Privacy Policy
Last update: April 2023
Your personal data is any information that can be used to identify
you. When you use our website and its services, you share some of
your personal data with us. The privacy of your personal data is
important. This privacy policy explains to you how we collect, use,
and disclose your personal data. It also includes your rights over
your data. Our website operates under the Personal Data Protection
Act (PDPA).
For children younger than 16 years old, your parent or guardian must
read this page with you.
1. How we collect your personal data
We collect your personal data from your account registration and
contents that you upload to our website.
When you register to use our website, we ask you some questions
about yourself. The answers you give us are your personal data,
and we keep them as long as we need to.
When you create a new invention on our website, interact with inventions
created by other website users (Clip, Keep), or use our social features
(Chitchat and Suggestion); you create and upload contents. The contents are
your data and we keep them. With the exception of the registration form,
we do not allow users to upload personal data to our website. However,
if your contents have your personal data, we keep them until we take steps
to make them invisible to other website users or erase them.
We also collect your technical personal data such as IP Address,
Cookie ID, and activity log through your use of our website. We keep
them as long as we need to.
When you contact us by email or telephone, we collect and keep your
email address and phone number as long as necessary.
2. Personal data we collect from you
We minimise data we collect from you. Some data help us provide
services to you and some data are required by laws. These are data
we collect from you:
- Date of birth
- Preferred/display name
- Email address
- Phone number (only if you contact us by phone)
- Encrypted password
- IP Address
- Cookie ID
- Activity log
Please note that, with the exception of the registration form, you must not upload any of your personal data and contact information to our website.
3. Children and person with legal restrictions
We do not allow children younger than 13 years old to use our website.
If you are 13-15 years old or have legal restrictions, we need you to
have parental/guardian consent to us collecting your data. The consent
must be given when you register to use our website.
If you are under 20 years old or have legal restrictions and your
parent/guardian does not consent to our collection of your data,
we will take steps to remove your data from our servers.
4. Where we keep your data (data storage)
We store your data as soft copy on cloud by using a third-party server
service provider - Microsoft Azure. You can learn more about Microsoft
Azure infrastructure at
https://infrastructuremap.microsoft.com.
5. How we use your personal data
We use your personal data to:
- Provide our website and its services to you
- Gather your feedback
- Study how users use our website
- Improve our website and its services to better your user experience
- Share and manage information within our organisation
- Comply with our Terms & Conditions
- Comply with laws, rules, and regulatory authorities
We do not sell your personal data, and we currently do not have advertisements. If in the future our website includes ads, our ads will not be based on data of children.
6. How long we keep your personal data (data retention)
We keep your personal data for as long as you are our website user,
as needed, or as the Personal Data Protection Act (PDPA) requires.
We erase, destroy, or anonymise your personal data when it is no
longer necessary for us to keep them, or when the 90-day period
lapses.
7. Disclosure of personal data
We may disclose your personal data with your consent or as the laws
require. We may disclose your personal data within our organisation
and to our service providers in certain circumstances.
Our organisation
We may disclose your personal data within our organisation to
provide and develop our website and services.
Our service providers
We use service providers to make, manage, and improve our website;
and to provide services to you. Each provider has their own privacy
policy. These are our providers:
Cross-border data transfer
We may disclose or transfer your personal data to our service providers and/or servers located in foreign countries. We will make sure that your personal data is securely transferred, and that our service providers (the receiving parties) have an appropriate level of personal data protection standard or as allowed by laws.
If your data is transferred from the European Economic Area (EEA) to the United States and other non-EEA jurisdictions, we will have appropriate solutions to address cross-border transfers as required or permitted by the General Data Protection Regulation.
8. Your control over personal data (data subject rights)
You have control over your data. This is called Data Subject Rights.
You have the rights to exercise the followings:
Withdrawal of consent:
If you have given consent to us to collect, use, or disclose your personal
data whether before or after the effective date of the Personal Data
Protection Laws, you have the right to withdraw such consent at any time
throughout the period that your personal data is available to us, unless it
is restricted by laws or you are still under beneficial contract.
Data access:
You have the right to access your personal data that is under our
responsibility; to request us to make a copy of such data for you,
and to request us to reveal how we obtain your personal data.
Data portability:
You have the right to obtain your personal data if we organise such
personal data in automatic machine-readable or usable format and can be
processed or disclosed by automatic means; to request us to send or
transfer the personal data in such format directly to other data
controllers if doable by automatic means; and to request to obtain the
personal data in such format sent or transferred by us directly to other
data controllers unless not technically feasible.
Objection:
You have the right to object to collection, use, or disclosure of
your personal data at any time if such doing is conducted for legitimate
interests of us, corporation, or individual which is within your reasonable
expectation; or for carrying out public tasks.
Data erasure or destruction:
You have the right to request us to erase, destroy, or anonymise your personal
data if you believe that the collection, use, or disclosure of your
personal data is against relevant laws; or retention of the data by us is
no longer necessary in connection with related purposes under this Privacy
Policy; or when you request to withdraw your consent or to object to the
processing as earlier described.
Suspension:
You have the right to request us to suspend processing your personal data
during the period where we examine your rectification or objection request;
or when it is no longer necessary and we must erase or destroy your personal
data pursuant to relevant laws but you instead request us to suspend the
processing.
Rectification:
You have the right to rectify your personal data to be updated,
complete and not misleading.
Complaint lodging:
You have the right to complain to competent authorities pursuant to
relevant laws if you believe that the collection, use, or disclosure
of your personal data is violating or not in compliance with relevant
laws.
If you are in the European Economic Area (EEA) you have the rights as
mentioned above and also you have the right to lodge a complaint with
the local data protection authority if you believe that we have not
complied with applicable Personal Data Protection laws.
You can exercise these rights as a data subject by contacting our
Data Protection Officer (DPO) by sending an email to admin@8-folk.com.
We will notify the result of your request within 30 days upon receipt
of such request. If we deny the request, we will inform you of the reason
via email address, SMS (if applicable), and registered mail (if applicable).
9. Cookies
Cookies are small text files that can be used by websites to make a user's experience more efficient. We use cookies to make our website work well, analyse our traffic, and track your usage of our site to improve your browsing experience. We also share information about your use of our site with analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages. You can at any time change or withdraw your consent from the Cookie Declaration on our website > Change your consent.
Cookie declaration last updated on 24/04/2023 by Cookiebot:
10. Microsoft Clarity
We use Microsoft Clarity to learn how users browse our website, to help improve our website design and user experience. The service captures user interactions on our website. The service anonymises user data and we choose to use the ‘strict’ masking mode. This means your entire text will be masked and will not be sent to Microsoft Clarity server. Learn more about the strict masking mode at https://docs.microsoft.com/en-us/clarity/clarity-masking.
If you wish that your browsing is not captured by Microsoft Clarity, Change your consent. For more information about Microsoft Clarity, visit https://clarity.microsoft.com.
11. Data Security
We endeavour to protect your personal data by establishing security
measures in accordance with the principles of confidentiality, integrity,
and availability to prevent loss, unauthorised or unlawful access,
destruction, use, alteration, or disclosure of your personal data.
12. Data Breach Notification
We will notify the Office of the Personal Data Protection Committee
within 72 hours, where feasible, after we become aware of the breach
that can result in a high risk to your rights and freedoms. We will also
notify you of the high-risk personal data breach and remedial measures
without delay through our website, email address, SMS (if applicable),
and registered mail (if applicable).
13. Changes to this Privacy Policy
We may change this Privacy Policy from time to time to update with our
website and services. We encourage you to frequently check on this page.
This Privacy Policy was last updated and effective on 2nd February 2022.
14. Links to other sites
The purpose of this Privacy Policy is to offer services and use of our
website. Any websites from other domains found on our site have their own
privacy policy which are not related to us.
15. ontact Information
If you have any questions about this Privacy Policy or would like to exercise
your rights, you or your parent/guardian can contact us by using the following
details:
Data Controller
8-Folk Co., Ltd.
180/26 Moo 3, Bang Si Mueang, Mueang Nonthaburi, Nonthaburi, 11000
admin@8-folk.com
www.8-folk.com
