Go to Corporate Site
GENERAL PROVISIONS

These regulations for protected personal data have been prepared for the purpose of explaining the details and as guidelines for the accurate, suitable and safe collection, compilation, storage, use and disclosure of personal data in order to protect the rights of personal data owners such as customers, service users, employees or stakeholders who provide personal data to the company either directly or through the company’s information technology system and for practice in compliance with the tenets set forth in the Personal Data Protection Act B.E. 2562 (2019) (PDPA).

Company Group means Index Living Mall Public Company Limited and its subsidiaries.

Company means Index Living Mall Public Company Limited, including persons authorized to act on behalf of the company or persons assigned to work on behalf of the company.

Subsidiary means a company in which the company has a shareholding of more than 50%.

Personal Data means information about a person that can be used to either directly or indirectly identify said person.

Officially Authorized Person means a person whom the highest ranking executives have assigned to oversee, take responsibility and perform work.

Cookies mean tiny components of data stored in the equipment of customers or service users or stakeholders enabling the website to store as memory in accessing the website or methods for each use of the website.

Respecting the Privacy rights of personal data owners

The company respects and gives importance to personal data rights and personal data protection. In addition, the company is well aware that personal data owners need security and safety in using services. Personal data received by the company and/or the company’s group such as names, age, addresses, telephone numbers, identification numbers and financial information, etc., which can identify the data owner and are complete, accurate, up-to-date and quality personal data will be used only in line with the company’s operating objectives. The company enacts strict security measures and prevents personal data from being used without permission from data owners. The company will report breaches of personal data to data owners immediately when violations occur.

PERSONAL DATA COLLECTION

The company collects personal data from various channels. Personal data collected by the company might include the following types:

Data Provided Directly by Customers, Service Users or Stakeholders

  1. Personal contact information such as first names, last names, telephone numbers, addresses and email addresses.
  2. Identification data such as usernames, passwords, identification numbers or passports.
  3. Other personal data such as date/month/year of birth, gender, age, ethnicity, citizenship, religion and photographs.
  4. Other data appearing on forms including documents accompanying forms

Data Used by Customers, Service Users or Stakeholders

  1. Computer traffic data (logs) such as IP numbers, dates and times of use, equipment code, equipment type, mobile phone network data, connection data, geographic positioning data, browser type, website entry-exit logging data, referring website data, website history data, login logs and transaction logs.
  2. Audio recording data when communications are made to the company or logs of contact details.
  3. Data created by analysis and collection of statistics on use of services or systems such as customer behavior, website entry statistics, website access time, searched data, use of website functions and data collected by the company through cookies

The company stores the aforementioned personal data for objectives in the company’s legal operations and to enhance the company’s operations. The company stores only necessary personal data for operations such as the following:

  1. For reports/activities involving the company’s business activities.
  2. For the benefit of studies, research and statistics.
  3. For development of services, marketing, advertisement, sending newsletters on products and promotions related to the company’s products and services.
  4. For improvement, development and enhancement of the company’s operations.
  5. For accepting complaints, recommendations, criticisms or for expressing opinions.
  6. For contacting data owners via any channels to make inquiries, notifications, examinations and confirm data related to data owners or survey opinions as necessary.
  7. For checking data in compliance with the law and associated criteria and rules currently enforced and future revisions or additions

If personal data collection objectives change afterward, the company will notify or advertise objectives to data owners without hesitation. In collecting the aforementioned personal data, the company is able to collect data only with consent from personal data owners or stakeholders. To facilitate the company’s business operations or perform the company’s duties to customers, the company may disclose personal data to service providers who are third parties, representatives, subsidiaries or associated persons located domestically or abroad for any objective of personal data storage, utilization, disclosure and processing. Furthermore, the company may disclose personal data to government officials or agencies to comply with laws, rules, guidelines, regulations or management systems enforced on the company. The company will require third party agencies to maintain secrecy, safety of personal data and the company forbids the use of the aforementioned personal data for any other objectives than objectives specified by the company. The following examples are examples of third parties to whom the company may disclose personal data:

  1. Data import service providers.
  2. Consultants, experts, advisors and/or external certified public accountants.
  3. Third party service providers such as management service providers or operation service providers involved in the company’s business such as telecommunications, information technology, logistics, product transformation, assembly, installation, publication, postal services or marketing services and sales promotion activities.
  4. Associated government officials or agencies.
  5. Third parties with whom the company engages in business with the right to use personal data for only operations specified in contracts made with the company. Part of specifications in contracts made by the company with third parties require the aforementioned persons to comply with any laws and policies specified by the company and these persons must use appropriate measures to ensure that your personal data will be protected and safety

The company will store personal data periodically based on suitability for use with a clearly designated retention period based on type of data. At the end of the aforementioned period, the company will immediately delete the aforementioned personal data.

USE OR DISCLOSURE OF PERSONAL DATA
  1. The company affirms its commitment to not using personal data collected from customers, service users or stakeholders for other objectives than lawful objectives or for the company’s business operations.
  2. The company will not sell, transfer or disseminate the aforementioned data to outside persons without consent from data owners.
  3. The company may disclose personal data if the data is disclosed to the public legally or in compliance with court orders or requests from government agencies for the benefit of investigations by officials pursuant to the law or court case considerations.
PERSONAL DATA CONTROL RIGHTS

Data owners have the following rights:

  1. To know, delete, revise or ask to check personal data.
  2. To not accept any marketing communication data from the company.
  3. To ask the company to send or transfer personal data to other personal data controllers when able to do so automatically. Personal data owners may notify the company of objectives and identification in writing. When the company accepts the aforementioned request, the company will notify existence or details of data to data owners within an appropriate time.

Requests pursuant to the rights of personal data owners will be considered and recorded. The company will consider taking action based on personal data owners’ requests only after the company checked and found no conflicts with any specifications of the law which the company is required to comply with.

PERSONAL DATA STORAGE SECURITY

To manage personal data safely and appropriately, the company has security and safety measures to prevent unauthorized or unlawful loss, access, use, edition, revision or disclosure of personal data. Of personal data is violated with negative effects on personal data owners directly, the company will inform personal data owners of personal data violations as quickly as possible to mitigate damage and investigate the cause in addition to specifying appropriate remedial measures.

CONTACT

The company appointed personal data protection officers with the duty to oversee compliance with this policy. If personal data owners or stakeholders have questions concerning this policy or wish to send petitions under any rights, personal data owners or stakeholders can contact the Customer Contact Center at 1379 or the company’s website at www.indexlivingmall.com

Personal Data Protection Policy Review

The company may modify this policy to be consistent with changes in the company’s operations in response to recommendations or opinions from personal data owners or to make modifications in line with legal requirements. If revisions or changes are made to this policy, the company will announce changes to associated personal data owners clearly before making changes via https://www.indexlivingmall.com/privacy-policy or the company may send notifications to remind personal data owners directly.

Enforcement of the Personal Data Protection Policy

Personal data owners agree and acknowledge that this personal data protection policy is effective on all personal data collected by the company and personal data owners agree for the company to have the right to collect, store, use or disclose personal data collected by the company (if any), including personal data currently collected by the company or personal data to be collected by the company to other persons within the scope specified in this personal data protection policy.