Privacy Policy for the NextCercise Application
Latest revision of this Privacy Policy for the NextCercise Application is 15 September 2023
We, Cariva (Thailand) Co., Ltd. (“we”, “us”, “our”, or “Company”), value the importance of protecting your Personal Data. We have therefore made this Privacy Policy for the NextCercise Application (“Policy”) to explain how we collect, store, use, disclose, or otherwise process (“process” or “processing”) your Personal Data, and your rights as a Data Subject.
1. Definition
1.1 “Personal Data” means any information that is related, either directly or indirectly, to an identified or identifiable person, except for the information of any deceased person.
1.2 “PDPC” means the Personal Data Protection Commission established under the PDPA, having the duty and authority to regulate and issue rules, measures, or other practices with respect to personal data protection under the PDPA.
1.3 “Data Subject” or “you” means the person who can be identified, whether directly or indirectly, through their Personal Data. For the purpose of this Policy, a Data Subject can be either a User, a Legal Entity’s Representative, or a Business Partner’s Representative.
1.4 “Legal Entity’s Representative” means an authorized representative or a contact person of a Corporate Client.
1.5 “Business Partner’s Representative” means an authorized representative or a contact person of a Business Partner.
1.6 “User” means any person whom the Corporate Customer has allowed to visit, access, or use the Application and who has registered as a member on the Application, or subscribed to receive a newsletter from the Application;
1.7 “Business Partner” means any legal entity that conducts marketing campaigns on the Application, offers products and/or services on the Application, such as discount coupons, cash coupons, etc.;
1.8 “PDPA” means the Personal Data Protection Act B.E. 2562 (2019), as amended from time to time, as well as any rules, regulations, or notifications issued by virtue of the PDPA.
1.9 “Corporate Customer” means a customer of the Company who/which is registered as a legal entity, and wishes to subscribe to the Application, so that any designated person, including but not limited to, their customers, partners, employees, members, and personnel can access to and use the Application. A Corporate Customer shall also include an authorized representative and contact person of said Corporate Customer as well.
1.10 “Regulatory Authority” means any agency having the authority to regulate our business, including, but not limited to, the PDPC.
1.11 “Device” means any device for monitoring, tracing, and detecting the wearer’s walking, exercising, and health, such as a smart watch, smart band, or any other similar device.
1.12 “Application” means the application NextCercise.
2. Collection of Personal Data
In providing Application services to Data Subjects, we will collect Personal Data under, within, and through legitimate and fair objectives, scope, and methods, only to the extent as necessary to provide services to you, and for the purposes as described in this Policy. Generally, we process the following Personal Data about you:
2.1 Users
|
Type of Personal Data
|
Examples of Personal Data
|
|
Identification information
|
First name and surname, date of birth, sex, age, photographs.
|
|
Profile data
|
User account details and password; LINE ID, if the User logs in through a LINE Application; Apple ID, if the User logs in through an Apple account; or other similar user information, such as an ID issued by an organization.
|
|
Personal details
|
Marital status, education levels, income, occupation, number of children, residence type
|
|
Contact details
|
Address, phone number, email.
|
|
Activity data
|
Number of steps, exercise time and distance, the number of points, activity history, competition history, and award redemption history, photographs of users while participating in an activity or as required by each activity.
|
|
Sensitive Personal Data
|
Weight, height, the number of calories, the number of calories burned, or any health-related information that you may record on the Application.
|
|
Behavioral data
|
Spending behavior, interests, such as consumption, investment, exercising, beauty, technology, hobby, and everyday life etc.
|
|
Location data
|
GPS data.
|
|
Data collected automatically
|
Date and time when the Application is used, Application usage duration, preferred language, IP address, Device ID, cookies, Application access and usage logs, and other information which needs to be collected in accordance with computer traffic law.
|
|
Other information
|
Preferences regarding subscription to news, promotions, promotional materials, publications, or other information and details regarding marketing; your complaints, comments, and/or inquiries, your social media information, and your posts on the Application.
|
2.2 Legal Entity’s Representative
|
Type of Personal Data
|
Examples
|
|
Identification information
|
First name and surname, date of birth, sex, and age.
|
|
Profile data
|
User account details and password.
|
|
Contact details
|
Address, phone number, email, and work address.
|
|
Location data
|
GPS data.
|
|
Data collected automatically
|
Date and time when the Application is used, Application usage duration, preferred language, IP address, Device ID, cookies, Application access and usage logs, and other information which needs to be collected in accordance with computer traffic law.
|
|
Other information
|
Your complaints, comments, and/or inquiries.
|
2.3 Business Partner’s Representative
|
Type of Personal Data
|
Examples
|
|
Identification information
|
First name and surname, date of birth, sex, and age.
|
|
Profile data
|
User account details and password.
|
|
Contact details
|
Address, phone number, and email
|
|
Location data
|
GPS data.
|
|
Data collected automatically
|
Date and time when the Application is used, Application usage duration, preferred language, IP address, Device ID, cookies, Application access and usage logs, and other information which needs to be collected in accordance with computer traffic law.
|
|
Other information
|
Your complaints, comments, and/or inquiries.
|
3. Sources of Personal Data
3.1 Users
3.1.1 Directly from you:
(a) When you register to be a member with us, or apply for our services on the Application;
(b) When you access and/or use the Application, including using it while you exercise and using it by attending activities and competitions on the Application;
(c) When you make a transaction on the Application, including award redemption;
(d) When you connect your Application account with your social media account, or any other application account of yours, in which case we will Process your social media or such other application;
(e) Through cookies in your browser when you use the Application; and
(f) On a voluntary basis when you file a complaint, make a suggestion, have an inquiry, take a survey, or contact us through the Application, or via email, telephone, or any other communication channel.
3.1.2 We may obtain your Personal Data through the relevant Corporate Client.
3.1.3 In cases where you connect a Device to the Application, and provide your consent for said connection, we may collect from said Device your Personal Data regarding the number of steps you have taken, the duration of your exercise, and the distance you have walked, run, or covered in your exercise.
3.2 Legal Entity’s Representative
3.2.1 Directly from you:
(a) When you register to be a member with us, or apply for our services on the Application;
(b) When you access and/or use the Application;
(c) When you make a transaction on the Application;
(d) Through cookies in your browser when you use the Application; and
(e) On a voluntary basis when you file a complaint, make a suggestion, have an inquiry, or contact us through the Application, or via email, telephone, or any other communication channel.
3.2.2 We may receive your Personal Data that is available in the public domain, such as websites.
3.3 Legal Entity’s Representative
3.3.1 Directly from you:
(a) When you register to be a member with us, or apply for our services on the Application;
(b) When you access and/or use the Application;
(c) When you make a transaction on the Application;
(d) Through cookies in your browser when you use the Application; and
(e) On a voluntary basis when you file a complaint, make a suggestion, have an inquiry, or contact us through the Application, or via email, telephone, or any other communication channel.
3.3.2 We may receive your Personal Data that is available in the public domain, such as websites.
4. Purposes for Processing Your Personal Data
4.1 Users
|
Purpose
|
Type of Personal Data
|
Legal Basis
|
|
To respond to your request to register to be a member on the Application, and to create a user account on the Application.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Necessary for the purpose of responding to your request to enter into a contract with us
|
|
To examine and verify your identity.
|
Identification information
Profile data
Contact details
|
Legitimate interest
|
|
To enable you to access and use the Application, including:
- To enable you to access and use the Application, including:
- To allow you to participate in activities and competitions, collect points, and redeem awards on the Application, and to deliver awards to you;
- To record your exercise data and the number of calories burned;
- To enable you to record health-related data and monitor progress, and/or changes in your health on the Application;
- To show your exercise statistics;
- To generate and show routes and the distance you have walked, run, or covered during your exercise;
- To analyze and provide advice on the appropriate and necessary amount of exercise; and
- To examine whether you have actually exercised, and whether you are entitled to receive points from such exercise.
|
Identification information
Profile data
Activity data
Location data
Contact details
Sensitive Personal Data
|
Contractual obligation to provide services to you, including to Process location data, in order to generate and show routes and the distance you have walked, run, or covered during your exercise
Explicit consent in cases where we need to Process your Sensitive Personal Data. The Sensitive Personal Data is necessary for the provision of Application services to you, such as calories burnt, provide advice on the appropriate and necessary amount of exercise. etc.
Legitimate interest, with respect to our examination as to whether you have actually exercised, and whether you are entitled to receive points from such exercise.
|
|
To undertake any actions by the Company regarding the giving of award to you such as to verify your participation in activities, to verify your completion of activity’s requirements, delivery of reward, conduct audit on the giving of the award, and any other acts which are relating to the giving of the award
|
Identification information
Contact details
Activity data
|
Legitimate interest for the verification of your participation in activities, verification of your completion of activity’s requirements, conducting an audit on the giving of the award, and any other acts which are relating to the giving of the award of the Company
Legal obligation for the delivery of reward and other acts as per the requirements and conditions of activities
|
|
To operate and manage our Application, improve our services, analyze, evaluate, and improve our system, and to ensure that our Application is safe and works properly.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
|
Legitimate interest
|
|
To present and provide news and marketing materials relating to activities and competitions on the Application, including news about points and awards redemptions, including in the form of push notifications.
|
Identification information
Profile data
Contact details
|
Legitimate interest
|
|
TTo personalize the Application and/or to offer products, services, promotions, and privileges to you, according to your behavior in the Application, search and browsing history, and Application usage.
Furthermore, we may Process a Users’ behavioral data in order to advertise, promote, or offer awards that you may find interesting, and to encourage you to attend activities on the Application.
|
Identification information
Contact details
Activity data
Behavioral data
Data collected automatically
Other information
|
Consent
|
|
To present and provide news and marketing materials of third parties to registered Users, and to present and provide news and marketing materials to non-registered Users, including in the form of push notifications.
|
Identification information
Contact details
|
Consent
|
|
To share your Personal Data with respect to participation in activities and competitions, and/or exercise history, to other employees and/or staff members of the Corporate Customer that is your employer.
|
Identification information
Profile data
Activity data
Contact details
Sensitive Personal Data
|
Consent
|
|
Disclosure of your Personal Data to the affiliates, organization or other entities to enable the affiliates, organizations and other entities to use your Personal Data for analyzation and preparation of the statistics relating to the exercise, and to develop and improve the products of such affiliates, organization or other entities.
|
Identification information
Activity data
Sensitive Personal Data
|
Consent
|
|
In cases where you choose to obtain awards from a Business Partner, we disclose your Personal Data to said Business Partner in order to undertake any actions regarding the giving of the award to you – for example, deliver the awards to you, examine award redemptions, and to carry out any other acts relating to said award redemptions.
|
Contact details
Activity data
Identification information
|
Legitimate interest
|
|
To statistically assess, analyze, and evaluate your behavior and disclose statistical data to Business Partner and/or to disclose your Personal Data in other form to Business Partner for the marketing purposes of such Business Partner
|
Contact details
Identification information
Activity data
Personal details
Behavioral data
|
Consent
|
|
For necessary purposes for the legitimate operation of our business.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
Sensitive Personal Data
|
Legitimate interest; and
Explicit consent (for Sensitive Personal Data).
|
|
To comply with any applicable laws, including the PDPA, and orders, notifications, regulations, and rules issued by a government agency, regulatory agency, competent officer, or a court.
|
Identification information
Profile data
Data collected automatically
Contact details
Sensitive Personal Data
|
Legal obligation
|
|
To establish, exercise, or defend our claims, or to do otherwise with respect to our claims.
|
Identification information
Contact details
Data collected automatically
Sensitive Personal Data
Other information
|
Legitimate interest; and
Establishment, exercise, or defense of claims (for Sensitive Personal Data).
|
|
To detect and prevent fraud, or the use of the Application in a manner that is considered a criminal offense or a violation of any applicable laws, rules, regulations, or terms and conditions.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Legitimate interest
|
|
To communicate with you when you have inquiries or concerns, and inform you about changes to our terms and conditions or policies, and also to notify you about suspicious account sign-ins.
|
Identification information
Profile data
Contact details
Other information
|
Legitimate interest
|
Remarks:
(a) We may de-identify your Personal Data for statistical analysis and/or research to develop the Application, or its features, and to provide services. Furthermore, we may publish such statistical data on the Application, or our platform and social media.
(b) In cases where your Personal Data is necessary for the purpose of responding to your request to enter into a contract with us, or performing our obligations under the contract, if you do not provide your Personal Data, we may not be able to respond to your request or perform said obligations, including, but not limited to, our inability to provide services to you, whether in whole or in part, such as, we may not be able to register you as our member, provide Application services to you, or enable you to attend an activity or competition on the Application.
(c) In cases where your Personal Data is necessary for our compliance with laws, court orders, or orders of a competent officer or authority, your failure to provide Personal Data may result in our or your violation of, or non-compliance with, the applicable law or the relevant order.
(d) In cases where your attend a competition or any other activity organized by us, we may de-identify your Personal Data and publish it on the Application, or our platform and social media, to show transparency in the activity and award presentation, and to allow you to check lists of award winners.
4.2 Corporate Client’s Representative
|
Purpose
|
Type of Personal Data
|
Legal Basis
|
|
To respond to your request for us to enter into an agreement with the relevant Corporate Client.
|
Identification information
Profile data
Contact details
Data collected automatically
|
Legitimate interest
|
|
To examine and verify your identity.
|
Identification information
Profile data
Contact details
|
Legitimate interest
|
|
To enable you to access and use the Application, and to perform our contractual obligations for the relevant Corporate Client, such as to collect service fees, issue invoices and receipts, etc.
|
Identification information
Contact details
|
Legitimate interest
|
|
To operate and manage our Application, improve our services, analyze, evaluate, and improve our system, and to ensure that our Application is safe and works properly.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
|
Legitimate interest
|
|
For necessary purposes for the legitimate operation of our business.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
|
Legitimate interest
|
|
To comply with any applicable laws, including the PDPA, and orders, notifications, regulations, and rules issued by a government agency, regulatory agency, competent officer, or a court.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Legal obligation
|
|
To establish, exercise, or defend our claims, or to do otherwise with respect to our claims.
|
Identification information
Profile data
Data collected automatically
Contact details
Other information
|
Legitimate interest
|
|
To detect and prevent fraud, or the use of the Application in a manner that is considered a criminal offense or a violation of any applicable laws, rules, regulations, or terms and conditions.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Legitimate interest
|
|
To communicate with you when you have inquiries or concerns, and inform you about changes to our terms and conditions or policies, and also to notify you about suspicious account sign-ins.
|
Identification information
Profile data
Contact details
Other information
|
Legitimate interest
|
Remarks:
In cases where your Personal Data is necessary for our compliance with laws, court orders, or orders of a competent officer or authority, your failure to provide Personal Data may result in our or your violation of, or non-compliance with, the applicable law or the relevant order.
4.3 Business Partner’s Representative
|
Purpose
|
Type of Personal Data
|
Legal Basis
|
|
To respond to your request for us to enter into an agreement with the relevant Corporate Client.
|
Identification information
Profile data
Contact details
Data collected automatically
|
Legitimate interest
|
|
To examine and verify your identity.
|
Identification information
Profile data
Contact details
|
Legitimate interest
|
|
To enable you to access and use the Application, post challenges, messages, or details on the Application, and to perform our contractual obligations for the relevant Business Partner.
|
Identification information
Contact details
|
Legitimate interest
|
|
To operate and manage our Application, improve our services, analyze, evaluate, and improve our system, and to ensure that our Application is safe and works properly.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
|
Legitimate interest
|
|
For necessary purposes for the legitimate operation of our business.
|
Identification information
Profile data
Contact details
Data collected automatically
Other information
|
Legitimate interest
|
|
To comply with any applicable laws, including the PDPA, and orders, notifications, regulations, and rules issued by a government agency, regulatory agency, competent officer, or a court.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Legal obligation
|
|
To establish, exercise, or defend our claims, or to do otherwise with respect to our claims.
|
Identification information
Profile data
Data collected automatically
Contact details
Other information
|
Legitimate interest
|
|
TTo detect and prevent fraud, or the use of the Application in a manner that is considered a criminal offense or a violation of any applicable laws, rules, regulations, or terms and conditions.
|
Identification information
Profile data
Data collected automatically
Contact details
|
Legitimate interest
|
|
To communicate with you when you have inquiries or concerns, and inform you about changes to our terms and conditions or policies, and also to notify you about suspicious account sign-ins.
|
Identification information
Profile data
Contact details
Other information
|
Legitimate interest
|
Remarks:
In cases where your Personal Data is necessary for our compliance with laws, court orders, or orders of a competent officer or authority, your failure to provide Personal Data may result in our or your violation of, or non-compliance with, the applicable law or the relevant order.
4.4 For all types of Data Subjects:
(a) For the Processing of your Personal Data based on your consent or explicit consent, if you are under twenty (20) years old, you represent and warrant that you have duly obtained consent or explicit consent, as the case may be, from your parent or guardian for our collection, use, disclosure, or otherwise Processing your Personal Data and/or Sensitive Personal Data for the purposes described in this Agreement. You agree that you will deliver evidence of said consent to us upon request. If you fail to deliver such evidence within a specified timeframe, we reserve the right to suspend your use of the Application and/or cancel your User account without prior notice.
(b) If we need to Process your Personal Data beyond the scope of this Policy, we may notify you about said additional Processing, and/or obtain your consent, if required.
5. Disclosure and Transfer of Your Personal Data Abroad
5.1 We may disclose Personal Data to the following persons and/or legal entities, which are either in or outside of Thailand:
(a) Our affiliates and group companies;
(b) Third-party service providers, including Business Partners, suppliers, IT service providers, payment gateway providers, auditors, accounting firms, audit firms and legal consultants;
(c) Third parties for analyzation and statistics as described above (for the User);
(d) Third parties relating to business transfers, mergers, and acquisitions, or other similar procedures.
5.2 In the case of points redemptions, we will disclose your Personal Data only to the relevant Business Partners.
Where your Personal Data is disclosed to any of the above persons, we will ensure that such persons keep your Personal Data confidential, and do not use it for any purpose other than those specified herein.
Where your Personal Data is transferred abroad, the destination country may have inadequate personal data protection standards as compared to those required by the PDPA, in which case we will implement, and ensure that the recipients of your Personal Data implement, measures to ensure appropriate protection of your Personal Data and compliance with the PDPA, as well as any applicable laws and regulations.
Furthermore, we may disclose Personal Data of Data Subjects as required by any applicable laws, rules, regulations, notifications, or orders, including disclosure to government and regulatory agencies, or upon lawful requests, such as requests of Personal Data for litigation, requests by government agencies or courts, or requests by private agencies or other persons involving legal procedures.
6. Retention of Personal Data
We will retain and Process Personal Data for as long as it is necessary for the purposes described in this Policy. In general, we will retain your Personal Data throughout the period in which you use the Application, and for 10 more years from your last use of the Application, cancellation of the membership or User account, or the last day on which you access or use the Application, unless the applicable law requires otherwise.
After the period specified above, we will delete, destroy, or de-identify your Personal Data within 30 days, unless the applicable law requires otherwise.
7. Data Subject’s Rights
You have the following rights as the Data Subject:
(a) The right to withdraw your consent to the Processing of your Personal Data;
(b) The right to access or obtain a copy of your Personal Data, and to request the disclosure of the source of your Personal Data that we obtained without your consent;
(c) The right to request that your Personal Data be corrected, updated, or completed;
(d) The right to request that your Personal Data be deleted, destroyed, or de-identified;
(e) The right to request a copy of their Personal Data in a commonly used and machine-readable format, and to transmit that data in the same format, if feasible; and
(f) The right to object to the Processing of your Personal Data.
Data Subjects may exercise any of the rights above by submitting a written request to us, or by sending an email to us using the form specified by us. We will respond to your request within a reasonable time. For the right to access your Personal Data, we will respond to your request within a reasonable time period. In the case of a request for access to Personal Data, we will respond to this request within 30 days from the date of your request. In cases where we cannot respond to your request within the above time period, we will promptly inform you of such delay.
Your exercise of any of the above rights is subject to the restrictions and conditions stipulated in the PDPA. Therefore, we may refuse to respond to your request in accordance with the restrictions set out in the PDPA.
You are also entitled to file a complaint with the regulatory agency responsible for personal data protection in Thailand, if you are of the opinion that the Processing of your Personal Data does not comply with the PDPA. However, we encourage you to contact us, and allow us to address your concerns, before filing a complaint with said agency.
8. Cookies
We use cookies and other similar technologies on the Application. Cookies are stored on your computer’s hard disk to enable us to study and collect necessary data about your use of the Application and other relevant information, to enable you to sign in to your Application account.
|
Type of Cookies
|
Purpose
|
|
Strictly necessary cookies
|
These are cookies that are required and necessary for the operation of the Application. They enable basic features of the Application. They include, for example, cookies that enable you to log into our Application securely, or to access secure areas of the Application, or cookies that involve privacy and consent controls. Without these cookies, our Application cannot operate.
|
|
Analytical/performance cookies
|
These cookies help us learn about how you interact with the Application. They collect data about how you use and browse the Application, and the number of visitors and users, etc. These cookies help us analyze, improve, and develop the Application’s functionality and functions.
|
|
Functionality cookies
|
These are used to enable us to remember your preferences, such as your choice of language and region, and your username and password. They enable you to log into the Application automatically when you return to the Application. Furthermore, we use these cookies to collect your Sensitive Personal Data to calculate and display your exercise data, and data about your Health Points and Health Coins, in order to calculate your eligibility to earn coins and awards at a given time.
|
|
Targeting cookies
|
These cookies monitor your online activities on the Application, such as which pages of the Application are visited by you, which awards are viewed by you, the frequency that you view your awards, and the duration of your use of the Application. They enable us to display advertisements that may interest you. Furthermore, we use these cookies to enable us to display advertisements that may be relevant to your interests, in cases where you have not signed up as a User (re-targeting).
|
|
Cookies that monitor pop-ups
|
These cookies allow us to know whether you have read our cookie banner, and ensure that such banner will not pop up again after you have accepted, rejected, or closed the banner.
|
9. Amendments
We may review and amend this Policy from time to time, so that it corresponds with any changes in the applicable law, material changes in our operations, and suggestions and opinions of other relevant organizations. For amendments that affect the purposes for the Processing of Personal Data, we will inform you about the new purposes and, if required by law, obtain your consent before such amendments come into effect.
10. Contact Details
If you have any inquiries or concerns with respect to this Policy or how we handle your Personal Data, or you would like to exercise your right as a Data Subject, please contact us at:
Cariva (Thailand) Co., Ltd.
Bhiraj Tower at Sathorn Building
33, 31, 31/1 South Sathorn Road,
Yannawa, Sathorn, Bangkok 10120, Thailand
Tel: 0 2078 4000
Email: support@nextcercise.com
or
You may contact our Data Protection Officer (DPO) at: ARV.DPO@arv.co.th.
.png)
