Privacy Policy
PRIVACY POLICY - INFINITE AUTOMOBILE CO., LTD.
INFINITE AUTOMOBILE CO., LTD. (“Company”) recognize the importance of protecting the personal data of individual who use the Company’s products and services. The Company processes personal data as necessary and has established this Privacy Policy to inform users of their rights, duties, and the conditions relating to the collection, use, and disclosure of personal data.
The Company assures data subjects that all personal data provided is treated with utmost importance. The Company guarantees that such data will be safeguarded and processed using appropriate security measures to the best extent possible. All personal data of data subjects will be kept confidential.
The Company encourages data subjects to carefully read and understand this Privacy Policy to become aware of the purposes for which the Company collects, uses, or discloses their personal data, as well as their rights as data subjects. The details are as follows:
1. Scope of Application
This Privacy Policy applies to all personal data processing activities conducted by the Company. Any individual who has access to personal data due to their involvement with the Company's operations must adhere to this policy and applicable legal frameworks.
2. Definitions
“The Company” refers to INFINITE AUTOMOBILE CO., LTD.
“Individual” refers to a natural person.
“Personal Data” refers to information related to an individual that can directly or indirectly identify them, excluding data of deceased persons.
“Sensitive Personal Data” includes information about race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disability, labor union data, genetic data, biometric data, or other similarly sensitive information as defined by the Personal Data Protection Committee.
In this policy, unless otherwise specified, references to “Personal Data” will include both general and sensitive personal data related to service users.
“Processing Personal Data” means any operation performed on personal data, such as collecting, recording, organizing, structuring, storing, adapting, altering, retrieving, using, disclosing, transferring, disseminating, erasing, or destroying it.
“Data Subject” refers to a natural person who owns the personal data.
“Data Controller” refers to a person or entity that has the authority to decide on the collection, use, or disclosure of personal data.
“Data Processor” refers to a person or entity that processes personal data on behalf of or under the direction of the data controller, excluding the data controller themselves.
“Cookies” are small computer files that temporarily store necessary personal data on a data subject’s device to facilitate communication during website usage.
3. Collection of Personal Data
The Company shall collect the Personal Data with the sources of Personal Data, purposes and principles of collection of Personal Data as follows:
3.1 Sources of Personal Data
3.1.1 Sources of Personal Data Collected by the Company:
The Company collects personal data directly from the data subject, such as through the completion of personal data forms, documents, and/or
various surveys (both in paper and online formats). This includes data collected through the Company’s electronic systems, website platforms, or via
cookies.
3.1.2 Collection of Personal Data from Other Sources:
The Company may also collect personal data from other sources, such as through electronic systems, websites, or inquiries to third parties. The
Company will notify the data subject without delay, no later than 30 days from the date the personal data is collected from such sources.
Additionally, the Company will seek explicit consent for collecting personal data from the data subject in accordance with the Personal Data
Protection Act B.E. 2562 (2019) and other relevant laws.
3.2 Purposes and Principles of Personal Data Collection
3.2.1 The Company will collect personal data only as necessary for lawful purposes that have been notified to the data subject before or at the
time of collecting personal data. For example, to provide services, improve the efficiency of services, fulfill audit purposes, analyze and prepare
documents as requested by relevant agencies or organizations, or related to the Company's business operations. This includes the Company's internal
management and human resource management. The Company will explicitly obtain consent from the data subject before or at the time of collecting
personal data, except in the following cases where the Company can collect personal data without consent as permitted by law:
(1) To achieve purposes related to historical or archival documentation for public benefit or related to research and statistical studies, with
appropriate protective measures in place to safeguard the rights and freedoms of the data subject.
(2) To prevent or suppress danger to the life, body, or health of an individual.
(3) As necessary to fulfill a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering
into the contract.
(4) As necessary to perform a task carried out in the public interest by the data controller or to perform a task in the exercise of official
authority granted to the data controller.
(5) As necessary for the legitimate interests of the data controller or other individuals or entities, except where such interests are overridden
by the fundamental rights of the data subject.
(6) To comply with legal obligations applicable to the data controller.
3.2.2 In cases where the data subject is required to provide personal data to comply with laws or contracts, or where it is necessary to provide
personal data to enter into a contract or for other reasons, failure to provide such data may result in the suspension or temporary halt of transactions
or activities related to the data subject until the Company receives the required data. This is because the Company may be unable to process such
data, or laws may prohibit the continuation of such transactions or activities.
3.2.3 For the collection of sensitive personal data, the Company must explicitly obtain consent from the data subject before or at the time of
collecting such sensitive data in accordance with the criteria set by the Company, ensuring compliance with the law.
3.3 Personal Data Collected by the Company
The Company may collect the following personal data:
3.3.1 Personal Information: Includes title, full name, gender, age, occupation, qualifications, job position, rank or status, type of business,
nationality, country of residence, date of birth, marital status, information on documents issued by government agencies (such as national ID number,
passport number, taxpayer identification number, driver’s license information, or similar identification documents), signature, voice, voice recordings,
pictures, photos, video recordings, video clips, identity verification information (KYC/e-KYC), immigration details including arrival and departure dates,
bankruptcy records, household income, salary, personal income, and other personal information provided to the Company by the data subject, etc.
3.3.2 Contact Details: Includes address, delivery details, billing details, invoice address, telephone number, mobile phone number, fax number,
office phone number, email, LINE account (LINE ID), Facebook account (Facebook ID), Google account (Google ID), Twitter account (Twitter ID), and
accounts on other social media platforms.
3.3.3 Financial Information: Includes credit/debit card or banking information, credit/debit card number, type of credit card, card
issuance/expiration date, billing cycle, account details, payment details and history, personal data related to business partner risk assessment, credit
rating and solvency, information in accordance with the declaration of suitability, and other financial information.
3.3.4 Marketing and Communication Information: Such as the data subject’s preferences for receiving marketing information from the Company,
business partners, or other companies, preferred communication methods, product interests, promotional notifications for products or services, and
other marketing and communication information, including website, platform, product, and service usage records, and question-and-answer logs.
3.3.5 Profile Details: Includes username and password, profile, spending details, product or service details (order history, previous orders,
purchase history, order cancellations, website orders, order codes), financial records, personal identification number (PIN), information on interests
and preferences, feedback and survey results, satisfaction survey results, social media usage, event participation details, use of discount codes and
promotions, customer order details, customer service records, etc.
4.Use and Disclosure of Personal Data
4.1 Use of Personal Data
The Company will use personal data where it deems it beneficial to the data subject, the Company's business operations, or to ensure the data subject
receives quality services from the Company's operations. The Company will use personal data in compliance with applicable laws and regulations or to
enhance service efficiency. This includes purposes stated in this Privacy Policy, such as developing information security standards to manage risks,
detecting and preventing activities that may violate laws, usage rules, or agreements related to the Company’s website or application. Additionally, it
includes contacting the data subject via telephone, SMS, email, postal mail, or other channels to inquire or inform the data subject, verify and confirm data,
conduct surveys, or provide information regarding the Company’s products and services as necessary.
4.2 Disclosure of Personal Data
4.2.1 The Company will disclose personal data of the data subject to third parties for the purpose of enhancing the efficiency of services provide
to the data subject or to facilitate other conveniences accurately and continuously. This is to ensure that the data subject can complete their desired
transactions with maximum benefit. Disclosure of personal data will align with the stated purposes or as necessary for purposes directly related to the
data collection objectives. Consent from the data subject will be obtained in advance or at the time of disclosure unless the following cases apply,
where consent is not required:
(1) For the benefit of planning, statistical, or census activities by government agencies.
(2) To prevent or suppress danger to life, body, or health of an individual.
(3) For data that is legally disclosed to the public.
(4) For the benefit of investigations by lawful authorities or judicial proceedings.
(5) To comply with legal requirements or court orders.
4.2.2 The Company may disclose personal data of the data subject to third parties, whether legal entities or individuals, within the scope
necessary for purposes outlined in this Privacy Policy. This may include:
(1) Affiliates, partners, business alliances, subsidiaries, and/or external service providers to offer benefits and services of the Company to the
data subject, including developing and improving the Company's products or services, such as data analysis, data processing, credit card
processing, IT services and infrastructure, customer service platform development, email/SMS delivery, website development, mobile application
development, reinsurance, satisfaction surveys, and research. Such third parties must agree to confidentiality obligations and ensure personal data
protection standards.
(2) Government agencies, governments, or other organizations under the law to comply with legal requirements, orders, or requests for
coordination with relevant authorities in legal matters.
5. Retention Period of Personal Data
The Company will retain personal data for the following periods:
5.1 As prescribed by laws specifically governing personal data retention.
5.2 In cases where laws do not specify retention periods, the Company will retain personal data as necessary for the purposes defined in processing such
data. The retention period will be determined based on the necessity and appropriateness of the Company’s operations. After the retention period expires,
the Company will delete, destroy, or anonymize the personal data.
6. Personal Data Security Measures
The security of the data subject's personal data is important to the Company. The Company has implemented appropriate technical and administrative
security measures to protect personal data from loss, unauthorized access, misuse, alteration, and destruction. This includes using security technologies and
procedures such as encryption and access restrictions to ensure that only authorized individuals can access the personal data, and these individuals are trained
on the importance of personal data protection.
The Company ensures the implementation of suitable security measures to prevent unauthorized access, use, alteration, or disclosure of personal data by
individuals without rights or responsibilities related to such data. The Company will review these measures as necessary or when technology changes to
maintain effective security.
7. Personal Data Breach
In the event of a personal data breach, the Company shall notify the Office of the Personal Data Protection Commission within 72 hours from the time the
Company becomes aware of such a breach. If the personal data breach poses a high risk to the rights and freedoms of the data subject, the Company shall notify
the data subject of the breach and provide remedies for such breach without delay.
8.Rights of Personal Data Subjects
In cases where the Company collects, uses, or discloses the personal data of the data subject for the purposes specified in this policy, the data subject has
the following rights under personal data protection law:
8.1 Right to Withdraw Consent
If the data subject has given consent to the Company for the collection, use, or disclosure of personal data (whether the consent was given before or
after the personal data protection law came into effect), the data subject has the right to withdraw consent at any time while the personal data is retained
by the Company. Exceptions apply if there are legal restrictions requiring the Company to retain the data or if there is a contract between the data subject
and the Company that benefits the data subject.
8.2 Right to Access Personal Data
The data subject has the right to request access to or obtain a copy of their personal data held by the Company and to request disclosure of the source
of the personal data that the data subject did not consent to provide. The Company has the right to refuse such requests if required by law or court order or
if granting access would affect the rights and freedoms of others.
The Company shall process such requests within 30 days of receiving written acknowledgment from the Data Protection Officer.
8.3 Right to Rectify Personal Data
The data subject has the right to request that the Company correct, complete, update, or ensure the accuracy of their personal data to avoid
misunderstanding.
8.4 Right to Erase, Destroy, or Anonymize Personal Data
If the data subject believes the data held by the Company is unnecessary or has been processed unlawfully, they have the right to request the
destruction of all personal data or the anonymization of specific datasets. If the Company can demonstrate a valid legal basis for processing such data, the
request may be denied.
8.5 Right to Object to Personal Data Processing
The data subject has the right to object to the collection, use, or disclosure of their personal data unless the Company has a legal basis to refuse (e.g.,
demonstrating legitimate interests, legal claims, or public interest).
8.6 Right to Restrict Processing
During the rectification of inaccurate data or in cases where data must be erased or destroyed due to redundancy, the data subject may request
temporary restriction of processing.
8.7 Right to Data Portability
If personal data is stored in an automated format, the data subject can request the Company to transfer the data to another entity.
8.8 Right to Lodge Complaints
If there is reason to believe that the Company has violated personal data protection laws, the data subject may lodge a complaint with the expert
committee appointed by the Personal Data Protection Commission under the relevant regulations.
For exercising the above rights, the data subject must submit a written request. The Company will make its best efforts to comply within a reasonable
time and within the timeframe prescribed by law, strictly adhering to legal requirements concerning the data subject’s rights.
Exercising rights to erase, destroy, anonymize, restrict processing, or withdraw consent may prevent the Company from providing full or partial
services to the data subject.
9.Cross-Border Transfer of Personal Data
The Company may need to transfer personal data to its network companies abroad or to other recipients as part of its normal business operations, such as
storing data on servers or clouds in other countries. The Company will consider whether the destination country has adequate personal data protection
standards.
10. Changes to the Personal Data Protection Policy
The Company reserves the right to amend this Personal Data Protection Policy as necessary and appropriate to comply with personal data protection laws
and/or secondary laws, regulations, orders, or announcements issued by government authorities. Any amendments will be announced on the Company’s
website or through other appropriate means.
If there is a discrepancy between the previous and amended versions of this policy, the amended version shall prevail.
11. Contact Information
If the data subject has any questions or suggestions regarding this policy or its implementation, the Company is willing to address concerns and listen to
suggestions. The data subject may contact the Company at the following address:
Email: info@infinite-automobile.com
Effective Date: 1st March 2025
INFINITE AUTOMOBILE CO., LTD.