Work with Us
If you are ready to join our teams, we always welcome you to work with us.
GoPomelo's Privacy Policy
Personal Data
Scope of this Privacy Policy
Personal Data that the Company collects
Personal Data of the minor, incompetent and quasi-incompetent
Source of the Receipt of Your Personal Data
Purpose for Personal Data Collection
Disclosure of your Personal Data
Sending or Transferring of Personal Data Overseas
Storage of Personal Data and Duration of Storage of Personal Data
Services provide by third parties or sub-provider
Connecting to external websites of services
Security of your Personal Data
The Rights of the Owner of the Personal Data
Cookies*
Amendments on Personal Data Protection Policy
GoPomelo (the “Company”) is committed to collecting and using personal data in a lawful manner. GoPomelo will ensure that when it collects or uses personal data, such collection or use is allowed under applicable data protection law, including, for example, the EU General Data Protection Regulation (GDPR), Thailand Personal Data Protection Act, Hong Kong Personal Data (Privacy) Ordinance, Singapore Personal Data Protection Act, Malaysia Personal Data Protection Act, and California Consumer Privacy Act where such laws govern.
We recognise the importance of protecting your Personal Data including exchanging your Personal Data to other parties, and hereby conduct this Personal Data Protection Policy for you in order to lawfully collect, use, and disclose your Personal Data.
1. Personal Data
“Personal Data” means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular.
“Sensitive Personal Data” means Personal Data such as information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data or of any data which may affect the Data Subject in the same manner.
“Data Subject” means an individual who owns Personal Data that the Company collects, uses or discloses.
“Data Controller” means a person or entity having the authority to make decisions regarding the collection, use or disclosure of Personal Data.
“Data Processor” means a person or entity who performs the collection, use or disclosure of Personal Data from the order or on behalf of the Data Controller providing that such person or entity that doing so is not the Data Controller.
2. Scope of this Privacy Policy
This Privacy Policy applies to the Personal Data which relates to the Company which may be processed by the Company, its officers, employees, business units or other forms of entities which are operated by the Company. This also includes the Company’s parties or third parties who process Personal Data (the “Data Processor”) on behalf of the Company such as Company’s product, websites, application systems, documents or other forms of services (collectively, the “Services”).
Individuals who are related to the Company under the provisions of the above paragraph includes:
In addition to this Privacy Policy, the Company may specifically impose a privacy notice (“Notice”) for its certain Services in order to inform you regarding details of Personal Data which will be being processed by the Company, including the purposes and legitimate grounds for processing, retention period and your rights.
In the event that there is a conflict in relation to contents between this Privacy Policy and Notice, the contents of the Notices shall prevail.
3. Personal Data that the Company collects
The Company may collect or obtain the following Personal Data from you. This depends on the Services that you retain from the Company and any other considerations that apply to the collection of your Personal Data. The types of Personal Data listed below are the general framework of the Company’s collection of your Personal Data, providing that only Personal Data that relates to the Company Services will only be processed in compliance with the principle of proportionality and minimization.
Types of Personal Data | Descriptions and Examples |
Personal Data |
Your identifier or information from official documents that identify you personally, such as your first name, last name, middle name, nickname, signature, ID card number, nationality, driver's license number, passport number, house registration information, professional license number (for each occupation), insurance identification number and social security number, etc. |
Personal Characteristic Information |
Detailed information about yourself such as date of birth, gender, height, weight, age, marital status, military service status, photographs, languages, data behavior, preferences, bankruptcy information and information on being a incompetent or quasi-incompetent, etc. |
Contact Information | Contact information such as your home phone number, mobile phone number, fax number, e-mail address, home mailing address, username in social networks (Line ID, Instagram, Facebook) and accommodation location, etc. |
Employment and Educational Information | Employment details including work history and educational background such as type of employment, occupation, rank, position, function, expertise, work permit status, reference information, tax identification number, tenure history, salary information, employment start date, employment leave date, assessment results, benefits and benefits items in the possession of the persons, bank account number, educational institutions, educational qualifications, educational results and graduation date, etc. |
Insurance Policy Information |
Details about insurance policy, such as assured insure, beneficiary policy number, policy type, protection limitation information about claims, etc. |
Social Relationship Information | Information about your social relationships such as political status, political position, relationship with the Company's employees, information on being a contractor/vendor/customer of the Company and information on being a stakeholder in the business with the Company, etc. |
Use of Company’s Service Information |
Details about the Company's products or Services, such as account name, password, PIN number, Single Sign-on (SSO ID) information, OTP, computer traffic information, geolocation data, photos, videos, audio recordings, usage behavior data (websites in the care of the Company such as www.gopomelo.com or other various applications), browsing history, cookies or similar technologies, device ID (Device ID), device type, connection details, browser information, language use and operating system, etc. |
Sensitive Personal Data |
Information in relation to racial, ethnic, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect you in the same manner. |
Please note that the Company may not be able to provide you certain Services, in the event that you do not give consents to the Company for the data processing for your Personal Data which is necessary to build the relationship between you and the Company. This may also lead to the result that the Company may not be able to enter into the agreement, perform its obligations under the agreement, or unable to perform its duties under the relevant laws.
4. Personal Data of the minor, incompetent and quasi-incompetent,
In the event that the Company knows that Data Subject is a minor, incompetent or quasi-incompetent person, the Company will not collect such Personal Data until obtained consent from the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, in accordance with the conditions prescribed by law.
In the event that the Company did not know beforehand that the Data Subject is a minor, incompetent, or quasi-incompetent person and later found out that the Company has collected the information of such Data Subject without the consent of the holder of parental responsibility of the minor or the custodian of the incompetent or the curator of the quasi-incompent, as the case maybe, the Company will delete and destroy that Personal Data as soon as possible in the event that the Company has no legitimate grounds to collect the Personal Data.
5. Source of the Receipt of Your Personal Data
The Company may receive your Personal Data via the following channels:
In addition, the above mentioned also includes the Personal Data of any third parties provided by you to the Company where you are responsible to provide this Privacy Policy or Notice as the case may be, to such third parties, including request for consent from third parties, in the event that consent is required to disclose information to the Company.
The Company may not be able to provide the Data Subject certain Services, in whole or in part, in the event that the Data Subject does not give consent to the Company for the data processing whereby the Personal Data is necessary to build the relationship between you and the Company.
6. Purpose for Personal Data Collection
The Company process your Personal Data under the activities and purposes as followings:
1 |
The Company may use and process your Personal Data for the performance of contract |
|
|
2 |
The Company may obtain your consent to collect, utilize, process and disclose your Personal Data |
|
|
3 |
The Company may collect, utilize, disclose, process or transfer your Personal Data for legitimate interest or legal compliance |
|
|
4 |
The Company may disclose, process or transfer your Personal Data for the purpose of legal compliance with the related laws |
|
In the event that it is necessary for the Company to collect your Personal Data for the performance of the contract basis, legal compliance basis or legitimate interest basis and you refuse to provide your Personal Data or refuse the Company to process your Personal Data, the Company may be unable to provide certain services in whole or in part to you.
7. Disclosure of your Personal Data
The Company shall not disclose your Personal Data to any third parties for the purpose of direct marketing, in the event that the Company has not obtained your prior consent. In the event that the Company has obtained your consent or received your approval to disclose your Personal Data in any other cases, the Company is entitled to disclose your Personal Data only for the purpose that you have provided your consent to or agreed to disclose to.
However, the Company may need to disclose your Personal Data to the Company’s affiliates under the obligations of the Company to provide certain Services to you under the agreement made between you and the Company or the Company’s affiliates. Therefore, in order to provide the Services to you, the followings are the names and details of the Company’s affiliates:
By disclosing your Personal Data to the above mentioned, the Company will ensure that those above mentioned shall keep your Personal Data confidential and shall not be used for any purpose other than the scope specified in the agreement. For the benefit of the service, storage, safety, data retrieval, and for backup, Personal Data that the Company received from you is stored on the data center (Cloud) of a third party data processor which servers are located in the other countries. In this regard, the Company has carefully examined the data processor and has entered an agreement with the data processor to make sure that data security measures and scope of data processing are in place. You will be deemed to have given your consent to the cross-border transfers and storage of your personal data abroad for the above purposes.
In addition, the Company may require to disclose your Personal Data for investigation or legal action as may be requested from any governmental authorities or regulatory authorities, including transfer your Personal Data to the credit bureau authorities for inspection in order to prevent fraud or corruption conducts.
8. Sending or Transferring of Personal Data Overseas
Your Personal Data is disclosed to our Data Processor who provides cloud storage service and that the data is stored in Singapore. The Company has ensured that the system has adequate and international security measures including personal data protection standards which are equivalent to the relevant laws.
9. Storage of Personal Data and Duration of Storage of Personal Data
The Company is obliged to keep your Personal Data only for as long as it is necessary for the purpose for which it was collected as detailed in this Privacy Policy, Notice or in accordance with the relevant laws. After the expiration of the period and that your Personal Data is no longer necessary for the purposes which it was collected, the Company will delete and destroy your Personal Data or make your Personal Data unidentifiable in accordance with the forms and standards for the destruction of Personal Data that the Personal Data Protection Committee or the law that will announce in the future or in accordance with international standards. However, in the event of disputes, or to exercise rights or conduct lawsuits related to your Personal Data, the Company reserves the right to retain your Personal Data until the dispute has been finalized by court order or judgment.
The Company shall not store your Personal Data longer than it is necessary for the purposes as specified in this statement, providing however that in the event that the related laws required the Company to store your Personal Data beyond the retention period, the Company shall continue to protect your Personal Data.
10. Services provided by third parties or sub-provider
The Company may assign or procure third parties (Data Processor) to process Personal Data on behalf of the Company in certain services such as hotsing, outsourcing, or cloud computing service/provider or any other ways.
By assigning third parties to process Personal Data as a Data Processor, the Company, as a Data Controller, shall provide an agreement to the Data Processor specifying duties and rights of the Data Processor. The Company shall identify details in relation to types of Personal Data that the Data Processor is entitled to process, including purposes, scopes of Data Processing and other related terms and conditions that the Data Processor is obliged to, to the extent specified in the agreement between the Company and the Data Processor.
In the event that a Data Processor assigned a sub-processor to process Personal Data on behalf of the Data Processor, the Company shall direct the Data Processor to provide the Company the document or agreement between the Data Processor and such sub-processor in the form and standards that shall no lower than the agreement between the Company and the Data Processor.
11 . Connecting to external websites of services
The Services of the Company may contain links to third-parties’ websites or services, which such websites or services may contain the privacy policy that is different to the content of this Privacy Policy. The Company recommends you to study the privacy policy of such websites or services in order to understand the details of such privacy policy before accessing to such websites or services. The Company is not associated with and has no control over the privacy protection measures of such websites or services and cannot be held responsible for the content, policy, damages or actions caused by third-parties’ websites or services.
12. Security of your Personal Data
12.1 The Company has implemented technical measures and data management methods to appropriately maintain the security of your Personal Data and to keep your Personal Data confidential, prevent the loss and unlawful access, destruction, use, change, alteration or disclosure of your Personal Data.
12.2 In the case where certain transactions on the website or application or social networks are necessary to use a password to log in (Log-in), you are responsible for keeping such passwords confidential. The Company will not be responsible in the event that your Personal Data is leaked or violated from the fact that you give your password to another person/
12.3 If you use a computer or mobile phone by sharing with other people or use a public computer, the Company recommends you to not choose the computer to automatically remember the user account name and password and you will have to log out every time when you stop using such computer or mobile phone. In the case where you use the website or application or the Company's social network, you should set your privacy settings as deemed appropriate for yourself.
13. The Rights of the Owner of the Personal Data
The Company warrants that during the retention period, you reserve the rights to conduct as follows:
However, your exercise of rights must be in accordance with the laws and the Company may refuse to exercise your rights as stipulated by the law, in the event that the Company is able to claim another legitimate basis, providing however that the Company shall provide you the reason for such refusal.
The Company shall not charge for a fee in relation to your exercise of right, however, the Company may charge you for a fee as deemed necessary, in the event that your request for the access of Personal Data is not reasonable or excessive.
You may contact the DPO at all time to file a complaint for your request of your rights via the channel as the Company specified above in “Data Subject Right Form”. The Company shall consider and notify your request within thirty (30) days from the date of the receipt of your request.
14. Cookies*
Cookies are small pieces of information sent from the website, which will be stored on your computer. Cookies help record the Company's website browsing activities, such as preferred languages, favorite lists, general use and other settings to customize the website to suit your needs and make your internet access activities faster and more convenient.
You may set your browser's settings to deactivate cookies. However, cancellation may affect the quality of use on the website or may cause difficulties in making transactions with the company through the website.
When you visit the Company's website, the Company may place cookies on your device and use them to collect your Personal Data in order to improve the Company’s website for your better experience when browsing through our websites. You can manually set or delete the use of cookies from your Web Browser.
15. Contact Channel to the Company
GoPomelo Co., Ltd
Contact Address: No. 111 True Digital Park West, Unicorn Building, 4th Floor, Unit No. 401, Sukhumvit Road, Bangchak, Phra Khanong, Bangkok 10260, Thailand
Telephone Number: (+66) 2-030-0082
Email Address: support@gopomelo.com
Data Protection Officer (DPO)
GoPomelo Co., Ltd
Contact Address: No. 111 True Digital Park West, Unicorn Building, 4th Floor, Unit No. 401, Sukhumvit Road, Bangchak, Phra Khanong, Bangkok 10260, Thailand
Telephone Number: (+66) 2-030-0082
Email Address: legal@gopomelo.com
16. Amendments on Personal Data Protection Policy
The Company reserves the rights to review the Personal Data Privacy Policy regularly in order to comply with related guidelines and applicable laws and regulations. In the event that the Personal Data Privacy Policy is changed, the Company shall notify you by updating the information on our website as soon as possible for your consideration and acceptance by electronic or any other means. And if you, as a user, have proceeded to accept such changes, the revised policy shall be considered a part of this Personal Data Privacy Policy.
This Personal Data Privacy Policy is currently reviewed last time as of 23rd December 2021
The Company will notify you of any changes to this Privacy Policy on the Company’s Website.