QVEDO personal data processing policy

1. Terms

1.1 The following terms are used in this Personal Data Processing Policy:

1.1.1. Operator -- QUEEDO (THAILAND) CO., LTD. (TIN: 0105566074684), which organizes and (or) processes personal data in the Company (hereinafter referred to as the Company), and also determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.

1.1.2. Personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data), in the context of this Policy - last name, first name, patronymic, email, mobile phone number, age, gender, date and place of birth, level physical activity, data for integration with social networks Google, Facebook, Yandex (Yandex), VK (Vkontakte) and / or data for integration with the State Services portal - login / username, email address.

1.1.3. Processing of personal data - any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data. In the context of this Policy, all the above actions carried out by the Company in order to use the functionality of the QVEDO service by the subject of personal data.

1.1.4. Confidentiality of personal data is a mandatory requirement for the Operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds.

1.1.5. Company -- QUEEDO (THAILAND) CO., LTD. (TIN: 0105566074684), registered at the address: 139 Sethiwan Tower, Pan Road, Silom, Bang Rak, Bangkok, 10500.

1.1.5. The information and telecommunications network "Internet" (network "Internet") is a global information system designed to transmit information over communication lines, access to which is carried out using computer technology.

1.1.6. Site on the Internet, Internet resource, Service, Portal, Site - a set of programs for electronic computers and other information contained in the information system, access to which is provided through the Internet by domain names and (or) by network addresses that allow you to identify sites on the Internet. In the context of this Policy - https://qvedo.com/en/privacy-policy.

1.1.7. Page of a site (service, portal) on the Internet is a part of a site (service) on the Internet, accessed by a pointer consisting of a domain name and symbols defined by the owner of the site on the Internet. In the context of this Policy, a site page is any part of the QVEDO service.

1.1.8. Registration is the initial entry by the user of the Internet network or the organizer of the dissemination of information on the Internet of information about the user of the Internet network into the communication Internet service, after which the user of the Internet network it becomes possible to receive, transmit, deliver and (or) process electronic messages using such a communication Internet service. In the context of this Policy, registration is the creation of an account or personal account.

1.1.9. User of the Operator's service (hereinafter referred to as the User) is an individual who has access to the service via the Internet and uses the Operator's service on the basis of the Public Offer of the Service https://qvedo.com/en/offer.

1.1.10. Cookies are a small piece of data sent by a web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request every time they try to open a page of the corresponding site.

1.1.11. An IP address is a unique network address of a node in a computer network built using the IP protocol.

1.1.12. PWA application (Progressive Web Apps) - a progressive web application - a technology in web development that adds features to sites applications for mobile devices, transforms the site into an application, a hybrid of the site and applications for mobile devices, the product of the joint evolution of the mobile site and the classic native application. The Operator's service can work, among other things, as a PWA application.

1.1.13. The User's Personal Account is a special subsection of the service where the User places personal data.

2. General provisions

2.1. The Personal Data Processing Policy (hereinafter referred to as the "Policy") is issued and applied by the Operator in accordance with the Regulations on the processing of personal data of QUEEDO (THAILAND) CO., LTD., in force with the Operator, Personal Data Protection Law and the General European Union Data Protection Regulation (GDPR).

2.2. This Policy is an extract from the Regulation on the processing of personal data of QUEEDO (THAILAND) CO., LTD.

QUEEDO (THAILAND) CO., LTD. (TIN: 0105566074684), which regulates the processing of personal data of individuals who are the subject of personal data in QUEEDO (THAILAND) CO., LTD.

2.3. This Policy defines the procedure and conditions for the processing of personal data by the Operator on the QVEDO service, establishes procedures aimed at preventing and detecting violations of the legislation of the Kingdom of Thailand, eliminating the consequences of such violations related to the processing of personal data.

2.4. The purpose of this Policy is to ensure proper protection of information about users, including their personal data, from unauthorized access and disclosure.

2.5. Relations related to the collection, storage, dissemination and protection of information of personal data subjects, whose data is collected, stored, distributed and protected by the Company, are governed by this Policy, other local regulations of QUEEDO (THAILAND) CO., LTD., the current legislation of the Kingdom of Thailand, the General Regulations for the Protection of Personal Data European Union (GDPR).

2.6. The current version of this Policy, which is a public document, is published and available to any Internet user in the form of unlimited access by clicking on the link: https://qvedo.com/en/privacy-policy.

2.5. Relations related to the collection, storage, dissemination and protection of information of personal data subjects, whose data is collected, stored, distributed and protected by the Company, are governed by this Policy, other local regulations of QUEEDO (THAILAND) CO., LTD, the current legislation of the Kingdom of Thailand, the General Regulations for the Protection of Personal Data European Union (GDPR).

2.6. The current version of this Policy, which is a public document, is published and available to any Internet user in the form of unlimited access by clicking on the link: https://qvedo.com/en/privacy-policy.

2.10. The Service Administrator may use the industry-wide technology "cookies" (cookies) - this is a small piece of data sent by a web server and stored on the computer used by the User, allowing the Service Administrator to save the User's personal settings and preferences, as well as collect non-personal information about him.

3. Purposes of collection and processing of personal data

3.1. The processing of personal data is carried out in compliance with the principles and rules provided for by the Personal Data Protection Law and this Policy.

The User's personal data may be used by the Operator for the following purposes:

3.1.1. Establishing feedback with the User, including sending notifications, requests regarding the use of the functionality of the Service by the User.

3.1.2. Registration of the User on the Service;

3.1.3. Providing the User with customer and technical support in case of problems related to the use of the Service;

3.1.4. Providing the User with his consent, service updates, special offers, pricing information, newsletters and other information on behalf of the Operator;

3.1.5. Implementation of advertising activities with the consent of the User;

3.1.6. Use by the User of the functionality of the Service.

4. Principles of personal data processing

4.1. Processing is organized on the principles of:

4.1.1. legality of the purposes and methods of processing personal data, good faith and fairness;

4.1.2. the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;

4.1.3. processing only personal data that meet the purposes of their processing;

4.1.4. compliance of the content and scope of the processed personal data with the stated purposes of processing. The processed personal data should not be excessive in relation to the stated purposes of their processing;

4.1.5. the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes that are incompatible with each other;

4.1.6. ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data. The operator takes the necessary measures or ensures their adoption to remove or clarify incomplete or inaccurate data.

5. Composition of personal data

5.1. Personal data may include:

5.1.1. Full Name;

5.1.2. Email;

5.1.3. Mobile phone number;

5.1.4. age;

5.1.5. floor;

5.1.6. Date and place of birth;

5.1.7. level of physical activity;

5.1.8. data for integration with social networks Google, Facebook, Yandex (Yandex), VK (Vkontakte) - (login / username, email address);

5.1.9. data for integration with the State Services portal (login);

5.1.10. The Operator may also process other information about Users, which includes:

additional data obtained when accessing the Service, including data on technical means (devices), technological interaction with the Site (including the IP address of the host, type of user's operating system, browser type, geographic location, network service provider " Internet") and subsequent actions of the User.

6. Processing of personal data

6.1. The processing of personal data is carried out by the Operator on the basis of the principles for processing personal data established by section 4 of this Policy.

6.2. The operator processes personal data for the purposes specified in section 3 of this Policy.

6.3. Conditions for processing personal data by the Operator:

6.3.1. The processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data, issued to the Operator on the terms of this Policy. The subject of personal data decides to provide his personal data and agrees to their processing to the Operator freely, by his own will and in his own interest by performing the following conclusive actions: registration on the QVEDO Service.

6.3.2. Personal data is stored exclusively on electronic media and processed using automated systems, except when non-automated processing of personal data is necessary in connection with the fulfillment of legal requirements.

6.4. Transfer of personal data.

6.4.1. Personal data is not transferred to any third parties, except as expressly provided for in this Policy.

6.4.2. The provision of personal data at the request of state bodies (local authorities) is carried out in the manner prescribed by the current legislation of the Kingdom of Thailand.

6.4.3. In order to fulfill the obligations arising from the User Agreement by the Operator and provide access to the use of the functionality, The Operator develops the provided functionality and products, develops and implements new functionality and products, optimizes the quality of functionality and products, improves the available functionality at its own discretion and without warning. To ensure the implementation of these goals, the User agrees to the Operator, in compliance with applicable law, collecting, storing, accumulating, systematizing, extracting, comparing, using, filling (clarifying) their data.

6.4.4. Interaction with federal executive authorities on the processing and protection of personal data of subjects whose personal data is processed by the Operator is carried out within the framework of the legislation of the Kingdom of Thailand.

6.4.5. The storage of personal data is carried out by the Operator in a form that allows to determine the subject of personal data, no longer than required by the purposes of their processing, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them in the manner prescribed by this Policy.

6.4.6. When processing personal data, the Operator applies legal, organizational and technical measures to ensure the security of personal data in accordance with the Personal Data Protection Law.

6.4.7. Assessment of risks and possible harm to the subject of personal data. The possible harm that may be caused to the subject of personal data as a result of the disclosure of his personal data processed by the Operator can be assessed as moderate, that is, the realization of a possible threat of disclosure of personal data may entail negative consequences for the subject of personal data, namely: violation of the confidentiality of personal data, disclosure of personal data.

6.4.8. The Operator takes the following measures to protect Users' personal data:

6.4.8.1. appointment of persons responsible for organizing the processing and protection of personal data;

6.4.8.2. control over bringing to the attention of Users their rights regarding personal data processed by the Operator;

6.4.8.3. familiarization of personal data subjects with the requirements of federal legislation and regulatory documents of the Operator for the processing and protection of personal data;

6.4.8.4. assessment of possible harm to the subject of personal data, which may be caused to the subject of personal data as a result of the disclosure of his personal data processed by the Operator;

6.4.8.5. development, based on an assessment of possible harm to the subject of personal data, measures to protect personal data from the Operator;

6.4.8.6. use of means of restoring the personal data protection system;

6.4.8.7. application of technical measures aimed at backing up and restoring files containing personal data, improving the performance of technical means and software, information security tools in information systems of personal data modified or destroyed due to unauthorized access to them;

6.4.8.8. the use, if necessary, of firewalls, intrusion detection, security analysis and cryptographic information protection.

7. Rights of the User - the subject of personal data

7.1. Based on the request, he has the right to receive in an accessible form from the Operator the entire amount of information / information on the merits of the processing of his personal data by the Operator, such as:

7.1.1. confirmation of the fact of processing personal data by the Operator;

7.1.2. legal grounds and purposes of personal data processing;

7.1.3. the purposes and methods used by the Operator for processing personal data;

7.1.4. the name and location of the Operator, information about persons (excluding employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;

7.1.5. processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the submission of such data is provided by federal law;

7.1.6. terms of processing personal data, including the terms of their storage;

7.1.7. the procedure for the exercise by the subject of personal data of the rights provided for by the legislation of the Kingdom of Thailand;

7.1.8. information about the performed or proposed cross-border data transfer;

7.1.9. the name or surname, name, patronymic and address of the person who processes personal data on behalf of the Operator, if the processing is or will be entrusted to such a person;

7.1.10. other information provided for by the current legislation of the Kingdom of Thailand in the field of personal data.

7.2. The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including if:

7.2.1. processing of personal data, including personal data obtained as a result of operational-investigative, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;

7.2.2. the processing of personal data is carried out by bodies that detain the subject of personal data on suspicion of committing a crime, or charged the subject of personal data in a criminal case, or applied a measure of restraint to the subject of personal data before bringing charges, with the exception of cases provided for by the criminal procedure legislation of the Kingdom of Thailand, if it is allowed to familiarize the suspect or the accused with such personal data;

7.2.3. the processing of personal data is carried out in accordance with the legislation on combating the legalization (laundering) of proceeds from crime and the financing of terrorism;

7.2.4. access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties;

7.2.5. in other cases, stipulated by the legislation.

7.3. The User has the right to demand from the Operator the clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the declared the purposes of processing, as well as take legal measures to protect their rights. Within a period not exceeding seven working days from the date of receipt from the subject of personal data or his representative of information confirming that personal data are incomplete, inaccurate or out of date, the Operator is obliged to make the necessary changes to them. Within a period not exceeding seven working days from the date of receipt from the subject of personal data or his representative of information confirming that such personal data are illegally obtained or are not necessary for the stated purpose of processing, The operator is obliged to destroy such personal data. The operator is obliged to notify the subject of personal data or his representative about the changes made and the measures taken and take reasonable measures to notify third parties to whom the personal data of this subject were transferred.

7.3.1. A request to the Operator to clarify, block or destroy personal data must be sent using the electronic document management system.

7.4. The User has the right to edit his personal data at any time in his Personal Account and is solely responsible for the content of such data, their accuracy, completeness and correctness.

7.4.1. The user is responsible for the confidentiality of his login and password to enter, is obliged to prevent the login and password from getting to third parties.

7.5. The subject of personal data has the right to apply to the Operator with a request to delete his personal data by sending an email. If the Operator does not delete such data within 10 (ten) working days from the receipt of such a request, the personal data subject has the right to appeal the Operator's inaction to the authorized body for the protection of the rights of personal data subjects or in court.

8. Final provisions

8.1. The Service may contain links to other Internet resources that operate independently of the Operator and do not act on behalf of or on behalf of the Operator. The user is obliged to independently familiarize himself with the rules for the provision of services and the personal data protection policy of such third parties before using the relevant sites (Internet resources). This Policy does not apply to the actions and Internet resources of third parties.

8.2. The Operator provides unrestricted access to this Policy, which defines its policy regarding the processing of personal data, to information about the implemented requirements for the protection of personal data by publishing this Policy on the Internet at: https://qvedo.com/en/privacy-policy.

8.3. All issues related to the processing of personal data that are not regulated by this Policy are resolved in accordance with the legislation of the Kingdom of Thailand in the field of personal data.

9. Company details of QUEEDO (THAILAND) CO., LTD.

QUEEDO (THAILAND) CO., LTD.

139 Sethiwan Tower, Pan Road, Silom, Bang Rak, Bangkok, 10500

Company registration number (TIN) 0105566074684