Privacy Policy
Privacy Policy for Customers
Last Updated: November 17, 2025
Effective Date: November 17, 2025
LOPIA Thailand Co., Ltd. (hereinafter collectively referred to as the "Company") hereby establishes this "Customer Privacy Policy" (hereinafter referred to as the "Policy") in accordance with the Personal Data Protection Act, B.E. 2562 (hereinafter referred to as the "PDPA"). This Policy explains how the Company handles the collection, use, disclosure, and other processing (hereinafter referred to as "Processing") of your personal data, as well as your rights as a data subject.
1. Definition
| Term | Description |
|---|---|
| Personal Data | Any data that can directly or indirectly identify an individual (excluding data relating to deceased persons) |
| Sensitive Personal Data | Data concerning race or ethnicity, political opinions, religion or beliefs, sexual behavior, criminal history, health, disabilities, labor union membership, genetic data, biometric data, or other data that the PDPC recognizes as having similar impact. |
| Data Subject (Customer) | A natural person who is the subject of data collected, used, and disclosed under this Policy, including customers, service users, business partners, and other individuals. |
| LOPIA Thailand Co., Ltd. Group Companies | Domestic and overseas corporations that are part of the same group as the Company or have a partnership relationship with it. |
| Service Providers | External service providers for server, cloud, and IT maintenance; logistics and payment processing; call centers; marketing and research; as well as legal and audit services. |
2. Scope of Application of this Policy
This Policy applies when the Company processes customers' personal data through our website, applications, campaigns, inquiries, sales and delivery, or after-sales services. Minors are required to inform their legal guardian of this Policy and obtain consent if necessary.
3. Personal Data Collected and Collection Methods
| Method | Description |
|---|---|
| Direct provision | Form submission, membership registration, order placement, customer support desk, campaign entry, event participation, etc. |
| Automatic acquisition | IP address, device data, logs, cookies, and other online identifiers |
| Acquisition of identity verification documents | Identification documents such as ID card, passport, driver's license, and student ID (including copies) |
| Acquisition from third parties | Payment and delivery service providers, marketing partners, and publicly available data (with notification given in accordance with the methods prescribed under the PDPA at the relevant time) |
| Representative data types | Personal data such as name, address, contact details, account data, purchase history, payment data (including tokens), delivery data, inquiry details, and cookie-related data |
4. Purpose of Use, Legal Basis, Recipients of Disclosure
(a) Provision of Products and Services
Order processing, payment, delivery, warranty, customer support
- Legal basis: contract / legal obligations (e.g., taxation) / legitimate interests (fraud prevention, quality improvement)
- Disclosure recipients: group companies, payment and logistics service providers, and authorities as necessary
(b) Account Management and Communication
Identity verification, important notifications, customer support
- Legal basis: contract / legitimate interests
(c) Marketing
Campaign announcements, recommendations, research and analysis
- Legal basis: consent (including profiling and targeting) / legitimate interests (limited in scope)
(d) Compliance with Laws and Dispute Resolution
Accounting, taxation, regulatory inquiries, establishment, exercise, and defense of legal claims
- Legal basis: legal obligations / legitimate interests
(e) Website Management and Security
Logging, access control, misuse monitoring
- Legal basis: legitimate interests
(f) System Improvement and Service Development
- Legal basis: legitimate interests (quality improvement and operational efficiency)
The collection of customers' personal data is necessary to provide specific services and to duly perform and ensure the related contractual rights. If the customer chooses not to provide certain personal data, we may be unable to offer some of our services, and as a result, you may not be able to fully enjoy the rights under the contract. If we need to collect, use, process, or provide the customer's personal data for purposes other than those explicitly stated in this Policy, we will appropriately notify the customer of the new purpose of use, the types of personal data to be handled, the retention period, and the customer's rights.
5. Use of Cookies
What are cookies?
Cookies are text files that store details of internet usage history and website browsing behavior on a computer.
How are cookies used?
The Company collects information about your use of our platform or system through cookies or other tracking technologies, and uses cookies for various purposes as described below.
Types of Cookies
| Cookie Type | Explanation |
|---|---|
| Essential Cookies | These cookies are essential for the proper functioning of the website. They ensure that the website operates normally and securely, allowing access to features such as logging in, signing up, and identity verification. If you do not consent to the use of these cookies, you may not be able to access or use certain functions of the platform properly. |
| Analytics Cookies | These cookies collect data about your use of our website, enabling the Company to measure, evaluate, improve, and develop its platform and systems, and to enhance the user experience. If you do not consent to the use of these cookies, the Company may be unable to measure, evaluate, improve, and develop its platform and systems. |
| Functional Cookies | These cookies help remember data about the computer or electronic device used to access the platform, registration or login information, settings, and options previously selected on the platform (such as the language displayed). This eliminates the need to provide information or adjust settings each time you access the platform, making the website more convenient to use. If you do not consent to the use of these cookies, you may not be able to use the platform conveniently and efficiently. |
| Targeting Cookies | These cookies collect various data, including customers' personal data, and create a customer profile. This enables the Company to analyze and provide content, products/services, and/or advertisements that match our customers' interests and preferences. If you do not agree with the use of these cookies, you may be shown general data or advertisements that do not match your interests. |
Cookie Policy of Third-Party Websites
Our platform may contain links to third-party platforms that may use cookies. Please review the relevant policies of those platforms before using them. Third-party cookies cannot be set on our platform.
Customers may change or disable cookie settings through [Cookie Settings]. However, if cookies are disabled, you may not be able to fully utilize the functions of our platform or system.
6. Provision to Third Parties
We may disclose data to our group companies, service providers (including IT, payment, logistics, marketing, audit, and legal services), competent authorities, and parties involved in business reorganizations, to the extent necessary for achieving the purposes of this Policy. When outsourcing, confidentiality and security management are mandated by contracts, etc.
7. Relocation Outside Thailand
Personal data may be transmitted or transferred to third parties located outside of Thailand. In such cases, appropriate safeguards such as Standard Contractual Clauses (SCC), Binding Corporate Rules (BCR), or adequacy decisions will be implemented to ensure an adequate level of protection at the transfer destination. The country of destination, the categories of recipients, and a summary of the safeguards will be provided upon request.
In cases of transfers to countries that have not been granted adequacy recognition, either the explicit consent of the individual shall be obtained, or supplementary protective measures shall be implemented in accordance with the guidelines of the Personal Data Protection Commission (PDPC).
8. Retention Period
We will retain personal data for the period prescribed by applicable laws and regulations in order to achieve the purposes specified in this Policy. The purposes are aligned with the provision of our services and comply with applicable laws and regulations. Upon expiration of the retention period, we will take measures to delete, dispose of, or anonymize the relevant personal data. These processes are carried out in accordance with standards for the secure management of personal data. Personal data collected based on account data or consent will be retained until the withdrawal of consent by the individual or until the purposes of use have been fulfilled.
9. Customer Rights
As the owner of personal data, you have the following rights:
-
You have the right to access your personal data under the responsibility of the data controller and to obtain a copy of it, as well as the right to request disclosure of how such personal data was obtained if consent was not granted.
-
You have the right to obtain your personal data from the data controller in accordance with the law.
-
You have the right to have your personal data corrected so that it is accurate, up-to-date, complete, and not misleading.
-
As provided by law, you have the right to object at any time to the collection, use, or disclosure of your personal data.
-
As stipulated by law, you have the right to request the data controller to delete, dispose of, or anonymize your data.
-
As stipulated by law, you have the right to request the data controller to stop using your personal data.
-
You have the right to withdraw your consent to the collection, use, or disclosure of your personal data by notifying the Company. However, such withdrawal of consent will not affect the collection, use, or disclosure of personal data that occurred prior to the withdrawal.
-
In the event of a violation or non-compliance with the Personal Data Protection Act, you have the right to file a complaint against the Company, personal data handlers, our employees, and business partners.
10. Security
We implement organizational and technical security measures, comply with applicable laws and regulations, and maintain protection commensurate with the risks. In order to prevent the loss, unauthorized access, misuse, inappropriate disclosure, or alteration of personal data without the individual's consent, we restrict access to customers' personal data to only those personnel who require it for business purposes. We also require our contractors to maintain the same level of control.
11. Contact Information
If you have any questions regarding personal data or wish to exercise your rights as the owner of personal data, please contact us.
LOPIA Thailand Co., Ltd.
18 Phaya Thai Rd, Thung Phaya Thai, Ratchathewi, Bangkok 10400
Email address: support@lopia.co.th
12. Revision
We will revise this Policy as necessary in accordance with actual processing practices and legal requirements. Any revisions will be announced on our website (https://lopia.co.th) or through other appropriate channels, with the effective date clearly indicated. For significant changes, we will provide appropriate notice and obtain prior consent when necessary.