PRIVACY NOTICE FOR SUPPLIERS AND BUSINESS PARTNERS

through tasteful bites and savory stories

Gaysorn Holding Co., Ltd. or Gaysorn Group and Its affiliates (the “Company”) recognise the importance of your personal data as our supplier and/or business partner. This supplier and business partner privacy policy (the “Privacy Policy”) describes how the Company collects, uses, and/or discloses personal data of personnel, authorized persons, directors, shareholders and other contact persons of the suppliers and/or business partners (collectively referred to as “you”) and informs you about data protection rights. In this Privacy Policy, the suppliers and/or business partners includes, but is not limited to, individual clients, business clients or legal entities, service providers, users, and suppliers and/or business partners (the “Suppliers and/or Business Partners”).

The Company collects, uses, and/or discloses your personal data because the Company has an existing or potential business relationship with you or the suppliers or business partners you work for, act on behalf of,
or represent, such as our Suppliers and Business Partners that provide products or services to us,
or communicate with us in relation to our business that may involve you.

The Company reserves the right to modify this Privacy Notice from time to time, so please review it frequently to see when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective when the Company posts the revised Privacy Notice on our website. The Company will provide additional notice of significant updates. In case any modification deprives your rights of sensitive data in relation to this Privacy Policy, the Company will first obtain your consent, except as otherwise permitted by law.

Types of Personal Data the Company collects

The Company may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through our affiliates, subsidiaries, business partners. The specific type of Personal Data collected will depend on the context of your interactions with the Company, and the services or products you need or want from the Company and companies in Gaysorn Group.

1

Types of Personal Data the Company collects

The Company may collect or obtain the following types of information which may include your Personal Data directly or indirectly from you or other sources or through our affiliates, subsidiaries, business partners. The specific type of Personal Data collected will depend on the context of your interactions with the Company, and the services or products you need or want from the Company and companies in Gaysorn Group.

  • Personal Data means any information relating to you, which enables the identification of you, whether directly or indirectly (not including data of a deceased person). The Company may collect Personal Data as listed below.
  • Personal details: such as title, full name, gender, age, occupation, qualifications, job title, position, business type, company name, nationality, country of residence, date of birth, marital status, number of family members and children, ages of children, information on government-issued cards (e.g., national identification number, photograph of the national identification, information on the national identification, control number on the reverse side of the national identification (Laser ID), social security number, passport number, tax identification number, driver’s license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, facial features for recognition, CCTV records, work place, education, insurance details, license plate details, house registration, household income, salary and personal income including complaints, your comment on our product, goods, and services, and inquiries via social media;
  • Contact details, such as postal address, delivery details, billing address, telephone number, fax number, email address, LINE ID, Facebook account, Facebook ID, Google ID, Twitter ID, Instagram ID, WeChat ID and other ID from social networking sites including your contact person detail such as telephone number, contact data on other correspondence (e.g. written communication with you);
  • Financial details, such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, account details, bank account details, prompt pay number payment details and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, suitability of transaction and any other financial details;
  • Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, refund details, refund amount, points, date and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgement of receipt, recipient email’s signature, warranty details, complaints and claims, booking details, rental details, transaction, transaction history, location, transaction status, past sales transaction, status, transaction status, purchasing behaviour, and any other details of products and services you have purchased, including but not limited to any information incurring from using of products or services provided on our platform, such as e-wallet, digital asset, lending product, insurance product and the product related to wealth management, etc.;
  • Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as international mobile equipment identifier (IMEI), electronic serial number (ESN), mobile equipment identifier (MEID) and serial number (SN)), device model and type, formats of software and hardware of the device when it is activated in the system, network, connection details, access details, single sign-on (SSO), login log, access time and location, time spent on the page, login data, GPS, latitude, longitude and time spent on each webpage, login information, applications downloaded on a communication devices, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, including any other technical information arising from the use of our platform and systems;
  • Marketing and communication details, such as your preference in receiving marketing from us, our affiliates, subsidiaries, business partners or other companies, and your communication preferences, information of your interaction with us and marketing data (e.g. information supplied through surveys, polls, comment request forms, or researching activities);and/or
  • Sensitive data, such as race, religion, political opinions, fingerprints, facial recognition, person identity information (biometrics), face, information from the iris recognition, physical or mental health or condition, genetic data, medical history, disability and criminal records.>/

If you provide Personal Data of any third party to the Company, e.g., their name, family name, address details, and telephone number for emergency contact, family member income, or if you use the service on any of our platforms with your consent. The Company can access and collect third party personal information relating to you, such as information on name, picture and/or phone number, as well as personal and contact information of family, friends, emergency contact persons, recommended persons or referrals accessible from your mobile number, etc.; please provide this Privacy Notice for their acknowledgement and/or obtaining consents if necessary.

The Company will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.

2

How does the Company collect your Personal Data?

The Company collects your Personal Data through various channels, including:
  • Directly from you (such as when you do business with us, signing contracts, filling in forms, or when you interact with us, including interaction through our online platform, website, or mobile application, communication through email, telephone, questionnaire, business cards, post, during meetings or activities, or when the Company visits you).
  • From the Suppliers and/or Business Partners that you work for, act on behalf of, or represent.
  • From Gaysorn Group and Its affiliates or a third party such as our Suppliers and/or Business Partners.
  • From the resources in the system, our central drive or central database or transportation software, and/or electronic files.
  • From public information or other social media.
3

The purpose to collect, use or disclose your Personal Data

The Company will collect, use, and/or disclose your Personal Data depending on the nature of our relationship with you on the legal basis of legitimate interests, entering into or performance of a contract, legal compliance, consent, or any other bases as permitted by the data protection law, as the case may be, for the following purposes:

  • Business communication: such as communication with business partners regarding products, services and various projects of the Company or the business partners’ (e.g. communication by document delivery, responding to inquiries or requests, reporting progress).
  • Business partner selection: such as evaluating suitability and qualifications of you or the business partner, verifying your identity and the business partner’s status, conducting due diligence or other form of background checks or risk identification on you and the business partner (including screening against publicly available data from government law enforcement agency and/or the Company blacklist), issuance of request for quotation and bidding, execution of contracts with you or the business partner, and evaluating your and the business partner’s management.
  • Business partner data management: such as creating a business partner account, recording data in the system, maintaining and updating lists/directories of business partners (including your Personal Data), keeping and managing contracts and related documents in which you may be referred to.
  • Relationship management: such as planning, performing, and managing the contractual relationships and rights with the business partner, e.g., appointing, revoking, or authorising the business partner for conducting transactions or ordering products or services, processing payments, performing accounting, auditing, billing, and collection activities, arranging shipments and deliveries, and providing support services.
  • Business analysis and improvement: such as conducting research, data analytics, assessment, surveys, and reports on our products and services and your or the business partner’s performance, development and improvement of marketing strategy, and product and services.
  • Information technology (“IT”) systems and support: such as providing IT and helpdesk support, and managing your access to any systems to which the Company has granted you, removing inactive accounts, implementing business control to enable our business to operate, and to identify and resolve issues in our IT systems and to keep our systems secure, performing IT system development, implementation, operation, and maintenance.
  • Security and system monitoring: such as authentication and access controls (as applicable), monitoring of systems, devices, and internet, ensuring IT security, prevention and solving crimes, as well as risk management, fraud prevention, and accident reports.
  • Dispute handling: such as dispute resolution, enforcement of contract, establishment, exercise, or defense of legal claims, including authorization.
  • Management and communication among entities within the organization: including public relations activities in the organization, compliance with appropriate business regulations, including but not limited to procurement, reimbursement, internal management, training, auditing, reporting, delivering or managing documents, data processing, risk control or management, statistical analysis and planning, trends, and similar or related activities.
  • Compliance with internal policies and applicable laws: including regulations, rules, and guidelines (such as to apply for a license to operate a business as prescribed by law), and coordinating with and contacting government entities, courts, or related entities (e.g., the Revenue Department, the Royal Thai Police, and the Office of Auditor General), including investigations, claims, and/or prevention of crime or fraud.
  • Marketing purposes: such as informing you of useful news and publications, including events, offering new services, negotiating prices, conducting surveys, and analysing and considering financial aid (such as loans) for you or the business partner.
  • Sensitive Data: to collect, use, disclose, and/or transfer your Sensitive Data for various purposes which require consent under the laws, such as to evaluate suitability and qualifications of you or the business partner, to verify identity (based on data derived from the national identification card) in order to receive products from our inventory, to record data in the system, to conduct seminars, to consider and manage employment activities, to register or open an account into the system for the business partner and/or relevant person, to conduct disciplinary investigations, to coordinate with related entities and government entities.

Where the Company needs to collect your Personal Data as required by law, or for entering into or performing the contract the Company has with you, but you fail to provide the Personal Data to us as requested, the Company may not be able to fulfill the relevant purposes as listed above.

Where the Company needs your consent for activities of the collection, use, or disclosure of your Personal Data, the Company will request your consent for such activities separately.


4

To whom the Company may disclose or transfer your Personal Data

The Company may disclose or transfer your Personal Data to the following third parties who collect, use and disclose Personal Data in accordance with the purposes under this Privacy Notice. These third parties may be located in and areas outside the Kingdom of Thailand. You can visit their privacy policies to learn more details on how they collect, use and disclose your personal data as you could also be subject to their privacy policies.

  • The list of companies in Gaysorn Group and Its affiliates
  • As Gaysorn Holding Co., Ltd. is part of Gaysorn Group and Its affiliates which all collaborate and partially share customer services, products and systems including website-related platforms and systems, the Company may need to disclose or transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within the Company, Gaysorn Group and Its affiliates for the purposes set out in this Privacy Notice. Please see the list of companies for further details here.
  • The service providers of the Company
  • The Company may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. The Company may share your Personal Data to our service providers or third-party suppliers including, but not limited to
  1. Infrastructure, internet, infrastructure technical, software and website, and IT service providers and developer;
  2. Warehouse and logistic service providers;
  3. Payment service providers;
  4. Research agencies;
  5. Analytics service providers;
  6. Survey agencies;
  7. Auditors;
  8. Law firms;
  9. Marketing, advertising media, and communications agencies;
  10. Concierge;
  11. Campaign and event organizers;
  12. Sale representative agencies;
  13. Telecommunications and communication service providers;
  14. Payment, payment system, authentication, and dip chip service providers and agents;
  15. Outsourced administrative service providers;
  16. Data storage and cloud service providers;
  17. Verifying and data checking (Netbay and Department of Provincial Administration) service providers;
  18. Dispatchers; and/or
  19. Printing service providers.
  • In the course of providing such services, the service providers may have access to your Personal Data. However, the Company will only provide our service providers with the Personal Data that is necessary for them to perform the services, and the Company asks them not to use your information for any other purposes.
  • The business partners of the Company
  • The Company may transfer your Personal Data to our business partners in the businesses of banking, finance, credit, loan, asset management, investment, insurance, credit cards, telecommunications, marketing, retail, e-commerce, warehouse, logistics, wellness, lifestyle products and services, spa and fitness, reward and loyalty program, and data analytics, including platform sellers or providers whom the Company may jointly offer products or services, or whose products or services may be offered to you. Data shared in this way will be governed by the third party’s privacy policy and not this Privacy Notice.
  • Social networking sites
  • The Company allows you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorise us to access and store public data on your social network accounts (e.g. Facebook, Google, Line, WeChat, or Instagram), as well as other data mentioned during use of such social network login system. In addition, the Company may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate. The Company also partner with certain third parties that allow you to enroll in their services or participate in their promotions. For example, certain companies allow you to use your loyalty program number or online services login to receive or register for their services. Additionally, your social network account provider allows you to connect your social network account to your online services account or log into your online services account from your social network account. When you enroll in those services, the Company will share your Personal Data with those third parties. If you do not want to share your Personal Data in this way, do not provide your loyalty or reward program number to third parties, do not use your online services account to register for third-party promotions and do not connect your online services account with accounts on third-party services. Data shared in this way will be governed by the third party’s privacy policy and not this Privacy Notice.
  • Third parties required by law
  • In certain circumstances, the Company may be required to disclose or share your Personal Data in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where the Company believes it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.
  • Professional advisors
  • This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.
  • Associations
  • The Company may transfer your Personal Data to other member associations, such as Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization, Thailand (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association, Ratchaprasong Square Trade Association and/or the Ratchaprasong Intersection Group.
  • Assignee of rights and/or obligations
  • Third parties as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction; will comply with this Privacy Notice to respect your Personal Data.
5

International transfers of your Personal Data

Third parties as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction; will comply with this Privacy Notice to respect your Personal Data.

6

How long does the Company keep your Personal Data

The Company retains your Personal Data for as long as is reasonably necessary to fulfil the purpose for which the Company obtained it, and to comply with our legal and regulatory obligations. However, the Company may have to retain your Personal Data for a longer duration, as required by applicable law.

7

Security of your Personal Data

The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavours to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of Personal Data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, rectification or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.

8

Cookies and how they are used

If you visit our websites, the Company will gather certain information automatically from you by using cookies.
Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise the site is unable to function properly.
Other Cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient: they remember your username in a secure way, as well as your language preferences.
Most Internet browsers allow you to control whether or not to accept cookies. If you reject, remove or block Cookies can affect your user experience and without cookies, your ability to use some or all of the features or areas of our websites may be limited.
In addition, some third parties may issue Cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the Personal Data you previously submitted on our website.

9

Your rights as a data subject

Subject to applicable laws and exceptions thereof, you may have the following rights to:
Access: You may have the right to access or request a copy of the Personal Data the Company is collecting, using or disclosing about you. For your own privacy and security, the Company may require you to prove your identity before providing the requested information to you.
Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data that the Company collects, uses or discloses about you rectified.
Data Portability: You may have the right to obtain Personal Data the Company holds about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if the Company is collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.
Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.
Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.
Deletion: You may have the right to request that the Company deletes or de-identification of Personal Data that the Company collects, uses or discloses about you, except the Company is not obligated to do so if the Company needs to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.

10

Contact Information

If you wish to contact the Company to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Notice, please contact the Company or our Data Protection Officer at:

Gaysorn Holding Co., Ltd. Gaysorn Group and Its affiliatesData

Protection Officer (DPO)

999, 4th Floor, Gaysorn Centre, Lumpini, Pathumwan, Bangkok, 10330, Thailand.
Phone: 02-656-1149
Email: dpo@gaysorngroup.com

Subscribe for Gaysorn News & Promotion

This field is for validation purposes and should be left unchanged.
All Search