BUSINESS PARTNER PRIVACY POLICY

aCommerce Group Limited and its subsidiaries (collectively, the “Company”, “we”, “us”, or “our”) takes protection of personal data as an important matter in our businesses. This Business Partner Privacy Policy (“Privacy Policy”) describes how we collect, use and disclose personal data of employees, personnel, authorized persons, directors, shareholders and other contact persons of our business partners (e.g. clients, suppliers, vendors) (“Business Partner”, “you” or “your”) in connection with our business relationship, tells you about data protection rights and how we use such personal data.

Your Personal Data is collected, used and disclosed by us because we have an existing or potential business relationship with you or the Business Partner you work for, act for or represent. For example, our Business Partner provides products or services to us, or work together with us to provide our customers products or services, or otherwise communicates with us in relation to any business by accessing, using or viewing the applicable website or any of the services, functions or contents (including transmitting, caching or storing of any such personal data). For the purpose of this Privacy Policy, “Personal Data” means “any information relating to an identified or identifiable natural person”.

We reserve the right to modify this Privacy Notice from time to time, so please review it frequently to see when this Privacy Notice was last revised. Any changes to this Privacy Notice will become effective when we post the revised Privacy Notice on our website or application. We will provide additional notice of significant updates where required by law to do so. In case any modification deprives your rights of sensitiv data in relation to this Privacy Policy, the Company will first obtain your consent, except as otherwise required by law. If you do not agree, please cease use of the relevant website(s) and/or service(s) and DO NOT provide any Personal Data to us.

 

  1. What Personal Data we collect

We may collect or obtain the following types of information which may include your Personal Data directly or indirectly from various sources, e.g., you may provide us such Personal Data directly by signing contract with us or filing in a form or contact us through our touchpoints, or by e-mail correspondences or through our affiliates, subsidiaries, other companies or other business partners; or from publicly available sources such as on a company website, internet searches or on social media platforms where you allow such Personal Data to be shared publicly; or we may collect information automatically when you use our application or website. The specific type of data collected will depend on the context of your interactions with us and within aCommerce Group’s data ecosystem.

When you use our website, any service we provide or in your interaction with us, the Personal Data we may collect includes:-

 

1.1  Data collected directly from you. This may be done through this website, over the phone, by email, or in person when you meet our staff or representatives. The data collected may include, but is not limited to:

Personal details: such as, first name, last name, title, age, date of birth, gender, nationality, photos, education, qualification, insurance details, house registration, work-related information (e.g., job title, company you work for), information on government-issued cards (e.g., national identification number, passport number), signatures, your license or permit and other identifiers.

Contact details: such as, telephone numbers, fax number, LINE ID, address, country, e-mail, contact person and other similar information including your involved employees.

Vehicle related data: such as driver’s license, information on license plate, information on vehicle registration, including any other vehicle details.

Financial details: such as bank account, bank passbook, bank statement, bank guarantee and other financial details.

Credit: such as Information regarding the risk profile for the business partner, including credit rating and solvency, and information in accordance with the declaration of suitability including contract data on other correspondence (e.g. written communication with you).

Other information: such as necessary information to manage and administer our relationship with you, your employer or representative which may be collected, used or disclosed to manage and administer our relationship with you, your employer or representative in connection with the relationship between us and the Business Partner, such as information you give us in contracts, forms or surveys; information you give us in calls you make to us or emails you send to us.

If you provide Personal Data of any third party to us, e.g. their name and telephone number for emergency contact, please provide this Privacy Notice for their acknowledgement and/or obtaining consents where applicable.

 

1.2 Data collected by automated means. Various technologies may be used on our website and our mobile and any other web-based applications in order to make them more user-friendly, effective and secure. Such technologies may lead to data being collected automatically by us or by third parties on behalf of us. This data does not generally, but may, contain a user’s Personal Data. Examples of such technologies include:

  • Click-stream data. A visit to one of our websites results in data that is transmitted from your browser to our server being automatically collected and stored by us or by third parties on behalf of us. This data can include, in particular, the following:

– the visitor’s IP address

– the date and time of the visit

– the referral URL (the site from which the visitor has come)

– the pages visited on our website

– information about the browser used (browser type and version, operating system, etc).

  • A number of places on our website and our mobile and web-based applications make use of cookies. These are essentially small text files that are stored on your computer’s hard drive or your user device by your web browser. We can use cookies to identify the owner of a user account and to store articles in a shopping basket during the purchasing process. In other words, cookies help to make our website or our (mobile and web-based) applications more user-friendly, more effective and more secure. The cookies usually used by us are so-called “session cookies”, which are automatically deleted at the end of the visit to the relevant website. By default, web browsers enable the use of cookies but this function can also be disabled. However, this will result in some services not being available. It is also possible to manually delete cookies after their use via the web browser. More information may be available from your web browser provider.
  • Flash cookies. A particular form of cookie is the flash cookie. In contrast to normal cookies, these cookies are not created and saved by the web browser but are governed by the Adobe Flash plug-in. These can contain more information than normal cookies and cannot be deleted or disabled via the browser; this is only possible if you follow instructions available from the Adobe Flash Player website. You can also obtain more information about these cookies on that website.
  • Web beacons and tracking links. Web beacons (also known as pixel tags and clear GIFs) involve graphics that are not apparent to the user. Tracking links and/or similar technologies consist of a few lines of programming code and can be embedded in our website or our (mobile) applications. In conjunction with cookies, these are primarily used for statistical analysis purposes. This technology can also be used for tracking traffic patterns on websites, as well as finding out if an e-mail has been received and opened and to see if there has been any response.
  • Web analytics. Web analytics is the term given to a method for collecting and assessing the behaviour of visitors to websites and (mobile) applications. This includes the analysis of traffic patterns in order, for example, to determine the frequency of visits to certain parts of a website or (mobile) application, or to find out what information and services our visitors are most interested in. For these purposes, we primarily make use of click-stream data and the other techniques listed above. Web analytics are carried out by Google Analytics and/or other selected parties. You can find out more information about the processing of web analytics data by Google Analytics in paragraph 10 below.

 

  1. Why we collect, use or disclose your Personal Data

Depending on the nature of our relationship with you, we collect, use or disclose your Personal Data for the following purposes, on the legal basis of legitimate interests; entering into or performance of contract; legal compliance; public interest; consent; or any other basis as permitted by applicable laws, as the case may be:

Business communication: such as, proceed with transaction, communicating with the Business Partners about products, services and projects of us or Business Partners, e.g., by responding to inquiries or requests, informing you of updates, events and managed related aspects of our relationship;

Business Partner selection: such as, verifying your identity and Business Partner status, conducting due diligence or any other form of background checks or risk identification on you and the Business Partner (including screening against publicly available government law enforcement agency and/or official sanctions lists), evaluating suitability and qualifications of you and the Business Partner, issuance of request for quotation and bidding, execution of contract with you or the Business Partner;

Business Partner data management: such as, maintaining and updating lists/directories of Business Partners (including your Personal Data), keeping contracts and associated documents in which you may be referred to;

Relationship management: such as, planning, performing, and managing the (contractual) relationship with the Business Partners, e.g., by performing transactions and orders of products or services, providing trainings, processing and handling payments, performing accounting, auditing, billing, guarantee and collection activities, arranging shipments and deliveries, providing support services and keeping tracks and records;

Business analysis and improvement: such as, conducting research, data analytics, assessments, surveys and reports on our products, services and your or the Business Partner’s performance, development and improvement of marketing strategies and products and services;

IT systems and support: such as providing IT and helpdesk supports, creating and maintaining and managing your access to any systems to which we have granted you access, removing inactive accounts, implementing business controls to enable our business to operate, and to enable us to identify and resolve issues in our IT systems, and to keep our systems secure, performing IT systems development, implementation, operation and maintenance;

Security and system monitoring, such as authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, prevention and solving crimes, as well as risk management and fraud prevention, as well as our security related processes at our premises;

Dispute handling: such as solving disputes, enforcing our contracts, establishing, exercising or defense of legal claims;

Any investigation, complaints and/or crime or fraud prevention;

Compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines or in relation to any anticipated disputes for the purposes of obtaining advice from our professional advisors;

Liaising and interacting with and responding to government authorities or courts or tribunals;

Marketing purposes: such as informing you of news and publications which may be of interest, events, offering new services, conducting surveys;

Complying with reasonable business requirements including but not limited to internal management, training, service quality, auditing, reporting, submissions or filings, data processing, control or risk management, statistical, trend analysis and planning or other related or similar activities; and

Business administration including but not limited to our general organizational management and business record keeping, correspondence in relation to our relationship with you or administration and troubleshooting.

Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with you and you fail to provide that data when requested, we may not be able to fulfill the relevant purposes as listed above. In some instances, we may use your Personal Data information about you for other purposes in ways that are that have not been described above.

Where this is the case, we will provide a supplemental privacy policy notice which you should be read any supplemental notice in conjunction with this notice. and if Where the consent is required for certain activities of collection, use or disclosure of your Personal Data, we will request and obtain your consent for such activities separately.

 

  1. To whom we may disclose or transfer your Personal Data

We may disclose or transfer your Personal Data to the following third parties who collects, uses and discloses Personal Data in accordance with the purpose under this Privacy Policy. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy policy or notice to learn more details on how they collect, use and disclose your Personal Data as you could also be subject to their privacy policies or notices.

aCommerce Group: As aCommerce Company Limited is part of an aCommerce Group’s data ecosystem which all collaborate and partially share business partner services and systems including website-related services and systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within aCommerce Group for the purposes set out in this Privacy Policy.

Our service providers: We may use other companies, agents or contractors to perform services on behalf of or to assist with the business relationship with you. We may share your Personal Data including, but not limited to (1) infrastructure, software, and website developer and IT service providers; (2) payment service providers; (3) research agencies; (4) analytics service providers; (5) survey agencies and/or loss adjusters; (6) auditors or financial advisories; (7) marketing, advertising media, and communications agencies; (8) payment, payment system, authentication service providers and agents; (9) outsourced administrative service providers; (10) data storage and cloud service providers. In the course of managing our business relationship, the service providers may have access to your Personal Data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes.

Our business partners: We may transfer your Personal Data to our business partners to conduct business and services. Any Personal Data shared in this way will be governed by the third party’s privacy policy or notice and not this Privacy Policy.

Third parties required by law: In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with a legal or regulatory obligation. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to your Personal Data is unlawful or noncompliant with applicable data protection law, to protect our rights, the rights of any third party or individuals’ personal safety, or
to detect, prevent, or otherwise address fraud, security, or safety issues.

Professional advisors: This includes lawyers, technicians and auditors who assist in running our business and defending or bringing any legal claims.

 

  1. International transfers of your Personal Data

We may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.

 

  1. How long do we keep your Personal Data

We retain your Personal Data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, as required by applicable law.

 

  1. Security of your Personal Data

The Company recognizes the importance of maintaining the security of your Personal Data. Therefore, the Company endeavors to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of Personal Data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, rectification or disclosure; provided, however, that the Company will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company. We also require our service providers to comply with strict data privacy and security requirements.

 

  1. Third Parties

This Privacy Policy only applies to our website and information that we collect from you. Our websites or the Company’s operated websites, may contain links to other websites which are not owned or maintained by us. When visiting these third party websites or disclosing your personal data to third parties (including buyers or sellers on our website), you should read their privacy policies, or ask relevant questions before you disclose your personal data, We are not responsible for the collection, use or disclosure of your personal data by such third parties.

 

  1. Social Networks

8.1 Our website and mobile or web-based applications may provide you with social plug-ins from various social networks (such as Facebook and Twitter). If you choose to interact with a social network, your activity on our website or via our mobile or web-based applications will also be made available to social networks such as Facebook and Twitter.

8.2 If you are logged in on one of the social networks during the visit of one of our websites or mobile or web-based applications, the social network might add this information to your profile. If you are interacting with one of the social plug-ins, this information will be transferred to the social network. In case you do not wish such a data transfer, please log off on your social network before you enter one of our websites or mobile or web-based applications.

8.3 We cannot influence this data collection and data transfer via the social plug-ins. Please read the privacy policies of those social networks for detailed information about the collection and transfer of personal data, what rights you have and how you can achieve satisfactory privacy settings.

 

  1. Geo-location Services

Our website and mobile or web-based applications may offer location-enabled services, such as Google Maps and Bing Maps. If you use those mobile or web-based applications, they may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location. You are always asked if the geo-location service can be activated and you can also object to this geo-location service within the respective mobile or web-based application.

 

  1. Web analytics by Google Analytics

10.1 Our website and mobile or web-based applications may contain web analytic services provided by Google Analytics. This means that when you visit our website or use any mobile or web-based applications, a cookie will be stored on your computer or mobile device, except when your browser settings do not allow for such cookies.

10.2 This further means that when you visit our website or use any mobile or web-based applications, the personal data described above in paragraph 1 – including the “click-stream data”, the data from “web beacons and tracking links” and information stored in Google Analytics’ cookies – will be sent to Google Analytics for analysis for and on behalf of us. Please note that if you have created an online profile at our website or mobile or web-based application and if you are logged on in this profile, a unique number identifying this profile will also be sent to Google Analytics in order to be able to match the web analytics data to this profile.

10.3 Google Analytics acts as our agent, which means that we solely determine the purposes for which the data is being used. You can find out more about the relationships between Google Analytics and us in the Google Analytics’ privacy policy.

10.4 If you do not wish information about your behavior at our website or any mobile or web-based applications being collected and assessed by Google Analytics, you can install the Google Analytics opt-out browser add-on. This add-on instructs the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) to not send your site visit information to Google Analytics. The browser add-on is available for most modern browsers. The Google Analytics opt-out browser add-on does not prevent information from being sent to the website itself or in other ways to web analytics services.

 

  1. Retargeting Technologies

11.1 Our website and mobile or web-based applications may use retargeting technologies within the internet. This enables us to show our visitors, who were already interested in our shop and our products, advertisements from us on partner websites.

11.2 We also work with other companies who use tracking technologies to serve advertisements on our behalf across the Internet. These companies may collect non-personally identifiable information about your visits to our websites or mobile or web-based applications and your interaction with our communications, including advertising.

11.3 Retargeting technologies analyze your cookies and display advertisement based on your past surfing behavior. For further information on cookies, please refer to paragraph 1 of this Privacy Policy.

11.4 We do not store any personal data about you with this technology.

 

  1. Disclaimer

TO THE MAXIMUM EXTENT PERMITTED BY LAW, WE SHALL NOT BE LIABLE IN ANY EVENT FOR ANY SPECIAL, EXEMPLARY, PUNITIVE, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND OR FOR ANY LOSS OF REPUTATION OR GOODWILL, WHETHER BASED IN CONTRACT, TORT (INCLUDING NEGLIGENCE), EQUITY, STRICT LIABILITY, STATUTE OR OTHERWISE, SUFFERED AS A RESULT OF UNAUTHORISED OR UNINTENDED USE, ACCESS OR DISCLOSURE OF YOUR PERSONAL DATA.

 

  1. Your rights as a data subject

Subject to applicable laws and exceptions thereof, you may have the following rights to:

Access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.

Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up to date Personal Data that we collect, use and disclose about you rectified.

Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are collecting, using and disclosing such data on the basis of your consent or to perform a contract with you.

Objection: You may have the right to object to certain collection, use and disclosure of your Personal Data such as objecting to direct marketing.

Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.

Withdraw Consent: For the purposes you have consented to our collecting, using and disclosing of your Personal Data, you have the right to withdraw your consent at any time. Such withdrawal of the consent does not affect the lawfulness of the processing done prior to withdrawal. In the case where consent is withdrawn, we will only further process said Personal Data IF AND ONLY IF there are other valid legal grounds for the processing.

Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use and disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use and disclosure of.

 

  1. Contact Us

If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact our Data Protection Officer at:

aCommerce Group Limited
Contact Person
: Data Protection Officer
Address: 33rd Floor, 689 Bhiraj Tower, Sukhumvit Road, Klongton-Nua, Wattana, Bangkok 10110 Thailand
Tel: 02-261-3540
Email: [email protected]

 

  1. Governing Law

This Policy is governed by the laws of Thailand. You agree to submit to the exclusive jurisdiction of the Courts of Thailand in any dispute relating to this Privacy Policy.