ความเป็นส่วนตัว
At SHIMA Park, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our online and offline stores and related services. By using our website, you acknowledge to the practices described in this policy.
This Privacy Policy is jointly managed by Fashion e-Commerce Asia Co., Ltd. (Thailand) and SHIMAMURA Co., Ltd. (Japan), including its group companies, to provide information on the collection, use, and disclosure of personal data of customers (“You” or “Your”) in accordance with Section 23 of the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
The personal data collected through SHIMA Park’s online and offline channels are jointly controlled by these entities for the purposes of operating retail stores, e-commerce platforms, customer relationship management, and marketing activities.
Accordingly, the personal data will continue to be managed under the same joint control structure, without constituting a transfer of data to a new controller, and always in compliance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand and other applicable laws.
In this Privacy Policy, “the Company” refers collectively to Fashion e-Commerce Asia Co., Ltd. (Thailand) (“FECA”) and SHIMAMURA Co., Ltd. (Japan), including its group companies,which jointly manage personal data under this Policy.
1. Personal Data that the Company collects, uses and/or discloses
The Company needs to collect, use and/or disclose Your Personal Data, as follows:
|
Category of Personal Data |
Examples of Personal Data |
|
|---|---|---|
|
Personal Details |
Name-Surname, Nickname, Date of birth, ID Number, Passport Number, Gender, Age, Nationality, Photo, Autograph, Marital Status, Service record, Information about Interest, Information from CCTV |
|
|
Contact Details |
Address, Phone Number, Email, LINE, other social media account |
|
|
Financial Information |
Bank Account Number, Payment Information |
|
|
Device & Technical Data |
IP address, Browser type, Device identifiers, Operating system, Cookies |
|
|
Marketing & Communication Data |
Preferences, Consent for newsletters or campaigns |
|
|
Order & Transaction Data |
Purchase history, Payment details (via secure third-party providers) |
|
|
Customer Service Data |
Inquiries, Complaints, and Communication history |
|
2. The Company’s activity, purpose and lawful basis of the collection, use and/or disclosure of Your Personal Data
The Company collect, use and/or disclose Your Personal Data for the activities, purposes and lawful bases as follows:
|
Lawful Bases |
Activity/Purpose of Collection, Use and/or Disclosure of Personal Data |
|---|---|
|
Legal Obligation |
1. To ensure that the Company’s operations are in compliance with applicable laws, rules, and regulations, such as the laws relating to personal data protection, tax, labour, social security, consumer protection, and prevention of contagious diseases, as well as to comply with court orders and requirements/orders of relevant government agencies, etc. |
|
Performance of Contract |
1. For user registration and carrying out operations to provide services to you, including communications related to the service. |
|
Legitimate Interest |
1. Investigations in various areas such as security and work performance. |
|
Consent |
1. Collect, use and/or disclose your sensitive personal data. 5. For conducting sales analysis, improving service, personalized marketing, and enhancing customer engagement. |
If you do not provide such Personal Data to the Company, this may cause a delay in our processes or we may not be able to process as You have requested. In addition, where the collection of Personal Data is required by law, failure to provide such Personal Data may result in a violation of legal obligations, which could subject the Company and/or relevant persons to liability or penalties under applicable laws. Where the collection is based on contractual necessity, failure to provide such Personal Data may prevent the Company from performing or fulfilling its obligations under the relevant contract or agreement, such as delivering products, issuing invoices, or making and receiving payments.
Linkage between Data Categories and Purposes
The types of Personal Data described in Section 1 may be collected, used, and disclosed by the Company for the purposes set out in this Section 2, depending on the nature of your relationship with the Company.
For example:
-
Personal Details, Contact Details, and Financial Information are used for registration, identity verification, payment processing, and product delivery.
-
Order & Transaction Data are used for sales analysis, order management, and after-sales service.
-
Device & Technical Data and Marketing & Communication Data are used for service improvement, personalized marketing, and customer engagement.
-
Customer Service Data are used for handling inquiries, complaints, and improving service quality.
The Company ensures that each category of Personal Data will be processed only for the purposes specified above and in accordance with the lawful bases set out in this Section.
3. Retention Period
The Company will retain your Personal Data, except for the categories of personal data specified below, for as long as you have an ongoing transaction or relationship with the Company. After the termination of such relationship, your Personal Data will generally be retained for up to ten (10) years to comply with legal obligations and to establish, exercise, or defend legal claims.
Marketing and communication data will be retained until you withdraw your consent or unsubscribe from marketing communications.
Customer service data will be retained for up to three (3) years, for service quality assurance and internal training purposes.
After the expiration of the relevant retention period, the Company will securely delete, destroy, or anonymize your Personal Data, except where we are required by law or have legitimate technical or legal reasons to retain it for a longer period (e.g., backup systems or pending legal proceedings).
4. Disclosure of Personal Data
Access to your Personal Data is restricted to individuals who need to know in order to perform their work and responsibilities to achieve the objectives set out herewith.
However, the Company may disclose or forward your Personal Data to third parties to process your Personal Data, or to other Data Controllers which are as follows:
-
(a) Third parties required by law – such as the Ministry of Commerce, the Revenue Department, police offices, or other competent government agencies/officials, in order for the Company to comply with the applicable law, lawful orders of government agencies, or court orders to which the Company is subject.
-
(b) Service Providers of the Company – the Company may use third-party services to provide services for the Company, to assist in the Company’s operations such as internet service providers, software, website developers, digital media, transportations services providers, payments and financial systems providers, research and analytics providers, auditors, marketing and events providers, telecommunication services providers, storage and cloud services providers, printing service providers, attorneys, legal consultants, archiving and/or shredding providers and/or other professionals, All such service providers are required to process Personal Data only on behalf of the Company and under binding data protection or confidentiality agreements.
-
(c) Any other person involved in any dispute arising, including disputes related to transactions,
-
(d) Any person entrusted to manage any interest, intermediaries, contact person, and your representatives,
-
(e) Any person to whom the Company obtains an order from you to disclose your Personal Data.
If your Personal Data is transferred outside of Thailand (e.g., to cloud servers or other group entities), the Company ensures that such transfer complies with the PDPA by ensuring that the destination country has an adequate level of data protection, or implementing appropriate safeguards or legal transfer mechanisms to maintain an adequate level of protection.
5. Cookies & Tracking Technologies
We use cookies and similar technologies to enable website functionality (essential cookies).
We also use other types of cookies to remember your preferences, analyze site usage, and deliver personalized advertising. These cookies will be used only with your consent (non-essential cookies).
Some analytics and marketing cookies may be placed by our trusted third-party partners to help us deliver relevant advertisements and measure their performance.
You can manage or withdraw your consent for non-essential cookies at any time through our cookie banner or settings page.
For details about the types of cookies we use, their purposes, and how you can control them, please see our [Cookie Policy].
6. Minor’s Data
Our services are not directed to individuals who are below 20 years old or are not of legal age under the Thai Civil and Commercial Code, and we do not knowingly collect personal data from such minors.
If we become aware that personal data has been collected from a minor without parental or guardian consent, we will promptly delete such data from our systems, databases, and records.
In cases where parental consent is lawfully obtained, the Company will process such data only to the extent permitted by applicable laws and with appropriate safeguards.
7. Security
The Company maintains appropriate technical and organizational security measures to protect your Personal Data against unauthorized or unlawful loss, access, use, alteration, correction, or disclosure.
Such measures include limiting access to authorized personnel, securing data storage through encryption, and regularly monitoring systems for vulnerabilities and potential risks.
In the event of a data incident, the Company will take prompt remedial action in accordance with applicable laws.
8. Your rights
You have rights regarding your Personal Data under the Personal Data Protection Act B.E. 2562 (PDPA). You may exercise the following data subject rights unless the Company has lawful grounds to refuse your request:
(a) Right to Withdraw Consent – In case the Company relies on your consent as a lawful basis to process your Personal Data, you have the right to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before it was withdrawn.
(b) Right to Access and Obtain a copy – You have the right to access and obtain a copy of your Personal Data retained by the Company, or request the Company to disclose its acquisition of such Personal Data for which you did not give consent.
(c) Right to Data Portability – You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format, and to request that the Company transmit such data to another data controller where technically feasible.
(d) Right to Object – You have the right to object to the collection, use or disclosure of your Personal Data when it is processed based on the Company’s legitimate interest, or for a direct marketing purposes.
(e) Right to Erasure – You have the right to request the Company to delete, destroy or anonymize your Personal Data when it is no longer necessary, when you withdraw consent and the Company has no other legal basis to retain it, when you object to the processing and the Company cannot reject your request, or when Personal is processed unlawfully.
(f) Right to Restrict Processing – You have the right to request the Company to restrict the use of your Personal Data under certain circumstances, such as while a request for rectification or objection is under consideration.
(g) Right to Rectification – You have the right to request correction of inaccurate or incomplete Personal Data to ensure its accuracy, currency, and that is not misleading.
(h) Right to Lodge a Complaint – You have the right to file a complaint with the Personal Data Protection Committee(PDPC) if the Company’s processing of your Personal Data is not in compliance with the PDPA.
You may exercise these rights by contacting us at the contact details in Section 10(Contact Channel). The Company will review and respond to your request within thirty (30) days from the date of receipt, unless otherwise required by law or due to the complexity of the request. The Company may decline to process your request if permitted or required by law, or if such action could infringe the rights or freedoms of others.
9. Modification of the Privacy Policy
The Company may review and update this Privacy Policy from time to time to ensure that it remains accurate, suitable, and compliant with applicable laws and the Company’s operations.
In the event of any material changes that affect your rights or the way we process your Personal Data, the Company will notify you or make such changes publicly available through appropriate channels prior to the effective date of the update.
10. Contact channel
If you have any privacy concern, question, or request regarding this Privacy Policy or the processing of your Personal Data, you may contact us at the following details:
Data Controller: Fashion e-Commerce Asia Co., Ltd.
548 One City Centre Building, 21st Floor, Room no 2106
Phloen Chit Road Lumphini Pathum Wan Bangkok 10330
Email: shimapark@fashion-ec.asia
Phone: +66 64 954 5590
If your inquiry concerns the processing of your Personal Data handled by SHIMAMURA Co., Ltd.’s group companies, your request may also be forwarded to the relevant companies within the group.