Privacy Policy
For Customers

1. General Provision
   

   GEN PLAY Co., Ltd (“Company”) cares about the privacy of our customers, thus, we provide this Privacy Policy (“Policy”) to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individuals (“you”) We would like to assure you that personally identifiable information, whether directly or indirectly, is a priority to us. The Company protects and manages Personal Data with appropriate security measures.

   GEN PLAY collects, processes, uses, discloses, and transfers your personal data as necessary for its operations. This policy has been established to inform customers of the Company's practices regarding personal data in accordance with the governing law and to ensure compliance with the said regulation. Therefore, we encourage customers to read and understand the terms and conditions of this policy, as detailed below.

2. Definition
   
   1. “Customer” means any individual or juristic person that has a legal relationship with the Company under a sales contract or any other person with a similar status, such as an individual inquiring about the Company’s products or services, including a “participant” who owns personal data, as well as representatives, agents, or customers who are involved in such legal relationship. For the purposes of this policy, such persons shall be referred to as “customer” or “you” “Participant” means any individual who has a legal relationship with the Company under a contract other than a sales contract but within the scope of the Company’s business, as well as any individual who expresses an intention to participate in an activity or project or those who wish to communicate with the Company in connection with the Company’s business, such as an individual inquiring about the Company's products or services, an event participant, a website user, an individual who contacts the company for information, and an individual who responds to surveys about the Company's products and/or services.
   2. “Customer’s Personal Data” means the personal data of an individual customer, the personal data of a representative, agent, or authorized representative appointed by a corporate customer as well as the personal data of an employee, staff, contractor, or agent of a customer who are authorized to conduct any contract or legal transaction with the Company.
   3. “Sensitive Personal Data” means the personal data that directly or indirectly identify an individual including but not limited to personal data concerning race, ethnicity, political opinions, religious, philosophical, or cult beliefs, sexual orientation, criminal record, health record, disability, labor union, genetics data, biometric data, or any other information that has a similar impact on the data owner.
   4. “Personal Data Processing” means the collection, use, and disclosure of personal data.
3. Purpose of Personal Data Processing
   

   For personal data processing, customers shall refer to this policy for details, including but not limited to the collection, use, disclosure, and/or processing of personal data for lawful purposes and basis, as listed below.

   1. For the purposes of preparing a proposal and for negotiation, providing a sales contract between the Company and a customer, examining the documentation of buyers and sellers that involves contract formation or negotiation, and any other process such as customer identification, disclosure of sales account, and registering customers as well as representatives or agents appointed to take legal actions related to such contracts.
   2. For the purposes of fulfilling contractual obligations, such as paying the price, delivering and receiving the goods, creating documents for commercial and other purposes in compliance with the contracts, and processing personal data for after-sales service purposes, including but not limited to returns and warranty claims where the personal data’s owner acts as a representative or an agent appointed to take legal actions related to such contracts.
   3. For the purposes of enabling the Company to comply with applicable laws and regulations, including but not limited to transportation laws and tax laws, as well as lawful orders of government officials or court orders and to report information to the government agencies or other relevant authorities as required by such laws.
   4. For the purposes of the Company’s legitimate interest including but not limited to the following:
      • Processing of customer’s personal data for internal audit, financial and accounting audit, fraud, corruption and other unlawful actions investigation and prevention, or for legal proceedings, as well as for other legitimate interests of the Company.
      • Processing of customer’s personal data who enter the Company’s area or properties for business purposes, visits, coordination and vice versa where the company processes such data to protect the Company’s area or properties.
      • Processing of personal data of the employees, contractors, or representatives of the customers who are assigned or transferred to the Company by the customer for the purpose of creating or performing the contract between the Company and the customers as well as for communication or coordination related to negotiations or the performance of the contract between the Company and the customers, and for the Company’s administration and operation
   5. For the purposes of preventing and suppressing dangers that could harm the lives, bodies, or health of the customers or other parties.
   6. For the purposes of business operation, marketing, public relation, sales promotion, and activities between the Company and the customers such as communicating marketing messages, taking still or motion images for marketing and promotional purposes, and promoting products or services through various media channels, the Company will process your personal data based on your consent.
   7. For the purpose of improving the Company’s service such as a research to improve our product or service or satisfaction survey.
   8. For the purpose of processing personal data for the purposes outlined above, where applicable law requires the Company to obtain the customer’s consent, the Company will seek explicit consent as detailed in the attached document. Where applicable law permits the Company to process the customer’s personal data without consent, as outlined in Clauses 3.1-3.5, it shall be deemed that the Company has provided notice to the data subject of the processing activities under this policy.
   9. For the purposes of processing of personal data for other purposes or in a manner that is different from or inconsistent with the purposes outlined in this policy, the Company will issue an additional privacy notice informing the customers of the details of such processing.
   10. If the company had collected your personal data before the effective date of the data protection law applicable to the collection, use, or disclosure of personal data, the company may continue to collect, use, or disclose your personal data for the original purposes as notified to you in this policy. However, if you do not wish for the company to process your personal data, you have the right to withdraw your consent by contacting the company through the contact channels specified in this policy. The company reserves the right to consider your withdrawal request and proceed in accordance with the applicable data protection law.
   11. If the personal data processed by the company for the purposes outlined in Clauses 3.1-3.7 is classified as sensitive personal data, the Company will obtain your explicit consent before proceeding, unless the processing is permitted by law without requiring consent.
4. Personal Data We Collect
   
   1. Under this Policy, the Company directly collects personal data from customers when customers submit personal data as part of or attached to various documents for the purposes of requesting to enter into a contract and performing the contract with the Company as outlined in Clauses 3.1 and 3.2. Such personal data includes:
      • A. Personal data appearing on a copy of identification card and name or surname change certificate such as first name, surname, date of birth, age, sex, ID card number, and signature, as well as a copy of house registration, book bank, photo, and other similar personal data appearing on forms or commercial documents related to the legal relationship with the Company. For sensitive personal data on identification cards, the Company does not have a policy for collecting sensitive personal data. Customers could redact or obscure such information.
      • B. Contact information such as address as appeared on identification card or house registration, telephone number, fax number, email, Line ID, Wechat ID, Facebook account, Instagram account, or social media account as specified in forms or commercial documents related to the legal relationship with the Company
      • C. In certain circumstances, the Company may automatically collect your personal data through various channels, depending on your usage, interaction, or communication with the Company. If such automatic data collection differs or is additional to this policy, the Company will provide you with a specific policy detailing the process. For instance, if you use the Company's website, cookies or similar technologies may be used. The Company has provided additional details in its Cookie Policy in which you can read it here
      • D. In certain circumstances, the Company may collect your personal data when you communicate with us. This may include recordings of conversations between you and the Company via online or electronic means, or when you visit the Company's areas, such as through the use of CCTV surveillance.
   2. In cases where the Company collects, uses, or discloses personal data of employees, contractors, representatives, or appointed agents whose personal data have been sent or transferred from the customers to the Company for the purposes outlined in Clauses 3.1 and/or 3.2, such as name, surname, job title, and contact information, the Company is not required to obtain the explicit consent of these individuals, except in cases of sensitive personal data. The Company will inform these individuals of the details of the processing of their personal data under this policy. However, if the Company is unable to directly inform these individuals, the customers agree to notify these individuals of this policy on behalf of the Company and provide the Company with documentation confirming such notification. Furthermore, if the Company is required to obtain the consent of these individuals, the customers agree to have these individuals sign the consent form attached to this policy. In this regard, the customers acknowledge that the Company may request that you provide evidence of the aforementioned actions to verify compliance with the laws and regulations of individual countries.
5. The Disclosure of Personal Data
   

   The Company shall disclose, send, transfer, or exchange the personal data of the customers in accordance with the purposes stated in Clause 3. Details of the individuals or entities to whom such data is disclosed or transferred are as follows.

   1. Disclosing personal data of the customers to third-party service providers such as information technology service providers, data storage providers, data analytics providers, or other service providers necessary for us to enter into or perform our obligations under our contract with you.
   2. Disclosing personal data of the customers to financial service providers, electronic payment service providers, or other service providers necessary for us to perform our obligations under our contract with you, including processing payments for goods purchased.
   3. Government agencies authorized by law to regulate, or that may request the disclosure of personal data by legal authority, or that are involved in legal proceedings, or that are permitted to do so under applicable laws, such as the Revenue Department and the Department of Business Development.
   4. Other individuals or agencies that you have consented to disclose your personal data, such as through the publication of event photos on various media channels, disclosure to social media providers, or public disclosure through various media, which is part of the purpose as outlined in Clause 3.6.
   5. Affiliated companies. This term includes but is not limited to the executives, directors, employees, and/or personnel of such companies, to the extent necessary for the processing of personal data, which is part of the purpose as outlined in Clause 3.4.
   6. The Company’s advisors, including legal counsel, attorneys, accountants, auditors, or other experts, both internal and external to the company, as part of the purpose outlined in Clause 3.4.
6. Personal Data Retention Period
   
   1. The Company will retain personal data for the period necessary to fulfill the purposes for which the personal data was collected, processed, and used, as specified in Clause 3 of this policy. The retention period may vary depending on the specific purpose of processing the personal data. For personal data retained for the purpose of entering into or performing a contract, the Company will retain such data for the duration of the contractual relationship. Additionally, the Company will retain personal data for the period required by applicable laws, taking into account statute of limitations periods for any legal actions that may arise from or in connection with the processing of personal data for each purpose.
   2. Where the specific retention period for personal data cannot be determined, the Company will retain the customer's personal data for a period that is reasonably expected based on industry standards for data retention. However, the Company may retain the customer's personal data for a period exceeding such expected period if permitted by law or if such retention is necessary to establish, exercise, or defend legal claims.
   3. Upon expiration of the aforementioned retention period, the Company will delete or destroy such personal data from the Company's or its service providers' storage or systems, or render the personal data anonymous.
7. Rights of Customer as Data Subject
   

   The customers, as data subjects, have the following rights:้

   1. Right to Access Personal Data
      The customers have the right to access their personal data and request a copy of such data, as provided for under this policy and in accordance with the relevant laws and regulations.
   2. Right to Data Portability
      The customers have the right to request that their Personal Data be transmitted or transferred to another data controller or themselves, unless it is technically impossible to do so, as provided for under the relevant laws and regulations.
   3. Right to Object to Collection, Processing and Use of Personal Data
      The customers have the right to object to the processing of personal data as provided under the relevant laws and regulations.
   4. Right to Delete Personal Data
      The customers have the right to demand the Company to delete, destroy, or render the personal data anonymous, as provided for under the relevant laws and regulations.
   5. Right to Suspend the Use of Personal Data
      The customers have the right to demand the Company to suspend the processing of personal data, as provided for under the relevant laws and regulations.
   6. Right to Rectification
      If the customers discover that the personal data provided in this policy is not correct or wish to update it, the customers have the right to have such data rectified, as provided for under the relevant laws and regulations.
   7. Right to Be Informed
      The Company may, at its discretion, revise or amend the personal data registration form to ensure that the customer's personal data is adequately protected in accordance with the relevant laws and regulations.
   8. Right of Report
      If the customers have any concerns or questions regarding the Company’s handling of the customer’s personal data, please contact the Company using the contact details provided in Clause 8 of this policy. If the customers believe that the Company has violated any applicable data protection law, the customers have the right to lodge a complaint with the expert committee appointed by relevant government agencies, in accordance with the procedures and methods prescribed by the applicable laws and regulations.

   However, the customer’s rights as data subject as outlined in this policy are subject to the limitations and conditions provided under the laws and regulations of individual countries. The Company may reject the customer's request on lawful grounds and reserves the right to consider the customer's request subject to the Company's terms, processes, and policies.

8. Contact Us
   

   The Company has appointed Data Protection Officer (DPO) to coordinate on personal data protection by Personal Data Protection Act. If the customers wish to use their rights as listed in Clause 7 of this policy, the customers may contact the Company through

   Data Protection Officer (DPO)
   E-mail: [email protected]
   Address: 47/420 Narita Tower, 9th Floor, Moo 3, Ban Mai, Pakkret, Nonthaburi, Thailand 11120

9. Policy Amendment
   

   The Company may from time to time modify this policy to reflect any changes to its data processing activities and to comply with any applicable data protection or other laws. The Company will notify you of any material changes to this policy together with the revised policy through any other channels as determined by the Company. You are advised to review this policy periodically.

Effective Date: March 1, 2025