Prima Gold International Co., Ltd. (the “Company,” “we,” “us,” or “our”) acknowledges and understands the importance of taking care of and ensuring the security of the personal data of our customers. We know you care how information about you is collected, used, and disclosed. The information you share with us allows us to provide the products and services you need and want appropriately tailored for you, not only from us but also those within the PRIMA Group company. We appreciate your trust that we will carefully and sensibly handle your personal data while giving you the very best personalized experience and customer service.
How are we collecting your Personal Data?
The Company may collect personal data directly from you through the following methods:
- When you register as a member with the Company through the channels specified by the Company, such as filling out registration information on the Company’s website or at Company branches.
- When you purchase products or services from the Company.
- When you contact us to inquire about post-sale services, including sending information or documents related to product inspections that you have chosen to purchase.
- When you complete questionnaires about the use of services at Company branches.
- When you contact the Company through any communication channels of the Company to submit information or inquire about product-related issues, or to inquire about products or services of the Company.
- When you register to participate in any events organized by the Company or to register or to receive your benefits or various privileges offered by the Company.
- When you visit the Company’s website.
Please note that the Company may also collect your personal data from other sources that the Company has access to and that are publicly available, such as affiliated companies, subsidiary companies of the Company, or government agencies.
The Company will use your personal data for various purposes, including conducting business operations, providing services, improving services, communicating, developing products and services, updating, and enhancing systems, and complying with relevant laws. We are committed to maintaining the confidentiality and security of your personal data and have implemented appropriate measures to prevent unauthorized access, use, or disclosure of your personal data.
The company may collect, use, or disclose sensitive personal information only when the company has obtained explicit consent from you unless the law allows such actions without explicit consent. Sensitive personal information includes, but is not limited to, health information, religion, ethnicity, biometric data (such as facial recognition data, iris scan data, fingerprint data), and any other personal information that may impact an individual’s specific rights or privacy, as determined by the Data Protection Committee’s guidelines.
Please be aware that if the company collects the above-mentioned personal information, it is necessary for the company to provide the services or deliver the products that you have selected in accordance with the contract or agreement you have with the company or for the company to fulfil its legal obligations. In some cases, if you wish not to consent to provide such information to the company, the company may not be able to provide goods or services to you, including the inability to create a membership account on the company’s system. It may also prevent the company from resolving issues related to your purchase of goods or services from the company.
What Personal Data do we collect?
- Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, nationality, country of residence, date of birth, marital status, information on government-issued cards (e.g., national identification number, passport number, tax identification number, driver’s license details or similar identifiers), photograph, or any other personal details you provided to us.
- Contact details, such as postal address, delivery details, billing address, telephone number, fax number, email address, LINE ID, Facebook account, Facebook ID, Google ID, Twitter ID, and other ID from social networking sites, your contact person’s contact details (e.g., telephone number, contact data on any correspondence (e.g., written communication with you), and any other contact details you provided to us.
- Membership details, such as account details, member card number, reward points, member ID, member join/registration date and month, membership period, payment details, service and product information and other membership details.
- Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, points, date and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgement of receipt, recipient email’s signature, warranty details, complaints and claims, transaction history, location, transaction status, past sales transaction, status, transaction status, purchasing behavior, and any other details of products and services you have purchased
- Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID, device model and type, network, connection details, access details, single sign-on (SSO), login log, access time and location, time spent on the page, login data, search history, browsing details, browser type and version, and other technology on devices you use to access the platform, and any other technical details from the use on our website or platforms systems.
- Marketing and communication details, such as your preference for receiving marketing from us, companies in PRIMA Group (e.g. MERII), affiliates, subsidiaries, business partners or other companies, your communication preferences, and any other marketing and communication details
The company obtains this information when you visit our website, as our website automatically records data sent by your browser during your visits.
The Purposes of Personal Data Processing
The company collects, uses, or discloses your personal information based on your requests and/or agreements made with the company, for the following purposes:
- To prepare and deliver the products you have selected for purchase from the company.
- To process financial transactions and related services for payment processing concerning your product orders, including verification and cancellation of transactions made with the company.
- To assist and provide after-sales services when you have purchased products or used services from the company, such as product returns and troubleshooting issues with products.
- To create and manage member accounts, including verifying and confirming your identity when you register as a PRIMA member with the company, whether through physical stores or the company’s online channels.
- To inform you about benefits, marketing campaigns, marketing activities, and invitations to company events, as well as to offer products or services that you may be interested in through the contact information you have provided to the company, such as letters, SMS messages, email and LINE messages.
- To register your participation in various activities or event reservations organized by the company, including registering for continuous customer loyalty programs and receiving member points.
- To publicize the company’s products and services to increase awareness and dissemination.
- To deliver rewards to your address for participating in various company-organized activities.
- To contact you for further details regarding your product purchases or services from the company.
- To contact you for any assistance such as issue recovering solutions, feedback, complaints, or disputes related to products or services of the company.
- To maintain security within the company’s premises or areas, such as monitoring security via closed-circuit television (CCTV).
- To gather feedback related to the use of products or services of the company for research, evaluation, development, and improvement of the company’s products or services to make them more efficient and responsive to your needs.
- For internal business planning, management, and administration within the company.
- To manage and optimize the company’s website to meet your requirements when visiting the company’s website.
- To comply with laws and regulations of various government agencies that the company is obligated to follow, or to respond to legal claims made against the company.
The processing of your personal data for the above-mentioned purposes will depend on your interactions and activities with the company. The reasons or legal bases that the company may rely on for processing your personal data may include:
(1) You have provided consent for one or more of the specified purposes.
(2) The processing of data is necessary for the agreement of a contract between you and the company and/or for pre-contractual measures.
(3) The processing of data is necessary to comply with legal obligations imposed on the company.
(4) The processing of data is related to the execution of tasks for the public interest of the company or in the exercise of state authority delegated to the company.
(5) The processing of data is necessary for the legitimate interests pursued by the company or by third parties, whether they are natural or legal persons.
To whom we may disclose or transfer your Personal Data
Subsidiary companies, affiliated companies, or companies within the group:
The company may disclose some of your personal information to subsidiary companies, affiliated companies, or companies within the group as necessary to achieve the purposes outlined in this policy.
The company may disclose certain personal information to its service providers or other business partners as necessary to carry out various functions related to the delivery of products or the management of your membership system. This includes payment service providers, event organizers, technology service providers, marketing data collection or opinion-gathering service providers, delivery service providers, online social media service providers, account auditing, and legal service providers. However, these service providers are not authorized to use or disclose your personal information unless it is necessary to contact you on behalf of the company or comply with legal requirements.
The company may disclose some of your personal information to our business partners to fulfil the purposes specified in this policy, such as coordinating various activities organized by the company’s business partners, offering benefits through the company’s business partners, and more.
The company may need to disclose your personal information if required by law or to respond to official requests from government agencies, such as providing tax-related information to the tax authorities.
The company may disclose information, including your personal information, in the context of restructuring the organization, mergers, or the sale of business operations or other assets. In such cases, the receiving party must handle your information in accordance with this policy and relevant data protection laws.
Storing, Transferring, and Transmission of Personal Data Abroad
The company will store your personal information in both document and electronic formats at the company’s data storage facilities. Your personal information in electronic format will be stored on the company’s servers located in Thailand.
In some cases, the company may disclose or transfer your personal data to individuals or organizations located outside of Thailand. In such cases, the company will implement various measures to ensure that the transfer of your personal data to the destination country complies with adequate data protection standards and in accordance with the conditions and criteria as stipulated by data protection laws, regulations, and relevant guidelines.
Data Retention Period
The company will store your personal data for as long as necessary while you remain a customer or member of the company or maintain any legal relationship with the company, during which the company is obligated to protect the data to fulfill the purposes specified in this policy and to comply with applicable laws. However, your personal data may continue to be retained after the termination of your services or relationships with the company as required by law. Your rights to access, delete, amend, or transfer your data will not be enforceable once the data retention period has expired. In this regard, the company may anonymize or discard your data, ensuring that it cannot be used to identify you.
Security of your Personal Data
The company will maintain the confidentiality, integrity, and availability of your personal data according to the principles of security. This includes administration, technical, and physical protection for controlling and/or accessing and managing data. The company will ensure compliance with the data protection standards, regulations, and guidelines established by law. However, please note that there is no guarantee of data security during internet or wireless network transmission. Therefore, you acknowledge that (1) there are limitations to online security and privacy beyond the control of the company, (2) the security, accuracy, completeness, and privacy of any exchanged data between you and the company cannot be guaranteed, and (3) personal data and information may be visible or changed during transmission by third parties, despite the company’s best protection efforts.
If you are under the age of 20 or have legal limitations regarding the processing of your personal data, the company may need to obtain consent from your legal guardian or the person responsible for your care and supervision, as required by law, unless the law allows the company to act without such consent. If the company becomes aware that it has collected personal data from minors without obtaining the necessary consent from their legal guardian or responsible person, the company will promptly delete such data from its servers without delay.
Personal Data Tracking Technology (Cookies)
When you visit the website www.prima.co.th or other websites managed and responsible for by the company, please be aware that the company automatically uses “cookies” to enhance your user experience and improve website efficiency.
Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise, the site is unable to function properly. Other Cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient: they remember your username in a secure way, as well as your language preferences.
Most Internet browsers allow you to control whether or not to accept cookies. If you reject, remove or block Cookies can affect your user experience and without cookies, your ability to use some or all the features or areas of our websites may be limited.
In addition, some third parties may issue Cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the Personal Data you previously submitted on our website. For more details about the cookies used by the company, you can refer to the website www.prima.co.th
Your rights as a data subject
When the company collects and processes your personal data, you have several rights as the data subject under data protection laws, and you can request these rights at no cost, except where provided by law. Your rights as the data subject under data protection laws include the following:
- Right to Withdraw Consent: You have the right to withdraw your consent at any time. However, this will not affect the lawfulness of processing your personal data based on your prior consent.
- Right to Access: You have the right to access your personal data held by the company and request copies of this data. You can also request information about how the company obtained your personal data.
- Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and request the company to transfer your data to another data controller when technically feasible.
- Right to Object: You have the right to object to the processing of your personal data for specific purposes, such as when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
- Right to Be Forgotten: You have the right to request the deletion or erasure of your personal data when your data is no longer necessary for the purposes for which it was collected or processed.
- Right to Restriction of Processing: You have the right to request the temporary suspension of processing your personal data in certain circumstances, such as while the company verifies your request to correct or object to the processing of your data.
- Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
- Right to Lodge a Complaint: You have the right to lodge a complaint with the relevant authority if you believe that the processing of your personal data by the company is in violation of applicable data protection laws.
You can request your rights as a data subject by contacting the company or its Data Protection Officer using the details provided at the end of this policy. The company will respond to your requests within 30 days of receiving your request through the specified form or method, as outlined by the company. However, the company may need a longer time to respond if permitted by applicable law.
You can make a request to exercise your rights by providing your information through the following channel: Pdpa_crm@primagold.co.th
Reporting of Your Personal Data Breached
In the event of a personal data breach involving your data, the company will promptly notify the relevant data protection authority within 72 hours from the time the company becomes aware of the breach, to the extent feasible. If the breach poses a high risk to your rights and freedoms, the company will also notify you of the breach, along with remedial measures, through various means such as the company’s website, SMS, email, telephone, or postal mail etc.
Connecting to Other Websites
Within the company’s website for which it is responsible, there may be links connecting to other websites that are not owned or controlled by the company. Please be aware that the company is not responsible for the privacy practices of such external websites or entities. Therefore, the company recommends that you understand the privacy policies of each website that may collect your personal data because data protection practices may differ between websites and the company is not involved in the privacy practices of external websites.
Latest Amendment and Effective Date
This policy was last amended and effective on July 1, 2022
Prima Gold International Co., Ltd.
Address: 589/64 Theparak Road, Bangna Nua, Bangna, Bangkok 10260
Data Protection Officer
Phone: 0-2745-6111 ext. 222