Privacy Policy for Customers

Nara Tree Co., Ltd. prioritizes the protection of your personal data. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information, as well as the rights of data owners in accordance with personal data protection laws.

Collection of Personal Data

We collect personal data directly from you through the following channels:**

• Membership registration
• Phone
• Email
• Line Login
• Google Login

Types of Personal Data Collected

Personal Information: Name, surname, age, date of birth, nationality, ID card number, passport, etc.
Contact Information: Address, phone number, email, etc.
Account Information: User account, usage history, etc.
Identity Verification Documents: Copy of ID card, copy of passport, etc.
Transaction and Financial Information: Purchase history, credit card details, bank account, etc.
Technical Information: IP address, Cookie ID, website activity log, etc.
Other Information: Photos, videos, and any other data considered personal information under data protection laws.

Minors

If you are under 20 years old or have legal capacity limitations, we may collect, use, or disclose your personal data. We may require consent from your parent or guardian or act as permitted by law. If we become aware that personal data has been collected from a minor without parental or guardian consent, we will take steps to remove such data from our servers.

Methods of Personal Data Storage

We will store your personal data in both document and electronic formats.
We store your personal data as follows:

• Our company’s servers in Thailand.

Processing of Personal Data

We will collect, use, or disclose your personal data for the following purposes.

• To create and manage user accounts
• To deliver products or services
• To improve products, services, or user experience
• To manage internal company operations
• To conduct marketing and promotional activities
• To provide after-sales services
• To collect feedback
• To process payments for products or services
• To comply with terms and conditions
• To comply with laws and government regulations

Disclosure of Personal Data

We will collect, use, or disclose your personal data for the following purposes.

Service Providers

We may disclose certain personal data to our service providers as necessary to operate in various areas, such as payment processing, marketing, product or service development, etc. Please note that service providers have their own privacy policies.

Business Partners

We may disclose certain information to our business partners for the purpose of communication and coordination in providing goods or services, and to provide necessary information regarding the availability of products or services.

Law Enforcement

In cases where required by law or requested by government authorities, we will disclose your personal data to the extent necessary to the relevant authorities, such as courts or government agencies.

Transfer of Personal Data Abroad

We may disclose or transfer your personal data to individuals, organizations, or servers located abroad. We will take appropriate measures to ensure that the transfer of your personal data to the destination country meets the necessary standards of personal data protection, or in other cases, as required by law.

Personal Data Retention Period

We will retain your personal data for as long as necessary while you are our customer or have an ongoing relationship with us, or for as long as required to fulfill the purposes outlined in this policy. In some cases, we may need to retain your data beyond this period if required by law. Once the retention period expires or the data is no longer necessary, we will delete, destroy, or anonymize it.

Rights of Data Subjects

Under the Personal Data Protection Law, you have the right to take the following actions:

Right to Withdraw Consent (right to withdraw consent) If you have given consent for us to collect, use, or disclose your personal data—whether before or after the enforcement of data protection laws—you have the right to withdraw your consent at any time.

Right to Access (right to access) You have the right to access your personal data under our responsibility and request a copy of such data. Additionally, you may request that we disclose how we obtained your personal data.

Right to Data Portability (right to data portability) You have the right to receive your personal data in a format that is readable and usable by an automated device, allowing further use or disclosure through automated means. You also have the right to request that we send or transfer your personal data in such a format to another data controller where feasible through automated means. Additionally, you may request to receive personal data that we have transferred directly to another data controller, unless technical constraints prevent such action.

Right to Object (right to object) You have the right to object to the collection, use, or disclosure of your personal data at any time if such processing is carried out for the purposes of our legitimate interests or those of another person or entity beyond what you can reasonably expect, or for the performance of a task in the public interest.

Right to Erasure/Destruction (right to erasure/destruction) You have the right to request the deletion or destruction of your personal data, or to have it anonymized so that it can no longer identify you. This applies if you believe that your personal data has been collected, used, or disclosed unlawfully, if it is no longer necessary for the purposes outlined in this policy, or if you have exercised your right to withdraw consent or object to the processing as stated above.

Right to Restriction of Processing (right to restriction of processing) You have the right to request the temporary restriction of the processing of your personal data in cases where we are verifying a request for rectification or objection, or in other instances where we no longer need to retain your personal data and are required by law to delete or destroy it, but you request that we restrict its use instead.

Right to Rectification (right to rectification) You have the right to request the correction of your personal data to ensure that it is accurate, up to date, complete, and does not cause misunderstandings.

Right to Lodge a Complaint (right to lodge a complaint) You have the right to file a complaint with the relevant legal authorities if you believe that the collection, use, or disclosure of your personal data has been carried out in violation of or non-compliance with applicable laws.

You can exercise your rights as the data subject by contacting our Data Protection Officer (DPO) using the contact details provided at the end of this policy. We will inform you of the outcome within 30 days from the date we receive your request, following the prescribed form or method. If we deny your request, we will provide you with the reason for the refusal through various channels, such as SMS, email, phone call, or letter.

Advertising and Marketing

To enhance your user experience and improve efficiency, we use cookies or similar technologies to optimize access to products or services, provide relevant advertisements, and track your usage. Cookies help us identify and monitor website visitors and their interactions with our site. If you do not wish to have cookies stored on your computer, you can configure your browser settings to reject cookies before using our website.

Tracking Technologies (Cookies)

To enhance your user experience and improve efficiency, we use cookies or similar technologies to optimize access to products or services, provide relevant advertisements, and track your usage. Cookies help us identify and monitor website visitors and their interactions with our site. If you do not wish to have cookies stored on your computer, you can configure your browser settings to reject cookies before using our website.

Personal Data Security Measures

We will maintain the security of your personal data based on the principles of confidentiality, integrity, and availability to prevent loss, unauthorized access, use, alteration, modification, or disclosure. Additionally, we will implement security measures for personal data protection, including administrative safeguards, technical safeguards, and physical safeguards to control access and usage of personal data.

Notification of Personal Data Breach

In the event of a personal data breach, we will notify the Office of the Personal Data Protection Committee without delay, within 72 hours of becoming aware of the breach, to the extent possible. If the breach poses a high risk to your rights and freedoms, we will inform you of the breach along with remedial measures without delay through various channels, such as our website, SMS, email, phone call, or letter.

Amendments to the Privacy Policy

We may amend or update this policy from time to time. You can review the revised terms and conditions of this policy on our website.
This policy was last updated and has been in effect since March 23, 2024.

Privacy Policy of Other Websites

If you have any questions regarding this Privacy Policy or wish to exercise your rights, you may contact us or our Data Protection Officer (DPO) as follows:

Contact Details

If you have any questions regarding this Privacy Policy or wish to exercise your rights, you may contact us or our Data Protection Officer (DPO) as follows:

Data Controller

• NARA TREE TRADING COMPANY LIMITED
• 101/16, Moo 8, Bang Chak, Phra Pradaeng, Samut Prakan 10130, Thailand
• Email: naratree.trading@gmail.com
• Tel: +66 98 885 8789

Data Protection Officer (DPO)

• NARA TREE TRADING COMPANY LIMITED
• 101/16, Moo 8, Bang Chak, Phra Pradaeng, Samut Prakan 10130, Thailand
• Email: naratree.trading@gmail.com
• Tel: +66 98 885 8789