CAR CREDO (THAILAND) Co., Ltd., a company incorporated under Thai law, having its registered offices at no. 689 30th Floor, Room no. 3063 Bhiraj Tower, Sukhumvit Road (Soi 35), Khlong Tan Nuea sub-district, Watthana District, Bangkok 10110 (collectively “we” or “us”), process Personal Data that we collect from or it relates to users navigating our websites or relevant party with our product and service (collectively “you”).

We take your privacy extremely seriously. This document (“Privacy Policy”) describes what, why and how we collect and use your personal data, how you can control its use, how we protect it and how you can contact us.

Please read this Privacy Policy carefully. By accessing our website, using any services provided by us, signing up for any products and services provided by us, submitting any information to us, or otherwise showing your agreement thereon, you will be deemed to have agreed and consented to the terms of this Privacy Policy.

We reserve the right to amend, alter, change or modify this Privacy Policy at any time and without prior notice. Any amendment, alteration, change or modification will be posted from time to time on our website.

• 2.1.1 Whenever you interact with us, you may be asked to provide us your Personal Data. For example:

• a)　Some of our purchase and/or services require you to create an account or apply for membership. When creating your accounts or applying for membership, we may ask you to provide a range of information, such as your name, date of birth, contact details, payment information, feedback information (e.g., feedback, complaint, survey), log data and device information, membership information, interests and account and newsletter preferences.
• b)　When you purchase, register, send for repair or return one of our products or receive any service from us, we may record the call or chat and/or ask you to provide information such as your contact details, delivery date and place of purchase and payment information.
• c)　When you contact our customer service centres for assistance, we may keep information about the conversation, including your name, contact details, the product(s) you bought or any services you receive, the reason to why you contacted us and the advice we gave you.
• d)　When you join one of our loyalty programs, we may collect information relating to your use of the loyalty program and the rewards that you claim.
• e)　When you visit us at a public event, such as trade show or exhibition or participate in one of our surveys, competitions, prize draws or workshops, we may ask for information, such as your business card, name, contact details, interests and preferences.
• f)　When you use our online services, such as websites or applications, we may receive content that you choose to upload, such as product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to tell us about, for example, when you select the services that you wish to receive. In addition, when you browse websites, we may receive content related to your browsing activity, the time of your visit, the preferred language, what items were clicked on a page, how much time you spent on a page, what items you place in your shopping basket in our webstore, what products and services you purchased or interested in, and how much was paid).
• g)　When you participate in surveys and research, we may ask you for information, such as your email address and information about you.
• h)　When you apply for a job position offered by us, we may ask you for information such as your name, contact details, education and employment history.
• i)　When you submit your Personal Data to us for any other reason.

• 2.1.2 Please take care when submitting information to us, in particular when completing free text fields or uploading documents and other materials. Some of our services are automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.

• 2.1.3 You are not required to provide the Personal Data. However, if you do not do so, we may not be able to provide you with our products or services, communicate with you or respond to your enquiries. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct because it may result in our inability to provide you with the products and services you have requested.

• 2.1.4 If you provide us with any Personal Data relating to a third party (e.g., information of your spouse, children, parents, and/or employees), by submitting such Personal Data to us, you represent to us that you have obtained the required consent of the third party to provide us with their Personal Data.
2.2 Information that we may collect from other sources:
• 2.2.1 We may also collect your Personal Data from publicly available sources and third parties, including:
• a)　When you seek to make a purchase from us, we may carry out credit and financial checks to ensure payment is not made fraudulently and that you have a suitable credit rating.
• b)　If you purchase products or services from us or other retailer, we may receive certain information about your purchase from that retailer.
• c)　We may also receive information about you from other our group companies that you interact with. In particular, when you link your accounts for certain our group services.
• d)　When carrying out business to business sales calls, we may use business contact details that are publicly available.
• e)　When carrying out research and development, we may use information about you that are publicly available.
2.3 Information we may collect in relation to social networks
• 2.3.1 If you use any of our social network applications, pages or plugins or you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:
• a)　If you log-in to one of our websites or services using your social network account, we may receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings, however, they might include your social network ID, name, profile picture, gender and locale. We may also receive additional information from your profile if you give us permission to access it.
• b)　If you click on a 'like', '+1' or 'tweet' or similar button in one of our websites or services, we may record the fact that you have done so. In addition, the content that you are viewing may be posted to your social network profile or feed. We may receive information about further interactions with this posted content (for example, if your contacts click on a link in the posted content), which we may associate with the details that we store about you.
• c)　If you 'like', '+1' or similar one of our pages on a social network site, we may receive information about your social network profile, depending on your social network account privacy settings.
• d)　For more information and for details about how you can control access to your social network profile, you should view the privacy policy and other guidance available on your social network’s website.
2.4 Information we may collect when you use websites, products and services from us
• 2.4.1 Some of our websites, internet-enabled products and online services provide us with information about your use of them, including:
• a)　Details of the content that you view and interact with. For example, when you use our website, we may collect information about your visit, such as your browser software, which pages you view and which items you ‘clicked’ on or added to your shopping basket.
• b)　Service, product or server logs, which hold information about your use of our service, product or websites, such as your IP address, browser information (including HTTP user agent strings), HTTP client request information and the time and location of your activities, domain, device and application settings, errors and hardware activity.
• c)　Device information such as your device ID(s) and/or information about where your device is physically located. For example, when you are using a geo-location service or application and you have provided consent to your location being shared.
• d)　Interests and preferences that you specify during setup of the Internet enabled product or service.
• e)　Communications that you have with our customer service centres or our personnel may be monitored and logged.
• f)　In general, this information is collected using digital identifiers such as a device number, browser cookie or your IP address, HTTP headers and other internet transfer protocol signals, user-agent strings, device type, screen resolution, device geolocation, operating system version and device identifiers, such as Apple IDFA or Android Advertising ID. These identifiers are used to distinguish the information provided by your browser or device from that of another user’s browser or device,
• g)　We may associate the collected information with one or more of your accounts, if for instance you are logged into a service when the information is collected.
2.5 Sensitive Data
We will not process special categories of Personal Data concerning you (“Sensitive Data”) except where we are able to do so under applicable laws or with your explicit consent. Sensitive Data refers to Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner as prescribed by laws.
3. Purpose of Collection, Use and Disclosure of Your Personal Data
• 3.1 Generally, we collect, use and disclose your Personal Data for the following purposes or described when we are seeking your consent. Through your use of the Services, we will only collect, use and disclose Personal Data. In any case, you will be either asked to explicitly consent to collection and further processing of your Personal Data or at least be informed that such processing is based on another lawful basis. We do not collect and process more or other types of Personal Data than necessary to fulfill the respective purposes. We will only process Personal Data as set forth in this Policy, unless you have specifically provided your consent to additionally processing your Personal Data. If we intend to process your Personal Data for purposes other than we originally collected them for, we will inform you in advance and, in cases where the processing is based on your consent, process your Personal Data for a different purpose only with your permission.
• 3.1.1 Service provision
  When we use personal information to offer our products and services to you, the processing is based on an agreement between you and us. We may use personal information to provide services to you including:
• a)　To provide you with a product or service you have requested, including checking that a payment is not made fraudulently, delivering your purchase or repaired products to you or ensuring that you benefit from any relevant special offer or promotion (and fulfil its obligations under any other agreement it may have with you).
• b)　To facilitate and process your searches and requests for information when you contact us about us and our products and services.
• c)　To resolve complaints, respond, and handle requests and enquiries.
• d)　To provide customer care, warranty, returns and other after sales services.
• e)　To verify your identity when you contact us.
• f)　To provide our checkout assistance service. When you use our online stores, details of any products that you seek to purchase and your email address may be collected as you fill in the checkout form. If you do not complete your purchase, we may contact you using these details to offer our assistance (in case, for instance, you were suffering from technical difficulties). This is an optional service. You can choose not to receive our checkout assistance emails at any time by following the link at the bottom of each assistance email.
• 3.1.2 Product and service development
  We work constantly to improve our products and services. We either base this processing on our legitimate interests to develop our products and services to better meet customer requirements, to ensure data quality, to develop identity management, and to strengthen network and information security, or on your prior consent. We may use Personal Data for product and service development purposes such as:
• a)　For staff training and quality assurance purposes, particularly in relation to our customer relations staff at our call, email and other support centres. For example, we may monitor and record your phone calls and customer-facing interaction.
• b)　To measure our performance, troubleshoot and improve and enhance our products and services and effectiveness, fix errors, or ask for your opinions on our products and services and conducting product surveys.
• c)　To carry out research and development and statistical analysis and marketing research activities to and create and improve new and existing our products and services, recommendations, advertisements and other communications and learn more about customers in general.
• d)　To analyse, develop, improve and optimize the use, function and performance of our services
• 3.1.3 Marketing
  We will use your Personal Data to offer you products and services we believe may interest you. These products and services may be offered by us, our related companies, our other business partners or our service providers. Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

  When we use Personal Data for marketing purposes, we base the processing on either our legitimate interests to know our customers, keep you up-to-date about our latest products and services, and to personalise your customer experience, or on your prior consent, e.g. for sending marketing messages and to personalise your customer experience.

  Scenarios that we may use your Personal Data for marketing purposes include:

• a)　To provide you with newsletters and other communications by post, email, telephone, text message (SMS), social network, or instant message if you have provided your prior consent or we are otherwise permitted to do so under applicable law. These communications may include, for instance, details about our latest products and services, including upgrades and special offers in which you may be interested.
• b)　Conduct prize draws, contests and organize any other promotional offers or events.
• c)　Show you personalised content, recommendations and advertisements and more effectively target our stores, services, content, recommendations, advertisements and communications. You may notice this personalisation and targeting when you use our products and services, when we contact you with marketing communications and when you visit our and third party websites and services that show advertisements from us or our advertising partners (for example, you might see an advertisement for a product that you have recently viewed on one of our websites). The personalisation and targeting that you see on our websites or in our online advertisements and communications may make use of your ID or cookies set by us or our third party advertising partners. In other cases, our services may have specific settings to control personalised content and you should consult the privacy policy of the relevant service for more information.
• d)　Create anonymous, aggregated statistics about the use of our websites, products, services and loyalty programs, which we may share with third parties and/or make available to the public as well as proceed customer grouping and segmentation based on demographic, geographic and behavioural characteristics, in order to better understand the interests and preferences of our (potential) customers, and so communicate with them more effectively.
• e)　Use our product or service reviews, comments or content you have uploaded to our websites or services and made publicly visible to link to, publish or publicise elsewhere including in our own advertisements. Each time you create or reply to a post or thread on a website forum from us, in addition to providing this forum service, we may also record the forum name and the time and date of your post or thread with your account details. We do this to better understand the ‘typical users’ of our forums and to select or tailor our marketing communications to reflect your forum activity. We do not use the content of your forum posts or threads for these additional purposes.
• 3.1.4 Security, fraud prevention and investigation
• a)　We may use your Personal Data collected from monitoring our websites, online services, our website browsing and emails for security purposes. We may also use your Personal Data to analyse, troubleshoot, investigate, handle, or resolve any security matters and technical and functional management or any vulnerability. This information may be passed to the police or to other appropriate authorities. We base this processing on our legitimate interests to protect you and our company, systems, employees and partners, or on a legal obligation to cooperate with competent authorities.
• b)　We may use Personal Data to prevent, detect, and investigate commercial crime, dispute or fraud, to investigate any violations of our policies, and to conduct audit, due diligence or to analyze, prevent and manage commercial risks to us. For example, we may use your information such as your device ID(s) to ensure that any vouchers or discounts relating to any promotions or campaigns are not being redeemed fraudulently, and to check that a payment is not made fraudulently. In this case, we base the processing of personal information on our legitimate interest to prevent fraud and to provide benefits only to our customers.
• c)　We may also use your Personal Data to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies. We may use your Personal Data to enforce or defend the legal rights of any of our group company or the terms and conditions of any of our products or services including obtaining legal advice and dispute resolution. In this case, we base the processing on a legal obligation to which we is subject or on our legitimate interest to defend our legal rights.
• 3.1.5 Other purposes
• a)　We may use your Personal Data for other purposes which are reasonably related to the above purposes.
• b)　When you apply for a job position offered by us, we will use your Personal Data for recruitment purposes. We base this processing on consent.
• c)　We may also have specifically notified you of other purposes for which we collect, use or disclose your Personal Data. If so, we will collect, use and disclose your Personal Data for those additional purposes as well, unless we have specifically notified you otherwise.
• d)　We may use your Personal Data for managing our administrative and business operations and complying with internal policies and procedures. We base this processing on legitimate interests.
• e)　We may use your Personal Data to facilitate business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of the related our corporations or affiliates. We base this processing on consent.
• f)　We may process your Personal Data using an artificial intelligence or automated
  decision-making tool for the purposes specified herein. We will not do so if the activity is prohibited by local laws.
• g)　Your Personal Data may also be combined or linked via a unique identifier, such as a cookie, account number, email address and we may also match any of your Personal Data for any of the purposes listed herein. It is for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide a more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and advertisements.
4. Processing of Children Data
• 4.1 We consider a child to be anyone under the age of 10. We do not knowingly seek or collect Personal Data from or about children without the consent of a parent or guardian
• 4.2 If we become aware that Personal Data that has been submitted to us relates to a child without the consent of a parent or guardian, we will use reasonable efforts to:
• a)　Delete that Personal Data from its files as soon as possible.
• b)　Ensure, where deletion is not possible, that this Personal Data is not used further for any purpose, nor disclosed further to any third party.
• c)　Any parent or guardian with queries regarding our processing of personal information relating to their child should contact us using the details provided at the end of this Privacy Policy.
5. Retention of your Personal Data
• 5.1 We will only retain your Personal Data for as long as is reasonably necessary for the various purposes set out in this Privacy Policy or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of certain types of information. This means that we process your Personal Data:
• a)　until you, as the data subject, objects to such processing and the option to object will be provided in each communication - in case we process your Personal Data based on our legitimate interest in cases where the objection is justified;
• b)　until the expiration of our legitimate interest in case we process your Personal Data in order to secure our legitimate interest in case the objection is not justified, e.g. to secure execution of possible obligations and to prevent a fraud;
• c)　as long as the legal obligation is in place - in case we process your Personal Data based on the legal obligation;
• d)　as long as the service and/or action requested by you is completed or you withdraw from the service/action - in case we process data in connection with services we render to you and there is no other purpose for keeping the data; and
• e)　until the consent for processing is withdrawn – in case we rely only on your consent for processing the user’s Personal Data and there is no legal interest for keeping Personal Data (and the option to withdraw the consent will be provided in each communication).
• 5.2 In general, we will delete the Personal Data we collected from you if it is no longer necessary to keep such Personal Data to achieve the purposes for which they were originally collected. However, we may be required to store your Personal Data for a longer period due to requirements by law.
6. Disclosing and Transferring of Personal Data
• 6.1 Subject to the provisions of any applicable law, we may disclose or transfer your Personal Data to the following parties for the purposes listed above:
• a)　Our related corporations or affiliates and their employees to provide content, products and services to you or us.
• b)　agents, contractors or third party service providers who provide services to us.
• c)　commercial shops and retailers in relation to providing rewards and benefits.
• d)　any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of our related corporations or affiliates.
• e)　our professional advisers such as auditors, financial advisers and lawyers.
• f)　relevant government regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority.
• g)　any person or party in case of protection of our legitimate interests or if it is required or permitted by law or if you give your explicit consent for such transfer of your Personal Data.
• h)　any other party to whom you specifically authorise us to disclose your Personal Data.
• 6.2 Some of the recipients may be outside of Thailand. We use a variety of legal mechanisms, including data sharing agreements, to ensure adequate level of protection of your Personal Data. It is deemed that you consent and agree to us transferring your Personal Data outside of Thailand for any of the purposes as listed above. If you have any questions or concerns, please contact us using the details provided at the end of this Privacy Policy.
7. Security measures
• 7.1 We take appropriate and commercially reasonable technical, physical, and administrative measures to protect your Personal Data from misuse or accidental, unlawful or unauthorised destruction, loss, alteration, disclosure, acquisition or access in accordance with applicable laws. These processes and systems include:
• a)　Limiting access to the information and using identity and access management technologies to control access to systems on which information is processed and stored.
• b)　Putting in place physical, electronic and procedural safeguards in line with industry standards.
• c)　requiring all employees to complete training about information security.
• d)　monitoring and regularly reviewing our practise against our own policies and against industry best practice.
• 7.2 Our Services may, from time to time, contain hyperlinks to websites which are not controlled by us. Although we will do our utmost to make sure that the hyperlinks on the website lead exclusively to websites which share our safety and confidentiality standards, we are not responsible for the protection or confidentiality of any data you may submit on such other websites. Before submitting information on such sites, we recommend that you read their privacy policy and other statements in that regard.
8. Cookies, web beacons and embedded scripts
• 8.1 In order to improve our services to you, we sometimes use automated tracking devices such as a “cookie”. A cookie is a small amount of data that our web server sends to your web browser when you visit certain parts of our website and the use of which is intended to assist our understanding of your interest in our website. We may use the cookies to personalise the content, recommendations, advertisements and communications delivered to you so that they are more relevant to you and your interests. For example, you may see an advertisement for a product that you have recently viewed on our website. Please note that the cookies do not personally identify users although they do identify a user’s browser. You can always choose to disable cookies from being stored on your computer by changing your browser settings. Disabling cookies however, may result in a limited experience of our functionality and services and in some cases may mean that we are unable to provide you with the services, or parts of the services, that you have requested. Some of our business partners whose content is incorporated into or linked to from the website may also use cookies. However, we have no access to or control over these cookies or websites.
• 8.2 A “web beacon” (also known as image tag, pixel tag, clear GIF or web bug) is a small piece of code used to collect advertising data, such as counting page views, promotion views or advertising responses. Web beacons or similar technologies may be used for various purposes, including, without limitation, to count visitors to our websites and to monitor how users navigate our websites.
• 8.3 An “embedded script” is programming code that is designed to collect information about your interactions with our websites, such as the links you click on. The code is temporarily downloaded onto your device from our server or a third-party service provider, is active only while you are connected our websites, and is deactivated or deleted thereafter.
9. Data subject rights
• 9.1 Under Personal Data Protection Act B.E. 2562 (2019), as a data subject you may have the right to
• a)　access or obtain a copy of your data;
• b)　have your data deleted, destroyed or anonymized;
• c)　have your data corrected where it is inaccurate;
• d)　object to your data being processed or to restrict processing;
• e)　withdraw consent to having your data processed; and
• f)　have your data provided in a format which is readable or commonly used or have it transferred to other data controllers.
• 9.2 In certain situations we may not be able to give you access to all or some of your Personal Data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
• 9.3 Should you decide to revoke your permission given to us to provide you with any marketing and advertising content, please note that we may still be required to send you emails, mails, calls, facsimiles and/or any other form of communication regarding factual transactional and/or service information in connection with products or services that we provided to you or the organisation through whom you are known to us.
• 9.4 To the extent to Personal Data processing is necessary for the purpose of freedom of expression, for the performance of a contract, the purpose of establishment, compliance or exercise of legal claims, or defense of legal claims, or other purposes permissible by and in compliance with the law, you acknowledge and agree that you may not exercise the above right and we will advise you of the reason for the refusal.
10. Contact
• 10.1 If you have any questions, comments, concerns, or requests to withdraw your consent, make access or corrections to your Personal Data records or exercise any of your rights, you may contact us as follows:

  Email: [gooinspection.thailand@car-credo.co.jp] (Note: Not for Product inquiry)
  Write in to: Data Protection Officer
  CAR CREDO (THAILAND) Co., Ltd.
  689 30th Floor, Room no. 3063 Bhiraj Tower,
  Sukhumvit Road (Soi 35), Khlong Tan Nuea sub-district,
  Watthana District, Bangkok 10110

  To the extent permitted by law, we will make our best effort to respond to your queries and/or requests within 30 days. However, the period may be extended due to specific reasons relating to the specific legal right or the complexity of your request.

• 10.2 Unless otherwise there is a restriction on the withdrawal of consent by law or pursuant to a contract which gives benefits to you, should you withdraw your consent to any or all use of your Personal Data, depending on the nature of your request, we may not be able to continue to provide its products and/or services to you. In addition, there are some circumstances in which we are not required to give you access to your personal information. The withdrawal of your consent will not affect the lawfulness of processing based on consent before such withdrawal.

  If you remain unsatisfied with the way in which we have handled your privacy issue, you may contact the Personal Data Protection Committee.

Date of establishment : 30 April 2023