Rabbit Care (which refers to Rabbit Care Co., Ltd., Rabbit Care Broker Co., Ltd., and Ask Direct Group Co., Ltd.) (the “Company”, “we”, “us”, or “our”) recognizes the importance of the protection of Personal Data for our former customers, existing customers, and potential customers or retail merchants of our products and services, including any other relevant persons (e.g., complainants). We follow security procedures when collecting, using, disclosing and/ or transferring of your Personal Data (as defined in the below Section named “WHAT PERSONAL DATA WE COLLECT”) to foreign countries outside of Thailand. The information you shared with us allows us, including the Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company (as defined in the below Section named “TO WHOM WE MAY DISCLOSE OR CROSS-BOARDER TRANSFER PERSONAL DATA”), affiliates and subsidiaries and our service providers and business partners, to provide the products and services which sastisfied with your needs, while giving you the very best personalized experience and customer services.
1. WHAT PERSONAL DATA WE COLLECT
We may collect your Personal Data directly or indirectly from other sources including Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, our service providers, and our business partners who are third parties. The specific type of data collected will depend on the context of your interactions with us, and the services or products you need or want from us. The following are example of Personal Data that may be collected:
Personal details, such as title, name, surname, gender, age, occupation, job title, position, business type, nationality, date of birth, marital status, marriage certificate, number of family members and child, information on government-issued documents (e.g., national identification card, passport, driver's license, house registration, work permit, tax identification card, student identity card), signature, voice, voice record, picture, photo, photograph, VDO records, video clip, educational backgrounds, workplace, electronic know-your-customer information (e-KYC), income tier, and income/salary/bonus, salary statement, weight and height, CCTV records, license plate details, driving license picture, car registration picture, vehicle details (e.g. vehicle identification number and vehicle plate number), policy photocopy, relationship to the policyholder or claimant person, insurance policy, and electronic insurance policy;
Contact details, such as postal address, delivery details, house registration address, residential address as specified on the national identification card, billing details, phone number, mobile phone number, business phone number, fax number, email address, business email, LINE ID, Facebook account, Google account, Twitter account, and other account-related to the social networking sites;
Account details, such as credit/debit card holder number, credit/debit card information, bank account details, member ID, customer ID, member type, customer type, Rabbit Card number, Rabbit Line Pay ID, customer credit score, any related service and product applications (e.g., service registration form, financial or insurance application), joined month and payment details, and copy of bank account/ bank book;
Transaction details, such as any information necessitate for loan application, loan information and agreement, information related to loan activities, loan repayment and default payment, debt restructuring information, payment information, card usage and transaction data (such as Rabbit Card usage/ transaction data and records, Rabbit Rewards point transaction data, lead and customer data of Rabbit Care (as defined in the below Section named “TO WHOM WE MAY DISCLOSE OR CROSS-BOARDER TRANSFER PERSONAL DATA”), campaign response data, payment slip details about refund, refund amount, points, and date and location of purchase, purchase/order number, appointment date for service, complaints and claims, incident report, information regarding the legal actions taken, contract details, insurance policy details, transaction, transaction history, location, transaction status, past sales transaction, prediction data (e.g., loan prediction score, credit scoring), and purchasing behaviour and other details of products and services purchased;
Technical details, such as Internet Protocol Address(IP Address), Web Beacon, log, devicetype, hardware-based identifiers such as Universal Device Identifier (UDID) or Mac Address, software-based identifier such as identifier for advertisers for iOS operation system (IDFA), or identifier for advertisers for Andriod operation system (AAID), network, connection details, access details, single sign-on (SSO), login log, access time, time spent on page, cookies, login data, search history, browsing detail, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices used to access the platform;
Behaviour details, such as information about purchasing behavior and data supplied through the use of products and services, such as location, train station and train exit usually used;
Services details, such as information regarding the use of service providers (e.g., various types of insurance services), information of a complaint/incident and/or any legal actions taken, information relating to the incident such as the date and time of incident, the date which was reported, location where the incident occurred, the damage found; details of incident vehicle (e.g., description, plate number, brand and color); insurance details (e.g., notification number, claim number, insurance policy number, a copy of evidence of claim); information relating to police blotter and reports at the police station, daily report and a copy of evidence of the daily report record, condition of the disputant after the incident occurred (e.g., appointment date to settle the damages, method to pay the damages); information relating to the lost/found belongings (e.g., the date, time and location found/lost, details of the belonging (e.g., the date, time, location lost, the receipt date, registration number, and any other information depending on the type of complaint);information relating to the property (e.g., the location of the property, details of the property lost, property value and other details relating to the property);
Relationship management details, such as information about service complaints and resolutions, information about management, operation, payment, dispute resolution, processing and reporting on behalf of the customer, such Personal Data may also include communication records with us;
Profile details, such as username and password, profile, purchase, historical order, past order, purchase history, items bought, item quantity, orders or product recalls made, orders via websites, order ID, financial records, PIN, interests, preference, suggestions and survey responses data, satisfaction survey, social media engagement, participation details, loyalty programs, use of discount codes and promotions, customer order description, customer service, attendance to trade exhibitions and event, and insurance policy details;
Usage details, such as information of user behavior for utilising the websites, platforms, products and services, Q&A record;
Marketing and communication details, such as preference information in receiving marketing from us, Companies under Rabbit's Data Ecosystem, the BTS group’s Company, affiliates and subsidiaries, third parties, our service provider, our business partners and communication preferences;
Sensitive Personal Data, such as sensitive personal data as shown in the government-issued cards (e.g., religion on national identification card, race on passport); sensitive personal data from complaints and claims, incident report, and legal proceeding (to receive the complaints and resolve the issues); sensitive personal data from insurance related products or services (e.g., religion, health data, criminal records, disability); biometric data (e.g. finger scan and facial recognition); and health data.
In addition, your Personal Data may be collected from our business partners in case you purchase
a product or services from one of our business partners through our website or other channels. Your Personal Data related to the product or services you have purchased will be sent to us for the purposes of sale tracking and service improvement.
We do not intentionally collect your sensitive personal data (Sensitive Data). However, in case that we do, we will only collect, use, and/or disclose Sensitive Data on the basis of your explicit consent or where permitted by law.
We only collect the Personal Data of children, quasi-incompetent person and incompetent person where their parent or guardian has given their consent. We do not knowingly collect Personal Data from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent person and incompetent person without their legal guardian's consent. In the event that we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required or from quasi-incompetent person and incompetent person without their legal guardians, we will delete it immediately, unless we are eligible for relying on other legal basis apart from consent.
2. WHY WE COLLECT, USE AND/OR DISCLOSE PERSONAL DATA
We may collect, use and/or disclose Personal Data for the following purposes:
2.1 THE PURPOSE OF WHICH WE RELY ON CONSENT
We rely on consent for the collection, use, and/or disclosure of Personal Data by us, Companies under Rabbit’s Data Ecosystem, the BTS group’s Company, including affiliates, subsidiaries, and our selected business partners for the following purposes:
Marketing and Communications: To provide marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications, both online and offline channels, about our products and services, Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, and our service providers and business partners which we cannot rely on other legal bases. Your Sensitive Data will also be collected to analyze and conduct personalized marketing;
Data Analytics Services: To conduct data analytics services;
For Other Businesses: To conduct other businesses, which are digital marketing, banking and financial, reward and loyalty programs, credit scoring, loans, insurance, telecommunications, asset management, investment, retail, e-commerce, including their related products and services; and/or
Sensitive data, such as:
4.1 Sensitive data as shown in the government-issued cards (e.g., religion on national identification card): To authenticate and verify your identity;
4.2 Sensitive data from insurance related products or services (e.g., religion, health data, criminal records, disability): To register and enable you to use our insurance related products or services;
4.3 Biometric data (e.g., fingerprint scanning and facial recognition): To perform e-KYC process to the customer; and
4.4 Health data: To carry out financial transaction and service related to the payments (e.g., reimbursement).
2.2 THE PURPOSE THAT WE MAY RELY ON OTHER LEGAL GROUNDS FOR COLLECTION, USE, AND/OR DISCLOSURE OF PERSONAL DATA
We may also rely on (1) contractual basis, for our initiation or fulfilment of a contract with you; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties. We will balance the legitimate interest pursued by us and any relevant third party with your interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health; and/or (5) public interest, for the performance of a task carried out in the public interest or for the exercising of official authorities required by laws or other legal grounds permitted under applicable data protection law as the case may be. Depending on the context of the interactions with us, we may collect, use and/ or disclose Personal Data for the following purposes:
To provide products and services: such as, to register and enable the use of our products or services, including, but not limited to, for registration of Rabbit Card via online channels or Rabbit Kiosk, for membership of Rabbit Rewards, or for retails/ merchants registration; to enable the use of our websites, mobile applications, and platforms (e.g., to register to Rabbit Care channels, or to top-up Rabbit Card); to provide a free and instant fee quotation and pricing of our products and services; to provide a price comparison of, including, but not limited to, financial and/or insurance related products or services of business partners; to deliver the request of products or services and relevant information to those business partners for approval or underwriting purposes; to deliver/ receive contractual documents; to send annual insurance renewal quotes based on information previously provided when you made a request for insurance premium quotation; to process a request for service application or benefits in connection with Rabbit Card, Rabbit Rewards, or Rabbit Care; to enter into a contract and manage our contractual relationship; to support and perform other activities related to such services or products; to sell our products or services via online and offline channels; to deliver or ship the Rabbit Card or other products via online sale; to provide bulk sales of our products or services to our corporate customers; to lease the retails space on BTS stations; to provide our online media performance and digital marketing service; to process transaction with our business partners; to complete and manage bookings and to carry out financial transaction and service related to the payments including transaction check and verification and cancellation; to process orders, delivery, suspension, replacement, reimbursement, refund and exchange of products or services; to protect remaining balance when the Rabbit Card is lost or stolen; and to provide customer service operation, including call center;
To provide marketing communications: such as, to provide marketing communications, information, special offers, promotional materials, tele-marketing, privilege, advertisement, newsletter, and any marketing and communications, both online and offline channels, about products and services from us, Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, and business partners to the extent that you can reasonably expect;
To offer promotions, special offers, loyalty programs, reward programs, prize draws, competitions and other offers/promotions: such as, to allow the participation in promotions, promotional campaign, special offers, promotional offer, loyalty programs, co-registration program with our business partners, sweepstakes, privilege, prize draws, competitions participation, and other offers/promotions (e.g., to send reminder emails), events and seminars. This includes to process and administer account registration, gift registration, event registration; to process points collection, addition, exchange, earning, redemption, and transfer of points; to examine entire user history, both online and offline; and to provide and issue gift voucher, gift cards and invoices;
To contact and communicate: such as, to provide information, marketing communications, campaign, advertisement, required notices, special offers, benefits, and promotional materials of our products or services; to send you news, electronic newsletters, marketing messages and information about the products, services, brands, and other operations;
To manage our relationship: such as, to communicate in relation to the products and services obtained from us, Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, and from our service providers and business partners; to handle customer service, call center and/or hotline-related queries, request, feedback, complains, claims, disputes or indemnity; to provide technical assistance and deal with technical issues; to process and update information; and to facilitate the use of the products and services;
To conduct data cleansing, profiling and analytics: such as, to measure the engagement with the products and services; to undertake data cleansing and matching, data profiling and data analytics; to conduct market research, surveys, assessment, behaviour, statistics and segmentation, consumption trends and patterns; to know our customers better and understand the characteristics of our customers; to improve business performance; to better adapt our content to the identified preferences of our customers; to determine the effectiveness of our promotional campaigns; to identify and resolve of issues with existing products and services; to enhance the qualitative information development; to establish whether a relationship with the selected business partners already exists; and to provide the lead generation service to our business partners via Facebook or co-registration pages or any other social media or messenger platforms;
To select and provides products or services that are likely to be of individual's interest and tailored to individual's needs : such as, to use the result from data cleansing and matching, data profiling and data analytics to recommend products and services that might be of interest to individual from us, Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, and our service providers and business partners; to identify individual's preferences, and personalize the experience; and to develop future editorial content targeted to meet individual's interests to the extent where each individual can reasonably expect;
To improve business operation, products and services: such as, to evaluate, develop, manage, improve existing and design new services, products, system and business operation for all of our customers, including but not limited to, customers of Companies under Rabbit’s Data Ecosystem, the BTS group' s Company, affiliates and subsidiaries, and our service providers and business partners; to track and follow-up with sale transactions (sale tracking) for our service improvement; to identify and resolve issues; to create aggregated and anonymized reports and measure the performance of our physical products, digital properties, and marketing campaigns; and to manage, operate and maintain our payment systems. We may monitor and/or record phone call to train our staff and improve our services;
To learn more: such as, to learn more about the products and services received from us, Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, including our service providers and business partners and other products and services that individual may be interested in receiving, including profiling based on the processing of Personal Data, for instance by looking at the types of products and services that was used, or how the individual likes to be contacted and so on;
To ensure the function of our websites, mobile applications, and platforms: such as, to administer, operate, track, monitor and manage our websites, mobile applications, and platforms to facilitate and ensure that they function properly, efficiently and securely; to facilitate and enhance users experience on our websites, mobile applications, and platforms; and improve layout and content of our websites, mobile applications, and platforms;
To manage IT system: such as, for our own business management purpose including for our IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies and procedures; and to update our database;
To protect our interests: such as, to protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to produce report relating our products and services to Companies under Rabbit’s Data Ecosystem, the BTS group’ s Company, affiliates and subsidiaries, and our service providers and business partners; to detect and prevent misconduct within our premises; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
To detect, suppress, and prevent fraud/ illegal actions: such as, for authentication and identify verification, and to conduct legal and other regulatory compliance checks (e.g., to comply with e-payment business, financial, insurance, and anti-money laundering related laws and regulations, to perform Know-Your-Customer (KYC) process or e-KYC process; and to prevent fraud and detected suspicious transactions). This includes to perform sanction list checking, internal audits and records, asset management, system and other business controls;
To transfer in the event of merger: such as, sale, transfer, merger, reorganization or other similar event. We may transfer Personal Data to one or more third parties as part of that transaction;
Risks: such as, to perform risk management, audit performance and risk assessments; to conduct credit checks and customer financial due diligence; and/or
Life: such as, to prevent or suppress a danger to a person’s life, body or health.
Where the Personal Data we collect from you is needed to meet our legal or regulatory obligations or enter into an agreement with you, if you do not provide your Personal Data when requested, we may not be able to provide (or continue to provide) our products and services to you.
3. TO WHOM WE MAY DISCLOSE OR CROSS-BOARDER TRANSFER PERSONAL DATA
3.1 Companies under Rabbit’s Data Ecosystem
- “Rabbit’s Data Ecosystem” refers to a group of companies whose names are listed in this link;
- “Rabbit Care” refers to Rabbit Care Co., Ltd., Rabbit Care Broker Co., Ltd., and Ask Direct Group Co., Ltd. which are also part of Rabbit’s Data Ecosystem; and
- “Companies under BTS Group” refers to a group of companies whose names are listed in this link List of companies under BTS group | Rabbit Care
In limited circumstances, as Rabbit Care is part of Companies under Rabbit’s Data Ecosystem and Companies under BTS Group which all collaborate and partially share customer services and systems, including website-related services and systems, we may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by Companies under Rabbit’s Data Ecosystem, Companies under BTS Group, and their affiliates and subsidiaries, for the purposes set out above. Companies under Rabbit’s Data Ecosystem, Companies under BTS Group, and affiliates and subsidiaries will rely on the consent obtained by us to use your Personal Data.
3.2 Our service providers
We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services. We may share Personal Data including but not limited to (1) infrastructure, software and website developer and IT service providers; (2) warehouse and logistic service providers; (3) data storage and cloud service providers; (4) data cleansing and matching, data profiling, and data analytics service providers; (5) marketing, advertising media and communications service providers; (6) research agencies; (7) survey agencies; (8) campaign and event organizers; (9) tele-sale service providers; (10) call center service providers; (11) payment, payment system, authentication service providers; (12) outsourced administrative service providers; (13) telecommunications and communication service providers; (14) licensed credit-referencing agencies; (15) telemedicine service providers; and/or (16) transportation system service providers.
In the course of providing such services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your Personal Data for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
3.3 Our business partners
Business Partner” refers to a group of companies whose names are listed in this link
3.4 Social networking sites
We allow you to login on our sites and platforms without the need to fill out a form. If you log in using the social network login system, you explicitly authorize to access and store public data on your social network accounts (e.g. Facebook, Google, Instagram), as well as other data mentioned during use of such social network login system. In addition, we may also communicate your email address to social networks in order to identify whether you are already a user of the concerned social network and in order to post personalized, relevant adverts on your social network account if appropriate.
3.5 Third parties permitted by law
In certain circumstances, we may be required to disclose or share Personal Data in order to comply with a legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority, embassy, consulate, or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety; or to detect, prevent, or otherwise address fraud, security or safety issues (e.g., Anti-Money Laundering Office (AMLO), Bank of Thailand (BOT), Office of Insurance Commission (OIC) and Revenue Department).
3.6 Professional advisors
We may disclose Personal Data to our expert advisors including, but not limited to, (1) independent advisors, project advisors, financial advisors; (2) legal advisors who involve in assisting us in our business operations and provide litigation services such as defending or initiating legal actions; and/or (3) auditors who provide accounting services or conduct financial audit for the Company.
3.7 Other third parties related to insurance products or services
3.8 Third parties connected with business transfer
3.9 Other third parties
4. INTERNATIONAL TRANSFERS OF PERSONAL DATA
We may disclose or transfer Personal Data to third parties or servers or service providers located overseas, which the destination countries may or may not have the same data protection standards. We take steps and measures to ensure that your Personal Data is securely transferred and stored in accordance with the security measures, that the receiving parties has in place suitable Personal Data protection standard and that the transfer of such Personal Data is lawful by relying on the derogations permitted under the law.
5. HOW LONG DO WE KEEP PERSONAL DATA
We retain Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained them and to comply with our legal and regulatory obligations. However, we may have to retain Personal Data for a longer duration, as required by applicable law.
6. COOKIES AND HOW THEY ARE USED
If you visit our websites, we will gather certain information automatically from you by using tracking tools and cookies (including, but not limited to, Google Tag Manager, Google Analytics, Hotjar, Matomo, Zendesk, Facebook Pixel Analytics, Facebook Ad Manager, and Google Cloud). Cookies are tracking technologies which are used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some of the cookies are necessary because otherwise the site is unable to function properly. Other cookies are convenient for the visitors and they remember your username in a secure way as well as your language preferences.
Most internet browsers allow you to control whether or not to accept cookies. If you reject cookies, your ability to use some or all of the features or areas of our websites may be limited. Please see Cookies Policy | Rabbit Care for more details.
7. DATA SECURITY
As a way to protect personal privacy, we maintain appropriate security measures, which includes administrative, technical and physical safeguards in relation to access control, to protect the confidentiality, integrity, and availability of Personal Data against any accidental or unlawful or unauthorized loss, alteration, correction, use, disclosure or access, in compliance with the applicable laws.
In particular, we have implemented access control measures which are secured and suitable for our collection, use, and disclosure of Personal Data. We restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user, access management to limit access to Personal Data to only authorized person, and implement user responsibilities to prevent unauthorized access, disclosure, perception, unlawful duplication of Personal Data or theft of device used to store and process Personal Data;. This also includes methods that enabling the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of collecting, using and/or disclosing of Personal Data.
8. RIGHTS AS A DATA SUBJECT
Subject to applicable laws and exceptions thereof, you may have the following rights to:
Access: You may have the right to access or request a copy of your Personal Data we are collecting, using and/or disclosing. For the privacy and security of Personal Data, we may require proof of your identity before providing the requested Personal Data;
Rectification: You may have the right to have incomplete, inaccurate, misleading, or or not up to date Personal Data that we collect, use and/or disclose rectified;
Data Portability: You may have the right to obtain your Personal Data we hold, in a structured, electronic format, and the right to request to transmit such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are collecting, using and/or disclosing that data on the basis of your consent or to perform a contract with you;
Objection: You may have the right to object to certain collection, use, and/or disclosure of Personal Data such as objecting to direct marketing;
Restriction: You may have the right to restrict our use of your Personal Data where you believe such Personal Data to be inaccurate considering that our collection, use and/or disclosure is unlawful, or that we no longer need such Personal Data for a particular purpose;
Withdraw Consent: For the purposes you have consented to our collection, use and/or disclosure of your Personal Data, you may have the right to withdraw consent at any time;
Deletion: You may have the right to request that we delete, destroy, or de-identity your Personal Data that we collect, use, and/or disclose, except we are not obligated to do so if we need to retain such Personal Data in order to comply with a legal obligation or to establish, exercise or defend legal claims; and
Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use, and/or disclosure of your Personal Data is unlawful or non-compliance with applicable data protection law.
9. SEVERAL LIABILITY
10. OUR CONTACT DETAIL
- Rabbit Care (which refers to Rabbit Care Co., Ltd., Rabbit Care Broker Co., Ltd., and Ask Direct Group Co., Ltd.)
- Q. House Lumpini Building, 29th Floor, South Sathorn Road, Thungmahamek, Sathorn, Bangkok 10120
- Email [email protected] or Tel. 02-022-4791
- Data Protection Officer (DPO)
- Q. House Lumpini Building, 29th Floor, South Sathorn Road, Thungmahamek, Sathorn, Bangkok 10120
- Email [email protected] or Tel. 084-021-9999