Terms & Conditions

Neo Corporate Public Company Limited (“Company”, “we”, “us”, or “our”) places importance on your personal data protection while receiving our products and services. We know you care how your information is collected, used, disclosed, and transferred to a foreign country. We will use the data that you have provided to us to offer you the products and services you need and want, appropriately tailored for you, which may be offered both from us and any companies within the data ecosystem of Neo group. The Company would like to thank you for putting your trust in the Company. We will handle your personal data with reasonable care in order to give you the best experience and customer service. This privacy policy (“Privacy Policy”) applies to websites, social media channels, online communication channels, and all other locations where your personal data is collected. However, please read this Privacy Policy in conjunction with the terms and conditions of the particular service that you use. According to this Privacy Policy, “Personal Data” means “any information in relation to a person which leads to the identification of such particular person as provided below” The Company reserves the right to amend this Privacy Policy from time to time; therefore, please regularly check for the most updated version of this Privacy Policy. Any changes to this Privacy Policy will become effective immediately when we post the updated Privacy Policy on our websites. We will inform you of any significant changes and updates. In the case where such change or amendment deprives you of your rights concerning sensitive data pursuant to this Privacy Policy, the Company will ask for your consent in advance unless otherwise specified by law.

1. Types of Personal Data collected by us We may collect or obtain the following types of data, which may include your Personal Data, whether directly or indirectly from you, from other sources, or from Neo group, affiliates, subsidiaries, business partners or other companies. The nature of the collected Personal Data will depend on the communication context and the interaction between you and us, including the services or products you need or want from us and within Neo group. • Personal information: e.g., title, full name, gender, age, occupation, qualifications, job position, position or status, type of business, nationality, residing country, date of birth, marital status, number of family members and children, age of children, information on government-issued cards (e.g., ID number, social security number, passport number, tax ID number, driver’s license number, or any other similar identification documents, etc.), details of immigration, e.g., arrival date and departure date, signature, voice, recorded voice, photos, facial features for facial recognition, pictures from CCTV, workplace, educational background, insurance information, license plate, house registration, household income, salary, personal income, and any other personal information which you have provided to us, etc. • Contact information: e.g., mailing address, delivery information, invoice address, telephone number, facsimile number, email address, LINE ID, Facebook user account, Facebook ID, Google ID and user accounts of other social media websites, information of contact person (e.g., telephone number, contact information on other channels (e.g., written communication made with you)) and any other contact information which you have provided to us; • Membership information: e.g., details of member account information, membership card number, accumulate points, membership code (e.g., membership card number, Siebel ID, member ID, customer ID)), type of member, type of customer, joining/application date and month, membership period, bank account and payment information, application for services and products (e.g., membership application form, insurance application form, etc.), and any other membership information; • Financial information: e.g., credit/debit card information or bank information, credit/debit card number, type of credit card, issue/expiration date, billing cycle, account details, payment details and history, your information regarding the details of risk profile for business partners, credit rating and solvency, information in accordance with the declaration of suitability, and any other financial information; • Transaction information: e.g., information regarding any payments made to or by you, date and/or time of payment, amount paid, refund information, amount refunded, accumulated points, date and location of purchase, purchase number or order, service appointment date, address/date and time of receipt or delivery, a recipient’s answering message, a recipient’s email closings, warranty information, complaints and claims, reservation information, rental information, transactions, transaction history, location and status of a transaction, past sale transaction, status, transaction status, buying behavior, and other information of the products and services you have purchased; • Technical information: e.g., IP address, cookies, MAC address, web beacon, log, device ID, device model and type of the device, network, connectivity information, access information, SSO information, login log, duration and location entered, time spent on webpage, logging-in information, search history, browsing information, type and version of browser, time zone setting, location, type and version of plug-in browser, operating system and platform and other technologies on the device you use for gaining access to a platform, and other technical information from the use of platform and operating system; • Behavioral information: e.g., information regarding your buying behavior and information received from the use of our products and services; • Details of personal information: e.g., your username and password, details and personal photos, purchase, order history, past purchase order, purchase history, purchased items, quantity of items, purchase order or your product recall order, order made via website, details of Cash on Delivery, order ID, financial records, PIN, your interests, preferences, response and survey result, satisfaction survey, use of social media, participation information, loyalty programs information, discount and promotional code used by you, details of customer’s purchase order, customer service, participation of business exhibitions and activities, business exhibitions, prosecution, tests and trials, and any other details of personal information; • Usage information: e.g., information regarding your search or website or platform usage, usage of our products and services, items in cart, interested items list, notification records of on-sale items, follow-shop records, timestamp of last click, Q & A records, and any other usage information; • Marketing and communication information: e.g., your requirements on receiving marketing information from us, Neo group, affiliates, subsidiaries, business partners or other companies; preferred communication method; and any other marketing and communication information, and/or; • Sensitive data: e.g., race, religion, political opinions, fingerprints, facial recognition system, health information or physical or mental condition, genetic information, medical records, disabilities, and criminal record. If you have provided us with Personal Data of a third party (e.g., beneficiary, emergency contact person, referral, and references) e.g., name, surname, address, telephone number, personal income in a family, and personal information and other information for emergency contact, for filing an application or making a transaction with us; please inform this Privacy Policy for their acknowledgement and/or ask for consent from such third party for us, if required. We will collect, use, or disclose sensitive data only when your express consent is obtained or as permitted to do so by law. We will collect information of a minor, a quasi-incompetent person, and an incompetent person only when guardian’s consent is obtained. When consent is required, we will not collect information from a customer who it is explicitly known to us that he/she is under 20 years of age or from a quasi-incompetent person and an incompetent person without their guardian's consent. In the case where we learn that we have unintentionally collected Personal Data from any person under 20 years of age, a quasi-incompetent person, or an incompetent person without guardian’s consent, we will delete such data immediately or process only part of such data to the extent permitted by other lawful bases other than consent.

2. Why we collect, use, or disclose your Personal Data                                                                                                                                                                                                                          2.1 The purpose requiring your consent Marketing and communications: We will collect, use, and disclose your Personal Data for providing you privileges and promotions, news, discounts, special offers, advertisements, notifications, information, marketing and communication regarding the products and services from Neo and its affiliates, subsidiaries, and/or business partners, which we cannot rely on other lawful bases. 2.2 The purposes and other lawful bases we use for processing your Personal Data We may rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of the legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties; (4) vital interest, for preventing or suppressing danger to a person’s life, body, or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the rights of government officials. We may collect, use, and disclose your Personal Data for the following purposes: 1) To provide products and services to you: To enter into a contract and manage our contractual relationship with you; to support and perform other activities related to such services or products; to complete reservations and to carry out financial transactions and services in relation to the payments including transaction examination, verification, and cancellation; to process your orders, delivery, collections, and returns; refund and exchange of products or services; to provide updates on the delivery of the products and to perform warehouse internal activities, including accepting, stocking, and package labelling; to verify warranty period; to provide aftersales services, including maintenance appointment and facilitation; 2) Marketing and Communications: To provide privileges and promotions, news, discounts, special offers, advertisements, notifications, information, marketing and communication regarding the products and services from Neo group and its affiliates, subsidiaries, and business partners; 3) Loyalty programs, reward programs, lucky draws, contests, and activities: To allow you to join loyalty programs, reward programs, sweepstakes, lucky draws, contests, activities, seminars and trainings, and relevant communication channels (e.g., notification emails) including processing and managing your user account registration; gift receipt registration; activity participation registration; point processing; collection, increase, exchange, or earning of points; point redemption or pay with points and point transfer; checking usage history, both online and offline; voucher and gift card giveaways; and invoice issuance; 4) Registration and authentication: To register, verify, authenticate, identify and/or confirm your identity; 5) To manage our relationship with you: To contact and communicate with you as requested by you or in relation to the products and services you obtain from us, Neo group, its affiliates, subsidiaries, and business partners; to handle customer service-related queries, request, feedback, complaints, claims, disputes, or remedies and compensation; to provide technical assistance and solve technical issues; to process and update your information; to facilitate your use of the products and services; 6) Personalization, profiling, and data analytics: To recommend products and services that might be of interest to you, identify your preferences and personalize your experience; to learn more about you, the products and services you received and other products and that might be of interest to you; to assess your interest or behavior having towards the products and services; to carry out data analytics, data cleansing, data profiling, market research, surveys, behavior assessments, statistics and segmentation, patterns and consumption trends, profiling based on the processing of your Personal Data, e.g., by looking at the types of the products and services that you use, your preferred communication channel; to know you better and to elevate business performance; to adapt the contents to match the identified preferences; to determine the effectiveness of the promotional campaigns; to identify and solve any arisen issues of the existing products and services; for qualitative information development. As for those purposes, we will collect, use, and disclose your Personal Data for your interest and benefit, legitimate interest, and businesses of Neo Group, its affiliates, subsidiaries and business partners, of which shall not override your fundamental rights to Personal Data. We will request for your consent, if required, from time to time; 7) To improve business operation, products, and services: To evaluate, develop, manage, and elevate, research and develop the services, products, system, and business operation for you and all of our customers, Neo group, its affiliates, subsidiaries, and business partners; to identify and solve any arisen issues; to produce anonymized and aggregated reports and assess the performance of the products, digital media, and marketing campaigns; 8) Website functions: To administer, operate, track, monitor, and manage the websites and platforms in order to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience in using the websites and platforms; to improve layout, and contents of the websites and platforms; 9) Information technology management: For business management purposes including IT operation system management, communication system management, IT security system and IT security audit, internal business management according to internal compliance requirements, policies, and procedures; 10) Compliance with regulations and obligations: To comply with legal regulations, legal proceedings, or government authorities' orders which shall include orders of government authorities outside Thailand, and/or cooperate with courts, regulators, government authorities, and law enforcement agencies when we have a reasonable belief that we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal regulations, legal proceedings, or government orders. This includes provision and handling of VAT refund service; issuance of tax invoices or full tax forms; communication recording and monitoring; disclosures to the competent authorities responsible for tax collection, financial service regulators, and other regulatory and governmental bodies; and for crime investigation or prevention; 11) Protection of our interests: To protect the security and integrity of the Company’s business; to exercise the rights or protect our interest where it is necessary and lawful to do so, e.g., to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss to our assets and properties; to secure the compliance of our terms and conditions; to detect and prevent misconduct within our organization which shall include the use of CCTV; to closely monitor incidents; to prevent and report criminal offences; and to protect the security and integrity of our business; 12) Corruption detection: To verify your identity and to conduct legal and other regulatory compliance checks (e.g., to comply with anti-money laundering and anti-corruption laws). This includes conducting sanction list checking, internal audits and records, asset management, system, and other business controls; 13) Corporate transaction: In the event of sale, transfer, merger, reorganization, or other similar events, we may transfer your Personal Data to one or more third parties as part of such transaction; 14) Risks: To perform risk management, performance audit, and risk assessments; and/or 15) Life: To prevent or suppress danger to a person’s life, body, or health. If you fail to provide your Personal Data when being requested, we may not be able to offer or provide our products and services to you.

3. To whom we may disclose or transfer your Personal Data We may disclose or transfer your Personal Data to the below third parties who collect, use and disclose Personal Data in accordance with the purposes under this Privacy Policy. These third parties may be located in Thailand and areas outside Thailand. You can visit their privacy policies to learn more details on how they collect, use, or disclose your Personal Data as you are also subject to their privacy policies. 3.1 Neo Factory Co., Ltd. As Neo Factory Co., Ltd. is part of Neo Corporate Public Company Limited and there will be collaboration and sharing between the companies of their services, products and systems for their customers including website-related platforms and other systems; therefore, it may be necessary for the Company to disclose or transfer your Personal Data to, or otherwise allow access to such Personal Data by other companies within Neo group for the purposes set out in this Privacy Policy. Please see the company list and the scope of internal activities within the data ecosystem of Neo group. 3.2 Our service providers We may engage other companies, agents, or contractors to perform services on our behalf or to facilitate the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers, including but not limited to: (1) developers of infrastructure, internet, technical infrastructure, software and websites, and IT service providers; (2) warehouse and logistic service providers; (3) payment service providers; (4) research agencies; (5) analytics service providers; (6) survey agencies; (7) auditors; (8) marketing, advertising media, and communications agencies; (9) call center; (10) campaign and event organizers; (11) sale representative agencies; (12) telecommunications and communication service providers; (13) payment, payment system, authentication, and dip chip service providers and agents; (14) outsourced administrative service providers; (15) data storage and cloud service providers; (16) verifying and data checking (Netbay and Department of Provincial Administration) service providers; (17) dispatchers; and/or (18) printing service providers. In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your information for any other purposes. 3.3 Our business partners We may transfer your Personal Data to our business partners in the businesses of banking, finance, providing credit or loan, asset management, investment, insurance, credit cards, telecommunications, marketing, retailing, e-commerce, warehouse and logistics, wellness, lifestyle products and services, spa and fitness, reward and loyalty program, and data analytics, including seller or provider platforms which we may jointly offer products or services, or whose products or services may be offered to you. Data shared by this way will be governed by the third party’s privacy policy and not this Privacy Policy. 3.4 Social networking sites We allow you to login on our sites and platforms without filling out a form. If you log in via the social network login system, you explicitly consent us to access and store public data on your social network accounts (e.g., Facebook, Google, or Instagram), including other data appeared during the use of such social network login system. Additionally, we may also send your email address to social networks in order to identify whether you are the user of the relevant social networks and in order to post personalized and relevant advertisement on your social network accounts as appropriate. We also cooperate with other third parties in order to allow you to apply for their services or participate in their promotions. For example, certain companies would allow you to use your loyalty program number or online services login to receive or register for their services. Additionally, you may connect your social network account to your online services account or log into your online services account from your social network account. When you apply for those services, we will share your Personal Data to those third parties. If you do not wish to share your Personal Data in this way, do not provide your loyalty program number or reward program number to the third parties, do not use your online services account to register for receiving third-parties’ promotions, and do not connect your online services account with accounts on third-party services. Data shared by this way will be governed by the third party’s privacy policy and not this Privacy Policy. 3.5 Third parties specified by law In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with legal or regulatory obligations. This includes any law enforcement agencies, courts, regulators, government authorities or other third parties in the case that believe it is necessary to comply with legal or regulatory obligations, or to protect our rights, the rights of any third party or individuals’ personal safety, or to detect and prevent, or to handle fraud, security, or safety issues. 3.6 Advisors Advisors shall include lawyers, technicians and auditors who assist in operating business, taking legal actions, or handling any legal claims. 3.7 Associations and organizations We may transfer your Personal Data to other member associations, e.g., Thailand E-Payment Association (TEPA), Electronic Transactions Development Agency (ETDA), the Association of Confederation of Consumer Organization (ACCOT), Foundation for consumers, the Thai Chamber of Commerce, Thai E-Commerce Association, Thai Retailers Association, Thai Shopping Center Association, or the Ratchaprasong Intersection Group. 3.8 Assignees of right and/or obligations Third parties as our assignee in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of our business, assets or stock, or similar transaction, whether in whole or in part; shall comply with this Privacy Policy to respect your Personal Data.

4. International transfers of your Personal Data We may disclose or transfer your Personal Data to third parties or servers located overseas, which the destination countries may or may not have the same equivalent level of protection for Personal Data protection standards. We will take steps and measures to ensure that your Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards or other requirements as required by law. We will request your consent for internationals transfer of your Personal Data where consent is required by law.

5. Retention period of your Personal Data We will retain your personal data for as long as is reasonably necessary to fulfil the purpose for which we obtained it, and to comply with our legal and regulatory obligations. However, we may have to retain your personal data for a longer duration, as required by applicable law.

6. Security of your Personal Data The Company is aware of the importance of maintaining the security of your Personal Data. Therefore, the Company puts a great effort in protecting your information by establishing appropriate security measures for your Personal Data which are in accordance with the confidentiality safeguard of Personal Data in order to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure. The Company will ensure that the methods of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of the Company.

7. Cookies and how they are used If you visit our websites, we will gather certain information automatically from you by using cookies. Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise the site would not be able to function properly. Other cookies allow us to enhance your browsing experience, customize contents to your preferences, and make your interactions with the website more convenient as they remember your username (in a secure way) as well as your language preferences. Most Internet browsers allow you to control whether or not to accept cookies. If you reject, remove, or block the cookies, your user experience may be affected. Without cookies, your ability to use some or all of the features or areas of our websites may be limited. Moreover, some third parties may issue cookies through our websites to serve advertisements that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visited when you leave our websites. Information gathered through these automated media may be associated with the Personal Data you have previously provided on our websites.

8. Your rights as a data subject Subject to the applicable laws and exceptions thereof, you may have the following rights: • Right of access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you; • Right of rectification: You may have the right to request for rectification of any incomplete, inaccurate, misleading, or not up to date your Personal Data that we collect, use, or disclose; • Right to data portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us; and (b) if we are collecting, using, or disclosing such data on the basis of your consent or to perform a contract with you; • Right of objection: You may have the right to object to certain collection, use, or disclosure of your Personal Data, e.g., objecting to direct marketing; • Right to suspension: You may have the right to suspend the use of your Personal Data in certain circumstances; • Right of withdrawal: For the purposes you have consented to our collecting, using, or disclosing of your Personal Data, you have the right to withdraw your consent at any time; • Right to deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use, or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims; • Right to lodge a complaint: You may have the right to lodge a complaint to the competent authorities where you believe our collection, use, or disclosure of your Personal Data is unlawful or noncompliant with the applicable data protection law

9. Our contact details If you wish to contact us to exercise the rights in relation to your Personal Data or if you have any queries regarding your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer

For the best experience, we recommend viewing the site in portrait orientation on mobile devices.