Privacy Policy

Last updated: 31 May 2022

REBORN BKK ("we") recognize the importance of personal data as defined under regulations, practices, orders issued under the Personal Data Protection Act B.E. 2562 (2019) and any amendment thereof or any laws issued under the Personal Data Protection Act B.E. 2562 (2019) from time to time (collectively referred to as "PDPA"). We strive to protect personal data by complying with PDPA and this privacy policy when processing personal data.

1. We will collect personal data and sensitive personal data in an appropriate manner which includes (but is not limited to) for public interest, vital interests, contract compliance, entering into a contract, contractual obligations, performance of tasks, legal interests, and legal obligations.
2. We will not collect, use, or disclose personal data unless consent has been obtained from the data owner in writing or by electronic means before or at the time of collection, use, or disclosure.
3. We will inform you about the purposes of using your personal data and sensitive personal data, and will use such data within the specified scope and/or for ancillary purposes.
4. We will take necessary and appropriate measures to securely manage personal data and sensitive personal data.
5. We will collect, use, or disclose personal data without the consent of the data owner in cases necessary for the purpose, life-threatening situations, publicly disclosed data, public interests, vital interests, contractual obligations, duties, legal interests, legal obligations, investigations, assessment purposes, artistic purposes, news activities, legal services, disclosures by government agencies, etc.
6. Unless otherwise specified, we will not share or disclose personal data or sensitive personal data to any third party except as otherwise specified, unless consented to, deemed consented, consent not necessary for processing.
7. We will respond appropriately in case the data owner contacts the appropriate point regarding the display, amendment, deletion, withdrawal (in whole or in part), and/or cancellation of the use of related personal data or sensitive personal data.

Channels for collecting personal data

1. Membership registration and entering information on the website by the user themselves.
2. Logging in through Line, Gmail Login.
3. Providing information to us through communication channels such as Facebook Messenger, Line Official, Instagram, E-mail, telephone calls.

Personal data collected/used

Please note that internet communications such as email/webmail/social networks are not secure unless they are encrypted. Your communications may be routed through several countries before being delivered, which is a characteristic of the World Wide Web/internet. We cannot accept responsibility for any unauthorized access or loss of personal data that is beyond our control.

The types of data we collect include

• Personal data such as name, surname, age, date of birth, gender
• Contact information such as address, telephone number, etc.
• Account information such as user accounts, usage history, browsing history
• Transaction and financial information such as purchase history, payment slips
• Technical information such as cookies, website usage history
• Other data such as images, animations, and any other data considered personal data under the law, including data obtained through

cookies* (the collected data may include but is not limited to customer personal data).

Cookies

Cookies are technologies used on computers (hard drives) to record and manage data about individuals visiting a webpage.
Our webpage uses cookies to help our customers browse our webpage more conveniently. If you choose to block or refuse cookies by changing or resetting your browser's cookie settings, some or all services (such as shopping carts) or features on our website may not work or may not work fully.
Furthermore, cookies will be used to monitor individual usage, but cannot be used to identify individuals, to ensure our webpage is as effective as possible.
We create cookies for the following purposes:

• To compile statistics on usage (number of visits, page views, abandonment during transactions) to monitor and improve our service quality.
• To remember various information entered into forms, including managing and securing access to personal areas such as user accounts or shopping cart management. We may send emails to inform you about the status of your order.
• To present content, including advertising related to your interests, and customize offers to your needs.
  Purposes of using personal data and sensitive personal data, including data processing
  We use the personal data provided by each data owner for the following purposes only ("Purposes")
• To respond, confirm, and permanently store information about inquiries, consultations, repairs, and other support.
• To provide information about products, services, and campaigns through invitations, emails, or other methods.
• To deliver goods.
• To develop products and improve other services.
• For any other necessary purposes in conducting, maintaining, including managing our business and your relationship with us, which we will inform you about at the time of obtaining your consent.

You agree and consent to us using and processing your personal data for the purposes specified. If you do not consent to us processing your personal data for any of the specified purposes, please inform us using the contact details below.

Disclosing personal data to third parties

We will not provide personal data to third parties without your consent, except in the following cases

• In cases where you agree to provide your personal data.
• In cases where it is necessary for the preservation of life, body, or property, and obtaining relevant consent is not convenient.
• In cases where personal data is partially or wholly assigned to a third party within the necessary scope to achieve the purpose of use, we will take measures to prevent leakage, loss, or falsification of personal data strictly.
• In cases where your personal data is processed on behalf of the company by a third party as an intermediary, with adequate data protection.
• In cases where personal data related to business transfers is provided due to mergers or other reasons.
• In cases prescribed by relevant laws or regulations.

Your rights under PDPA

As the data owner, you have the following rights under PDPA:
1. You have the right to know whether your personal data is being processed, has been processed, or has been processed.
2. You have the right to receive the following information before entering your personal data into our processing system, or at an appropriate subsequent opportunity:

• A description of the personal data to be entered into the system.
• The purpose of processing or using personal data.
• Receiving your personal data from the company, and the company will store personal data in a generally readable or usable format, with automated tools or devices that can use or disclose personal data automatically.
• Details about the identification and contact of our company or our representative.
• The duration of personal data storage.
• Your rights, such as the right to access, amend, request a copy, request updates, limit use, and withdraw consent (in whole or in part) for processing personal data under our control, including the right to complain to the Personal Data Protection Committee.

3. You have the right to request access, request a copy, request updates or amendments to your personal data, and withdraw your consent (in whole or in part) regarding your personal data under our control that was previously given, within the scope permitted by PDPA. You have the right to access the following information for a reasonable reason by notifying in writing:

• The content of your personal data being processed.
• The source of personal data.
• The name and address of the data recipient.
• The method of processing personal data.
• The reason for disclosing personal data to the recipient.
• Personal data related to automated processing, where personal data will or is likely to be the basis for decisions that significantly affect you alone.
• The position or name or identification and address of the data user.
  Regardless of the above, we reserve the right to relax and/or exempt according to any law in collecting, using, and disclosing your personal data.

4. You have the right to object to inaccuracies or errors in personal data and request the company to correct such data to be accurate unless it is a request to harass or is unreasonable.
5. You have the right to suspend, withdraw (in whole or in part), or order the removal or destruction of your personal data from our document storage system when it is found and proven that the personal data is incomplete, not current, false, obtained unlawfully, used for unauthorized purposes, or no longer necessary for the purpose of collecting personal data.

Inquiries about displaying, amending, deleting, and/or terminating the use of personal data
In case of requests to display, amend, delete, withdraw (in whole or in part), and/or terminate the use of personal data, we will respond to such requests immediately upon confirmation of the identity of the individual according to the specified procedure. If you have any inquiries about personal data, please contact our Data Protection Officer, with the contact details as follows:

• To the Data Protection Officer
• Postal address 222/265A แขวงถนนพญาไท เขตราชเทวี กรุงเทพมหานคร 10400
• Email: rebornbkk@yahoo.com
• 0917896455

When you provide your personal data to us, you consent to us processing your personal data according to this privacy policy, and you confirm that all personal data provided by you is accurate, complete, and up-to-date. In case of changes to your personal data, you must inform us of the current information immediately.
We reserve the right to refuse access requests in cases where the data is irrelevant, involves high costs and risks, affects other people's data, violates court orders, and discloses trade secrets.

Response time

We will respond within thirty (30) days from the day the data owner of the relevant personal data makes the request.

Notification of personal data breaches

In case of a personal data breach, we will notify the Office of the Personal Data Protection Commission without delay within 72 hours from the knowledge of the incident, as far as possible. In case the breach poses a high risk to your rights and freedoms, we will notify you of the breach along with remedial measures without delay through various channels such as websites, messages, emails, telephone, letters, etc.

Storage of your personal data

We use the internet as a central system to collect and process personal data, including transferring data across countries. The data we collect from you may be transferred, accessed, and stored at destinations outside Thailand. In this regard, such personal data will be securely controlled and in compliance with any related PDPA regulations at all times.
Your personal data may be processed by third parties operating in or outside Thailand, working for us or one of our suppliers, as necessary, to achieve the purposes mentioned above in accordance with PDPA. These third parties may be involved in fulfilling your orders, processing your payment details, and providing various support services (among other things). When we transfer personal data to third parties outside Thailand, we will request guarantees to ensure that adequate organizational or technical security measures are in place, in a manner that processing is in accordance with Thai law and regulations, and ensuring that your rights as the data owner are protected.

Retention period of data

We will stop storing documents containing personal data, or delete methods that can link personal data to individuals, when it can be considered that storing personal data is no longer in accordance with the purpose of collecting personal data and is not necessary for legal or business purposes.
However, we reserve the right to store and retain your personal data until the period necessary for business, tax, or legal purposes.

Minors

Our website is intended for individuals aged twenty (20) years and above only. If you are a minor under the age of 20 years ("Minor") or an individual who is legally incapable of giving consent, you confirm that you have obtained consent (as applicable) from one of the following individuals:

• A legal guardian with authority when the minor does not have the right to act independently or when the minor is under 10 years old.
• A curator as an individual with authority to act on behalf of a data owner who is a person without capacity.
• A guardian as an individual with authority to act on behalf of a data owner who is a quasi-incapacitated person.

Updating and amending this policy

We reserve the sole discretion to change, amend, or delete parts of this policy from time to time without prior notice. Please follow up on changes or additional amendments to this privacy policy on the website.
Your continued use of or services on the website after changes or additional amendments to this policy indicates your intention to agree to the terms, not only in part but in full.
This policy was last updated and effective as of 31 May 2022