1. Preface
SASOM Co., Ltd. (“SASOM”, “we”, “our”, or “us”) recognizes the critical importance of protecting your Personal Data. This Privacy Policy provides a comprehensive explanation of how SASOM collects, uses, discloses, stores, and protects your Personal Data when you access or use sasom.co.th, the SASOM mobile application, and any associated services, including our Interactive Features, video/image feeds, gamification modules, and User-Generated Content functionalities (collectively, the “Services”).
By registering an account, accessing the SASOM platform, or utilizing any of our Services, you acknowledge and agree to the terms of this Privacy Policy and explicitly consent to the collection, use, and disclosure of your Personal Data in accordance with the Personal Data Protection Act B.E. 2562 (2019) of Thailand (“PDPA”). We strictly limit the retention of your Personal Data to the period required by applicable law and as necessary to fulfill the operational purposes described herein.
2. Definitions
- “Personal Data” means any information relating to an identifiable natural person.
- “Data Controller” means the person or entity possessing the legal authority to make decisions regarding Personal Data collection, use, and disclosure. SASOM acts as the Data Controller.
- “Data Processor” means any third party legally engaged to process Personal Data on behalf of SASOM.
3. Scope of Collection
3.1 Methods of Collection SASOM collects
Personal Data through your direct interactions with the Platform, including when you register an account, log in using third-party integrations (e.g., Facebook, Google, Apple), submit shipping details, or communicate with customer support. Collection also occurs automatically when you use third-party payment or logistics services connected to SASOM, interact with the Platform, or participate in surveys. Furthermore, we collect data when you:
- Participate in real-time broadcasting or interactive sessions as a host or viewer, including commenting or purchasing during a live stream.
- Create or interact with public-facing user spaces, including following other Users, posting content, or engaging with user-generated materials.
- Submit product reviews, ratings, or related platform feedback.
- Upload, post, or consume media within continuous video and image feeds.
- Participate in gamification features, interactive platform challenges, or reward systems.
3.2 Categories of Personal Data Collected
To facilitate our Services, SASOM may collect and process the following categories of Personal Data:
- Identity and Contact Data: Name, surname, title, date of birth, gender, email, phone number, and applicable identification documents.
- Financial and Transactional Data: Shipping and billing addresses, bank account/e-wallet/PayPal information for payouts, and transaction history. Payments are processed through third-party gateways (e.g., Omise, Stripe, Atome, TrueMoney); SASOM strictly does not store credit card numbers or CVV details.
- Technical and Usage Data: IP addresses, device identifiers, cookie data, session duration, browsing history, preferences, device OS, and hardware identifiers.
- Location Data: Precise or approximate geolocation collected from your device to facilitate product delivery, route planning, and verification of delivery locations.
- User-Generated Public Data: Photographs, user-uploaded video and image feeds, product reviews, ratings, biographies, user-generated posts, engagement across posts and broadcasts, upcoming interactive sessions, affiliate products, and follower/following relationships.
- Gamification and Reward Data: Platform activity metrics, accumulated points, badges, challenge participation records, tier statuses, and reward redemption history.
- Audio-Visual Data: Video and audio data captured during real-time broadcasts in which you appear as a host or are incidentally visible, which constitutes Personal Data to the extent it is identifiable.
- Engagement Data: Interaction metrics from Interactive Features, including viewing duration, comments, shares, and purchase behavior during live sessions.
3.3 Sensitive Personal Data
SASOM generally does not collect sensitive personal data (e.g., biometric data, religion, ethnicity, health data) unless expressly required by law or obtained via your explicit consent.
4. Purpose of Processing
SASOM relies on lawful bases to process your Personal Data for the following integrated purposes:
- Service Operations & Delivery: To verify identities, create accounts, process orders, execute transactions, coordinate logistics, and process payments. This includes operating Interactive Features, administering gamified reward systems, curating video/image feeds, and managing public-facing functionalities such as user review boards.
- Platform Enhancements & Personalization: To conduct usage analytics, troubleshoot bugs, and optimize our Services. We utilize engagement data from Interactive Features, user-generated content, and gamification activities to personalize content recommendations, curate tailored video/image feeds, and deliver product suggestions specific to your interests.
- Customer Engagement & Marketing: To provide customer support, handle disputes, and deliver targeted advertising, including retargeting ads, SMS, and email communications. Where Users have not opted out, this includes promoting SASOM's services by featuring user-generated content and broadcast highlights across our marketing channels.
- Security, Compliance, and Legal Enforcement: To prevent fraud, monitor compliance during live transactions, enforce our User Agreement, and comply with Thai laws and lawful governmental requests. Real-time broadcast recordings are explicitly stored for replay, dispute resolution, and compliance review, subject to applicable law.
5. Disclosure of Personal Data
SASOM explicitly does not sell your Personal Data. We may disclose your data exclusively to the following categories of recipients:
- Service Providers: Logistics partners for delivery, payment processors for financial settlement, and professional advisors such as auditors and legal counsel.
- Technology & Cloud Partners: We share data, including real-time broadcast recordings, with content delivery and cloud infrastructure partners to host the Platform and stream replay content under strict data processing agreements.
- Marketing Partners: Analytics and advertising networks, such as Google Analytics, Meta Platforms, and TikTok Ads. When SASOM promotes user-generated content via social media, relevant data is shared in accordance with those platforms' respective privacy policies.
- The Public (Platform Users): User-generated data that you elect to make publicly visible on the Platform may be accessible to registered and non-registered visitors. SASOM legally disclaims responsibility for how third parties utilize publicly available content.
- Government Authorities: Where legally mandated by applicable law or a lawful court order.
6. Cross-Border Data Transfers
SASOM may transfer Personal Data to international third parties, including overseas cloud providers such as Amazon Web Services (AWS), Google Cloud, Cloudflare, and Meta Platforms. We mandate appropriate legal safeguards for these transfers, including Binding Corporate Rules, Standard Contractual Clauses, and PDPA-compliant contractual protections.
7. Cookies and Tracking Technologies
We utilize cookies, pixels, SDKs, and similar tracking mechanisms to ensure platform security, improve functionality, and measure marketing effectiveness. You may manage these preferences via your browser settings, though disabling cookies may affect certain platform features.
8. Data Retention Schedule
SASOM retains your Personal Data based on the following legally defined schedules:
- Transaction Records: Retained for 10 years to satisfy tax and accounting laws.
- User Account Information: Retained until formal account deletion.
- User-Generated Public Content: Product reviews, media uploaded to video/image feeds, and other public posts are retained for the duration of the User’s Account, and for up to 1 year following Account deletion, after which it will be permanently deleted unless retention is required by law.
- Gamification Data: Points, badges, tier statuses, and interactive challenge records are retained for the duration of the User's Account to maintain reward balances and platform standing, and are securely deleted or anonymized upon formal account termination.
- Broadcast Recordings: Retained for the duration of the User’s Account, and for up to 1 year following Account deletion, for replay functionality and dispute resolution purposes, unless legal proceedings necessitate extended retention.
- Engagement Data: Retained for the duration of the User’s Account, and for up to 1 year following Account deletion, for analytics and service improvement.
- Device Logs: Retained for the duration of the User’s Account, and for up to 1 year following Account deletion.
9. Information Security
SASOM deploys robust administrative, technical, and physical security measures across all platform features, including Interactive Features and user-generated content. These protocols include data encryption, secure cloud infrastructure, strict access controls, comprehensive audit logging, and advanced firewall/DDoS protections. You retain the legal responsibility to safeguard your account credentials.
10. Your Statutory Rights Under the PDPA
Access, Rectification, Data Portability, Objection, Restriction of Processing, Erasure, and Withdrawal of Consent, as well as the right to lodge formal complaints with the Personal Data Protection Committee (PDPC) of Thailand.
Specific to Interactive Features: Users who have appeared in a real-time broadcast recording may request the erasure of their Personal Data from such recordings by contacting support@sasom.co.th. SASOM will adjudicate such requests under the PDPA, noting that compliance may be limited if the recording cannot be practically edited or if legal retention requirements supersede the request.
11. Protection of Minors
SASOM explicitly does not knowingly collect Personal Data - including participation in Interactive Features or the creation of public-facing user spaces - from individuals under the age of 18 without verifiable parental consent.
12. Contact Information
If you wish to exercise your rights or have any privacy-related inquiries, you may contact our designated Data Protection Contact (or official Data Protection Officer, if appointed) at: SASOM Co., Ltd. Email: support@sasom.co.th.
SASOM reserves the right to amend this Privacy Policy from time to time. Changes will be announced through website updates, app notifications, or other communication channels