, e-mail address, etc.
Account details such as username, password, transactions history, etc.
Proof of identity such as copy of identification card, copy of passport, etc.
Transaction and Financial information such as purchase history, credit card details, bank account, etc.
Technical data such as IP address, Cookie ID, Activity Log, etc.
Other such as photo, video, and other information that is considered personal data under the Personal Data Protection Laws.
We may collect, use or disclose your sensitive data that is specially categorized by law when we have obtained explicit consent from you or where necessary for us as permissible under law. We may collect, use or disclose your sensitive personal data as following:
Any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.
If you are under the age of 20 or having legal restrictions, we may collect use or disclose your personal data. We require your parents or guardian to be aware and provide consent to us or allowed by applicable laws. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Storage of Data
We store your personal data as hard copy and soft copy.
We store your personal data by using the following systems:
- Our server in Thailand
- Third-party server service providers in Thailand
- Third-party server service providers outside of Thailand
Use of Data
We use the collected data for various purposes:
- To create and manage accounts
- To provide products or services
- To improve products, services, or user experiences
- To share and manage information within organization
- To conduct marketing activities and promotions
- To provide after-sales services
- To gather user’s feedback
- To process payments of products or services
- To comply with our Terms and Conditions
- To comply with laws, rules, and regulatory authorities
Disclosure of Personal Data
We may disclose your personal data to the following parties in certain circumstances:
In relation with our business partners, we may disclose certain personal data to them in order to coordinate and provide our products or services to you and provide necessary information about the availability of our products or services.
Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by government authority such as courts, government authorities.
Cross-Border Data Transfer
We may disclose or transfer your personal data to third parties, organizations or servers located in foreign countries. We will take steps and measures to ensure that your personal data is securely transferred, and the receiving parties have an appropriate level of personal data protection standard or as allowed by laws.
With respect to transfers originating from the European Economic Area (EEA) to the United States and other non-EEA jurisdictions, we will have appropriate solutions to address cross-border transfers as required or permitted by the General Data Protection Regulation.
Data Subject Rights
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
Data access: You have the right to access your personal data that is under our responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how we obtain your personal data.
Data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
Objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
Suspension: You have the right to request us to suspend processing your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary and we must erase or destroy your personal data pursuant to relevant laws but you instead request us to suspend the processing.
Rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.
If you are in the European Economic Area (EEA) you have the rights as mentioned above and also you have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable Personal Data Protection laws.
You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email address, telephone, registered mail (if applicable).
Advertising and Marketing
To enable you to receive benefits from using our products or services, we use your personal data to analyze, personalize and enhance our products or services, and marketing efforts through Google, Facebook, pixel tracking code and others. We use such information to provide you with customized and personalized recommendations for products or services we think will be of interest to you.
Our website may display advertisements from third parties to facilitate our services such as Google AdSense, BuySellAds. These third parties may access your personal data only to perform these tasks and are obligated not to disclose or use it for any other purpose.
We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or otherwise significantly affects you.
We may send certain information or newsletter for the purpose of utilizing your preference via your email. If you no longer want to receive the communications from us, you can click the “unsubscribe” link in the email or contact us through our email.
We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls.
Data Breach Notification
We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay through our website, SMS, email address, telephone or registered mail (if applicable).
Links to Other Sites
Siam Gold Gallery Co., Ltd.
310 Yaowarat, Chakkrawat, Samphanthawong, Bangkok, 10100
Data Protection Officer
310 Yaowarat, Chakkrawat, Samphanthawong, Bangkok, 10100