Privacy Policy
Last update:
This Privacy Policy is intended to provide users of the website www.wichudafashion.com (the “Website”) with comprehensive insights into the processing of their personal data in strict accordance with the Personal Data Protection Act B.E. 2562 (2019) and B.A. 2566 (2023) (PDPA).
This Privacy Policy is also designed to align with the scope (Sections 4, 5, 26) and other relevant sections of the PDPA, incorporating fundamental notions such as “data subject”, “data controller”, “data processor”, “sensitive data”, “data breach”, “Data Protection Officer”, “consent”, and “data destruction sanitation”. Additionally, it adheres to the guidelines established by the Data Protection Commission, which serves as the competent regulatory authority under the PDPA.
Definitions Under the Personal Data Protection Act B.E. 2562 (2019) and B.E. 2566 (2023) (PDPA)
These definitions are fundamental to understanding the key concepts and requirements of the Personal Data Protection Act B.E. 2562 (2019) and form the basis for ensuring compliance with data protection regulations in Thailand.
- Personal Data Protection Act B.E. 2562 (2019) and B.E. 2566 (2023) (PDPA): The PDPA is the comprehensive data protection law in Thailand, which sets the legal framework for the protection of personal data, outlining the rights of data subjects and the obligations of data controllers and processors. It also establishes the role of the Data Protection Commission to enforce the law.
- Data Subject: A data subject refers to an individual who is the subject of personal data, and whose data is being collected and processed.
- Data Controller: The data controller is an entity or organization that determines the purposes and means of processing personal data. They are responsible for ensuring that data processing complies with the PDPA.
- Data Processor: A data processor is an entity or organization that processes personal data on behalf of the data controller. They handle data in accordance with the controller’s instructions and are typically engaged in providing specific data processing services.
- Sensitive Data: Sensitive data, also known as personal sensitive information, includes personal data that reveals information about an individual’s racial or ethnic origin, political opinions, religious beliefs, membership in associations or trade unions, genetic data, biometric data for the purpose of uniquely identifying an individual, health data, or data concerning a person’s sex life or sexual orientation. Special protections apply to sensitive data under the PDPA.
- Data Breach: A data breach refers to an incident where there is unauthorized access to or disclosure of personal data. It may include incidents that compromise the confidentiality, integrity, or availability of personal data, posing risks to data subjects.
- Data Protection Officer (DPO): The DPO is an individual or role within an organization responsible for ensuring compliance with data protection laws, including the PDPA. The DPO is a key point of contact for data subjects and supervisory authorities and is responsible for advising on data protection issues.
- Consent: Consent is a clear, unambiguous indication of a data subject’s agreement to the processing of their personal data for specific purposes. It is a fundamental principle under the PDPA and is required in many situations when processing personal data.
- Data Destruction Sanitation: Data destruction sanitation refers to the secure and responsible disposal or erasure of personal data when it is no longer needed for the purposes for which it was collected. This process ensures that data is not accessible or recoverable by unauthorized parties.
- Data Protection Commission: The Data Protection Commission is the competent regulatory authority under the PDPA. This Commission is responsible for enforcing data protection laws, providing guidance, and overseeing compliance with the PDPA’s provisions.
1. Controller
According to the PDPA (Sections 5, 6, 30, 41, 42), the Controller is the entity responsible for determining the purposes and means of personal data processing. The joint controllers for this Site, as defined in Section 5 of the PDPA, are:
- Wichuda Co., Ltd., Head Office, 36/44 Moo. 2, Koh Kaew Muang, Phuket 83000, Thailand.
- Asia Media Studio Co., Ltd., Head Office, 18/8 Fico Building, 7th Floor, Sukhumvit 21, Bangkok, Thailand
(the “Joint Controllers”).
Under Section 41 of the PDPA, a Data Protection Officer (DPO) has been designated to ensure strict adherence to the PDPA and relevant Sections. For any inquiries or concerns, the DPO can be reached at: info@wichudafashion.com.
With regards to the processing of personal data for marketing and profiling activities, Wichuda Co., Ltd. functions as the sole Controller, consistent with Sections 24 – 26 of the PDPA.
In parallel, Asia Media Studio Co., Ltd. acts as the data processor, undertaking data processing activities on behalf of Wichuda Co., Ltd.
2. Personal Data: Purpose of Processing
Personal data, as defined by the PDPA, encompasses any information that pertains to users, including data that directly or indirectly identifies them.
Upon your consent (Section 19 of the PDPA) we use your personal information to process your order and provide you with customer service. We may internally your personal information to improve this Site’s content and layout, to improve outreach and for our own marketing efforts (including marketing our services and products to you), and to determine general marketplace information about visitors to this Site.
We will use your personal information to communicate with you about this Site and your orders and deliveries.
Also, we may send you a confirmation email when you register with Us.
We may send you a service-related announcement on rare occasions when it is necessary (for example, if we must temporarily suspend our service for maintenance). Also, you may submit your email address for reasons such as to register for a contest or sweepstakes or to sign up for email newsletters and special offers. If you submit your email address. We use it to deliver the information to you.
We always permit you to unsubscribe or opt out of future emails. Because We have to communicate with you about orders that you choose to place, you cannot opt out of receiving emails related to your orders.
This data is collected automatically through a multitude of sources, including but not limited to forms, chats, emails, apps, and devices.
The Joint Controllers process personal data for various purposes, each aligned with the relevant Sections of the PDPA:
1. Managing Site Browsing (Section 4 – 5 – 19):
Browsing data, such as IP addresses and device information, are collected to enhance the user experience, ensuring proper site functionality. Browsing data is temporarily stored and processed for statistical purposes.
2. Managing Orders (Section 4 – 5 – 19):
Personal data (e.g., name, email, and delivery address) are collected to fulfill orders and provide customer support. These data are retained for contractual, accounting, and tax purposes.
3. Registering an Account on the Site (Section 4 – 5 – 19):
Users providing personal data for account creation consent to the collection of information, including social media data when connecting accounts. Users’ consent serves as the legal basis for this processing.
4. Newsletter and Marketing Communications:
Users provide explicit consent for newsletters and marketing communications, which may include additional personal data. Users can withdraw their consent at any time.
5. Profiling (Section 4- 5- 6 -19):
Profiling is based on user consent to improve product recommendations and customize the user experience. Personal data may be used for re-marketing and retargeting but not for profiling minors.
6. Cookies
Like any other website, www.wichudafashion.com uses cookies.
These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’ experience by customizing our web page content based on visitors’ browser type and/or other information.
Some of the advertisers on our site may use cookies and web beacons. Our advertising partners are listed below. Each of our advertising partners has their own Privacy Policy for their policies on user data.
For details about the cookies used on this Site, please refer to the Customize Consent Preferences on this Site covering:
- Necessary cookies
- Functional cookies
- Analytics cookies
- Performance cookies
- Advertisement cookies
- Uncategorized cookies
3. Sharing and Transfer of Personal Data
Personal data may be shared with third-party providers, acting as data processors, to fulfill contractual obligations. This sharing complies with Section 28 of the PDPA.
The Joint Controllers ensure that personal data is protected and not used for unauthorized purposes. Users can request information about data recipients by contacting info@wichudafashion.com.
Data may also be shared to meet legal requirements or protect the rights of the Joint Controllers, in accordance with Section 18 of the PDPA.
Processing Methods and Security Measures
Personal data is processed using information technology, automated and electronic tools, and, in limited cases, paper means. In line with Section 25 of the PDPA, specific security measures have been implemented to prevent data loss, unlawful or improper use, and unauthorized access.
Only authorized personnel, including third-party processors, have access to personal data related to Site activities. Instructions and security measures have been established to ensure continuous compliance with the level of security required by the PDPA during the processing of personal data for Site activities.
While security measures have been adopted within Site settings and processing operations to prevent data loss, destruction, or dissemination, the inherent security risks associated with online data transmission cannot be completely eliminated.
4. Storage of Personal Data
The Joint Controllers retain personal data for the duration necessary to provide services, fulfill legal obligations, or meet the minimum retention periods prescribed by law, as detailed in Section 26 of the PDPA.
Promptly, the Joint Controllers delete or anonymize personal data whose retention is no longer necessary or mandatory in accordance with the law.
Except for the right to be forgotten, within the limits established by applicable legislation, where data retention is no longer permitted or provided for by legislation, the maximum storage period for personal data from the date of the relevant data subject’s last interaction with the Site, in compliance with Section 26 of the PDPA.
5. Connection to Third-Party Websites or Platforms
The Site may display banners, advertisements, and other links to third-party websites or platforms. The Joint Controllers have no control over and are not responsible for the conduct of these third-party websites and platforms concerning data protection legislation, in accordance with Section 23 of the PDPA.
Users are encouraged to read the data protection policies of third-party websites for information on their personal data collection and storage or processing procedures.
6. Children’s Information
Another part of our priority is adding protection for children while using the internet.
We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity. We do not knowingly collect any Personal Identifiable Information from children under the age of 13.
If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
7. Exceptions
In compliance with the PDPA (Sections 24, 26, 27 and 28), we may collect, use or disclose your personal data without your consent for legitimate interests or another person. In relying on the legitimate interests exception of the PDPA, we will assess the likely adverse effects on the individual and determine that the legitimate interests outweigh any adverse effect.
In line with the legitimate interests’ exception, we will collect, use or disclose your personal data for the following purposes:
a. Fraud detection and prevention;
b. Detection and prevention of misuse of services;
c. Network analysis to prevent fraud and financial crime, and perform credit analysis; and
d. Collection and use of personal data on company-issued devices to prevent data loss.
The purposes listed in the above clause may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter.
8. Rights of Users
Users/customers (as data subjects) have the right to obtain confirmation as to whether or not personal data concerning them is held by Joint Controllers. In compliance with Sections 22, 23, 24 and 27 of the PDPA, where this is the case, under the PDPA, users, as data subjects, also have the right to:
- Be informed about the collection and use of personal data concerning them.
- Obtain from the controller confirmation as to whether or not personal data concerning them are being processed, and, if so, obtain access to the personal data.
- Obtain rectification or completion of inaccurate or incomplete personal data.
- Obtain the erasure of their personal data (“the right to be forgotten”).
- Object at any time to the processing of personal data concerning them for the purposes of “profiling” or “automated decision-making processes”.
- Object, under specific conditions, to the processing of personal data concerning them.
- Withdraw, at any time, their consent to the processing of their personal data without affecting the lawfulness of processing based on consent before its withdrawal.
- Lodge a complaint with the Data Protection Commission, the competent Thai supervisory authority, as per Chapter V of the PDPA.
Data Security
We take reasonable measures, including administrative, technical, and physical safeguards, to protect information about you from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction.
Changes to this Privacy Policy
Any future changes to this Privacy Policy will be posted on the Site and, as required by the PDPA, notified to users by email. Users are encouraged to periodically review this policy for updates and changes.
Contact
Users can contact the Joint Controllers with any queries or to exercise their data protection rights at the following email address: info@wichudafashion.com.