Privacy Policy

1. Introduction and Scope

This Privacy Notice (this “Notice”) explains how SCRATCH FIRST CO., LTD. (the “Company,” “we,” “our,” or “us”) processes the Personal Data (as defined below) of different categories of identifiable persons, such as but not limited to, our clients, suppliers, distributors, contractors, sub-contractors, vendors, service providers, media providers, lessors, sponsorship companies, investors, auditors (including directors and contact persons), performers and their staffs, volunteers, other event participants, consumers and end-users of our various services, and other persons who visit our website or contact the Company in the course of our business.

We recognize the importance of Personal Data protection and are committed to ensuring that your Personal Data is processed in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) based on this Notice.

In this Notice, “Personal Data” means any information relating to a natural person (the “Data Subject”) that enables the identification of such a person, directly or indirectly, not including information of deceased persons.

2. Acquisition of Personal Data

The Company may obtain your Personal Data directly from you or any other source, including, but not limited to the following:

(a) Provided directly by you when we establish a business relationship with you, including information obtained by business card exchange and submitted by you in various documents;

(b) Provided directly by you or indirectly from our business partners such as ticket service providers or from a third person when you buy an event ticket and attend such event;

(c) Provided directly by you or indirectly by a third person when you apply to volunteer in the event(s) we hold;

(d) Provided when you visit our website, or respond to questionnaires or surveys, or communicate with us through phone calls, emails, and/or other correspondence; and/or

(e) Captured by a security system, such as a CCTV camera when you are entering our office or an event venue.

In the event that you provide any Personal Data to the Company on behalf of other persons, it is your responsibility to confirm that such other persons have consented to the processing and transfer of their Personal Data in accordance with this Notice (if necessary), and you shall be authorized to receive any privacy notice and other related information on their behalf. In the event that you provide a minor’s Personal Data, you shall corporately provide necessary information or documents for our age verification measure and representatively consent on behalf of such minor, or obtain consent from his/her parent(s) or legal guardian(s).

We do not knowingly collect Personal Data from minors under the age of 20 without the consent of his/her parent(s) or guardian(s) as appropriate. If we learn that Personal Data of any Data Subject less than 20 years of age has been collected, we will obtain the consent of his/her parent(s) or guardian(s), or take reasonable measures, including, but not limited to, to promptly delete such Personal Data from our records.

3. Personal Data Processed

The Company may collect, use, and disclose Personal Data solely to the extent necessary to conduct its business activities and only within the scope of the purposes indicated when the information is obtained. The Personal Data that the Company holds may include the following information:

Order
Categories of Data Subjects
Personal Data to be Processed
1
Our clients, suppliers, distributors, contractors, sub-contractors, vendors, service providers, media providers, lessors, sponsorship companies, investors, auditors (including directors and contact persons), performers and their staffs, volunteers.
Name and surname, middle name (if any), age, gender, telephone number, email, career, position, address, postal code, nationality, ID card, passport number and type of VISA (if necessary), contact on smartphone application or social media program, LINE ID, appearance, action, voice record, photo, book bank and bank account number, tax ID number, details of credit card, flight information, signature, certified auditor number and any other information you provide us in the course of business activities.
2
Consumers, end-users and other event participants
Name and surname, middle name (if any), age, gender, telephone number, email, address, postal code, nationality, ID card, passport number and type of VISA (if necessary), family information, LINE ID, appearance, action, voice record, photo, book bank and bank account number, tax ID number, details of credit card, signature, food allergy, ATK result, location, GPS information, purchase history, purchase behavior, behavior data, interest, information in the wristband provided to you at an event venue, cookies, IP address, and any other information you provide us in the course of our services.
3
Other persons who visit our website or contact us during the course of our various business activities and services
Name and surname, address, telephone number, email, cookies, IP address, etc.

4. Purposes of Processing

The Personal Data of the following categories of individuals may be processed for the following purposes

Order
Categories of Data Subjects
Personal Data to be Processed
1
Our clients, suppliers, distributors, contractors, sub-contractors, vendors, service providers, media providers, lessors, sponsorship companies, investors, auditors (including directors and contact persons), performers and their staffs, volunteers
(a) to commence business with you
(b) to obtain the service or sponsorship
(c) to maintain the best performance
(d) to provide follow-up services and customer supports
(e) to comply with financial controls
(f) to comply with the applicable laws and regulations
(g) to communicate and respond to inquiries
(h) for procurement and payment
(i) for tax-related procedures
(j) for contract and dispute management
(k) for security and vital interest
(l) for accounting and financing audit
(m) to make lease agreements
(n) to use data analytics of sales and business activities/ reports for the sake of improving our website, products/services, customer relationships and experiences
(o) to select proper volunteers to work for our events
(p) to verify your identity
(q) to promote or post pictures/videos on social media for promotional activities
(r) to notify you about changes of our Privacy Notice
2
Consumers, end-users and other event participants
(a) to provide the services
(b) to verify your identity
(c) to conduct customer management
(d) to comply with the applicable laws and regulations
(e) to provide follow-up service and customer supports
(f) to provide marketing activities and promotions
(g) for security and vital interest
(h) to facilitate you while using our services
(i) to analyze your personal data for marketing purposes and improvement of our business activities and services
(s) to promote or post pictures/videos on social media for promotional activities
(j) to notify you about changes of our Privacy Notice
3
Other persons who visit our website or contact us during the course of our various business activities and services
(k) to conduct ordinary business activities
(l) to use data analytics of sale and business activities/ reports for the sake of improving our website, products/services, customer relationships and experiences

5. Legal Grounds for Processing

Your Personal Data shall be processed for the aforementioned purposes in accordance with the PDPA. In principle, the Company processes your Personal Data only when:

(a) the performance of a contract to which the Data Subject is a party or in order to take steps at the request of the Data Subject prior to entering into a contract

Other than where justified by the contract above, the Company will usually process Personal Data where necessary for:

(b) the processing is necessary for legitimate interests pursued by the Company as a data controller or interests of a third party other than the data controller, except where the fundamental rights and freedoms of the Data Subject regarding the protection of his or her Personal Data override these interests;

(c) compliance with a legal obligation imposed upon the Company;

(d) preventing or suppressing a danger to a person’s life, body, or health;

(e) the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company;

(f) the achievement of purposes relating to the preparation of historical documents or archives for the public interest or for purposes relating to research or statistics in which suitable measures to safeguard the Data Subject’s rights and freedoms are taken; and/or

(g) processing based on the Data Subject’s consent. Before or at the time the Personal Data is collected, the Company shall inform the person concerned about the purpose for which consent is required, what Personal Data will be collected for processing, the right to revoke consent, the possible consequences for the Data Subject in automated individual decision-making and profiling, and the possible transfer to third countries.

Some categories of Personal Data are of sensitive nature, and data protection legislation has imposed a stricter regime for these special categories of Personal Data (“Sensitive Personal Data”). This data concerns race; ethnic origin; political opinions; cult, religious, or philosophical beliefs; sexual behavior; criminal records; health data; disability; trade union information; genetic data; biometric data; and any data that may affect the Data Subject in the same manner. In principle, the processing of Sensitive Personal Data is forbidden unless the Company can refer to an exception. In the limited number of cases, in which the Company processes Sensitive Personal Data, the Data Subject will be informed in advance. For more information about the Company’s handling of Sensitive Personal Data, please refer to “10. Contact Details of the Data Controller.”

6. Provision of Personal Data to Third Parties

For the purposes stated in “4. Purposes of Processing”, the Company may disclose your Personal Data:

(a) to companies and entities within its group, including the foreign entities

(b) to third-party agents/suppliers or contractors bound by obligations of confidentiality, in connection with the processing of your Personal Data for the purposes described in this Notice (this may include, without limitation, leasing companies, sub-contractors, customers, system engineer service providers, financial organizations, business advisors, law firms, marketing agencies, and other service providers); and/or

(c) to the extent required by laws, regulations, or court orders (for example, if we are under a duty to disclose your Personal Data in order to comply with a legal obligation).

The Company may transfer your Personal Data to countries outside of Thailand, to where it may not have Personal Data protection laws that are as comprehensive as existing in Thailand, and the same level of protection as that set forth in the PDPA may not necessarily be guaranteed. In such case, the Company shall implement the necessary safety management measures pursuant to the requirements of the PDPA.

7. Data Storage and Retention Period

Your Personal Data will be stored securely in the Company’s data server or in a third party’s data server. The Company will strictly control access to this information and will review such access control from time to time.

The Company will not keep your Personal Data for longer than is required for the purpose for which it has been collected or processed, in accordance with the applicable laws, or, in any case, to allow the Company to protect its legitimate rights and interests or those of third parties. To determine the appropriate retention period for the Personal Data, we shall consider the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorized use or disclosure of the Personal Data; the purposes for which we process the Personal Data and whether we can achieve those purposes through other means; and the applicable legal requirements.

8. Rights of Data Subjects

You have the right to access, request the correction or deletion of, request the limitation of processing of, object to the processing of, withdraw consent regarding, and request the data portability of your Personal Data retained by us. Any request for any of these rights should be submitted to the data controller specified in “10. Contact Details of the Data Controller.” When we receive a request based on such rights, we will conduct all necessary investigations without delay and provide you or a nominated third party with the relevant Personal Data or otherwise respond to such request without delay. If you have given your consent for a specific processing purpose to the Company, you can withdraw this consent at any time. However, the withdrawal of such consent shall not affect the processing of Personal Data for which you have already legally given consent to the Company.

You also have the right to lodge a complaint with the Personal Data Protection Committee if you have any complaint regarding our processing of your Personal Data.

The Company may object to or reject your request according to the provisions prescribed in the PDPA.

9. Links to third parties’ websites

You may enter other third parties’ websites by clicking the links shown on our site. The Company will not take any responsibility for the privacy of such websites. Please find the privacy notice for each website you visit.

10. Contact Details of the Data Controller

To exercise your rights specified in “8. Rights of Data Subjects”, you can find the Data Subject Rights Request Form here, or to submit inquiries concerning this Notice, you can contact the following persons/departments:

SCRATCH FIRST CO., LTD.
Email Address: info@wonderfruit.co

11. Changes to this Privacy Notice

From time to time, we may revise this Privacy Notice. Kindly find the updated Privacy Notice on our website.
This Privacy Notice is effective on 1 July 2022