THAI World Shopping Privacy and Cookies Policy
This privacy notice (the „Notice“) explains how we process personal data in relation with your use of the Royal Orchid Plus (“THAI World Shopping ”). Your use of THAI World Shopping is governed by the [THAI World Shopping Terms and Conditions].
This is the Privacy and Cookies Policy of Loylogic Rewards FZE, together with its subsidiaries and affiliates ("Loylogic", “we”, “us”, “our”)
When you login to or use THAI World Shopping, the processing of your personal data will be by [client name, address, and phone number or e-mail address] (“Provider”, “we”, “us”, “our”). For general questions related to THAI World Shopping itself, in the first instance please contact email@example.com
Please note that when you purchase a product or service in THAI World Shopping (the “Reward”), the processing of your personal data in relation with that purchase will be controlled separately by the seller of that product or service (the “Merchant”). Please refer to the Merchant details tab on THAI World Shopping to learn more about the Merchants.
2. Personal data processing
When you login to or use THAI World Shopping, we will receive and process personal data, in particular the following:
- first and last name
- date of birth
- sex at birth
- about me details
- preferred language
- e-mail address
- contact telephone number
- IP address
- points balance
- membership tier
- membership number
We may process the data set out above in order to provide and operate THAI World Shopping, and to respond to your enquiries and follow up with you if needed, in particular to:
- authenticate your identity
- process transactions you have requested
- allow us to improve our services to you or to develop new services
- reply to e-mails from you
- personalise and tailor your experience on THAI World Shopping
- analyse your use of THAI World Shopping and gather feedback to enable the improvement of THAI World Shopping and your user experience.
When processing this personal data, we will rely on the legal ground that the processing is necessary for the performance of a contract with you and/or in order to take steps at your request prior to entering into that contract.
There is generally no legal obligation for you to provide your data to us. However, without personal data we will not be able to sign you up for or let you use THAI World Shopping, or communicate with you.
3. Disclosure of personal data
We may share your personal data
- with the relevant Merchant when you purchase a Reward, for example your name, e-mail address, contact phone number and shipping address
- with our affiliated companies for the purposes set out in sec. 2
- with service providers acting as processors, for example to run THAI World Shopping on our behalf, or procure IT services and other business-related services
- with other parties acting on their own behalf, such as authorities and with potential purchasers of our business or parts thereof.
To learn more about Merchants and their data processing please see merchant privacy notice
We work with Wirecard Bank AG, to process card payments. To learn more about Wirecard and their data processing please see here privacy notice.
In certain cases we may transfer personal data to recipients abroad in countries outside of Switzerland or the EU/EEA that have no appropriate level of data protection. In that case we will rely on the recipient’s certification under the EU-US or CH-US Privacy Shield, if the recipient is located in the US and is certified, or ensure that your personal data is protected for example by requiring the recipient to enter into a contract that protects your data. If you wish to obtain a copy of such a data transfer agreement please contact us.
4. Storage and retention
We will keep your personal data for as long as it is necessary for the purposes for which we have collected it and to protect legitimate interests, for example in asserting or defending claims, maintaining back-ups and archives, and ensuring IT security. We will also store personal data as required under applicable laws.
We use the following types of cookies:
- Strictly necessary cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, or use a shopping cart.
- Analytical/performance cookies: These allow us to recognise and count the number of visitors and to see how visitors move around THAI World Shopping when they are using it. This helps us to improve the way THAI World Shopping works.
- Functionality cookies: These are used to recognise you when you return to THAI World Shopping. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies: These cookies record your visits to THAI World Shopping. We will use this information to make THAI World Shopping more relevant to your interests.
6. Your rights
You have the following rights in relation to your personal data, subject to the requirements of applicable law:
- Access: the right to request, at any time and free of charge, access to your personal data stored and processed by us;
- Rectification: the right to have incorrect or incomplete personal data corrected or updated;
- Deletion: the right to have your personal data erased if it is no longer necessary or if you have withdrawn consent or have objected to the processing (provided there are no other grounds for processing), or if your personal data is processed unlawfully;
- Restriction: the right to request that the processing of your personal data be restricted;
- Right to data portability: the right to receive or transfer to someone else the personal data that you have provided to us, free of charge, in a commonly used and machine-readable format;
- Right to lodge a complaint: the right to lodge a complaint with a competent supervisory authority about the way we process your personal data or your requests;
- Right to withdraw consent: the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the right to object to data processing and revoke consent.
This is the privacy notice(“Notice”) of Loylogic Rewards FZE ("Loylogic", “we”, “us”, “our”) in relation to the provision of all our consumer services and our website (www.pointspay.com, “the website”) in connection with the PointsPay Program (together “the Services”).This Notice sets out how we process personal information that you give to us, or that we may collect or otherwise process in the course of providing the Services to you.
1. Information About Us
1.1. Loylogic Rewards FZE whose registered address is Dubai Airport Freezone Authority, PO Box 293805, Dubai United Arab Emirates is the controller with respect to processing pursuant to this Notice and websites are owned and operated by it. For any questions you may have in relation with the processing of your personal data or when executing your data protection rights, you can contact us by email at: firstname.lastname@example.org.
1.2. Our EU representative for data related queries is Loylogic AG Latvia branch, registration number: 40103284489, legal address: Brivibas street 40-35, Riga, LV-1050. If you have any questions about how we handle data with respect to this Notice you can contact us by email at: email@example.com
2. What This Notice Covers
This Privacy Notice applies to your use of our Services. The website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such website before providing any data to them.
3. What Data do we collect?
- personal details (e.g. name, date of birth, gender);
- contact information (e.g. telephone number, address details, country of residence, e-mail address);
- information on your use of PointsPay (e.g. your shopping behaviour, your payment behaviour and your use of points or cash portion, invoicing and reporting details);
- loyalty program account information (inc. user program profile details, loyalty program currency such as points/miles etc.);
- general payment information such as credit / debit card details;
- technical information (e.g. IP address, web browser type and version, operating system; list of URLs starting with a referring website, your activity on Our website, and the website you exit to).
3.2. Such data may also include sensitive data, i.e. data that requests higher protection. We will usually not process such information unless you give your prior consent thereto.
3.3. You are at no time obliged to provide us with your personal data. However, should you not wish to provide the information we ask you for you may not be able to use all of our Services.
4. How We Use your Data and legal basis of processing
4.1. When provisioning our Services we may use your data in order to:
- provide you with our Services (incl. payment card transactions within PointsPay Program);
- co-ordinate with your loyalty program provider(s) and PointsPay merchants;
- process transactions you have requested within a loyalty program;
- allow us to improve our services to you or to develop new services;
- authenticate your identity;
- personalising and tailoring your experience on our website;
- replying to emails from you;
- analysing your use of our website and gathering feedback to enable us to continually improve our website and your user experience
- provide you with (direct) marketing materials by email, telephone, SMS and/or by post, but only where you have given us your permission to do so.
4.2. Our use of your personal data will only be processed on a lawful basis, either because it is necessary for the performance of a contract with you, because you have consented to our use of your personal data, or because it reflects a legal requirement or is necessary for legitimate interests.
4.3. When we base processing of your personal data on legitimate interest, this primarily refers to our interest to provide you with our Services and to run, monitor and improve our business activities (incl. cooperating with business partners).
5. Automated decision making (incl. profiling)
5.1. "Automated individual decision making" relates to decisions which are based solely on automated means and which result in negative legal effects or other similarly negative effects on you. We will inform you separately if we make automated individual decisions and provided that such information is required by law.
5.2. "Profiling" means a process by which personal data is processed automatically to evaluate, analyse or predict personal aspects, e.g. work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements. We carry out profiling, e.g. when analysing purchasing behaviour, in the selection of job applicants, in the examination of contractual partners, etc.
6.3. We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Our website uses analytics services provided by Google Analytics. you do not have to allow us to use these Cookies, as detailed below, however whilst our use of them does not pose any risk to your privacy or your safe use of our website, it does enable us to continually improve our website , making it a better and more useful experience for you. For more information on the use of Google Analytics, including how to opt out, visit Privacy Overview.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have viewed and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
6.4. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our website.
6.5. Cookies are destroyed once they are no longer necessary for their purpose.
7. Google Analytics
7.3. We use Google Analytics to analyse and regularly improve the use of our website. Through the obtained statistics we can improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacy-shield.gov/EU-US-Framework.
7.4. Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
- Privacy Notice: http://www.google.com/intl/de/analytics/learn/privacy.html,
- Privacy Notice: http://www.google.de/intl/de/policies/privacy.
8. How we share your data
8.1. We may co-ordinate with third parties in the provision of your selected Services to you (e.g. your loyalties program provider(s), PointsPay Merchants, payment service providers, financial institutions, and suppliers). These parties may process your personal data to supply services to you on our behalf as well as for their own purposes. In that case, these parties act as controllers, and you are invited to review their privacy notices to learn more about their processing.
8.2. We may also share your data with other companies in our group for the provision of some of the services, for example, payment processing as well as for their own purposes. This includes our holding company, Loylogic Holding AG, and its affiliates and subsidiaries.
8.3. In some cases, the third parties may require access to some or all of your data. Where any of your data is shared for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
8.4. Third parties (including PointsPay Merchants and service providers) whose content appears on our website may use third party cookies, as detailed below in section 6 onwards. Please refer to section 6 for more information on controlling cookies.
8.5. We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Notice, be permitted to use that data only for the same purposes for which it was originally collected by is.
8.6. We may compile statistics about the use of our website including data on traffic, usage patterns, user numbers, sales, and other information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, analytics service providers and advertisers. Data will only be shared and used within the bounds of the law.
8.7. In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.
8.8. In case that we share and transfer your personal data with third parties (incl. other group-companies) that are located outside of Switzerland and/or of the European Economic Area (“the EEA”) (e.g. United Arab Emirates or India) and we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be under the data protection law applicable to respective processing in Switzerland or within the EEA. In such cases, we will ensure data protection with standard contractual clauses for data transfers to third countries issued and approved by the EU Commission and/or the Federal Data Protection and Information Commissioner (FDPIC), as accordingly amended and adapted to local circumstances.
9. Data protection rights
9.1. According to the applicable law, you may have the right to:
- request access to your personal information.
- request correction of the personal information that we hold about you if it is inaccurate.
- request erasure of your personal information if there is no good reason for us continuing to process it.
- ask us to stop processing personal information (where we are relying on a legitimate interest) if you wish to object to processing on this ground.
- withdraw your consent to processing of your personal data.
- request the restriction of processing of your personal information.
- request the transfer of your personal information to another party.
- lodge a complaint with the competent data protection supervisory authority, in Switzerland with the FDPIC.
9.2. In particular, you may withdraw your consent in relation with direct marketing measures and request us to remove your information from our marketing database entirely by emailing, writing or calling us using at the contact details above. However, such withdrawal does not affect the lawfulness of former processing. Whenever we contact you for direct marketing communications (e.g. to send you an email newsletter which you have requested) you will normally find an email or other address at the bottom of the email, which you can use to tell us that you no longer wish to receive the newsletter or other communication in question.
9.3. Servicing emails sent to you are triggered automatically when you use the website, for example, when you make a purchase or if you add items to a wish list. If you do not wish to receive service triggered emails, you must request stop using the website and request deletion of your membership.
10.1. Securing your personal and non-personal information is very important to us and we take the necessary technical and organizational measures in order to ensure an adequate level of data protection appropriate to the risk that is related to a respective processing. In particular, all customer databases are held in a secure environment and (except for law enforcement authorities in limited circumstances), only our employees or other persons who need access to your information in order to perform their duties are allowed such access.
10.2. Where you are using our website, we attempt to provide for the secure transmission of your information from your computer to our servers by utilising encryption software. However, due to the inherent open nature of the Internet, we cannot guarantee that communications between you and us will be free from unauthorised access by third parties, such as hackers.
10.3. Our website utilise SSL certificate-based encryption on pages where secure information is transmitted over the Internet. All critical information is encrypted using AES 256 algorithm and stored.
11. How long we store your personal data
We do not keep your personal data for any longer than is necessary in light of the reason(s) it has been collected. We moreover retain personal data as long as we have a legitimate interest in the storage, e.g. if we need personal data for the enforcement of or the defence against claims, for archiving purposes and for guaranteeing IT security. We also retain your personal data as long as you do not withdraw your consent and it is subject to a legal retention obligation.
12. Privacy Notice Updates
We may change this Privacy and Cookies Notice from time to time as we add new products and apps, as we improve our current offerings, and as technologies and laws change. Any changes will become effective upon our posting of the revised Privacy & Cookies Notice on our affected website. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Moreover, this notice will be provided by email or by posting notice of the changes consistent with applicable laws.
13. Website Owner
The entire contents of Loylogic website are owned by Loylogic and protected by copyright (all rights reserved). The downloading or printing of individual pages or passages from the website is only permitted if neither a copyright notice nor any other legally protected titles are removed. If you download data from the Loylogic website or reproduce it in any other way, all proprietary rights remain with Loylogic. The (complete or partial) reproduction, transmission (electronically or by other means), modification, linking or usage of the Loylogic website for public or commercial purposes is forbidden without the prior written agreement of Loylogic.
Last updated: 18th September, 2019