Version : 2
Effective Date : 1 August 2023
Privacy Notice for Customer
Our Commitment to Privacy
This privacy notice (this "Privacy Notice") is issued by Canon Marketing (Thailand) Co., Ltd. (the “Company,” “we,” “us,” or “our”) and addressed to individuals outside our Company whom we interact with, including customers, personnel of corporate customers, visitors to our websites, or other online communication channels, and other recipients of our services ("you").
The purpose of this Privacy Notice is to describe how we collect, use, disclose, and/or transfer your personal data. This Privacy Notice also tells you about your rights and choices with respect to your personal data as a customer, and how you can reach us to get answers to your questions.
Please read this policy in its entirety. For easy accessibility, this Privacy Notice will be made available on https://th.canon.
Rights to Amend Our Privacy Notices
We may amend or update the Privacy Notice from time to time to reflect changes in our practices with respect to the collection, use, disclosure, and/or transfer of personal data, or changes in the applicable law. We encourage you to read this Privacy Notice carefully, and to regularly check this page to review any changes we might make in accordance with the terms of this Notice.
1. Scope: Personal Data
We CollectWe may collect or obtain the following types of information, which may include your personal data obtained directly from you or indirectly from other sources e.g., through our affiliates, subsidiaries, other third parties, such as sale representatives, dealers, or governmental organization. The specific type of data collected will depend on the context of your interactions with us, and the services or products you need or want from us and within our data ecosystem.
- Personal details, such as title, full name, gender, age, occupation, qualifications, job title, position, business type, nationality, country of residence, date of birth, information on government-issued cards (e.g., national identification number, social security number, passport number, tax identification number, driver's license details or similar identifiers), immigration details such as arrival and departure date, signature, voice, voice record, photograph, photos for recognition, personal data recorded by CCTV, work place, education, insurance details, license plate details, house registration, household income, salary, and personal income;
- Behaviour details, such as information about your purchasing behavior and data supplied through the use of our products and services;
- Contact details, such as postal address, delivery details, billing address, telephone number, fax number, email address, LINE ID, Facebook account, Facebook ID, Google ID, and other ID from social networking sites;
- Financial details, such as debit/ credit card or bank information, credit/debit card number, credit card type, cycle cut, bank account details, payment details, and records;
- Marketing and communication details, such as your preference in receiving marketing from us, our affiliates, subsidiaries, third parties, business partners, and your communication preferences, as well as update you about events or changes to our business;
- Membership details, such as account details, member card number, reward points, credit card issuance/expiration date, member ID (e.g. Canon ID and other customer ID), member type, customer type, member join/registration date and month, membership length, bank account and payment details, and service and product applications (e.g. membership application);
- Profile details, such as your username and password, profile details and picture, purchases, historical orders, past orders, purchase history, items bought, item quantity, orders or product recalls made by you, orders via website, COD amount, order ID, financial records, PIN, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation details, loyalty programs, your use of discount codes and promotions, customer order description, customer service, attendance to trade exhibitions and events, trade exhibitions, litigation, testing, and trials;
- Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID, device model and type, network, connection details, access details, single sign-on (SSO), login log, access time and location, time spent on our page, login data, search history, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access our website and/or application;
- Transaction details, such as details about payment to and from you, payment date and/or time, payment amount, details about refund, refund amount, points, date and location of purchase, purchase/order number, appointment date for service, address/date and time for pick up or delivery, acknowledgement of receipt, recipient signature, warranty details, complaints and claims, booking details, rental details, transaction, transaction history, location, transaction status, past sales transaction, status, purchasing behaviour, and other details of products and services you have purchased;
- Usage details, such as information on how you browse or use our website and/or application , products in customer's cart, wish list record, and timestamp of last click and Q&A record; and
- Sensitive data, such as religion and race in the official identification document.
If you provide personal data of the others to us, e.g. name and contact information of your family members, please provide this Privacy Notice to them for their acknowledgement and/or obtaining consent, if required, from them, where applicable.
We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.
We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parent or guardian has given their consent. We do not knowingly collect information from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. If we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.
2. How We Use Your Personal Data
2.1 The purposes of which you have given your consent:
- Marketing and communications : To provide marketing communications, e.g., sale promotions, special offers, notices, news, and information about other products and services including advertising services, from our us and our affiliates, subsidiaries, and/or business partners; and
- Sensitive data : To conduct authentication and verification.
2.2 The purposes we may rely on and other legal grounds for processing your Personal Data
We may also rely on a
- contractual basis, for our initiation or fulfilment of a contract with you;
- legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties;
- legal obligation, for the fulfilment of our legal obligations;
- vital interest, for preventing or suppressing a danger to a person’s life, body, or health; and/or
- public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities.
We may collect, use, or disclose your personal data for the following purposes:
- To provide products and services to you :
To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete and carry out financial transaction and services related to the payments including transaction checks, verification, and cancellation; to process your orders, delivery, and collections and returns; refund and exchange of products or services; to provide updates and on the delivery of the products, and to perform warehouse internal activities, including picking, packing, and labelling of packages, if any; to verify warranty period; to provide aftersales services, including maintenance and facility reservation;
- Registration and authentication :
To register, verify, identify, and authenticate you or your identity;
- Marketing and communication with you :
To communicate with you related to the products and services you obtain from us, our affiliates, subsidiaries, and from our business partners; to provide you with marketing communications, sales, special offers, rewards, gifts, promotions, notices, news, and information about the products and services, and to process and update your information; to handle customer service-related queries, request, feedback, complains, claims, disputes, or indemnity; to provide technical assistance and deal with technical issues; to process and update your information as our member through our stores; to facilitate your use of the products and services;
- Profiling and data analytics :
To measure your engagement with the products and services, undertake data analytics, data cleansing, and data profiling, market research, customer surveys, satisfaction surveys, assessments, behavior, statistics and segmentation, consumption trends and patterns, to know you better, improve business performance, better adapt our content to the identified preferences of our customers, determine the effectiveness of our promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development; to learn more about the products and services you purchase and receive, and other products and services you may be interested in receiving, including profiling based on the processing of your personal data, communication preferences; to examine your purchase history, purchased product models, purchased product serial number registration date, both online and offline; to recommend products and services that might be of interest to you, identify your preferences, and personalize your experience and so on;
- Training, workshop and other events/promotions :
To allow you to participate in our product training courses, events, workshops, online campaign on social media platforms; attend to trade exhibitions, customer events held by us;
- To improve business operations, products, and services :
To evaluate, develop, manage, and improve, research, and develop our services, products, systems, and business operations for you and all of our customers, including but not limited to, our business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, and marketing campaigns;
- IT Management :
For our own business management purposes including for our IT operations, management of communication systems, operation of IT security and IT security audits; reduce risk of data leakage; single sign on (SSO) into our microsites; internal business management for internal compliance requirements, policies, and procedures; to administer, operate, track, monitor, and manage our sites and application to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on our sites and application;
- Protection of our interests :
To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our premises which includes our use of CCTV; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
- Fraud detection :
To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This includes to perform sanction list checking, internal audits and records, asset management systems, and other business controls;
- Corporate transaction :
in the event of sale, transfer, merger, reorganization, or similar event we may transfer your information to one or more third parties as part of that transaction;
- Risks :
To perform risk management, audit performance, and risk assessments;
- Compliance with regulatory and compliance obligations :
To comply with legal obligations, legal proceedings, or government authorities' orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide and handle VAT refund services; issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime; and/or
- Life :
To prevent or suppress a danger to a person’s life, body or health.
If you fail to provide personal data which we need to collect based on the legal basis for entering into or performing the contract with you, you acknowledge and understand that we may not be able to fulfil the above listed purposes.
3. Sharing Your Personal Data
We may disclose or transfer your personal data to the following third parties who collect, use, and disclose your Personal Data in accordance with purposes under this Notice. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy notices to learn more details on how they collect, use and disclose your personal data as you are also subject to their privacy notices.
3.1. Our affiliates
We may disclose or transfer your personal data to our affiliates, e.g. Canon Singapore Pte. Ltd. and other entities within our group, or otherwise allow access to such personal data by our affiliates for the purposes set out in this Privacy Notice.
3.2. Our service providers
We may use other companies, agents, or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your personal data to our service providers or third-party suppliers including, but not limited to
- IT and technical support service providers;
- warehouse and logistic service providers;
- payment, invoice, billing service providers;
- marketing, advertising media, and communications agencies;
- travel agencies;
- ampaign and event organizers;
- sale representative agencies;
- telecommunications and communication service providers;
- payment, payment system, authentication, and dip chip service providers and agents;
- outsourced administrative service providers;
- auditors; and/or
- data storage and cloud service providers.
In the course of providing such services, the service providers may have access to your personal data. However, we will only provide our service providers with the information that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. We will ensure that the service providers we work with will keep your personal data secure as required under the laws.
3.3. Our business partners
We may transfer your personal data to our business partners to conduct business and services related to marketing, sales, promotional events whom we may jointly offer products or services, or whose products or services may be offered to you.
3.4. Social networking sites
We allow you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize us to access and store public data on your social network accounts (e.g. Facebook, Google), as well as other data mentioned during use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and to post personalized, relevant adverts on your social network account if appropriate.
We also partner with certain third parties that allow you to enroll in their services or participate in their promotions. For example, certain companies allow you to use your loyalty program number or online services login to receive or register for their services. Additionally, your social network account provider allows you to connect your social network account to your online services account or log into your online services account from your social network account. When you enroll in those services, we will share your Personal Data to those third parties. Personal data shared in this way will be governed by the third party’s privacy notice and not this Privacy Notice.
3.5. Third parties required by law
In certain circumstances, we may be required to disclose or share your personal data in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority, or other third party where we believe it is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.
4. Cross-border Transfers
We may disclose or transfer your personal data to our affiliates or third parties, or servers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your personal data is securely transferred and that the receiving parties have in place suitable data protection standards or other derogations as allowed by laws. We will request your consent where consent to cross-border transfer is required by law.
5. Data Retention
We retain your personal data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your personal data for a longer duration, as required by applicable law.
6. Cookies
If you visit our websites, we will gather certain information automatically from you by using cookies. Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because, without them, the site is otherwise unable to function properly. Other cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient, e.g., they remember your username in a secured way, as well as your language preferences.
Most internet browsers allow you to control whether or not to accept cookies. If you reject, remove, or block cookies, it can affect your user experience. Without cookies, your ability to use some or all of the features or areas of our websites may be limited.
In addition, some third parties may issue cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reach out to our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the personal data you previously submitted on our website. We do not at our website automatically collect Personal Data unless you provide such information or login with your account credentials.
7. Google Analytics
7.1 We use Google Analytics to monitor and analyse visitor behaviour. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
7.2 Furthermore, we use the Google Analytics Advertising Features. By enabling the Advertising Features, we enable Google Analytics to collect data about your traffic via Google advertising cookies and identifiers, in addition to data collected through a standard Google Analytics implementation.
We implemented the following Google Analytics Advertising Features.
- Google Signals
- Granular Location Device Data Collection
- Ads Personalisation
- Cross Platform Reporting
- Remarketing with Google Analytics
- Advertising Reporting Features
- Demographics and Interests
We use these Advertising Features to evaluate website usage and obtain reports and metrics that help us improve performance and user experience and serve relevant advertising. We use third-party advertising services, which means that our advertisements may be displayed on other websites, such as partner websites. Through these advertising services, we can display ads that are tailored to your individual interests. These advertising services may also track your online activity over time across multiple websites and apps by collecting information through automated means. This data collection takes place both on our website and on third-party websites and apps that participate in these advertising services.
7.3 Visitors can opt out of Google Analytics by the following means:
- Google Analytics Opt-out Browser Add-on
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.
- Managing Cookies in Your Browser
Most browsers allow you to manage how cookies are set and used as you’re browsing, and to clear cookies and browsing data. Also, your browser may have settings letting you manage cookies on a site-by-site basis. For example, Google Chrome’s settings allow you to delete existing cookies, allow or block all cookies, and set cookie preferences for websites. Google Chrome also offers Incognito mode, which deletes your browsing history and clears cookies on your device after you close your Incognito windows.
- Managing Other Technologies in Your Apps and Devices
Most mobile devices and applications allow you to manage how other technologies, such as unique identifiers used to identify a browser, app or device, are set and used. For example, the Advertising ID on Android devices or Apple’s Advertising Identifier can be managed in your device’s settings, while app-specific identifiers may typically be managed in the app’s settings.
7.4 For more information on the privacy practices of Google, please visit the Google Privacy Policy: https://policies.google.com/privacy
8. Your Rights
Subject to applicable laws and exceptions thereof, you may have the following rights to:
- Access :
You may have the right to access or request a copy of the personal data we are collecting, using, and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
- Rectification :
You may have the right to have incomplete, inaccurate, misleading, or or not up-to-date personal data that we collect, use, and disclose about you rectified.
- Data Portability :
You may have the right to obtain personal data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we are processing such data on the basis of your consent or to perform a contract with you.
- Objection :
You may have the right to object to certain collection, use, and disclosure of your personal data such as objecting to direct marketing.
- Restriction :
You may have the right to restrict the use of your personal data in certain circumstances.
- Withdraw Consent :
For the purposes you have consented to our collecting, using, and disclosing of your personal data, you have the right to withdraw your consent at any time.
- Deletion :
You may have the right to request that we delete or anonymize your personal data that we collect, use, and disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
- Lodge a complaint :
You may have the right to lodge a complaint to the competent authority where you believe our collection, use, and disclosure of your personal data is unlawful or noncompliant with applicable data protection law.
9. How to Contact Us
If you have any questions about our practices and activities relating to your personal data, you can contact us per the details below. We will be happy to help with requests for information, suggestions, or complaints:
Canon Marketing (Thailand) Co., Ltd.
- Corporate Legal Department
- No.98 Sathorn Square Office Tower, 22nd -24th floor, North Sathorn Road, Silom, Bangrak, Bangkok. 10500
- Tel. 0-2344-9988 Ext. 4600 and 4602
- CMT-PDC@cmt.canon.co.th
10. Update to the Privacy Notice
We reserve the right to modify or update this Privacy Notice from time to time. Subject to your rights at law, you agree to be bound by the prevailing terms of this Privacy Notice as updated from time to time. The date stated at the top of this Privacy Notice indicates the last time this document was revised. We encourage you to check back regularly for the latest version of this Privacy Notice.