Privacy Notice – Customers
Brightsight Solution Co., Ltd.

   Brightsight Solution Co., Ltd. (the “Company”) recognizes the importance and its duties under the Personal Data Protection Act B.E. 2562 (2019). We place great importance on respecting your privacy rights and are strongly committed to protecting your personal data to ensure its security and to guarantee that your personal data is protected in accordance with the Personal Data Protection Act and other relevant laws. Therefore, the Company has prepared this Privacy Notice to inform you of the details related to the collection, use, or disclosure of personal data (collectively referred to as “Processing”), as well as your legal rights as the data subject.

   Please read this Privacy Policy before accepting it and exercising your rights under the Personal Data Protection Act. For service users who have not reached legal age (20 years of age) or are incompetent or quasi-incompetent persons, such individuals must obtain consent from their parental guardian, curator, or custodian, as the case may be, before accepting this Privacy Policy or exercising any rights under the Personal Data Protection Act. Therefore, if you are such an individual and you accept this Privacy Policy, the Company will deem that you have requested and received such consent from the person authorized to give it.

Clause 1. Definitions
1.1 “Application” means one.in.th, a platform created by the Company to present interesting events, promotions, and tourist attractions to customers. Customers can register for events or venues, purchase tickets to tourist attractions, and use the platform to participate in various activities at events, etc.

1.2 “Customer” means an individual who is the target for the sale of the Company's products or services, and includes participants in the Company's campaigns or marketing activities, individuals interested in the Company's products or services through various channels, and/or users of the Company's various services via online and electronic media, as the case may be. This also includes the legal representatives of the customer, as the case may be, such as the parental guardian of a minor, the curator of an incompetent person, the custodian of a quasi-incompetent person, etc.

1.3 “Personal Data” means:
        1.3.1 “Personal Data” means information about a person which enables the identification of that person, whether directly or indirectly, but does not include the data of deceased persons. This includes, for example, first name, last name, telephone number, email, gender, address, location coordinates, interests in promotions and events, order history, and history of participation in event activities.
        1.3.2 “Sensitive Personal Data” means personal data pertaining to race, ethnicity, political opinions, beliefs in a creed, religion or philosophy, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data which affects the data subject in a similar manner, as announced by the Personal Data Protection Committee. The Company must handle such data with special care and will collect, use, and/or disclose sensitive personal data only upon receiving explicit consent from the customer or in cases where the Company is required to do so as permitted by law.
   Hereinafter in this Privacy Notice, unless specified otherwise, “Personal Data” and “Sensitive Personal Data” related to the aforementioned service users shall be collectively referred to as “Personal Data.”

Clause 2. To Whom Does This Privacy Notice Apply?
   This Privacy Notice applies only to the personal data of individuals who register to use the platform with the Company.

Clause 3. Personal Data Collected by the Company
The Company collects your personal data as necessary for the purposes outlined in Clause 5, which includes: first name, last name, gender, year of birth, email, telephone number, province, occupation, address, location coordinates, interests in promotions and events, order history, and history of participation in event activities.

Clause 4. Source of Personal Data
   The Company collects customers' personal data through the registration channels on the Company's platform, regardless of the means of access, whether via a mobile phone application or a website.

Clause 5. Purposes for Collecting, Using, or Disclosing Personal Data
    The Company collects, uses, or discloses your personal data for the following purposes, based on the lawful bases for processing data:
  5.1 Performance of a Contract: To fulfill the contract to which you are a party for the use of the platform service.
To send notifications, order confirmations, and communications to you.
To verify your identity and prevent spam or unauthorized or illegal actions.
To customize the information we may send or display to you, to offer location customization, to send alerts and notifications, to repeat orders, to recommend items, and to personalize your experience while using the service.

  5.2 Consent: The Company will request consent from the customer in cases where the law requires consent or where the Company has no other lawful basis mentioned above to process the personal data collected from the customer, for the following purposes:
To conduct targeted marketing, targeted advertising, and to update services and promotional offers through your preferred communication channels.
  5.3 Legitimate Interests:
To better understand how you access and use our services, both on an aggregate and individualized basis, in order to improve our services and respond to customer needs and preferences, and for other research and analytical purposes related to the use of the Company's platform.

Clause 6. Disclosure of Customer's Personal Data
    To carry out the purposes stated in this Privacy Notice, your personal data may be disclosed or transferred to various departments within the Company and to external persons or entities as follows:
        6.1 Within the Company:
   Your personal data may be disclosed or transferred to various departments within the Company only as relevant and necessary for the stated purposes. These individuals or teams of the Company will be authorized to access the customer's personal data on a need-to-know and appropriate basis.
Sales officers or other relevant officers, with access rights defined according to their job responsibilities.
Executives or direct supervisors of the Company who are responsible for the management or decision-making of the Company, or when involved in personnel procedures.
Various support departments or teams, such as Information Technology, Administration, Accounting, Purchasing, Finance, etc.
        6.2 Outside the Company:
        Your personal data may be disclosed or transferred to various departments within the Company and/or may be disclosed to event organizers who use the platform. Your data may also be stored on a computer, server, or cloud service provided by a third party, only for relevant purposes. These individuals or teams of the Company will be authorized to access your personal data as necessary and appropriate, and the Company will require those third parties to have appropriate security measures for personal data protection.

Clause 7. Retention and Retention Period of Customer's Personal Data
        7.1 The Company will retain your personal data for as long as necessary, considering the necessity and purposes for which the Company needs to collect, use, and process it, including compliance with applicable legal requirements.
        7.2 The Company will conduct reviews to delete or destroy personal data, render it permanently anonymous, or otherwise restrict all personal data upon the expiration of the retention period, or when it is irrelevant or exceeds the necessity for the purpose of its collection, or when the Company must comply with a customer's request to delete their personal data.

Clause 8. Rights of the Data Subject
        8.1 You have the right to take the following actions:
        (1) Right to Withdraw Consent
    If you have given consent for the Company to collect, use, and/or disclose your personal data, you have the right to withdraw your consent at any time while your personal data is with the Company, unless this right is restricted by law or by a contract that benefits you.
    However, the withdrawal of your consent may affect your use of products and/or services. For example, you may not receive benefits, promotions, or new offers; you may not receive better products or services that meet your needs; or you may not receive useful information. For your own benefit, you should study and inquire about the effects before withdrawing your consent.

        (2) Right to Access Personal Data
    You have the right to access your personal data and request that the Company provide you with a copy of such personal data, as well as to request that the Company disclose how it has acquired the personal data in its possession. The Company may deny your request if such access and request for a copy would adversely affect the rights and freedoms of others, or if the Company must comply with a law or court order prohibiting the disclosure of such personal data.

        (3) Right to Data Portability
    You have the right to receive your personal data in a format that is readable or commonly used by automated tools or devices, and that can be used or disclosed by automated means. You also have the right to request that the Company send or transfer the personal data in such a format to another data controller when it is possible to do so by automated means, and you have the right to directly receive the personal data that the Company sends or transfers in such a format to another data controller, unless it is not technically feasible.
    This right applies to personal data that you have consented for the Company to collect, use, and/or disclose, or personal data that the Company needs to collect, use, and/or disclose for you to use the Company's products and/or services as you wish under a contract with the Company, or to take steps at your request before using the Company's products and/or services, or other personal data as specified by competent legal authorities.

        (4) Right to Object to the Processing of Personal Data
    You have the right to object to the collection, use, and/or disclosure of your personal data at any time if the collection, use, and/or disclosure of your personal data is carried out for necessary operations under the legitimate interests of the Company or of another person or legal entity, without exceeding the scope that you can reasonably expect, or to perform a task for the public interest. If you object, the Company will continue to collect, use, and/or disclose your personal data only if the Company can demonstrate compelling legitimate grounds that override your fundamental rights, or for the establishment, exercise, or defense of legal claims, as the case may be.
    Furthermore, you also have the right to object to the collection, use, and/or disclosure of your personal data for marketing purposes, or for scientific, historical, or statistical research purposes.

        (5) Right to Erasure ('Right to be Forgotten')
    You have the right to request the erasure or destruction of your personal data, or to have your personal data rendered anonymous, if you believe that your personal data was collected, used, and/or disclosed unlawfully, or if you believe that the Company no longer has a need to retain it for the relevant purposes in this Privacy Notice, or when you have exercised your right to withdraw consent or to object as mentioned above, unless the Company is required to retain such data to comply with the law or to exercise a legal claim.

        (6) Right to Restrict Processing
    You have the right to request the temporary suspension of the use of your personal data while the Company is reviewing your request to rectify your personal data or your objection, or in any other case where the Company no longer needs and must delete or destroy your personal data according to the relevant law, but you request that the Company suspend its use instead.

        (7) Right to Rectification
    You have the right to request that the Company correct your personal data to be accurate, current, complete, and not misleading.

        (8) Right to Lodge a Complaint
    You have the right to lodge a complaint with the relevant competent authority if you believe that the collection, use, and/or disclosure of your personal data is in violation of or non-compliant with the relevant laws.
   If you have any concerns or questions about the Company's practices regarding your personal data, please contact the Company using the contact details in Clause 11 of this Privacy Notice for Customers. In the event there is reasonable cause to believe that the Company has violated the Personal Data Protection Act, you have the right to file a complaint with the expert committee appointed by the Personal Data Protection Committee in accordance with the rules and procedures prescribed by the Personal Data Protection Act.

8.1 In the event that a data subject submits a request to exercise their rights under the Personal Data Protection Act, upon receiving such a request, the Company will proceed within the period prescribed by law. The Company reserves the right to refuse or not act upon such a request in cases prescribed by law.

8.2 The Company has the full right and sole discretion to accept and act upon, or to refuse, the customer's request.
    The exercise of your rights under Clause 8.1 may be restricted under applicable law, and there are certain instances where it may be necessary for the Company to refuse or be unable to comply with your request, such as to comply with a law or court order, for the public interest, or where the exercise of the right may violate the rights or freedoms of others. If the Company refuses the above request, the Company will also inform you of the reason for the refusal.

Clause 9. Security Measures for Personal Data
    The Company has implemented and regularly updates its security measures for personal data to ensure an appropriate level of security for the risks involved, and to maintain the confidentiality, integrity, availability, and resilience of personal data processing on an ongoing basis. This includes protection against loss, and unauthorized collection, access, use, modification, correction, or disclosure of personal data. The Company will apply various security measures to all types of personal data processing, whether electronic or in paper form.

Clause 10. Changes to the Privacy Notice for Customers
        The Company will regularly review this Privacy Notice for Customers to ensure it is consistent with current practices and relevant laws and regulations. If there are changes to the Privacy Notice for Customers, the Company will inform you of any significant amendments along with the updated Privacy Notice through appropriate channels. The Company recommends that you periodically review this Privacy Notice for any changes.

Clause 11. Contact Channels
If you believe that the processing of your personal data does not comply with the Personal Data Protection Act B.E. 2562 (2019), you have the right to lodge a complaint with the Company's Data Protection Officer as follows:

Location: Brightsight Solution Co., Ltd.
No. 1/75 Soi Vibhavadi Rangsit 35, Vibhavadi Rangsit Road, Sanambin, Don Mueang, Bangkok 10210
Website:     www.brightsight.co.th
Email:         info@brightsight.co.th
Telephone:   (+66) 02-974-4949

Clause 12. Governing Law
    This Privacy Notice is governed by and shall be interpreted in accordance with the laws of Thailand, and the Thai courts shall have jurisdiction to adjudicate any disputes that may arise. Before indicating your intention, you have read this Privacy Notice in its entirety, and you consent or refuse to consent to this document voluntarily, without coercion or inducement, and you understand that you can withdraw this consent at any time, except where your rights are restricted by law or you are still bound by a contract between you and the Company.
   You understand that such a withdrawal of consent does not affect the processing of personal data that has already been completed.