This Policy is to inform you, as the owner of Personal Data (“Data Subject”, “you” or “your”), to be aware of the purposes and details of the collection, storage, use and/or disclosure of your Personal Data as well as your legal rights and protect in connection with Personal Data.

1. 2.1 “Personal Data” means any information pertaining to a Data Subject (natural person), which enables the identification of such Data Subject, whether directly or indirectly (excluding data of a deceased) including:
   • 2.1.1 Personal data that you give directly to The Mall Group, or available to The Mall Group through your use of products and/or services, contact, visit, search via online/digital channels, branches, website, call center, assigned persons or any other channels; and
   • 2.1.2 Personal data received or accessible by The Mall Group through other sources, for instance, government agencies, affiliated companies of The Mall Group, business partners, and information service providers, The Mall Group shall collect and retain such Personal Data only upon receiving your legal consent unless where necessary and permissible under PDPA or other applicable laws.

2. 2.2 Personal Data can be classified into 2 categories:
   • 2.2.1 General Personal Data comprising:
     
     
     (a) Personal information, such as name title, first name, surname, nickname, gender, age, nationality, date of birth, place of birth, weight, height, signature, photo, voice, voice recorded, marital status, number of family members, information of family members, personal history, educational record, occupation, job position, workplace, type of business, information provided in any document issued by government authorities, for instance, national identification card, household register, marriage registration, first name-surname change registration certificate, passport, VISA, alien registration card, driver’s license, car registration, social security, tax registration and other information or documents used for person identification, details of immigration, for instance, date of arrival and departure and/or other personal information which Data Subject has provided to The Mall Group;
     
     (b) Contact information, such as domicile, address, e-mail, telephone number, username and password, or social media accounts, for instance, LINE, Facebook, Instagram, Google, and/or other contact information which Data Subject has provided to The Mall Group;
     
     (c) Membership information, such as membership application, details of membership account, M Card number, type of membership, type of customer, information provided for the registration or subscription using any services or products, for instance, M Card Service, records of using M Card, records of using M Card Service, M Point , redemption, other benefits and privileges, exercise of rights, information provided for the registration or subscription of any promotion or marketing activities, enquiry, opinion, feedback, complaint, recommendation, and other information related to any other membership or royalty program;
     
     (d) Transaction information, such as purchase order, use of service, payment transaction, delivery of product, refund, return of product, behavior of purchasing of product or using of service, information related to purchasing of product or online service, product in shopping cart, product in wish list, claim related to product warranty, or information received from your use of The Mall Group’s product or service, questionnaire and survey, question-answer record, and other information related to transactions with The Mall Group;
     
     (e) Financial information, such as information related to payment transaction, credit bureau, bank information, for instance, details related to bank account, credit card, debit card, cash card or other financial products, financial status, income, and other financial information;
     
     (f) Technical information, such as
     (1) information related to GPS signal when your location setting is turned on;
     (2) information of the use of online service on platform, e.g. M online website/application, M Card Service, or other platforms of The Mall Group;
     (3) details of internet provider, domain name, IP address, or website that landed you to The Mall Group including, but not limited to, cookie or web beacons in order to enable The Mall Group to develop platform, or to make service of platforms of The Mall Group more efficient;
     (4) cookie information and other information from your browsing website or application of electronic device which The Mall Group has received or recorded from the browser or your electronic devices; and
     (5) other technical information derived from the use of platform, operating system, or any other online channels of The Mall Group and/or its business partners.
     
     (g) Marketing and communication information, such as a wish, or subscription of receiving any information or marketing news from The Mall Group and/or its business partners including relevant details;
     
     (h) Other information, such as Audio/Visual Recording Information obtained when you contact The Mall Group at the premises or through your transactions via the Video Call or Call Center of The Mall Group;
     
     (i) Any other information deemed as Personal Data under PDPA.
   • 2.2.2 Sensitive Data, such as race, ethnic group, religion, political opinion, body or mind conditions, disability, health information, medical record, blood type, credit information, criminal record, biometric information using the technics or technology related to the physical or behavioral dominance of a person, which can be used to identify such person, for instance, fingerprint, iris recognition data, facial or voice recognition data. The Mall Group shall not collect sensitive data unless receiving prior consent from Data Subject for the purposes of (a) authentication of your identity when applying for services and/or doing transaction with The Mall Group provided that you agree to use biometric information for this purpose and/or (b) using as your electronic signature when doing transactions with The Mall Group through online / digital channel, or website of The Mall Group.

3. 2.3 Personal Data of Other Persons
   • In case you are required to give Personal Data of other persons to The Mall Group such as Personal Data of relatives, spouses, children, reference persons, other persons who may receive the purchased products on your behalf, contact person in case of emergency, beneficiary, person giving a suggestion or persuading to purchase goods or products or to subscribe for services. The Personal Data of such person collected may include, but not limited to, name title, first name, surname, identification card number, household register, telephone number or postal address, etc.
   • For such event, you represent and confirm to The Mall Group that you have already informed this Privacy Policy to those other persons for their acknowledgement and/or obtained relevant consent and ensure that you have the rights to provide the Personal Data of those other persons to The Mall Group in compliance with PDPA.

The Mall Group shall request consent from you before or while collecting Personal Data through electronic or any other means except for the following purposes which The Mall Group can proceed by relying on other legal grounds to do so, without first obtaining your consent, but merely informing you of the purposes to collect, retain, use and/or disclose Personal Data:

3.1 for the performance of a contract entered between you (as customers, suppliers, service providers, contractors or others) and The Mall Group such as sale and purchase of goods and work for hire, and use of The Mall Group’s services such as product delivery, or other services, or online services through platform;

3.2 for compliance with applicable laws;

3.3 for your interest, and the consent cannot be obtained at that time;

3.4 for the necessity purpose to prevent or suppress any danger to a person’s life, body or health;

3.5 for making historical documents or archives for public interest or for study, research, statistical purposes under appropriate protection measures;

3.6 for necessity purpose under legitimate interests of The Mall Group or other person or juristic person:

3.6.1 Implementing a preventive plan or measures to minimize risks arising from frauds, cyber threat or violations of laws;

3.6.2 Recording videos of the visitors making transactions at the offices or branches of The Mall Group onto CCTV or verifying your identity, without applying biometric information using the technics or technology related to the physical or behavioral dominance of a person, or communicating and sharing Personal Data within The Mall Group and its affiliated companies for security purpose within the shopping complexes, department stores and office buildings of The Mall Group;

3.6.3 Risk management, compliance, audit, examination or investigation of frauds or unlawful acts or suspicious transactions;

3.6.4 Internal management including sharing of Personal Data within The Mall Group;

3.6.5 Compliance with legal claims or execution of The Mall Group’s legal rights such as debt collection, litigation, police journal entry, or police report filing;

3.6.6 Monitoring of e-mail correspondence or internet transaction between The Mall Group’s employees and you to prevent leakage of The Mall Group’s confidential information.

The Mall Group shall collect your Personal Data in accordance with your consent for the main purposes of selling products and/or providing services to you or assisting you in doing transactions and/or using the services you desire including for the following purposes.

If you decline to provide Personal Data to The Mall Group, you may not receive the services or experience inconvenience, or The Mall Group may not be able to perform contractual obligations in the contract with you in which you may sustain damage, or loss of opportunity.

4.1 Applying for membership of M Card, other loyalty cards, other loyalty programs, or other products, and using other related services;

4.2 Using online services on The Mall Group’s platform, e.g. browsing website or using application or using other similar and related services;

4.3 Data processing of your use of M Card or other loyalty cards and sending, transferring, and redemption of your reward points;

4.4 Organizing sales promotion activities, marketing activities of The Mall Group and/or its business partners;

4.5 Marketing and communications for informing and offering privileges, benefits, special offers, marketing activities, promotions, news, marketing information, or communications about products or services of The Mall Group and/or its business partners;

4.6 Direct marketing via SMS, telephone, e-mail, fax, social media and/or other contact channels for offering or promoting products or services of The Mall Group and/or its business partners;

4.7 Following up of services provided and responding to feedbacks, recommendations, queries, and complaints in order to solve the problems for you;

4.8 Maintaining and developing the relationship between The Mall Group and you, communicating and providing information or sending blessing messages on various occasions to you;

4.9 Conducting researches such as marketing and consumer behavior, data analytics, opinion survey, statistical analysis and trends related to products and/or services of The Mall Group;

4.10 Providing or offering products or services to you properly, and meet your needs as much as possible, including inventing, developing, improving products or enhancing services to deliver or provide new experiences or proper services to you;

4.11 Advertisement and public relation of businesses or other products or services of The Mall Group and/or its business partners;

4.12 Communicating or conducting public relations within The Mall Group;

4.13 Managing business of The Mall Group or which The Mall Group hires or assigns others to proceed on its behalf;

4.14 Recruitment, and employment of personnel or employees of The Mall Group;

4.15 Sharing, transferring or disclosing information to business partners of The Mall Group or other third party to which The Mall Group is a party or having relationship with, both in Thailand and overseas, and any other persons which you will be further notified for the purposes of providing services to you or enabling you to do transactions and/or use the services you desire and/or for other purposes specified in Clauses 4.1- 4.14, where the examples of a third party that The Mall Group will disclose information are specified in Clause 5 hereof.

You agree that your consent given under this Policy will be valid for a period of 10 (ten) years from the date that you notify the cancellation of membership card, or stop being customer, or terminate the relationship, or do transaction, or last contact with The Mall Group, whichever occurs later. You can withdraw this consent at any time by contacting The Mall Group through contact channels specified in Clause 13 of this Policy.

• The Mall Group shall not share or disclose your Personal Data to any third party unless (i) The Mall Group has obtained your consent (ii) it is for the following purposes prescribed in this Policy (iii) it is to comply with the law or order of government agency, or any other law enforcement agencies. The Mall Group may be required to disclose your Personal Data to the following third party (located in Thailand and overseas):
• 5.1 External service provider to carry out relevant operations related to The Mall Group’s business which shall include, without limitation, manufacturer, service provider, retail operator, event organizer, marketing, research, opinion survey, data analysis, IT service provider, data storage and cloud service provider, risk management, telecommunication, bank and financial institution, investment, life-insurance, non-life insurance, warehouse management and control, logistics, courier service provider, transportation, shipping, maintenance service, system engineering, construction, postal service, electronic procurement system, e-commerce, e-payment, call center, medical service, marketing and advertising media, digital multimedia, touring, printing, personnel outsourcing, brokerage service and debt collection, etc.;
• 5.2 The Mall Group’s business partners who participate in promotional or marketing activities or jointly provide or offer products or services to you, or assist you to do transactions and/or use services you desire, including collaboration to invent, develop or improve products or services to meet the needs and maximize satisfaction for you or the customers of The Mall Group;
• 5.3 Advisers such as legal advisors, financial advisors, or specialists or external auditors,
• 5.4 Assignee of rights and/or obligations in case of merger and acquisition, or transfer of business, in whole or in part, to any third party,
• 5.5 Associations and organizations such as The Foundation for Consumers, The Association of Confederation of Consumer Organization, The Thai Chamber of Commerce, The Thai Chamber of Commerce and Board of Trade of Thailand, Thai Retailer Association, Thai E-Commerce Association, Thai Shopping Center Association, Thailand E-Payment Trade Association,
• 5.6 Government authorities and/or state agencies such as the Revenue Department, Office of Trade Competition Commission, etc. including court, Office of the Attorney General, Royal Thai Police or any other law enforcement agencies.

In disclosing your Personal Data to third party above, The Mall Group will limit the disclosure of your Personal Data only to the extent as required to achieve the relevant purposes, and will procure such third party to sign a Personal Data Processing Agreement to ensure that such third party will not use your Personal Data for any other purposes, and will strictly keep your Personal Data secure as required by laws.

The Mall Group may disclose or transfer your Personal Data to other countries, a third party or a server located overseas where such destination country may or may not have the same data protection standards. Provided that, The Mall Group will proceed with procedures and measures to ensure that your Personal Data will be securely transferred, and that the person who receives your Personal Data has in place appropriate data protection standards or other derogations as permitted by laws. The Mall Group will request your consent if it is required by applicable laws for transferring Personal Data to overseas.

The Mall Group will collect data about your use or visit to websites, including your Personal Data through the use of cookie which is a small piece of data consisting of downloaded information that is stored in your web-browser or other internet-connected devices such as a computer, smartphone or tablet which the server can be viewed later. However, certain types of cookie are required in order for the website to function properly and efficiently. Other types of cookie are used to store or track information about your use of a website to help distinguish your website usage patterns from other users, enabling The Mall Group to manage and improve the quality and efficiency of website to provide you good experiences using website. This may include the use of data to analyze behavior of customer/consumer, market trend, and popularity trend, so as to provide or offer products or services that suit your needs. You may learn more of our Cookie Policy

This Policy is exclusively used for collection, use or disclosure of your Personal Data provided to The Mall Group, and use of The Mall Group’s platform such as website, mobile application. If you have clicked a link to other platforms (even through platforms or communication channels of The Mall Group), you are required to learn more and follow the privacy policies specified in those platforms separately from The Mall Group’s platforms.

The Mall Group is aware of your personal rights which are under protection of PDPA in which you are entitled to exercise those rights at any time by sending a request to The Mall Group’s Data Protection Officer (“Company DPO”) via contact channels indicated in Clause 13. In case you are under 20 years old or your legal capacity is restricted, your father and mother, guardian or representative is required to exercise the rights on your behalf.

The Mall Group will strictly proceed in accordance with your request pertaining to the rights of Data Subject under PDPA within 14 (fourteen) business days upon receipt of such request as follows.

9.1 Rights to Withdraw Consent

You have the rights, at any time, to withdraw the consent given to The Mall Group for collection, use and/or disclosure of your Personal data except that such rights is restricted under applicable laws or contract which benefits you.

9.2 Rights to Access Information

You have the rights to request for accessing and receiving copy of your Personal Data which is in possession of The Mall Group or request The Mall Group to disclose acquisition of such Personal Data for which you have not given your consent.

9.3 Rights to Data Portability

You have the rights to request your Personal Data from The Mall Group in the event that The Mall Group has made such Personal Data in readable format or usable by any automatic equipment or device and capable of using or disclosing automatically including (a) rights to request The Mall Group to send or transfer your Personal Data to another data controller when capable of doing so automatically or (b) rights to receive Personal Data in which The Mall Group send or transfer in such format to another data controller directly unless it is impossible to do so due to technical limit.

9.4 Rights to Object Collection, Use or Disclosure of Personal Data

You have the rights to object collection, use or disclosure of your Personal Data as follows:

(a) For Personal Data collected under the necessity for the performance of a task carried out in the public interest by The Mall Group or the necessity for legitimate interest of The Mall Group or other persons, provided that, The Mall Group may reject your rights in case The Mall Group is able to justify greater importance of its legitimate interest, or establishing legal claim, complying with the law, or exercising or defending legal claims;

(b) For the collection, use or disclosure of Personal Data for direct marketing purpose;

(c) For the collection, use or disclosure of Personal Data for the scientific research, historical, statistic purposes, provided that, The Mall Group may reject your rights in case for the performance of a task carried out in the public interest by The Mall Group.

Nevertheless, The Mall Group may reject your request specified in this Clause 9.4 if the retention of Personal Data is for following purposes:

(a) For the purpose of exercising freedom of expression;

(b) For the achievement of the purposes relating to the preparation of historical documents or archives for public interest, or for the purposes relating to research or statistics, in which the suitable measures to safeguard your rights and freedoms are put in place;

(c) It is necessary for the performance of a task carried out in the public interest by The Mall Group, or it is necessary for the exercising of official authority vested in The Mall Group;

(d) It is necessary for compliance with the law to achieve the purposes with respect to: (i) preventive medicine or occupational medicine, the assessment of working capacity of the employee, medical diagnosis, the provision of health or social care, medical treatment, the management of health or social care systems and services, or (ii) public interest in public health;

(e) For the purpose of establishing, or exercising, or defending legal claims, or complying with the law.

9.5 Rights to Erasure/Rights to be forgotten

You have the rights to request The Mall Group to erase or destroy or anonymize your Personal Data in the following events:

9.5.1 When the Personal Data is unnecessary for retention in accordance with the purpose of collection, use or disclosure;

9.5.2 When you as Data Subject has withdrawn the consent for collection, use or disclosure of Personal Data and The Mall Group no longer has legitimate rights to collect, use or disclose such Personal Data;

9.5.3 When you refuse on the collection, use or disclosure of Personal Data as such Personal Data is no longer required for the collection, use or disclosure under the purpose of direct marketing;

9.5.4 When Personal Data is collected, used or disclosed unlawfully.

9.6 Rights to Restrict Processing of Personal Data

You have the rights to restrict the use of your Personal Data by The Mall Group in the following events:

9.6.1 During the investigation by The Mall Group pursuant to your request specified in Clause 9.7;

9.6.2 Personal data which must be erased or destroyed because it was unlawfully collected/used or disclosed but you request to restrict the use instead;

9.6.3 When Personal Data is no longer required to be retained in accordance with the purpose of collection of such Personal Data. However, it must be retained due to your necessity for establishing legal claim, complying with laws, or exercising or defending legal claims;

9.6.4 When you have exercised your rights to object collection, use, or disclosure of your Personal Data specified in Clause 9.4 and The Mall Group is proving of its legitimate interest with greater importance than your rights, or establishing legal claim, complying with laws, or exercising or defending legal claims pursuant to Clause 9.4, paragraph one (a); or The Mall Group is proving of its task carried out in the public interest pursuant to Clause 9.4, paragraph one (c).

9.7 Rights to Rectification of Personal Data

You have the rights to request The Mall Group to amend your Personal Data so that it is up-to-date, correct and not misleading.

9.8 Rights to Complain

You have the rights to file a complaint to the expert committee under Personal Data Protection Committee if The Mall Group or any data processor or any of employees or contractors of The Mall Group or data processor are in breach of PDPA and/or any ministerial regulations or announcement issued under PDPA.

The Mall Group shall be able to provide services of your interest or perform its obligation under the contract upon receiving your Personal Data which is correct and required for the relevant purposes including to verify and ensure that the collection, use, or disclosure of your Personal Data which is proceeded by The Mall Group shall be in compliance with Customer Due Diligence criteria and your Personal Data is correct and up to date. Thus, your cooperation in giving Personal Data to The Mall Group is required.

The Mall Group will retain your Personal Data for as long as is necessary during the period that you are using the services of, or have relationship with The Mall Group, or for as long as is necessary to fulfil the purposes prescribed in this Policy. If you cease to be customer of The Mall Group or have terminated relationship with The Mall Group, The Mall Group shall retain your Personal Data for back-up purpose as required by applicable laws and/or in accordance with the policies, standard operating procedures, or manuals on data retention and destruction of The Mall Group. The Mall Group will erase, destroy, or anonymize Personal Data when it is no longer necessary or when the period lapses, provided, however, within 10 (ten) years from the date that you notify the cancellation of membership card, or stop being customer, or terminate the relationship, or do transaction, or last contact with The Mall Group, whichever occurs later.

The Mall Group has appointed the Data Protection Officer (“Company DPO”) to monitor the compliance of The Mall Group in accordance with PDPA and this Policy, to coordinate with you in handling the complaints, and to facilitate your request to exercise the rights under PDPA.

If you have any comments or questions or inquiries regarding the collection, use and/or disclosure of your Personal Data and your rights under PDPA or wish to withdraw or cancel your consent or cease receiving information or if you are aware of any breach of your Personal Data, please contact The Mall Group through the following channels:

13.1 Contact Information of The Mall Group:

The Mall Group Co., Ltd. Contact Address Office of Legal
The Mall Group Co., Ltd.
No. 49 Ramkhamhaeng Road, Huamark, Bangkapi, Bangkok 10240
Telephone 02-310-1000
Days and Hours of Operation Monday – Friday
10.00 a.m. – 5.00 p.m.

13.2 Data Protection Officer:


Data Protection Officer Contact Address Office of Legal
The Mall Group Co., Ltd.
No. 49 Ramkhamhaeng Road, Huamark, Bangkapi, Bangkok 10240
e-mail DPO@themall.co.th
Telephone 02-310-1773
Days and Hours of Operation Monday – Friday10.00 a.m. – 5.00 p.m.
M Card Counter
Contact Address The Mall (all branches)
The Emporium
The EmQuartier
Paragon Department Store
Telephone 02-310-1000
Days and Hours of Operation Every day
Operating hours of Shopping Complex
M Card Call Center Telephone 02-789-5555
Days and Hours of Operation Every day
10.00 a.m. – 7.00 p.m.

13.3 Contact Information of Personal Data Protection Committee:

Personal Data Protection Committee Contact Address Office of Personal Data Protection Committee Office of the Permanent Secretary for Digital Economy and Society e-mail pdpc@mdes.go.th ,Telephone 02-142-1033 ,Days and Hours of Operation Official days and hours