PRIVACY & DATA PROTECTION
For Customers
We, LVMH Perfumes and Cosmetics (Thailand) Ltd. (“we,” “us,” “our,” or “ours,” or the “Company”), value your right in respect to your Personal Data, and we are committed to the responsible collection, use, disclosure and transfer (“process” “processing” or “processed”) of your Personal Data. We have adopted this Privacy Policy (“Privacy Policy”) to explain the processing of your Personal Data under Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
It is necessary for you to read and understand the information in relation to the processing of your Personal Data, as specified in this Privacy Policy, in order to understand how we process your Personal Data and know the data subject’s rights you have. The content of this Privacy Policy is as follows:
- Application of this Privacy Policy
This Privacy Policy applies to you if you are: -
Category of Data Subject |
Definition |
Associated Person |
Any persons relevant to the Customers, such as representatives, gift receivers, persons who may involve in the campaigns, events or workshops together with Customers. |
Customers |
Member Customer and Non-Member Customer, collectively. |
Member Customer |
A customer (a natural person) who has registered via our website i.e., https://shop.dior.co.th/, and/or LINE Official Account, and/or our counter stores, and/or our boutique store, or via other means, for personal use. |
A contact person or authorized representative of the customer entity has registered via our website i.e., https://shop.dior.co.th/, and/or LINE Official Account, and/or our counter stores, and/or our boutique store, or via other means. |
|
Non-Member Customer |
A natural person who has not registered a membership of the Company. |
- Customers who are Minor
We may collect the Personal Data as described below from person(s) who have not yet attained the age of majority in Thailand. In the case of minors, particularly those between the ages of more than 10 but less than 20 years old, we strongly advise that your parents or legal guardians review this Privacy Policy together with you, and that the parents or guardians of minors give consent (if required) and guidance before a minor provides his/her Personal Data.
- The Types of Personal Data that We Process
In general, we will collect and process the following categories of your Personal Data:
Category of Personal Data |
Collection of your Personal Data |
Device information and access data |
Information on Internet connection (IP address), cookie information |
Identification and contact information
|
Full name, prefix, mobile phone numbers, telephone number, address, email address, date of birth, age, gender, identification card number and data contained in the identification card, passport number and data contained in the passport, flight and travelling information, tax identification number, nationality, LINE ID, signature, username and password of client’s online account, purchase history, photographs, video records |
Finance information |
Your bank account number and bank account information |
Payment information |
Documentation or details that provide proof of payment for a transaction |
Work information |
Your company telephone number, company name and address, position, occupation |
Personal Data of Associated Persons |
Full name, address, contact number, photographs, video records |
Sensitive Personal Data |
We may process your health-related data e.g., symptoms, disease, allergies, photos of allergy reactions, medical certificate, medical treatment, etc.
Your Sensitive Personal Data may appear on the copy of your identification card, i.e., your religious belief and/or blood type data. However, we do not have an intention to process such Sensitive Personal Data; therefore, we will require you to blind, cross out or omit the information about religious belief and/or blood type before providing a copy of your identification card to us.
In the case where such Sensitive Personal Data still appears on a copy of identification card, we may, at any time, blind or cross out such Sensitive Personal Data in order to comply with the PDPA (which requires us to collect personal data to the extent that is necessary and relevant for our business operations). |
In the case where we will collect the Personal Data other than those prescribed in this Privacy Policy, we will inform you about the collection or the processing of the Personal Data and may request for your consent (if required), in accordance with the conditions prescribed by the PDPA.
- Methods for the collection of your Personal Data
In general, we will collect the Personal Data directly from you; however, in the case where it is necessary for us to collect your Personal Data from other sources, we will ensure that your Personal Data will be collected and protected in accordance with the PDPA.
In the case where you provide the Personal Data of a third party including the Associated Persons to us, you warrant that you have informed such person about the processing of his/her Personal Data by us as explained in this Privacy Policy. In addition, if the consent for the processing of the Personal Data is required, you agree to assist us in obtaining the valid and enforceable consent from such person in accordance with the requirements prescribed in the PDPA.
- Purposes for Processing your Personal Data
In general, we will process your Personal Data for the following purposes:
Purposes |
Type of Personal Data |
Legal Basis |
To enter into an agreement or establish a legal relationship with you or the legal entity of which you were authorized to represent, and to execute and perform the obligations under such agreement or legal relationship
Your Personal Data is necessary for the following purposes:
|
Remark: If you do not provide any Personal Data that is necessary for creation and registration of customer’s account in our systems, payment completion, and order delivery, we may not be able to enter into an agreement with you, nor to execute or perform our obligations as specified under the said agreement or legal relationship (either in whole or in part), nor to proceed with your order and the payment. |
|
To furnish you with our beauty services, new products, sampling, gift or rewards redemption
Your Personal Data is necessary:
|
Remark: If you do not provide any Personal Data that is necessary for receiving new products and sampling to you, gift/rewards redemption, and reservation and receiving of our beauty services, we may not be able to serve you or to perform our obligations under the agreement between you and us, either in whole or in part. |
|
To participate in the campaigns, attend events or workshops, arranged by the Company
Your Personal Data is necessary:
|
Remark: If you do not provide any Personal Data that is necessary to invite you to participate in the campaign, or attend events or workshops, or to enable you to register or participate in the campaigns, or attend events or workshops, or to contact and communicate with you regarding the campaigns, events or workshops, we may not be able to allow you to participate in the campaign or attend the events or workshops, or may not be able to perform our obligations under the agreement between you and us, either in whole or in part. |
|
To handle your request and/or complaints via online and offline channels
Your Personal Data is necessary:
|
Remark: If you do not provide any Personal Data that is necessary for us to handle your request and/or complaints in respect to product allergies, we may not be able to solve your concerns and requests and we may be unable to comply with the laws which may result us in violation of the law applicable to us. Moreover, if you do not provide any Personal Data that is necessary for handle customer requests for a product change/return/refund, refund in case of false payment, we may not be able to serve you or to perform our obligations under the agreement between you and us, either in whole or in part. |
|
To record your purchase history and our daily sales |
|
Legitimate interest |
To conduct data analysis, and for sending marketing material/information for example, promotional message, marketing campaign
|
|
|
To comply with applicable laws
We may be required to process your Personal Data for complying with laws, regulations, orders, notifications, or other rules issued by authorities.
|
The type of the Personal Data being processed for this purpose would depend on a case-by-case basis, as required by applicable laws.
Remark: If you do not provide any Personal Data that is necessary for compliance with the law, which is applicable to us, we and/or you may be unable to comply with the laws, and that may affect the necessary processing of your Personal Data as well as may result in the violation of applicable law.
|
|
To establish, exercise, comply or defend legal claims
Your Personal Data may be processed as part of the establishment, exercising, compliance or defense of legal claims. |
The type of the Personal Data being processed for this purpose would depend on a case-by-case basis. |
|
Cookies
Your Personal Data may be processed in order to enhance your experience of visiting and using our website, to make the visit of our website more attractive, and to enable the use of certain functions, we use so-called “Cookies” on various pages.
For more information of the Cookies we use, please refer to section 6. Cookies below. |
|
Remark: You can adjust and set the using of cookies as per your preference on our website. |
In the case where we will process your Personal Data for purposes other than those prescribed in this Privacy Policy, which has been informed you, we will inform you about such additional processing of the Personal Data, and/or arrange to obtain your consent, if required by the applicable law.
- Cookies
Please note that Cookies are small text files that are stored on your device. Some of the Cookies we use are deleted after the end of the browser session, i.e., after closing your browser (so-called, session Cookies). Other Cookies may remain on your device and allow us or our affiliate to recognize your browser on your next visit (so called, persistent Cookies).
Below is the information about your choices as well as a detailed list of Cookies we use:
- Required Cookies
These Cookies are required to navigate our site, and in order to use the features provided. Without the use of such Cookies, proper functioning of our site is not guaranteed (e.g., entering text), while browsing through pages on the website. In addition, Cookies are used to collect information about the operation of our website, for example, to provide main content, and handle malfunction of website. We also use these Cookies to store or to temporarily store the information you have entered, as necessary.
- Functional Cookies
These Cookies collect pseudonymous information and cannot track your movements on other websites. We use these Cookies for pseudonymized usage analysis. They also allow our site to remember your choices such as language, or region to provide improved features.
- Personalization and Advertising Cookies
These Cookies are used to play more targeted advertising relevant to the user and adapted to their interests.
You can set your browser so that you are informed about the setting of Cookies and individually decide on their acceptance or decline the acceptance of cookies for specific or in general at any time by setting on the website as your preference. However, the decline to accept some of Cookies may limit the functionality of our website or make the website process inefficiency. Moreover, you can install additional add-ons in your browser that block unnecessary cookies. By doing so, you will not see any interest-based advertisements.
This Privacy Policy covers the use of Cookies by us and does not cover the use of cookies by any advertisers, or other third-party websites, which may link to our website. If you link to or is directed to a third-party website, you are encouraged to read the privacy policy, as well as cookies policy, of such third-party website.
- Disclosure of Your Personal Data
In processing Personal Data for the above purposes, it may be necessary for us to disclose your Personal Data to third parties, as follows:
- to third-party vendors, suppliers or service provider, who provide services to us, such as system and database outsourced companies, payment gateway agency, delivery service provider, marketing and data analysis agencies, etc. to create and register customer accounts, to proceed with purchase payment, to deliver the purchase order to you or the Associated Person, to send greeting card to gift receiver, to enable Customers and persons who may involve in the campaigns, events or workshops together with Customers to register or participate in the campaigns, or attend events or workshops, to handle Customers’ issues and complaints in respect to product allergies and a product change/return/refund (non-allergy) and to conduct data analysis, and to conduct data analysis, and for sending marketing material/information for example, promotional message, marketing campaign;
- to external legal counsels in the case of legal proceedings and legal execution to establish, exercise, comply or defend legal claims;
- to any competent regulatory, prosecuting, tax or governmental agencies, courts or other tribunals in any jurisdiction, including, without limitation, the Revenue Department, and Food and Drug Administration, Ministry of Public Health to proceed or submit any required information and documents, or arrange to comply with our tax obligations and to submit the required documents to the Revenue Department and to comply with applicable law such as the PDPA, law related to adverse event from using cosmetics and to establish, exercise, comply or defend legal claims;
- to any other persons or entities to whom we are required to make disclosure by applicable law, or whom we are permitted by you or your organization to disclose your Personal Data; and/or
- to prospect buyer in case of merger or acquisition of our business.
- The Cross-Border Transfer of the Personal Data
We regularly transfer, disclose, and give access of your Personal Data to third parties (Australia and Singapore), for processing of Personal Data for the purposes mentioned in this Privacy Policy e.g., to create and register customer accounts, to proceed with purchase payment, to deliver the purchase order to you or the Associated Person, to send greeting card to gift receiver, to enable Customers and persons who may involve in the campaigns, events or workshops together with Customers to register or participate in the campaigns, or attend events or workshops, to handle Customers’ issues and complaints in respect to a product change/return/refund (non-allergy) and conduct data analysis, and for sending marketing material/information for example, promotional message, marketing campaign. The destination countries may have different data protection standards to those prescribed by the data protection authority in Thailand.
Notwithstanding that, we will ensure that it will protect your Personal Data by implementing adequate personal data protection standards for the transfer of your Personal Data outside Thailand, as prescribed under the PDPA.
- Retention of the Personal Data
We retain your Personal Data for as long as is required in order to fulfil our contractual obligations under the agreement with you. In general, we will retain your Personal Data throughout the period of contractual relationship and retain not exceeding ten (10) years after the cessation of our contractual relationship, or our last contact/communication.
We will retain the Personal Data of the Associated Person for a duration that does not exceed the period during which we retain the Personal Data of the Customer to whom the Associated Person is related with.
Notwithstanding the above, we may retain your Personal Data longer than the above period, only as otherwise permitted or specified by the applicable law.
- Your Rights to Personal Data
Subject to the conditions and limitations imposed by the PDPA, you have the following rights with respect to your Personal Data:
- To withdraw your consent, or to request a change to the scope of your consent;
- To access or to obtain a copy of your Personal Data which is under the Company’s responsibility, and to request to disclose the source(s) of your Personal Data which has been obtained without your consent;
- To request to correct or update your Personal Data;
- In certain circumstances, you may request to delete, destroy or de-identify your Personal Data;
- In certain circumstances, you may request to object the processing of your Personal Data;
- In certain circumstances, you may request to receive your Personal Data from the Company that arranges your Personal Data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, and request the Company to send or transfer such Personal Data in such formats to other data controllers as provided by the law; and
- In certain circumstances, you may request suspension of the processing of your Personal Data.
We reserve the right not to comply with your request if this is appropriate, and as permitted by the applicable law.
In addition to the rights above, you also have the right to file a complaint in relation to our processing of your Personal Data with the Personal Data Protection Committee, in accordance with the procedures set out in the PDPA. However, we kindly request that you reach out to us first in case of any concerns so that we can effectively address your issue in a timely manner.
As far as permitted by the applicable law and regulations, we may be entitled to charge reasonable expenses incurred in respect to handling any of the above requests.
- Contact Details
If you have any inquiries in relation to your Personal Data, or you would like to exercise any of your Data Subject Rights, you may contact us at:
Data Protection Officer: Tilleke & Gibbins Digital Solutions Co., Ltd.
Contact Address: Supalai Grand Tower, 20th - 26th Floor, 1011 Rama 3 Road, Chongnonsi Sub-district, Yannawa District, Bangkok 10120, Thailand
Email: digital@tilleke.com
- Changes to this Privacy Policy
We may amend, change, or update this Privacy Policy from time to time, whereby we will update the changes on our website, or by sending you a notification to your e-mail, or your LINE account via our LINE Official Account or communicated through appropriate channels as deemed appropriate. However, we encourage you to regularly review this Privacy Policy to stay informed about any updates.
In the event that the amendment, change, or update will affect the purposes for which your Personal Data has originally been collected, we will notify you about such changes, and obtain your consent (if required by law), prior to such changes becoming effective.
Special Provision: Customer Identity and Access Management, or equivalent Management System, Platform, Tools and Database Operated, Managed or Accessible by the Company or the LVMH Group (“CIAM”)
Without limiting any other provisions of this Policy, your personal data may be Processed and/ or transferred outside of Singapore for purposes relating to CIAM, which is primarily aimed at the Company’s overall enhancement of customer service and Dior product offerings - in connection of CIAM, your personal data may be used and processed for the following purposes (non-exhaustive):
Security and prevention of misuse of services;
Detecting or preventing illegal activities (e.g. fraud, money laundering) or threats to physical safety and security, IT and network security;
Preventing of misuse of services;
Carrying out other necessary corporate due diligence;
Improving, enhancing or developing new goods or services;
Improving, enhancing or developing new methods or processes for business operations in relation to the organisations’ goods and services;
Learning or understanding behaviour and preferences of individuals (including groups of individuals segmented by profile);
Identifying goods or services that may be suitable for individuals (including groups of individuals segmented by profile) or personalising or customising any such goods or services for individuals; and/ or
Improving, enhancing or developing new goods or services.
We will endeavour to take steps to analyze and satisfy ourselves that our use of personal data for the business improvement purpose is one that a reasonable person would consider appropriate in the circumstances.
This Privacy Policy shall take effect from November 1, 2024, onwards.