Privacy Notice

Backyard Co., Ltd. ("Company") recognizes and prioritizes the protection of the personal data of individuals who engage with and utilize the Company’s services (hereinafter referred to as "you"). The Company will handle and manage your personal data with transparency, fairness, and in compliance with the Personal Data Protection Act and other related laws.
This Privacy Notice ("Notice") aims to inform you about how the Company collects, uses, discloses, and protects your personal data.

The Company recommends that you thoroughly read and understand this Notice prior to providing your personal data. If you have any concerns, questions, or need further information regarding this Notice or other related notices and policies, please contact the Company through the contact details provided at the end of this Notice.

Personal data refers to information about an individual that enables the identification of that individual, whether directly or indirectly, such as name, surname, identification number, phone number, date of birth, personal codes, photos or videos captured by CCTV, and biometric data such as facial recognition and fingerprints. It does not include data of deceased individuals.

Generally, the Company collects personal data directly from you, such as through form submissions, phone communications, or via the Company’s websites or applications. However, in some cases, the Company may receive your personal data from third parties whom the Company believes, in good faith, have the right to collect and disclose your personal data to the Company. The Company will only collect personal data as necessary and use it for specific lawful purposes or as required by law. When you contact or use the Company’s websites or applications, the Company must comply with legal requirements to collect certain information about your usage, such as your IP address. Additionally, to facilitate the use of the Company’s websites or applications, the Company may employ automated technologies to collect usage data, which may include cookies, web beacons, pixel tags, and similar tracking technologies collectively referred to as “Cookies.” You can read more about the use of Cookies on the Company’s website.

Sensitive Data The Personal Data Protection Act categorizes certain types of data as sensitive, such as race, religion, sexual behavior, political opinions, disabilities, genetic data, biological data, health data, and etc. The collection of such data is only permitted as required by law, which may include obtaining your explicit consent. Therefore, the Company will collect sensitive data only when necessary and will clearly inform you of the reasons and may seek your consent for such collection in certain cases. Personal Data of Minors, Quasi-incompetent persons, and incompetent persons ("Legally incapacitated persons") The Company will process the personal data of Legally incapacitated persons only when necessary and in accordance with data protection laws. In cases where it is necessary to process the personal data of legally incapacitated persons, the Company will obtain consent from their legal guardians or legal representatives, except when it pertains to the consent of minors over the age of 10 for personal matters necessary for their suitable living conditions, in which case the minors can provide consent independently.

The personal data that the Company may collect from you includes the following:

• When you contact, participate in activities, or request services from the Company, or when the Company conducts research and surveys, the Company may collect
  • Personal Information: Name, surname, identification number, etc.
  • Contact Information: Email, phone number, address, social media contact information, workplace, etc.
  • Job-related Information: Profession, position, affiliated department, etc.
  • Technical and Usage Information: IP Address when you use the Company’s online services, etc.
  • Other Personal Information: Any other personal information you voluntarily provide to the Company.
• When you enter the Company’s premises, the Company may record your image using CCTV cameras. The Company will post signs to inform you that CCTV cameras are in use within the premises.
• When you enter areas where the Company holds meetings, seminars, public hearings, or any other activities, the Company may take photos or videos to document the events or for use in Company publicity materials. The Company will post signs to inform you that photos or videos are being recorded in those areas.

The Company may need to collect, use, or disclose your personal data for the following purposes:

• To allow you to use services or participate in the Company’s activities.
• To assist you, respond to your inquiries, or address your complaints.
• To analyze and review for improving activities or developing new services to enhance your convenience and experience with the Company’s services.
• For recruitment purposes.
• For procurement and asset management of the Company.
• For receiving and disbursing funds or conducting any financial and accounting operations of the Company.
• To publicize the Company’s activities and information to you and invite you to participate in the Company’s activities.
• To prevent illegal activities. The Company may inspect collected data, including CCTV footage, to monitor, detect, and prevent illegal actions.
• To comply with legal obligations or other laws that require the Company to perform specific duties..

The Company will collect, use, and disclose your personal data only as necessary and in accordance with data protection laws. The data protection laws provide several legal bases under different circumstances that allow the Company, as the data controller, to perform these activities. Generally, the Company will collect, use, and disclose your personal data based on the following legal grounds:

Generally, the Company will collect, use, and disclose your personal data where there is a lawful basis, including:

• When you or your legal representative have given consent.
• It is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract.
• It is necessary to protect or prevent harm to life, body, or health of an individual.
• It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Company.
• It is necessary for the legitimate interests of the Company or a third party, except where such interests are overridden by your fundamental rights in personal data.
• It is necessary to achieve purposes related to public interest historical or archival documentation, research or statistics, with appropriate safeguards in place to protect your rights and freedoms, as specified by the Personal Data Protection Committee.
• It is necessary to comply with legal obligations to which the Company is subject.

In certain cases, the company may deny the request to exercise the above rights if there is a lawful reason, or if it is necessary to comply with legal requirements or court orders, or if such action could impact and cause harm to the rights or freedoms of the data subject or other individuals.

As the data subject, you have several rights under the data protection laws, and the Company is committed to facilitating the exercise of these rights. These rights include:

• Right to be Informed: The Company will inform you of the purposes of data collection, use, and disclosure through a “Privacy Notice.”
• Right to Withdraw Consent: You may withdraw your consent at any time.
• Right of Access: You can request access to your personal data and obtain a copy of the data, as well as request disclosure of the source of the data.
• Right to Rectification: You can request correction of inaccurate personal data to ensure it is accurate, up-to-date, and does not lead to misunderstandings.
• Right to Erasure: You can request the Company to delete, destroy, or anonymize your personal data.
• Right to Data Portability: If the Company’s data system supports automatic reading or usage, you can request a copy of your personal data and request its transfer to another data controller.
• Right to Restrict Processing: You can request the Company to restrict the use of your personal data.
• Right to Object: You can object to the processing of your personal data.

The Company will not publish, sell, distribute, exchange, transfer, or disclose any of your personal data collected by the Company to external parties, except as specified in this notice, upon your request or consent, or under certain circumstances as follows If the Company believes in good faith that disclosure is required by law, or in response to lawful requests by governmental authorities, court orders, or legal processes.

• When the Company believes in good faith that it is required by law, or to comply with legal orders of authorized state officials, court orders, or legal proceedings.
• Sharing data with reliable entities working on behalf of or for the Company under agreements or contracts that ensure compliance with data protection laws similar to those of the Company. This may include data storage and usage for delivering services to you, or for Company projects or activities such as surveys and data analysis, publicity, etc.
• When the Company believes in good faith that it is necessary to disclose your personal data under situations where:
  • It is for the investigation, prevention, or suppression of crimes, fraud, or deceit.
  • To prevent or respond to threats or actions that may cause harm to rights, property, or safety of the public, including the Company and its affiliates.
  • To prevent or respond to actions that violate the Company's terms of service or the law.

In cases where the Company has concerns about your physical safety or deems it necessary to take action to protect you from threats or actions that may cause harm, the Company will discuss with you and seek your permission to notify necessary parties before taking action, where possible.

If any of the above situations arise, the Company will record as evidence which data has been disclosed, under what reasons and circumstances, so that you can be informed of what actions the Company has taken regarding your personal data.

The Company recognizes the trust you place in providing your important data and, as required by data protection laws, implements security measures and management practices to ensure that such data is protected and accessible for review by the data owner.

Examples of security measures and data protection practices used by the Company include:

• Restricting access to personal data to only those Company employees who need to know (Need to Know Basis).
• Implementing measures to prevent unauthorized access to systems and data, such as the use of passwords to access service systems.
• Encrypting confidential data to ensure it cannot be read by unauthorized persons
• Establishing data protection procedures and handling suspected personal data breaches. If such an incident occurs, the Company will promptly notify you and relevant authorities if required by law
• Conducting training for Company employees to raise awareness and understanding of personal data protection procedures and how to handle suspected data breaches.
• Periodically reviewing data protection procedures to ensure they remain appropriate and aligned with current circumstances.
• Regularly testing systems that store or process personal data to ensure security and implementing the latest security patches and updates.

Please be aware that transmitting data over public networks or using public computers, or even personal computers or devices infected with malware, carries risks. The Company cannot guarantee the security of your data, which may be accessed, disclosed, or transferred without authorization, potentially causing you harm.

The Company stores, uses, and processes your personal data on systems located in Thailand. However, data transfer for storage or processing may sometimes occur across regions or countries. The Company ensures that such transfers are conducted securely and that recipients have adequate data protection measures in place, compliant with legal standards. Contracts are established with third parties involved in data transfer, storage, or processing to enforce the Company's data protection measures.

The Company retains your personal data for the period necessary to fulfill its stated purposes and comply with legal obligations. The retention period may vary depending on the nature of the data, specified activity and service.
In cases where the Company receives notice or reasonably believes there may be a breach of its service agreements, legal violations, or disputes, personal data may be retained beyond the standard period for investigation, legal proceedings, and evidence collection, until the process concludes or as required by relevant laws.

In certain circumstances, some Company services may link to third-party websites, applications, or services for your convenience. If you use these links, you will leave the Company's services. The Company does not have control over and cannot verify the accuracy or reliability of these third-party sites, applications, or services.

This notice is intended solely for the services provided by the company. If you use the provided links to access third-party services that fall outside the scope of this notice, the company recommends that you read and understand the privacy policy or notice of those services before using them.

The company may update this notice from time to time to ensure that its content remains appropriate, current, and compliant with data protection laws and relevant regulations. If the company makes changes to this notice, the latest version will be displayed on the company's website, and notifications may be provided through appropriate channels. The company recommends that you regularly review this notice, especially before submitting personal information through the company's services.

Continued use of the company's services after the notice has been updated and posted signifies your acceptance of and agreement to the revised notice.

If you have any questions, suggestions, comments, or need further information regarding the details of this notice, you can contact the Company at:

Backyard Co., Ltd.
29 Bangkok Business Center Building, Room 2201-2, 22nd Floor
Sukhumvit 63 (Ekkamai) Road, Klongton-Nua, Watthana, Bangkok 10110
Phone: 02-853-9131
Email: legal@backyard.in.th