home
ABOUT rsXYZ
news
Light
Dark
privacy policy

RSXYZ Public Company Limited (“Company”) has been aware of privacy implications of the data subject (“You”), thereby preparing this Privacy Notice to provide explanation and ensure you understand the mechanisms adopted in handling personal data you provide to the Company, the purposes of data collection, usage, transfer and disclosure (collectively referred to as “processing”), personal data security measures, as well as retention period and your rights as the data subject, which are set forth in the Personal Data Protection Act as follows:

  1. Data Collection and Acquisition: The Company collects your personal data through the following channels:
    • Personal data directly provided to the Company via contact channels, news subscription, participation in marketing campaigns organised by or in the name of the Company, whether in writing or verbally, or otherwise;
    • Personal data automatically stored once you agree therefore, e.g., cookie tracking or other similar technologies;
    • Personal data feasibly acquired from a third party, e.g., job posting website of recruitment agencies, Company’s agents, or public agencies, regulatory bodies that exercise authority under law, etc. With your personal data being collected, you shall be notified of information as set out herein, including, but not limited to, legal bases for such data collection, usage, and/or disclosure. In the case where the Personal Data Protection Act stipulates that your consent is mandatory, the Company shall acquire your explicit consent prior to any data processing. In the case where your personal data had been collected by the Company prior to the enforcement of the Personal Data Protection Act, i.e., in part of data collection, usage or disclosure, the Company shall still collect and use your data according to the objectives previously informed. In this regard, you shall be entitled to revoke your consent through available channels listed under Clause 9. The Company shall reserve the rights to consider your revocation request and process it in accordance with the Personal Data Protection Act.
  2. Collected Personal Data
    • Personal data that may be collected by the Company under this Privacy Notice are those belonging to data subjects of the following categories:
      • Customers including natural or juristic persons who are product purchasers, service recipients, participants and any other persons who have made a contact to purchase a product or request a service from the Company, whether obtained directly or indirectly;
      • Counterparties or stakeholders, i.e., a natural person who is a party to a contract or is involved in any contract with the Company. This includes business partners, sellers, suppliers, service providers, contractors, consultants, professionals and the like;
      • Shareholders and directors, i.e., natural persons who are shareholders or directors of the Company;
      • Company's personnel, i.e., natural persons who are employees, staff or any person working for the Company, managers, executives, experts and persons who directly receive salaries, wages, benefits, or other compensation from the Company;
      • Applicants, i.e., natural persons who submit an application or a resume to the Company, either in writing or verbally, with an objective to apply for a position, internship programme, to become an employee, intern, which shall include the family of the applicants and their referees.
  3. Personal Data Possibly Collected by the Company Hereunder, Whether Directly or Automatically, or Those Acquired from Third Parties. For example:
    • Personal information, e.g., first name, last name, date of birth, photograph, signature, ID card number, passport number, nationality, marital status and family members’ information;
    • Contact information, e.g., email, telephone number, ID card address, household registration address or social media information, shipping location, invoice location, telephone number, facsimile, email, user ID for the application and information of contactable person, etc.
    • Financial or payment information, e.g., bank account number, credit card information, personal information provided on invoices, tax invoices, receipts, payment vouchers, and debit slips or information related to taxes or duties;
    • Information used as a proof in registering or engaging in transactions with the Company, e.g., personal information that appears in a copy of ID card, copy of passport, copy of household registration, copy of certificate of first name/surname change, copy of business licence, copy of vehicle registration, or any other document issued by a government body, membership or marketing campaign subscription forms, power of attorney, copy of company registration certificate, copy of PhorPor. 09/20, maps, collateral documents such as bank guarantee and personal guarantee, sales contract or any other contract related to specific transactions, and delivery notes, etc.
    • Technical information, e.g., data from usage records such as device identifiers, computer IP numbers, transaction log, access time, and information collected by the Company using Cookies or the like;
    • Information about education, training and careers, e.g., educational and training experience, certificate of qualifications or academic transcripts, academic results or GPAs, education level, language skills, professional licences, licence number, training and tests hosted by the Company or other related agencies, diplomas or certificates, work history, salary or wages;
    • Biological information, e.g., facial information for identification purposes;
    • Sensitive personal data, e.g., information concerning race, religion, health, disabilities, criminal records;
    • Other information, e.g., visual/audio footage collected via CCTVs, photographs, visual and audio recordings, conversation recordings.
  4. Legal Bases for Processing Personal Data
    • The Company processes your personal data for various purposes under the following legal bases:
      • Contract: To perform a contract to which you and the Group are parties, or to fulfil a prerequisite prior to executing such a contract;
      • Legal obligation: To perform obligations as stipulated by law, Company’s obligations as the employer or of any other capacity;
      • Legitimate interests: As the use of your personal data is necessary for the legitimate interests of the Company, or of natural or juristic persons other than the Company. However, it shall not exceed the extent you can reasonably expect; or for other purposes as permitted by law;
      • Vital interests: To prevent or stop life-, physical-threatening harms, a person's health, etc.;
      • Public task: To carry out missions for public benefit; or to exercise rights of government officials;
      • Consent: To collect, use and disclose your personal data as required, with prior consent given to the Company. The Company shall process personal data for the following purposes:
      • To provide services, improve the Company’s products and services, including other future products or services, as well as to provide care, maintenance, and proceed with those related to such service provision;
      • To process transactions related to the Company's products or services, e.g., buying and selling of products, instalment plans, appointment for service, etc.;
      • To manage the relationship between the Company and the data subjects;
      • To verify and identify data subjects when accessing services through different channels, or contacting the Company.
      • To communicate, inform, or receive information; to render other Company’s offers or services, for example, advice on and promotional offers of products and services, including Company’s marketing campaigns or updates via email, SMS, application, social media, telephone and direct mail;
      • To reflect specific preferences of data subjects as provided to the Company;
      • To facilitate the Company's business operations, e.g., data analysis, inspection, development of new products or services, improvement or change of services, analysis of service usage, marketing campaign surveys, consideration of the Company’s operations and business expansion;
      • To ensure safety, e.g., provision of security measures, which include personal information of the data subject, IT systems such as entry to the Company's premises, logging into the website or application;
      • For the benefit of executing contracts between a partner and the Company and processing personal data of suppliers for the purposes of purchasing, hiring, inspecting, placing payments for goods and services, managing relationships, inspecting and evaluating deliverables based on agreement set out in purchase orders or contracts, or other documents related to the procurement process, as well as managing relationships with suppliers;
      • For the legitimate interests of the Company, e.g., for internal management, management, development, and other operations to ensure business continuity, which includes product or service management and development (including website and applications), research such as questionnaires, interviews, investigation and prevention of corruption or other crimes, and maintenance of IT systems;
      • To cascade news and offers via letters, emails, SMS, application, social media, telephone, and direct mail;
      • To comply with the law, e.g., company management, recruitment and appointment of Company’s directors, board meetings, shareholders’ meetings, management of shareholders’ rights and obligations, dividend payment, payment of interest on debentures, preparation of accounts and reports, verification of documents as required by law, delivery of documents or letters to shareholders or directors, as well as other legal obligations in the capacity of a limited company, public limited company, or a company listed on the Stock Exchange of Thailand, as the case may be;
      • For the legitimate interests of the Company or of other individuals, e.g., management of the Company, visual or audio recordings during meetings, security, organisation of activities, or news or offerings updates for the benefit of shareholders, or directors, as well as to exercise the rights of claims;
      • To prepare an employee database, identity verification, employees’ educational and professional background check, employee welfare, life insurance policies for the purpose of employees' tax deduction; to contact, evaluate and manage relationships between the Company and employees;
      • To disclose employees’ personal information within the Group, or to an individual lawfully subrogated to the rights of the Company, or other persons, e.g., commercial banks, concerning the benefits of employees in requesting for services or products of commercial banks, benefits as set out in life insurance policies, rights, benefits, welfare payments, or certification or confirmation regarding employee status, work history, and educational background, as well as to disclose to government bodies and other state agencies. The Company shall collect, use, transfer, process or disclose personal information based on the aforementioned purposes, except in the following cases where the Company may collect, use, transfer, process or disclose personal information without the data subject’s prior consent.
      • To investigate and prevent actions that violate or may violate the law;
      • To respond to requests of government bodies or the government, including state agencies or the government of another country in which the data subject resides;
      • As necessary to execute a contract to which the data subject is a party, or to fulfil a prerequisite prior to entering into such a contract;
      • As necessary to safeguard the Company’s business operations;
      • As necessary to protect privacy rights, safety or property of the Company, personnel, data subject, or other persons, as well as to prevent or stop life-, physical-, or health-threatening harms occurring against an individual;
      • The information already publicly disclosed with the express consent of the data subject;
      • As necessary to redress, prevent, or limit damages that may occur to the Company or the data subject;
      • To comply with the law, investigation procedures of officials or regulatory agencies; or to comply with regulations set forth by law or government bodies.
    • In the case where the data subject agrees for the Company to collect and process personal data, the data subject shall be entitled to revoke such consent granted to the Company any time. In this regard, this revocation shall not affect the collection, use, disclosure or processing of personal data previously consented.
    • The revocation of consent already granted or refusal to provide certain information may result in the Company partially or entirely unable to achieve the objectives stated herein.
  5. Disclosure of Personal Data to Third Parties The Company may send, transfer, use, process or disclose personal data to its affiliates, auditors, internal auditors, external auditors, financial institutions, parties subrogated to, the Company's consultants, co-branding partners, any juristic or natural person with which the Company is a party, or has a relationship or legal relationship, both domestically and abroad, or persons assigned to be a personal data processor by the Company, or public or private agencies to comply with applicable law owing to necessity and adequacy, or to achieve the objectives for which the data subject has consented.
  6. Retention Period
    • In the event where there is a law specifically stipulating the retention period of personal data, the Company shall comply therewith.
    • In the event that the law does not stipulate a specific retention period, the Company shall retain personal data for a period necessary for fulfilling the required objectives. In this regard, after the retention period elapses, the Company shall delete, destroy or anonymise personal data.
  7. Sending or Transferring of Personal Data
    • The Company may send or transfer personal information of suppliers to its affiliates or other persons in other countries in the case where it is necessary to perform a specific contract to which it is a party, or to fulfil contractual obligations between the Company and other natural or juristic persons for the benefit of the data subject; or to fulfil prerequisites of the data subject prior to contract execution; or as it is necessary, with exceptions permitted by law.
    • The Company may store data of the data subject on computers, servers or cloud systems provided by a third party, and may use programmes or applications of a third party in the form of software and platform packages in processing personal data of the data subject under personal data security measures.
    • In the event that personal data of the data subject is transferred abroad, the Company shall comply with the applicable Personal Data Protection Act and implement appropriate measures to ensure adequate personal data security.
  8. Personal Data Security Measures
    • The Company has established privacy measures to protect the data subject, stipulating obligations, responsibilities and restricting data access rights to only authorised persons. The authorised persons shall strictly comply with the Company’s personal data protection measures, as well as maintain the confidentiality of such personal information. The Company has preventive measures in place to ensure compliance with applicable regulatory standards to safeguard personal data.
  9. Rights of the Data Subject The Company provides contact channels in the case where the data subject wishes to request to exercise his rights as follows:
    • Right to access personal data and request a copy of personal data, as well as request for the disclosure of personal information acquired without consent;
    • Right to object to the collection, use or disclosure of personal data;
    • Right to request deletion, or destruction, or anonymization of personal data;
    • Right to request suspension of personal data usage;
    • Right to update personal data;
    • Right to request portability of personal data;
    • Right to revoke the consent to personal data processing. In this regard, the revocation of consent shall not affect the collection, use, or disclosure of personal data to which consent is previously granted;
    • Right to raise concerns about violations of Personal Data Protection Act. The data subject can request to exercise the above mentioned rights by submitting a request therefore in writing or via email using the form provided by the Company through “Contact Channels”. The Company shall consider and notify you of its consideration within 30 days from the day the request is received. In this regard, the Company may refuse certain requests if stipulated by law (the rights shall be exercised when the Personal Data Protection Act applies to personal data controllers).
  10. Contact of Personal Data Controller RSXYZ Public Company Limited 27 RS Group Building, Tower A, 9th Floor, Prasertmanukit Road, Senanikom Subdistrict, Chatuchak District, Bangkok 10900 Tel: 02-037-8888 Personal Data Protection Officer’s email: rsxyz_pdpa@rsxyz.com

cookie policy

The company may utilise “Cookie” technology, which is a small data file installed in users’ computers by web browser programs as to allow us to be acknowledged when users visit the website. By utilising the cookie technology, it will ascertain which web browser being used by each user with no further personal data, e.g. first name or address, collected. The cookie technology allows the company to know users’ preferred services, and services that are not in their interest. Therefore, the cookie technology does not only facilitate the company in memorising users that have ever visited the site, counting traffic, or noticing objectives of each visitor, but it also supports the company in providing customised contents or advertisement through the use of Google Analytics, Google Firebase, or any other analytic tools used for data collection in order to drive better, faster, safer, and more private accessibility for users once they visit the website. The technology will automatically log the data sent by users’ web browsers whenever users visit the website or application. Such data include:

1) IP address, Cookie ID

2) Internet browsing program

3) Websites previously visited by users

4) Visited webpages within company’s platform

5) Time spent on each specific webpage  

6) Information searched on the website, including visiting time and date, and other statistic data

7) Location data

8) Browsing behaviors on company’s webpages

9) Operating system used

These personal data shall be collected for further analysis and evaluation in order to assist the company in developing the services provided on the website. Moreover, in providing services, the company may utilise the “Cookie” technology, or other features occasionally in order to aid the company or relevant parties, based on this Privacy Policy, in collecting or sharing the data, and to help improve company’s services, or to support the company in providing new services and features. Furthermore, the company may link cookies to users’ personal data and contents viewed by users. In this regard, Google Analytics and Google Firebase may be included in company’s services and platforms, facilitating the company in counting the number of visitors and better understanding preferences and interest of users.