Privacy by design

Updated as of 27 February 2023
1. Why do we need your personal data?2. How do we collect your data?3. Are you under the age of 20?4. Who do we share your personal data with?5. How long do we keep your data?6. Your rights under the PDPA7. Changes to our Privacy Policy8. How to contact us
This Privacy Policy describes how Beam Data Co., Ltd. (“we”, “us”, or “our”) collects, uses, discloses, or otherwise processes (“process” or “processing”) your personal data, as (i) a user, who uses our One-Click Checkout service; (ii) a merchant, who enters into a merchant services agreement with us for the use of our services; or (iii) a vendor or business partner, from whom we procure goods and services. In addition, this Privacy Policy will also notify the purposes for personal data processing, retention periods, and your rights under the Personal Data Protection Act, B.E. 2562 (2019) and its subordinate regulations (“PDPA”).

For our users, it is essential to note that, in most cases, we process your personal data pursuant to instructions given by a merchant you transact with. Therefore, we recommend that you thoroughly read the privacy policy of the merchant before submitting your personal data. Nonetheless, where we need to process your personal data for our own purposes, we will do so in accordance with the details set forth in this Privacy Policy.

1. Why do we need your personal data?


As advocates of human ‘data’ rights, each individual’s privacy is our top priority. To this end, we collect and process your personal data only for our business necessity in a minimal and transparent manner.

Below are the purposes for which we need to process your personal data.

No.
Purposes
Lawful Basis
User and Merchant
a.
To register your account, identify your identity, allow you to use your account on multiple devices, provide our services to you, and enable you to successfully complete your respective transaction
  • Contract
  • Legitimate interest
    • b.
    To provide technical support and improve our services, and respond to your requests, questions and feedback
  • Legitimate interest
    • c.
    To send you updates about our promotions, events, products and services
  • Consent
    • d.
    To perform our legal obligations, including KYC (Know Your Customer) or KYM (Know Your Merchant) requirements under the laws
  • Legal obligation
    • e.
    To establish, exercise and defend legal claims
  • Legitimate interest
    • f.
    To enter into a contract with you and to perform our contractual obligations under a contract between you and us (for merchant only)
  • Contract
  • Legitimate interest
    • Vendor or business partners
    a.
    To enter into a contract with you and to perform our contractual obligations under a contract between you and us
  • Contract
    • b.
    To establish, exercise and defend legal claims, and perform our legal obligation(s)
  • Legitimate interest
  • Legal obligation

    • 2. How do we collect your data?


    We collect the personal data below to achieve the purposes specified in Section 1 (Why do we need your personal data?) above.

    No.
    Data Subject
    What we collect
    How we collect
    a.
    User
  • Name-surname;
  • Phone number, email and address;
  • Any data submitted as part of a payment and payment details (with your merchants); and
  • Information about your usage, devices and access logs.
  • Directly from you when you submit your personal data to us;
  • From personnel of an organization you are working for; or
  • Through automatic means when you use our services.
    • b.
    Merchant
  • Name-surname;
  • Phone number, email and address;
  • Any data submitted as part of a payment and payment details;
  • Information about your usage, devices and access logs.
  • Information appearing in the contract between you and us and information associated with the performance of such a contract.
  • Organization you are working for and job title; and
  • Information in a copy of your ID card or passport.
  • Directly from you when you provide information or documents to us or enter into a contract with us;
  • From personnel of an organization that you are working for; or
  • Through automatic means when you use our services.
    • c.
    Vendor or business partners
  • Name-surname;
  • Phone number, email and address;
  • Name of the organization you are working for and job title;
  • Information appearing in the contract between you and us and information associated with the performance of such a contract.
  • Information in a copy of your ID card or passport.
  • Directly from you when you provide information or documents to us or enter into a contract with us; or
  • From personnel of an organization that you are working for.

    • Where you do not provide the personal data which is necessary for us to comply with the laws, our contractual obligations, or to enter into a contract with you, we may not be able to perform our duties pursuant to the laws or the contract between you and us or enter into a contract with you. In such an event, it may be necessary for us to decline to transact or enter into a contract with you, whether in whole or in part.

    Where we had previously collected your personal data before the PDPA fully entered into force, we will continue to process your personal data in accordance with the original purposes for which such personal data was collected. If you no longer wish for us to process such personal data and we have relied on your consent as a basis for processing your personal data, please get in touch with us using the contact details provided in Section 8 (How to contact us?) to withdraw your consent. However, we reserve the right to consider your consent withdrawal request and proceed in accordance with the PDPA.

    3. Are you under the age of 20?


    If you are under 20 years of age, your parent or legal guardian will need to acknowledge this Privacy Policy as well. If you are a parent or legal guardian, and you allow a minor under your care to use our services, you are responsible for the minor’s activities on our services.

    We do not intend to process the personal data of a minor who is under 15 years of age. If you are under 15 years of age and we process your personal data or you are a parent or legal guardian of the minor who is less than 15 years of age and we process personal data of a minor under your care, please contact us using the contact details provided in Section 8 (How to contact us?).

    4. Who do we share your personal data with?


    In the course of doing business and complying with the law, we may share your personal data with the following persons and organizations as necessary and in accordance with the above purposes:

    • a. Customers and merchants;
    • b. Service providers, vendors and business partners;
    • c. Courts, governmental agencies and official authorities (as required by law); and
    • d. Any persons and organizations that you consent us to disclose your personal data.

    International transfer

    In the event that we need to transfer your personal data to a foreign country, we will comply with the cross-border transfer requirements under the PDPA, including, among others:

    • a. Putting appropriate safeguards in place to ensure an adequate level of protection for the personal data transferred; and
    • b. Ensuring that the foreign recipient is obligated to protect your personal data at a standard of protection comparable to the protection under the PDPA.

    5. How long do we keep your data?


    We will retain your personal data for the period necessary to fulfill the purposes for which the personal data was collected or as required by the applicable laws. Accordingly, the retention period may vary depending on the purposes for which the personal data was collected. For example, we may retain personal data associated with our user and merchant’s account until the deletion of such an account. As for our vendor and business partner, we may retain your personal data for up to 36 months from the date of the last transaction.

    6. Your rights under the PDPA


    We want to ensure that you are fully aware of all your rights in relation to your personal data. Under the PDPA, you are entitled to the following:

    • a. Right to access - You have the right to access your personal data and request copies of your personal data.
    • b. Right to rectification - You have the right to rectify your personal data which is inaccurate, not up-to-date or incomplete, or may cause a misunderstanding.
    • c. Right to withdraw consent – You have the right to withdraw your consent on which the collection or processing is based at any time.
    • d. Right to erasure (or to be forgotten) - You may ask us to delete or anonymize your personal data in certain circumstances, where:
  • The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • You withdraw the consent on which the collection or processing is based, and where we have no legal ground for such collection or processing;
  • You exercise the right to object to the processing of your personal data (see below) and we are unable to reject your request; or
  • The personal data has been unlawfully processed.
  • The above does not apply to the extent that such personal data retention is necessary for the purpose of freedom of expression, for the performance of a contract, the purpose of establishment, compliance or exercise of legal claims, or defense of legal claims, or other purposes permissible by and in compliance with the law.
    • e. Right to restrict processing - You can ask us to block or suppress the processing of your personal data in certain circumstances, where:
  • You contest the accuracy of the personal data we use;
  • The processing is unlawful and you request the restriction of processing in preference to the erasure of that personal data;
  • We no longer need your personal data but you require it for the establishment, exercise or defense of legal claims; or
  • You object to our processing of your personal data on the basis of legitimate interest.
    • f. Right to object to processing - You can ask us to stop processing your personal data in certain circumstances as prescribed by law. If you object to the processing, please specify whether you ask that we erase your personal data or that we restrict its processing by us.
    • g. Right to data portability - You have the right, in certain circumstances, to obtain your personal data provided to us (in a commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it directly to a third party as specified by you.
    • h. Right to lodge a complaint – If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, please get in touch with us using the contact details provided in the “How to contact us?” section below. In case of an alleged infringement of the PDPA, you may lodge a complaint with the data protection supervisory authority.
    To this end, we reserve the right to consider your request to exercise your rights and act in accordance with the requirements under the PDPA.

    7. Changes to our Privacy Policy


    We may revise this Privacy Policy from time to time to facilitate changes to our services, security, regulations or to prevent abuse or harm. The most current version of the Privacy Policy will govern our processing of your personal data and will always be at beamcheckout.com/privacy

    8. How to contact us


    If you have concerns about the way we are handling your personal data, please let us know immediately through the following contact details. Please provide as much detail as possible to enable us to understand and respond to your request.

    Beam Data Co., Ltd.
    No.140, 140 Wireless, Unit C,
    22nd Floor, Wireless Road,
    Lumpini, Pathumwan, Bangkok 10330

    privacy@beamcheckout.com