Privacy Policy

General information

The following information provides a simple overview of what happens to your personal data when you visit our website www.bophie.com

As defined in the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and the General Data Protection Regulation 2016/679 (GDPR), personal data is any data with which you can be personally identified.

Bophie Company Limited takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the PDPA, the GDPR and this privacy policy. Given both the similarities and differences of both regulations, conflict is avoided through the selection and application of the more stringent provision, where such arises.

Data collection on our website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator Bophie Company Limited.

How do we collect your data?
Typically data is collected in two ways. Firstly, by you providing it to us. This may, for example, be data that you enter in a contact form. Secondly, automatically by our IT systems when you visit the website. This is mainly technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?
Part of the data is collected to provide you with our services and in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
In accordance with the PDPA and the GDPR, you have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

General notes and obligatory information

Information on the data controller

The responsible body for data processing on this website is:

Bophie Company Limited
Floor 25, Mitrtown Office Tower
944 Rama IV Rd, Wang Mai, Pathum Wan, Bangkok 10330
Phone: +66 02 1054737
E-mail: info@bophie.co.th

The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

You can reach us per E-mail or in writing to the address above with the corresponding reference “Data Protection”.

Legal basis for the processing of personal data

Consent – Insofar as we obtain the consent of the data subject for processing operations involving personal data, Consent serves as the legal basis.

Performance of a contract or pre-contractual measures – When processing personal data that is necessary for the performance of a contract to which the data subject is a party, the performance of a contract  serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. 

Legal Obligation – Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, a legal obligation serves as the legal basis.

Vital interests – In the event that vital interests of the data subject or another natural person make processing of personal data necessary, vital interest serves as the legal basis.

Public Interest – Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, public interest shall serve as the legal basis.

Legitimate Interest – If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, legitimate interest serves as the legal basis for the processing.

Your rights

Unlike the GDPR, the PDPA does not provide data subjects with a complex set of rights. As both are however akin in spirit and notion, we follow industry standards and good practice and afford all data subjects, the rights as laid down in the GDPR. Thus, as a user of the Bophie Company website, you have the rights set out in Articles 12 to 22 of the GDPR with regard to the processing of personal data. Below is some information on what they are and how you can exercise them.

Right to information: You can request information from us as to whether and to what extent we process your data.

Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.

Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or

you have objected to the processing of the data.

Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.

Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right of complaint: If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.

Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.

The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.

We encourage you to get in touch if you have any concerns with how we collect or use your personal information.

Accuracy

We endeavour to ensure that all decisions involving your Personal Data are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Data. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Data.

Retention

We may retain your Personal Data for at least five (5) years, or such other longer or shorter period as may be necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws. We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

Third Party Links

Our website may, from time to time, contain links to and from the websites of our partner networks, business partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any Data to these websites.

Data Intermediary

Where we process your Personal Data as a data intermediary on behalf of a third party, we will process your Personal Data in accordance with the instructions of the third party and shall use it only for the purposes agreed between you and the third party. All such Personal Data will be protected and retained in accordance with this privacy policy and the terms of the PDPA and the GDPR. We will take steps to inform the third party of any requests, complaints or questions that you may have regarding such Personal Data.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Children Data

Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.

The Supervisory Authority

The competent supervisory authority for data protection issues for Bophie Company Limited is the Personal Data Protection Commission. The Commission can be reached on line here and is located at 7th Floor, Ratthaprasasanabhakti Building Government Complex, Chaengwattana Road, Bangkok, Thailand 10210

When you access our website

Accessing our Internet presence

When you access our website, information is automatically sent to the server of our website by the so-called browser used on your end device. This involves the following data, which is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
  • Amount of data transferred
  • Message about successful retrieval

This data is also stored in the log files of our system. This data is not stored together with other personal data of the user. The temporary storage of the above-mentioned data by the system is necessary to enable delivery of the website to the user’s computer as well as to ensure the functionality and optimisation of our website and to ensure the security of the information technology systems. The aforementioned data collection is based on our legitimate interest in the secure provision and functionality of our website.

Your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case after 3 months in the case of storage of the data in the log files.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website.

Online presence in social media

We maintain online presences within social networks and websites in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and websites, the terms and conditions and data processing guidelines of the respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and websites, e.g. write posts on our online presences or send us messages.

Facebook

We would like to point out that Facebook provides us with aggregated data within the framework of the Insights function, through which we obtain information about how our Facebook Page users interact with it. These Page Insights may be based on personal data collected from you in connection with a visit to or interaction with our Facebook Page. We only receive this data as anonymised evaluations. Facebook itself, however, has the possibility to directly assign your usage data on our Facebook Page to you and to use your personal data in a non-anonymised way, provided that you are a Facebook member paired with your other voluntarily provided data.

According to the case law, we are co-responsible for the personal data collected by Facebook, to which we predominantly only have anonymised access. We have therefore entered into a processing agreement with Facebook. However, the primary responsibility regarding the processing of the Insights data still lies with Facebook. This means that Facebook is responsible for complying with the data protection regulations according to the GDPR and PDPA. We as the operator of the Facebook Page cannot make any decisions regarding the processing of Insights data and regarding the information obligations. You can send requests directly to Facebook and to us. You can send your enquiry to Facebook under the following link: https://www.facebook.com/help/contact/308592359910928

LinkedIn

“Tailored target groups” and “conversion tracking” from LinkedIn offer the possibility of targeting existing users and customers who have visited our website with relevant campaigns. This is done by  LinkedIn storing anonymised user data with the help of a web site tag. For this purpose, a cookie from LinkedIn is placed in the browser when a user visits our web site.

You can opt-out of interest-based advertising. https://www.linkedin.com/psettings/enhanced-advertising . Please note that opting out of such advertising does not remove ads from the pages you visit. It just means that the ads you are shown may not be aligned with your personal interests. If you are not a member of LinkedIn, you can find the Cookie Privacy Policy at https://www.linkedin.com/legal/privacy-policy

Glassdoor

We operate a presence on the employer review portal “Glassdoor”. Glassdoor Inc. is a company registered in Delaware with offices at 100 Shoreline Highway, Mill Valley California, USA as the responsible entity (“Glassdoor”). We would like to point out that we do not have any knowledge of the content of the transmitted data or its use by Glassdoor Inc. The following link leads to the privacy policy of Glassdoor Inc.: https://hrtechprivacy.com/brands/glassdoor#privacypolicy .

Contact Form

For questions of any kind, we offer you the possibility to contact us via a form provided on the website. In doing so, it is necessary to provide your name and a valid e-mail address so that we know from whom the enquiry originates and so that we can answer it. Further information can be provided voluntarily. Data processing for the purpose of contacting us is carried out on the basis of a relationship similar to a contract in the sense of initiating a contract. The personal data collected by us for the use of the contact form will be automatically deleted after the request you have made has been dealt with.

When do we disclose your Personal Data?

General

We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. 

We may disclose your Personal Data to any member of our group, which means any corporation deemed to be related to us.

We may disclose your Personal Data to third parties:

  1. for the purposes of providing products or services that you request from us, fulfilling our obligations arising from any contracts entered into between you and us, processing payments in connection therewith or otherwise in connection with your use of our website;
  2. where a third party claims that any content posted or uploaded by you to our website constitutes a violation of their rights under Bangkok law, in which case we may disclose your identity to that third party;
  3. in the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets; or
  4. if we or substantially all of our shares or assets are acquired by a third party, in which case Personal Data held by us about our customers will be one of the transferred assets.

Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively). If we commission third parties to process data on the basis of a so-called “processing agreement”.

In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.

We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.

Uses made of the information and data collected

We use information held, including Personal Data, in the following manner: 

  1. to ensure that content from our website is presented in the most effective manner for you and for your device;
  2. to provide you with information, products or services that you request from us, and to otherwise carry out our obligations arising from any contracts entered into between you and us;
  3. to provide you with information, products or services which we feel may interest you, where you have consented to be contacted for such purposes;
  4. to allow you to participate in interactive features of our service, when you choose to do so;
  5. to notify you about changes to our services; 
  6. to investigate any complaints relating to the use of our website or any suspected unlawful activities; 
  7. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
  8. any other purposes for which you have provided the information; and
  9. carrying out whatever else is reasonable or related to or in connection with the above and our provision of services to you.

Where we store your data

The Personal Data that we collect may be transferred to, and stored at, a destination within Bangkok. It may also be processed by third parties outside Bangkok who work for us or for one of our suppliers. Such third parties maybe engaged in, among other things, the fulfilment of your services and the provision of support services. By submitting any Personal Data to us, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with this privacy policy. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Consent

By providing your Personal Data to us, you consent to the collection, use and disclosure of your Data by us for the purposes set out in this privacy policy (“Purposes”). 

Where any Personal Data relates to a third party, you represent and warrant that the Personal Data is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Data for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us. 

Each use of our services by you shall constitute a fresh agreement for us to collect, use and disclose the Personal Data in accordance with this privacy policy.

You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us in writing to info@bophie.co.th. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.

Miscellaneous

Direct marketing

From time to time we may use the personal information we collect from you to identify particular services which we believe may be of interest to you. We may contact you to let you know about these products and services and how they may benefit you.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or relationship with us.

Direct Marketing from generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing form sent or made by us or on our behalf should include a means by which customers may unsubscribe (or opt out) of receiving similar marketing in the future.

Hosting

The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise explained in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our relationship with them, please contact them as described in this privacy policy.

Content Delivery Network

For the purpose of a shorter loading time, we use a so-called Content Delivery Network (“CDN”) for some offers. With this service, content, e.g. large media files, are delivered via regionally distributed servers of external CDN service providers. Therefore, access data is processed on the servers of the service providers. Our service providers work for us within the framework of order processing. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

Data Breaches and Notification

Databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, Bophie Company Limited will notify all affected individuals whose Personal Data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.

Confirmation of Confidentiality

All company employees must maintain the confidentiality of Personal Data as well as company proprietary data to which they may have access and understand that that such Personal Data is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgement reminders annually attesting to their understanding of this company requirement

Changes, Complaints and Closing

Changes 

This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy. Please regularly review this policy to keep up to date with any changes.

Queries and Complaints 

Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then please contact us.

Closing

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

This privacy policy is valid as of July 2021

Bophie Company Limited
Floor 25, Mitrtown Office Tower 944 Rama IV Rd, Wang Mai, Pathum Wan, Bangkok 10330

E-mail: info@bophie.com |  Tel: 02-1054737   |  Fax: 02-0266214

© Bophie. All rights reserved.  Web by Toneyes