Policy | Register

Personal Data Protection Policy

Living Joy Co., Ltd. (the “Company”) is a provider of websites, including online platforms and other social media channels. The Company respects the privacy of its users and realizes that the user’s personal information is extremely important, and as such, the Company has this Personal Data Protection Policy in place to clarify details and methods of arranging, collecting, using or disclosing data protection, access to data, transfer and processing of your personal data as follows:
This Privacy Policy is governed by the Personal Data Protection Act B.E. 2562,, and the Company has the authority to make decision regarding the collection, use or disclosure or personal data, which is referred to by law as the “Personal Data Controller”.

1. What personal data is collected, used or disclosed by the Company
The Company collects personal information which makes it possible to identify you whether directly or indirectly, this includes information you provide directly from the registration system through the registration system of activities of the Company, cookies, transaction information, monitoring usage and electricity bill and usage through the website assignees, or other any channels such as:
- Personal information such as first name, last name, date of birth, ID number, nationality, religion, gender, driver’s license number, Passport number, marital status, system user’s name, login password.
- Contact information such as address by housing system, current residential address, phone number, email address.
- Service usage information such as IP address, login information useage information on the system, location information based on IP address, cookies usage while opening the website.
- Other information such as use of the Website, audio, still images, animations, and any other information that is considered personal information under personal data protection laws.
- Electricity consumption contract account data from CA/Ref No. 1.
- Financial information such as account number, credit card number, debit card number, outstanding payment information.

2. Purpose for which information is collected, used or disclosed
The Company will use your personal data to develop and improve the Website as well as analyzing and processing personal data to meet the needs of users, including providing services, product improvements, communication channels related to products benefits and more, in an electronic way for you to be more efficient.
If the objectives are later changed, the Company will notify you for consent and provide a record of amendments as evidence.
The Company will not collect, use or disclose your personal data for benefit other than the purposes as stated to you prior to or at the time of collection.

3. Protection of Personal Data
The Company will maintain your personal data weil in accordance with technical measures and organizational measures to secure proper personal data processing and to prevent personal data breaches, losses, etc. Destroy, edit, convert your personal information outside this purpose must be prior consented by you. By obtaining your consent, the Company will do so expressly by book recording or electronically file as reference.
However, you are free to consent to the Company’s collection, use or expose your personal information. The Company shall not set the terms of consent to access the service or enter into a contract with the Company if the personal data is not necessary or relevant for entering into a contract or receiving such services.
In addition, the executi ves, employees, contractors, agents, consultants, and data recipients of information of the Company are obliged to maintain personal information in accordance with confidentiality measures established by the Company.
In the event that personal data is from an underage person, which is regarded as the minor person by the Civil and Commercial Code, the consent of using the personal data must be prior obtained from the custodian who has the authority to act on your behalf. If the consenting person is a minor person up to 30 days, the consent of the custodian must be obtained directly from the custodian.
The Company will process your information correctly, accurately, up-to-date and non-misleading.

4. Collection, use or disclosure, of personal information
The Company will collect your personal data with your consent first, unless authorized by law under Section 24 or Section 26 of the Personal Data Protection Act B.E. 2562.
Your information shall be storage by the Company for the period of 10 years from the date of termination of the contract.
The Company will collect your data only as necessary for the purposes stated by the Company in Clause 2.
However, if it is necessary for you to provide personal information to the Company in order to comply with the law or contract, or to enter into the contract with the Company, the Company will notify you first and will inform you of the consequences if you do not agree to provide such information.
The Company will not collect your information directly from sources other than yours unless the Company informs you of your collection from other sources within 30 days and has your consent or is an exempt collection without consent stipulated under Section 24 or Section 26 of the Personal Data Protection Act B.E. 2562.
The Company does not collect personal information related to race, ethnicity, political opinions, belief in cults, religions, or philosophy, sexual behavior, criminal record, health, disability information, union information, genetic information, biological information, or any other information that affect you similarly as announced by the Personal Data Protection Commission, without your express consent, unless the case under Section 26 of the Personal Data Protection Act B.E. 2562.
The Company shall not use or disclose your personal information without consent under the Personal Data Protection Act B.E. 2562, Section 24 or Section 26.
The Company will ensure that the employees assigned to this particular matter are not used, displayed or make it appear in any other way that your personal data, in addition to the purposes under the rules permitted by law to the extent to which you have consented or to the extent involved in this Policy.
In the event that the Company will disclose your Personal Data to a third party or juristic person, an external person or entity must provide the purpose of use or disclose your personal data in addition to the purpose provided to the Company.
In the event that the Company sends or transfers personal data to a foreign country, the destination country or international organization that receives personal data must have adequate personal data protection standards. This must be in accordance with the guidelines as required by the Personal Data Protection Commission, unless the case is under Personal Data Protection Act B.E. 2562 Section 28 (1) – (6).

5. Your rights regarding personal data
Your right to this Policy is the right under the Personal Data Protection Act B.E. 2562 and other relevant laws. You may requested to exercise your rights under the terms of the law and policies set forth by the Company prior to or at the time, or to be amended in the future, as well as the criteria set forth by the Company.
5.1 Right to withdraw consent : You have the right to withdraw your consent at any time for the duration of your personal data is being kept by the Company unless there is a statutory restriction on that right or a contract that benefits you (whether it is the consent you have provided prior to the date of Personal Data Protection Act, or afterwards).
5.2 Right to request access, obtain information, or copy of information : You have the right to request access, obtain information or ask the Company to produce a copy of information to you, as well as to request the Company to inform how your personal information is acquired by the Company.
5.3 Right to object ; You have the right to object to the collection, use, or disclosure of your Personal Data at any time In the event that the Company is allowed with the power to collect your personal information without first asking for your consent.
5.4 Right to request correction of personal information : You have the right to correct and update your personal information to avoid misleading of your information.
5.5 Right to request deletion or destruction : You have the right to delete or destruction of your personal information or make the personal data that cannot be identified by the person who owns it as follows:
  5.5.1 Your information is not necessary to be retained for the purpose for which it is collected, used, or disclosed
  5.5.2 When you have exercised your right to withdraw your consent and the Company does not have the authority to legally collect
  5.5.3 When you exercise to object under Clause 5.3 and the Company cannot legally refuse the request.
  5.5.4 When your information is collected, used, or disclosed unlawfully
5.6 Right to request that the use of data be suspended : You have the right to ask the Company to suspend the use of your data in the following cases:
  5.6.1 When the Company is under investigation as requested by you.
  5.6.2 When the personal data is to be deleted or destroyed, but you request that information to be suspended instead.
  5.6.3 When your data is deprived of the need for retention in accordance with the purpose for which you data is collected, However, you requested that such information should be temporary suspended and retained for use in setting up a claim in accordance with the law, compliance with rules and regulations.
  5.6.4 When the Company is in the process of proving your request for objection in accordance
with Article 5.3 to see if the Company has the legal authority to reject your objection.
5.7 Right to request the Company to process your information correctly You have the right to request the Company to process your information correctly to be updated, accurate, complete, so that it does not cause misleading or misunderstanding. If the Company does not comply with the request, the Company will record your request electronically.
5.8 Right to complain : You have the right to complain to the relevant legal authority if you believe that the collection, use, disclosure of your Personal Data is in a manner that violates or fails to comply with applicable laws.
5.9 The exercise of your rights mentioned above may be limited under applicable laws, and there are cases where the Company may refuse or fails to process your above requests, such as complying with the laws or Court order or the exercising of right can violate other persons rights.

6. Linking personal data information with other parties or legal entities
6.1 The Company may link personal data with other persons or legal entities, and the Company will notify you before the linking with following details:
- The person or juristic person for the information to link.
- The purposes of linking.
- Methods of linking.
- Personal information to be lined.
6.2 If there are changes in planned linking data, the Company will notify you of the change and request your
consent before proceeding.

7. Changes to the Privacy Policy
The Company may update this Privacy Policy from time to time to reflect changes in the Services or Products of the Company. The Company will announce the change clearly before the change begins, or may send you a notice directly.

8. Subscription to access the system
1. Anyone who impersonates or acts in violation of their privacy by using the information of others to impersonate a member to obtain membership is an offense punishable by application of laws.
2.The applicant consents to the Company by reviewing personal information and any other information specified by the applicant in the subscription verify that your information is unclear or false. The Company has the right to terminate the applicant’s membership without prior notice.
3. In order to use the member system, the applicant must strictly comply with the rules established by the Company.
4. The applicant’s information will be kept confidential and the Company will not disclose your information for commercial purpose of commercial gains.
5. Once being a member, the applicant will receive a press release form other media sources that the Company may deem appropriate and necessary.

TERMS AND CONDITIONS OF SERVICE
These Terms and Conditions apply between “Service Provider or Living Joy Co. Ltd.” and “Users or    Subscribers” to use the Company’s online service as follows:
1. Definition
   1.1 Service Provider meansLiving Joy Co. Ltd.
   1.2 User means subscriber
2. Subscription to use our Company’s service
3. User must complete the actual details. It it detects that such information is not true, the User shall be responsible for damages arising from such false information.
4. For the benefits of the User, The Service Provider is allowed to verify the information accuracy. In the event that the Service Provider determines that the information provided by the User is unclear or false, the Service Provider has the right to refuse the registration or the right to cancel the User’s username and password.
5. The User must not use the username and password in a way that is unlawful, against social peaceful order, causing rudeness and obscene, and does not pander to the monarchy.
6. In case of reasonable doubt that someone else has access to the User’s
password, the User is obliged to reset the password immediately via the system screen. In the event that someone uses a password, the User is also responsible for such action and damage.
7. User must strictly comply with the terms and conditions of application, and use of the Service Provider for safety reasons. In the event that such information is stolen, lost or damage by force majeure or not due to negligence, the Service Provider has the right to deny responsibility for such damages.
8. Anyone impersonating or acting in violation of their privacy by using someone else’s information to impersonate them in applying for username and password is an offense under the Criminal Code.
9. The Service Provider has the right to immediately suspend or terminate the service to the User if it appears that the User has failed to comply with any of these Terms and Conditions, even one of them will be subject to any Terms and Conditions.
10. The Service Provider will collect, maintain, and use the User’s information for the benefit of providing the Service, or to comply with applicable laws and rules and to improve the service quality of Service Provider.
11. The Service Provider shall not allow the User’s account to be disclosed to the third party, as well as the use of User’s information without prior permission from the User, unless it is disclosed to the legal authorities or to other persons authorized by the User.
12. In case of damage caused by declaration to the third party or other persons with persmission granted by the User, the Service Provider shall not be responsible for whatsoever damage.
13. The User must use polite words, otherwise, the Service Provider has the right not to grant membership rights.
14. QONNEXT System Provider reserves the right to discontinue the membership system at any time without prior notice to members.

Article 9 Security of Personal Data
The Company has appropriate information technology security measures in place to prevent loss, access, use, change, alteration, modification, or disclosure of personal data without authority or unlawfully.

Article 10 Review and change of Personal Data Protection Practices
The Company reserves the right to change or amend this Person Data Protection Practice in order to comply with the law and in accordance with applicable administrative guidelines.

Article 11 How can you contact the Company
If you have any questions or would like to inquire about the protection your personal data, please contact us via the following channels:
- Email : dpo@livingjoy.com
- Telephone: 064-557-5134 (Monday – Friday 08.30 – 1700 hours)
- Contact address: Living Joy Co., Ltd. No. 165/283 Soi Phaholyothin 33, Latyao, Chatuchak, Bangkok 10900
When you agree to accept this Privacy Policy, the Company shall regard that Your acceptance is in full effect. .

Data Security Management

Information Technology is an important business asset that must maintained and protected. Currently, the Company has established the security of information systems by implementing important security technologies in the organization to help with work and reduce safety risks at the appropriate level while performance is remained maximum.

The Company recognizes the importance of Information Technology by maintaining the characteristics of C.I.A:

1. Confidentiality Only available to eligible persons accessing to data control. Confidential information must not be disclosed to ineligible persons.

2. Integrity There must be a shield against the integrity of the data and processing method. The system must be fault-controlled so that the ineligible do not change it.

3. Availability (always available capabilities) gives only eligible persons access to information at any time they want to. The system must be controlled not to fail and must have the capacity to work continuously, do not allow the ineligible to stop the system from working.

Information Security
The Company has the policy to provide security and confidentiality of information. The Company uses high-standard security system in both technology and process to prevent the theft of confidential information to ensure that the Company’s website and data have standardized security, including the choice of Firewall System, Anti-Virus System with high standard, as well as the use of Encrypt Data technology at 2048 bits, which is a high level of data encryption for transactions through Internet services.

The Company has chosen to use computer system technology with basic security system that is international standard and supplemented by working in the field of specific safety equipment. The general principles of controlling and securing information system include tight control over parts of the system. The methods used to control are as follows:

1. Software Control
There are three levels:
Internal Program Control
The program is being used to control over the access rights and the right to use data within the system, which is stored in the local database system itself.
Operating System Control
This program is being used to control the access rights and data usage in different parts of one’s user computer system and is distinguished from other users.
Development Control
The program is being used to control the design and pre-production testing.
2. Hardware Control
The policy has been enacted and updated to be implemented in accordance with the business operations and changing environments, effective throughout the organization.
3. Use of Policies
The policy has been enacted and updated to be implemented in accordance with the business operations and changing environments, effective throughout the organization.
4. Physical Control
There are measures being used to control the access to computer. Computer center can only be accessed by the relevant authorities. There is also a regular backup system.

Measures and equipment used in security policy
System security management consists of 3 components:

1. Security Infrastructure

The Company has installed Firewall, a technology that prevents intruder room systemize and define zones, services, and access to appropriate information.
- Define appropriate scope and work zones
- Define services and access to the system for authorized person only
Installation of anti-virus system to prevent and eliminate viruses that are regularly updated.
To install an operating system with a security level of C2 by installing and enabling only appropriate and necessary services.
- To install SSL System
The Company opted for the latest version of SSL chosen by most leading companies because of its advance security capabilities. The functions of SSL is to swap data and convert it to digital codes.
The more detailed encryption, the higher security is resulted which is measured in the number of bits.
The Company’s website using 2048 bits encryption which is being used by world’s leading companies.
Installing a Web Server System and configuring appropriate parameter.

2. Properly set up and use (Hardening)
- Hardening
- Patch Management
- Authentication
- Backup

3. Audit
General usage monitoring.