Privacy Policy
Introduction
Backyard Co., Ltd. (hereinafter referred to as "the Company") is committed to protecting personal data and complying with the Thailand Personal Data Protection Act B.E. 2562 (2019) (“PDPA”). As the Company's operations involve the collection and processing of personal data, it acts as a personal data controller under the PDPA and has duties and responsibilities to protect personal data in accordance with the law.
To uphold these commitments, the Company has established this privacy policy ("Policy") to outline the guidelines and practices for its personal data protection operations.
Scope
This Policy applies to all individuals involved in the management of the Company's data, including directors, employees, staff, working groups, contractors, external agencies or external persons who work on behalf of or in collaboration with the Company.
The Company expects all individuals subject to this policy to understand its principles and guidelines and adhere to them strictly. Any violation of this Policy, including practices contrary to it, will result in disciplinary action.
Purposes
1. To ensure that the Company's personal data protection practices comply with legal requirements.
2. To provide guidelines for the Company's personal data protection operations for employees and others involved in handling personal data to strictly adhere to.
3. To assure data subjects that their personal data collected by the Company will be protected, handled, and processed appropriately, transparently, and in accordance with the provisions of the PDPA.
Definitions
Personal Data Protection Law refers to the Thailand Personal Data Protection Act B.E. 2562 (2019) and any future amendments thereto, including related subordinate laws and regulations.
Personal Data refers to information relating to an individual that enables the identification of such individual, whether directly or indirectly, such as name, surname, nickname, email address, telephone number, address, vehicle registration number, including biometric data such as facial recognition and fingerprints, but excludes information of deceased persons.
Data controller refers to a person or juristic person who has the power and duty to make decisions regarding the collection, use, or disclosure of personal data.
Data controller refers to a person or juristic person who has the power and duty to make decisions regarding the collection, use, or disclosure of personal data.
Data Processor refers to a person or juristic person who performs operations regarding the collection, use, or disclosure of personal data on behalf of or as instructed by the Data Controller. Such a person or juristic person is not the Data Controller.
Data Subject refers to a natural person who is the owner of the personal data, but it does not include cases where a person has ownership or creates or collects the data themselves.
Processing refers to the collection, use, or disclosure of personal data in accordance with the Personal Data Protection Law.
Employee refers to executives, employees, staff, or those working for or performing duties for the company under a contractual agreement or appointed by law to perform duties.
Key Principles of Personal Data Protection
The company will process personal data based on the following key principles:
-
Lawfulness, Fairness, and Transparency: The processing of personal data must be lawful, fair, and transparent to the data subject.
-
Purpose Limitation: The processing of personal data will be carried out within the scope of clear and legally binding purposes and will not be incompatible with those purposes.
-
Data Minimization: The processing of personal data must be adequate, relevant, and limited to what is necessary for the intended purposes.
-
Accuracy: Personal data must be accurate and, where necessary, kept up to date, with appropriate steps taken to correct any inaccuracies.
-
Storage Limitation: Personal data must be stored only as long as necessary for the processing purposes unless a law requires the company to retain the data longer.
-
Integrity and Confidentiality: Personal data must be protected against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Compliance with Key Principles of Personal Data Protection
The company places great importance on personal data protection by implementing measures in accordance with the Personal Data Protection Law, including internal control measures, guidelines, and manuals related to personal data protection to ensure effective implementation and compliance with the key principles of personal data protection. Employees must strictly comply with the law, policies, and practices.
To ensure practical implementation of the key principles of personal data protection outlined in Section 5, the Company will:
-
Establish an organizational structure to assign responsibilities for overseeing and guiding the company’s operations in compliance with this policy and the Personal Data Protection Law, provide consultation to employees, and act as the company’s liaison with data subjects and the Personal Data Protection Committee.
-
Define practices and employee responsibilities related to personal data protection that align with this Policy, the Personal Data Protection Law, and other related policies.
-
Provide training to raise awareness and understanding among the Company’s employees regarding personal data protection.
-
Inform service users or individuals interacting with the Company about data processing purposes, including third parties with whom the data may be shared or disclosed, through clear Privacy Notices and Cookie Notices.
-
Ensure that consent, when required, is explicit, using clear language, in easily accessible and understandable formats, and written in a simple language.
-
Establish methods, channels, and designate responsible persons for handling complaints, requests, and actions regarding the data subject’s rights under the Personal Data Protection Law.
-
Establish processes and designate responsible persons for conducting audits, investigations, and internal reporting in the event of a personal data breach
-
Maintain records as required by Section 39 of the Personal Data Protection Law for inspection by data subjects and the Personal Data Protection Committee, such as records of collected personal data and data controllers, and reviewing and auditing these records at least once a year.
-
Create a retention schedule to ensure that personal data stored by the company is kept only as necessary and for the purposes specified.
-
Draft and execute data processing agreements or contracts when the Company hires or assigns external parties to process personal data.
-
Set internal measures for transferring or transmitting personal data outside the Company, both domestically and internationally.
Principles for Data Processing
Any personal data processing carried out by the company will be lawful and based on the following key principles:
-
The data processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into such a contract.
-
The data processing is necessary to prevent or suppress danger to a person’s life, body, or health.
-
The data processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority conferred to the data controller.
-
The data processing is necessary for the legitimate interests of the data controller or other persons or juristic persons, except where such interests are overridden by the fundamental rights of the data subject’s personal data.
-
The data processing is for achieving purposes related to historical or archival documentation for the public interest or related to research or statistical purposes, with appropriate safeguards to protect the data subject’s rights and freedoms, as prescribed by the Personal Data Protection Law.
-
The data processing is to comply with a legal obligation.
-
The data subject has given explicit consent.
Data Subjects’ Rights
The company acknowledges that data subjects have rights under the Personal Data Protection Law and places great importance on facilitating the exercise of these rights. The rights are as follows:
-
Right to be Informed: The company will provide a “Privacy Notice” with clear details of the purposes of data processing, as well as a “Cookie Policy” outlining the types of cookies used and their purposes. If the company processes data beyond the stated purposes or outside of any given consent, it will notify and/or seek additional consent from the data subject before processing such personal data.
-
Right to Withdraw Consent: Data subjects can withdraw their consent at any time.
-
Right of Access: Data subjects can request access to their personal data and obtain copies of the personal data processing activities, as well as request the company to disclose how it obtained the data.
-
Right to Rectification: Data subjects can request corrections to any inaccurate personal data to ensure that it is accurate, up-to-date, and not misleading.
-
Right to Erasure: Data subjects can request deletion, destruction, or anonymization of their personal data.
-
Right to Data Portability: If the company’s data system supports it, data subjects can request a copy of their personal data in a commonly used and machine-readable format and can also request the transfer of such data to another data controller automatically.
-
Right to Restrict Processing: Data subjects can request the company to restrict the use of their personal data.
-
Right to Object: Data subjects can object to the processing of their personal data.
Data subjects can read more about the conditions for exercising these rights in the Privacy Notice. In some cases, the company may refuse such requests if there are lawful grounds to do so, or if the request is for legal compliance or court orders, or if it may impact the rights and freedoms of the data subject or others.
If data subjects would like to exercise the above rights, they can contact info@backyard.in.th. Further details on how to exercise these rights can be found under “Verification and Request for Rights” on the company's website.
Review and Update
The company will review this policy at least once a year or whenever there are necessary changes to ensure that it remains appropriate to the changing circumstances. Updates will be announced on the company’s website and other appropriate communication channels.
Effective Date: June 1, 2022
Privacy Notice
Introduction
Backyard Co., Ltd. ("Company") recognizes and prioritizes the protection of the personal data of individuals who engage with and utilize the Company’s services (hereinafter referred to as "you"). The Company will handle and manage your personal data with transparency, fairness, and in compliance with the Personal Data Protection Act and other related laws.
This Privacy Notice ("Notice") aims to inform you about how the Company collects, uses, discloses, and protects your personal data.
The Company recommends that you thoroughly read and understand this Notice prior to providing your personal data. If you have any concerns, questions, or need further information regarding this Notice or other related notices and policies, please contact the Company through the contact details provided at the end of this Notice.
Your Personal Data
Personal data refers to information about an individual that enables the identification of that individual, whether directly or indirectly, such as name, surname, identification number, phone number, date of birth, personal codes, photos or videos captured by CCTV, and biometric data such as facial recognition and fingerprints. It does not include data of deceased individuals.
Generally, the Company collects personal data directly from you, such as through form submissions, phone communications, or via the Company’s websites or applications. However, in some cases, the Company may receive your personal data from third parties whom the Company believes, in good faith, have the right to collect and disclose your personal data to the Company. The Company will only collect personal data as necessary and use it for specific lawful purposes or as required by law.
When you contact or use the Company’s websites or applications, the Company must comply with legal requirements to collect certain information about your usage, such as your IP address. Additionally, to facilitate the use of the Company’s websites or applications, the Company may employ automated technologies to collect usage data, which may include cookies, web beacons, pixel tags, and similar tracking technologies collectively referred to as “Cookies.” You can read more about the use of Cookies on the Company’s website.
Sensitive Data The Personal Data Protection Act categorizes certain types of data as sensitive, such as race, religion, sexual behavior, political opinions, disabilities, genetic data, biological data, health data, and etc. The collection of such data is only permitted as required by law, which may include obtaining your explicit consent. Therefore, the Company will collect sensitive data only when necessary and will clearly inform you of the reasons and may seek your consent for such collection in certain cases.
Personal Data of Minors, Quasi-incompetent persons, and incompetent persons ("Legally incapacitated persons")
The Company will process the personal data of Legally incapacitated persons only when necessary and in accordance with data protection laws. In cases where it is necessary to process the personal data of legally incapacitated persons, the Company will obtain consent from their legal guardians or legal representatives, except when it pertains to the consent of minors over the age of 10 for personal matters necessary for their suitable living conditions, in which case the minors can provide consent independently.
The personal data that the Company may collect from you includes the following:
-
When you contact, participate in activities, or request services from the Company, or when the Company conducts research and surveys, the Company may collect personal data from you such as::Personal
-
Information: Name, surname, identification number, etc.
-
Contact Information: Email, phone number, address, social media contact information, workplace, etc.
-
Job-related Information: Profession, position, affiliated department, etc.
-
Technical and Usage Information: IP Address when you use the Company’s online services, etc.
-
Other Personal Information: Any other personal information you voluntarily provide to the Company.
-
-
When you enter the Company’s premises, the Company may record your image using CCTV cameras. The Company will post signs to inform you that CCTV cameras are in use within the premises.
-
When you enter areas where the Company holds meetings, seminars, public hearings, or any other activities, the Company may take photos or videos to document the events or for use in Company publicity materials. The Company will post signs to inform you that photos or videos are being recorded in those areas.
Purposes of Collecting Your Personal Data
The Company may need to collect, use, or disclose your personal data for the following purposes:
-
To allow you to use services or participate in the Company’s activities.
-
To assist you, respond to your inquiries, or address your complaints.
-
To analyze and review for improving activities or developing new services to enhance your convenience and experience with the Company’s services.
-
For recruitment purposes.
-
For procurement and asset management of the Company.
-
For receiving and disbursing funds or conducting any financial and accounting operations of the Company.
-
To publicize the Company’s activities and information to you and invite you to participate in the Company’s activities.
-
To prevent illegal activities. The Company may inspect collected data, including CCTV footage, to monitor, detect, and prevent illegal actions.
-
To comply with legal obligations or other laws that require the Company to perform specific duties.
Legal Basis for Collecting, Using, and Disclosing Your Personal Data
The Company will collect, use, and disclose your personal data only as necessary and in accordance with data protection laws. The data protection laws provide several legal bases under different circumstances that allow the Company, as the data controller, to perform these activities. Generally, the Company will collect, use, and disclose your personal data based on the following legal grounds:
Generally, the Company will collect, use, and disclose your personal data where there is a lawful basis, including:
-
When you or your legal representative have given consent.
-
It is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
-
It is necessary to protect or prevent harm to life, body, or health of an individual.
-
It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.
-
It is necessary for the legitimate interests of the Company or a third party, except where such interests are overridden by your fundamental rights in personal data.
-
It is necessary to achieve purposes related to public interest historical or archival documentation, research or statistics, with appropriate safeguards in place to protect your rights and freedoms, as specified by the Personal Data Protection Committee.
-
It is necessary to comply with legal obligations to which the Company is subject.
In certain cases, the company may deny the request to exercise the above rights if there is a lawful reason, or if it is necessary to comply with legal requirements or court orders, or if such action could impact and cause harm to the rights or freedoms of the data subject or other individuals.
Data Subjects’ Rights
As the data subject, you have several rights under the data protection laws, and the Company is committed to facilitating the exercise of these rights. These rights include:
-
Right to be Informed: The Company will inform you of the purposes of data collection, use, and disclosure through a “Privacy Notice.”
-
Right to Withdraw Consent: You may withdraw your consent at any time.
-
Right of Access: You can request access to your personal data and obtain a copy of the data, as well as request disclosure of the source of the data.
-
Right to Rectification: You can request correction of inaccurate personal data to ensure it is accurate, up-to-date, and does not lead to misunderstandings.
-
Right to Erasure: You can request the Company to delete, destroy, or anonymize your personal data.
-
Right to Data Portability: If the Company’s data system supports automatic reading or usage, you can request a copy of your personal data and request its transfer to another data controller.
-
Right to Restrict Processing: You can request the Company to restrict the use of your personal data.
-
Right to Object: You can object to the processing of your personal data.
Disclosure of Your Personal Data
The Company will not disclose, sell, distribute, distribute, exchange, transfer or disclose any of your personal information that the Company has collected to any third party, except as specified in this announcement or upon request or consent from you, or under certain circumstances as follows:
In the event that the Company honestly believes that it is a legal requirement or is in compliance with the order of a government official with legal authority or is in compliance with a subpoena, court order or judicial process.
Sharing information with other trusted agencies that work on behalf of or for the Company under an agreement or contract that ensures that such agencies will comply with the requirements of the Personal Data Protection Act as well as the Company. Such sharing of information may include both storage and use of information to deliver services to you or for the implementation of the Company's projects or activities, such as data surveys and analysis, public relations, etc.
In cases where the Company honestly believes and has good reason to disclose your personal information, which are situations that the Company considers more important than protecting your privacy and do not occur infrequently, including:
To investigate, investigate and suppress crimes, corruption, fraud or
To prevent or deal with threats or actions that may damage the rights, property or safety of the public, including the Company and related persons, or
To prevent or deal with actions that violate the Company's Terms of Service or the law.
In the event that the Company is concerned about your physical safety or believes that the Company must take certain action to protect you from any threat or action that may harm you, the Company will discuss with you and, if possible, ask for your permission to inform other persons who need to know about the situation you are in before taking such action.
If the above cases occur, the Company will record as evidence what information the Company disclosed under what circumstances and for what reasons so that you can know what the Company has done with regard to your personal information.
How the Company Protects Your Data
The Company recognizes the trust you place in providing your important data and, as required by data protection laws, implements security measures and management practices to ensure that such data is protected and accessible for review by the data owner.
Examples of security measures and data protection practices used by the Company include:
-
Restricting access to personal data to only those Company employees who need to know (Need to Know Basis).
-
Implementing measures to prevent unauthorized access to systems and data, such as the use of passwords to access service systems.
-
Encrypting confidential data to ensure it cannot be read by unauthorized persons
-
Establishing data protection procedures and handling suspected personal data breaches. If such an incident occurs, the Company will promptly notify you and relevant authorities if required by law
-
Conducting training for Company employees to raise awareness and understanding of personal data protection procedures and how to handle suspected data breaches.
-
Periodically reviewing data protection procedures to ensure they remain appropriate and aligned with current circumstances.
-
Regularly testing systems that store or process personal data to ensure security and implementing the latest security patches and updates.
Please be aware that transmitting data over public networks or using public computers, or even personal computers or devices infected with malware, carries risks. The Company cannot guarantee the security of your data, which may be accessed, disclosed, or transferred without authorization, potentially causing you harm.
Data Storage and Transfer
The Company stores, uses, and processes your personal data on systems located in Thailand. However, data transfer for storage or processing may sometimes occur across regions or countries. The Company ensures that such transfers are conducted securely and that recipients have adequate data protection measures in place, compliant with legal standards. Contracts are established with third parties involved in data transfer, storage, or processing to enforce the Company's data protection measures.
Data Retention Period
The Company retains your personal data for the period necessary to fulfill its stated purposes and comply with legal obligations. The retention period may vary depending on the nature of the data, specified activity and service.
In cases where the Company receives notice or reasonably believes there may be a breach of its service agreements, legal violations, or disputes, personal data may be retained beyond the standard period for investigation, legal proceedings, and evidence collection, until the process concludes or as required by relevant laws.
Links to Third-Party Services
In certain circumstances, some Company services may link to third-party websites, applications, or services for your convenience. If you use these links, you will leave the Company's services. The Company does not have control over and cannot verify the accuracy or reliability of these third-party sites, applications, or services.
This notice is intended solely for the services provided by the company. If you use the provided links to access third-party services that fall outside the scope of this notice, the company recommends that you read and understand the privacy policy or notice of those services before using them.
Review and Update
The company may update this notice from time to time to ensure that its content remains appropriate, current, and compliant with data protection laws and relevant regulations. If the company makes changes to this notice, the latest version will be displayed on the company's website, and notifications may be provided through appropriate channels. The company recommends that you regularly review this notice, especially before submitting personal information through the company's services.
Continued use of the company's services after the notice has been updated and posted signifies your acceptance of and agreement to the revised notice.
Contact Detail
If you have any questions, suggestions, comments, or need further information regarding the details of this notice, you can contact the Company at:
Backyard Co., Ltd.
29 Bangkok Business Center Building, Room 2201-2, 22nd Floor
Sukhumvit 63 (Ekkamai) Road, Klongton-Nua, Watthana, Bangkok 10110
Phone: 02-853-9131
Email: legal@backyard.in.th
Effective Date: June 1, 2022
Cookie Policy
Introduction
ประกาศการใช้คุกกี้นี้จะให้ข้อมูลเกี่ยวกับคุกกี้ประเภทต่าง ๆ และเทคโนโลยีที่คล้ายกัน (“คุกกี้”) ที่มีการใช้งานบนเว็บไซต์และบริการธุรกรรมทางอิเล็กทรอนิกส์ต่าง ๆ (ต่อไปเรียกรวมกันว่า “เว็บไซต์”) ซึ่งควบคุมและจัดการโดย บริษัท แบ็คยาร์ด จำกัด (“บริษัทฯ”) โดยประกาศนี้จะอธิบายว่า บริษัทฯ ใช้คุกกี้อย่างไร เพื่ออะไร และท่านสามารถยอมรับและปฏิเสธการใช้คุกกี้อย่างไร
What Are Cookies
A cookie is a small text file stored in the form of a text file. Our website sends a cookie to your browser. It may be saved on your computer or the device you use to access the website. Cookies are essential for enabling the website to remember various settings on your device.
How Does the Company Use Cookies
The Company utilizes Cookies and similar technologies for various purposes, including:
-
To remember your browser settings to facilitate continuous access to the website and enhance your experience and satisfaction.
-
To assess the performance and functionality of the Website, identifying areas for improvement.
-
To collect and analyze data on Website visits and usage to understand user interests and engagement with the Company’s services.
-
To provide a better Website experience, including tailored services and targeted communications based on your interests.
Moreover, the Company's various services may be provided on separate websites, and each website may use cookies for one or more purposes. You can see the details of the types of cookies used on that website.
What cookies does the Company use
The Company's website uses both first-party cookies and third-party cookies, which are set and configured by external service providers, such as external companies that the Company uses to add functionality to the Company's website.
Cookies used by the Company can be divided into 2 types according to storage:
-
Session Cookie is a temporary cookie that remembers you while you are visiting the Company's website, such as tracking the language you have set and selected, and will be deleted from your computer or device when you leave the website or close your web browser.
-
Persistent Cookie is a cookie that will stay for a specified period or until you delete it. This type of cookie helps the Company's website to remember you and your settings when you return to use the website again, which will help you to use the website more conveniently and quickly.
.
According to their purpose, Cookies are categorized into 4 types:
-
Strictly Necessary Cookies: Cookies that are necessary for providing services. This type of cookie is necessary for providing the Company's website services so that you can access different parts of the website. Disabling this type of cookie will result in you not being able to use the essential services of the Company which require the use of cookies.
-
Performance Cookies: This type of cookie helps the Company to see the user interaction in using the Company's website services, including which pages or areas of the website are popular, as well as analyzing other data. The Company also uses this information to improve the website's performance and to understand user behavior. However, the data collected by this cookie is anonymous and used only for statistical analysis. Disabling this type of cookie will prevent the Company from knowing the number of website visitors and being unable to evaluate the quality of service.
-
Functional Cookies: This type of cookie helps the Company's website to remember the various options that you have set and helps the website deliver additional features and content to match your usage, such as remembering your user account name or remembering changes to font size or page settings that you can customize. Disabling this type of cookie may result in the website not working properly.
-
Targeting Cookies: This type of cookie is generated from the connection of third-party websites, which collect information about your visits and the websites you have visited, in order to offer products or services on other websites that are not the Company's website. If you disable this type of cookie, it will not affect the use of the Company's website, but it will result in the presentation of products or services on other websites not matching your interests.
As stated above, the Company's services may be provided separately on multiple websites. Therefore, each website may select different types of cookies as appropriate and necessary for providing those services. The Company will display information and details of each type of cookie, including the name of the cookie used on the homepage of each service, in the form of a cookie notification banner. There is a link (settings) that you can click to read the details of each type of cookie used on that service.
How Can You Manage Cookies
Most browsers are set to accept cookies automatically. However, you can choose to accept or reject cookies from the Company's services at any time by setting up your browser. Please note that if you choose to disable cookies on your browser or device, you may find that some parts of the Company's website may not work or provide services as normal.
Links to Third-Party Websites
The Company's website may contain links to external websites or social media, and may embed content or videos from social media such as YouTube or Facebook, etc., which will allow you to access content and interact with others on social media from the Company's website. External websites or social media will set and configure their own cookies, which the Company cannot control or be responsible for. It is recommended that you read and understand the policies or announcements of those third parties regarding the use of cookies.
Changes to this Noticeประกาศ
This notice may be updated from time to time to be appropriate and consistent with changing circumstances, and the Company will post the updated notice on this website. The Company recommends that you check this website regularly.
Contact Details
If you have any questions or concerns regarding this notice or suggestions about our cookie usage, please contact us at
Backyard Co., Ltd.
29 Bangkok Business Center Building, Room 2201-2, 22nd Floor
Sukhumvit 63 (Ekkamai) Road, Klongton-Nua, Watthana, Bangkok 10110
Phone: 02-853-9131
Email: legal@backyard.in.th