Privacy Policy Neo Travel

Privacy Policy (General)
Neo Travel Thailand Co., Ltd. (“the Company”) recognizes the importance of privacy and the protection of personal data of its customers and service users (collectively referred to as “you”). Therefore, the Company has established this Privacy Policy to inform you about the Company`s practices regarding the collection, use, and disclosure of personal data, ensuring that you can use electronic payment services through the Neo Travel Application (“the Application”) and other existing and future services (collectively referred to as “the Services”) with confidence.
Personal Data
Personal data refers to information about an individual that can be used to identify that individual, either directly or indirectly, such as name, surname, national ID number, address, phone number, financial information, etc. Personal data may include sensitive personal data, which is at risk of being used for unfair discrimination. Such sensitive personal data includes, but is not limited to, biometric data and religious information.Personal data includes any information you provide to the Company and/or that is in the Company`s possession, and/or that the Company collects from other sources or individuals lawfully. If the Company needs to collect, use, or disclose your personal data differently from what is stated in this Privacy Policy, the Company will inform you of the new practices at the time or before the collection, use, or disclosure of your personal data.By using the Services, you are deemed to have read and understood this Privacy Policy.Types of Personal Data Collected, Used, or Disclosed by the Company
  1. Identification Information: Such as details from national ID cards, passports, and/or other government-issued documents including national ID number, name, surname, title, date of birth, and nationality.
  2. Contact Information: Necessary for contacting you, such as your address, mobile phone number, and email.
  3. Personal Characteristics: Such as gender, marital status, and biometric data.
  4. Employment Information: Such as your workplace details.
  5. Financial Information: Such as transaction records conducted through the Neo Travel Application or other services, credit/debit card information, and bank account details.
For merchants or entrepreneurs, in addition to personal data in your capacity as service users or general customers, the Company will also collect and use personal data related to your business transactions and/or services.This is essential for providing services, or in cases where personal data needs to be collected, used, disclosed, processed, and/or transferred abroad based on your relationship with the Company.For additional services beyond the Company’s basic services, or in cases involving the collection, use, or disclosure of sensitive personal data not mentioned above, the Company will operate strictly under the legal bases specified by law. The Company will inform you of the purpose and type of personal data to be collected, used, or disclosed before or at the time of such action.
Legal Bases and Purposes for the Collection, Use, or Disclosure of Your Personal Data
The Company will collect, use, or disclose your personal data based on the following legal bases and purposes:
  1. Contractual Necessity: To perform our contractual obligations or to take steps at your request before entering into a contract. This includes, but is not limited to:
  2. Evaluating your application to use the application.
  3. Any necessary actions to provide the best services from the Company.
  4. Providing assistance, responding to inquiries, accepting requests, receiving information, or contacting you regarding services.
  5. Developing and improving the quality of services, enhancing service efficiency, and facilitating your access to services.
  6. Processing data to provide services.
  7. Any purpose related to service provision that may interest or benefit you through the Company`s notification channels and contact methods you have provided, as legally permissible due to service provision.
  8. Any other actions related to service provision that may benefit you.
  9. Legal Obligations: To comply with legal requirements, including but not limited to:
  10. Complying with relevant laws applicable to the Company, which the Company is obligated to follow, including laws, regulations, rules, practices, or guidelines issued by legal authorities or regulatory bodies, such as announcements by the Bank of Thailand and the Anti-Money Laundering Act. The Company may need to submit your personal data to internal/external auditors, government agencies, or other relevant legal entities.
  11. Consent: With your consent, including but not limited to:
  12. For purposes of analyzing or predicting your preferences or behaviors, including research, development, product improvement, and marketing planning, to allow the Company to offer suitable products and services, benefits, promotions, and proposals. By adhering to these legal bases, the Company ensures the lawful and appropriate handling of your personal data.
  13. Other Legal Purposes The Company will seek your consent for other lawful purposes as necessary, such as facilitating your use of services from other providers through the application.
  14. Legitimate Interests: The legitimate interests of the Company or third parties, except where such interests are overridden by your fundamental rights and freedoms. This includes, but is not limited to:
  15. Crime and fraud prevention.
  16. Ensuring the security of IT systems and networks in accordance with international standards.
  17. Significant Public Interests: The Company has implemented appropriate measures to protect your fundamental rights and benefits. This includes, but is not limited to:
  18. Identity verification to prevent crime and fraud.
  19. Suspicions related to the financing of terrorism and/or money laundering.
Apart from the above legal bases and purposes, the Company may collect, use, or disclose your personal data under other legal bases, such as to prevent or suppress danger to life, body, or health, or for public interest purposes related to historical or archival documentation. If personal data is collected, used, or disclosed for such other purposes, the Company will notify you accordingly.Disclosure of Personal Data to Third Parties The Company may collect personal data from, and/or use, send, transfer, process, and/or disclose personal data to the following entities for the purposes and legal bases outlined above:
  1. Legal entities or subsidiaries, joint ventures, partners, affiliates, and service providers of the Company, including other authorized service providers both within and outside the country. For example, external service providers, cloud service providers, or other Company partners. The Company will ensure that these service providers handle your personal data in accordance with this Privacy Policy and relevant laws.
  2. Auditors, external examiners of the Company, government agencies, assignees of claims, and any other individuals or legal entities to whom the Company is required to send personal data for legal compliance.
  3. Business transferees in the event of a merger, transfer, sale of assets, and/or business operations, in whole or in part.
Storage and retention of user facial data
Data collection
Our app collects user facial data when photos are taken for identity verification purposes. This data is stored in encrypted formats to protect user privacy.
Data usage
The collected facial data is used for:
  1. Identity verification of users
  2. Improving service efficiency
  3. Developing facial recognition technology
Data disclosure
User facial data will not be disclosed to third parties unless:
  1. Legally required
  2. User consent is provided for disclosure
Data sharing
The app may share facial data with subsidiaries, joint venture partners, affiliates, and service providers to enhance services, with stringent management to ensure data protection.
Data retention
User facial data will be stored in a database system on a securely protected server that cannot be accessed from the outside. The data will be deleted when it is no longer necessary for use.​
Disclosure of personal data of service users
The company will not disclose your personal data to third parties for purposes other than those notified in this policy, unless authorized by you.Retention period of your personal dataThe company may need to retain and collect your personal data for as long as necessary while you use the service, or have a relationship with the company, or for as long as necessary to achieve the relevant purposes related to the company`s service, and may continue to collect it thereafter as required by law, such as for anti-money laundering purposes or for the purpose of proof and investigation of disputes within the statutory limitation period of not more than 10 years.Rights of data subjects under personal data protection lawsAs the owner of personal data under personal data protection laws, you have the following rights:
  1. Right to withdraw consent: You have the right to withdraw your consent for the processing of your personal data that you have provided to the company, for as long as your personal data is with the company.
  2. Right to access and request a copy of your personal data: You have the right to request access to your personal data provided to the company, or request the company to provide a copy of such personal data in a readable or usable format by general-purpose machine or device, or to use or disclose such personal data automatically (where applicable), or request the company to send or transfer such personal data to another data controller as required by law, or request to receive the personal data that the company has sent or transferred to another data controller (unless technically impracticable).
  1. Right to request correction: You have the right to request the company to correct your inaccurate or incomplete personal data that you have provided to the company, for as long as your personal data is with the company.
  2. Right to request deletion, destruction, or anonymization: You have the right to request the company to delete, destroy, or anonymize your personal data to make it unidentifiable, for reasons specified by law, for the period that your personal data is provided to the company.
  3. Right to request suspension of use: You have the right to request the company to suspend the use of your personal data provided to the company, for reasons specified by law.
  4. Right to object to data processing: You have the right to object to the company processing your personal data provided to the company, for reasons specified by law.
  5. Right to lodge a complaint: In case the company breaches or fails to comply with the personal data protection laws, you have the right to lodge a complaint with the Personal Data Protection Committee, including employees or contractors of the company who breach or fail to comply with the personal data protection laws.
Furthermore, you can contact the company`s Personal Data Protection Officer to submit requests for the company to act upon the aforementioned rights at the Customer Service Center, by calling 02-6350695. The company will process your request within the timeframe specified by the personal data protection laws and will inform you of the resulting impact. However, the company reserves the right to reject your request if mandated by law, and may consider charging a fee based on administrative costs and internal policies.
Personal Data Protection
The Company acknowledges and attaches great importance to your personal data. Therefore, the Company has improved and developed its security system to ensure that your personal data complies with laws and is up-to-date and secure according to international standards. The Company will make every effort to comply with this Personal Data Protection Policy and emphasize that its employees, including data processors of the Company who have access to or are legally required to safeguard and respect your personal data security.In cases where the Company needs to transfer any of your personal data abroad, the Company will use standards as required by the laws on personal data protection, and the Company will not transfer your personal data to destination countries that do not have adequate standards of personal data protection unless you consent to such transfer. However, in cases where users personal data are compromised due to computer tampering, such as hacking, theft, copying, or database destruction, destroying private encryption codes, or any other methods that are not the Company`s fault, the Company reserves the right to reject any liability resulting from such actions.Personal data of users with legal incapacityIn the case where you are a minor under 10 years old, or a person with equivalent incompetence, or legally incompetent, the Company requests that your guardian or legal representative provides consent for the Company to collect, use, disclose, and process your personal data, as well as undertake any actions related to such cases. Furthermore, if the Company discovers that your personal data has been collected, used, disclosed, or processed without legal consent from your guardian, legal representative, or guardian, the Company reserves the right to refuse any actions requested by you and will promptly delete your personal data, unless the collection, use, disclosure, or processing of such personal data is permissible under legal exceptions that allow the Company to act without such consent.In the case where you are a minor over 10 years old and the case does not fall under exceptions as per the Civil and Commercial Code Sections 22, 23, or 24, the Company requests that your guardian or legal representative provides consent for the Company to collect, use, disclose, and process your personal data, as well as undertake any actions related to such cases. Furthermore, if the Company discovers that your personal data has been collected, used, disclosed, or processed without legal consent from your guardian or legal representative, the Company reserves the right to refuse any actions requested by you and will promptly delete your personal data, unless the collection, use, disclosure, or processing of such personal data is permissible under legal exceptions that allow the Company to act without such consent.In the case where you are a minor over 10 years old and the case falls under exceptions as per the Civil and Commercial Code Sections 22, 23, or 24, the Company requests that you provide consent for the Company to collect, use, disclose, and process your personal data, as well as undertake any actions related to such cases. Furthermore, if the Company discovers that your personal data has been collected, used, disclosed, or processed without legal consent from you, the Company reserves the right to refuse any actions requested by you and will delete your personal data immediately, unless the collection, use, disclosure, or processing of such personal data is permissible under legal exceptions that allow the Company to act without such consent.Supervision of Data Collection, Use, and Disclosure by Data ProcessorsAs the data controller, the Company may appoint external entities, including but not limited to Cathay International Shopping Center Co., Ltd., as data processors for your personal data. In doing so, the Company ensures that these data processors, including sub-processors if any, are obligated to comply with this policy, as well as with the Personal Data Protection Act of 2019 and related laws rigorously.Policy UpdatesBy using any services of the Company, you agree to this Personal Data Protection Policy. The Company may amend or supplement this policy at any time and will notify you. Your continued use of the application or any services after such amendments or supplements will constitute acceptance thereof each time.
Contact Information
If you have any questions, complaints, requests for access, or concerns regarding this Personal Data Protection Policy, and/or wish to verify which of your personal data is in the possession of the Company, you can contact the Company at:
Neo Travel Thailand Co., Ltd.92/5 Sathon Thani Building, Floor 19, North Sathorn Tower 100 North Sathorn Road Silom, Bang Rak, Bangkok 10500
Contact Number: Customer Service Center +66-2-2134567Email: [email protected]