Vendor Privacy PolicyData Wow Co., Ltd.
(the “Company”, “Data Wow”, “we”, “our”, “us”) recognizes the importance of the protection of your personal data as a vendor and prospective vendors of the Company. This Vendor Privacy Policy explains our practices regarding the collection, use or disclosure of personal data including other rights of the Data Subjects in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Laws”).
(the “Company”, “Data Wow”, “we”, “our”, “us”) recognizes the importance of the protection of your personal data as a vendor and prospective vendors of the Company. This Vendor Privacy Policy explains our practices regarding the collection, use or disclosure of personal data including other rights of the Data Subjects in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Laws”).
Sources of Personal Data
We collect your personal data that receive directly from you, including, without limitation;
We may collect your personal data that we can access from other sources which are not directly from you such as search engines, social media, public websites, other company’s websites, government authorities, third parties, reference persons, etc.
- Vendor application form
- Supportive documents for contract execution
- Submission of information via the Company’s website
- Contact via telephone
- Contact via email
We may collect your personal data that we can access from other sources which are not directly from you such as search engines, social media, public websites, other company’s websites, government authorities, third parties, reference persons, etc.
Type of Data Collected
The primary reason we process your personal data is to approve, manage, administer or effect an agreement between Data Wow and the company you represent or work for. In this respect, we use your personal data, i.e., to organize our sourcing activities, issue purchase orders, process payments, perform accounting, manage our contract, review the services or products you supply us with and other relevant activities.
In addition, we process personal data to meet our legal obligations (such as record keeping obligations, screening duties of board members), as well as to manage our risks and operations (e.g. prevent and detect security threats, exercise or defend legal claims).
The personal data we collect from you is any information that can be used to personally identify you, either directly or indirectly, including but not limited to the following information;
We may collect, use or disclose your sensitive data that is specially categorized by law when we have obtained explicit consent from you or where necessary for us as permissible under law. We may collect, use or disclose your sensitive personal data as following;
In case the personal data collected by the Company as specified above is necessary for the vendor selection process or any legal compliance. If you do not provide the Company with such necessary personal data, the Company may not be able to process your vendor application further.
In addition, we process personal data to meet our legal obligations (such as record keeping obligations, screening duties of board members), as well as to manage our risks and operations (e.g. prevent and detect security threats, exercise or defend legal claims).
The personal data we collect from you is any information that can be used to personally identify you, either directly or indirectly, including but not limited to the following information;
- Personal data such as name, surname, gender, age, weight, height, date of birth, nationality, identification card numbers, passport numbers, marital status, military status, photo, etc.
- Contact data such as address, telephone number, fax number, email address, etc.
- Account data such as username, password, etc.
- Financial and transaction data such as bank account, financial statement, transaction history, etc.
- Proof of identity data such as copy of identification card, copy of passport, etc.
- Technical data such as IP Address, Cookie ID, Activity Log, etc.
- Other information such as picture, business card, portfolio, reference persons, any information which you provide to us during the vendor assessment process.
We may collect, use or disclose your sensitive data that is specially categorized by law when we have obtained explicit consent from you or where necessary for us as permissible under law. We may collect, use or disclose your sensitive personal data as following;
- Racial
- Religious or Philosophical Beliefs
- Health Data
- Biometric Data such as Facial Recognition, Data, Iris Recognition Data or Fingerprint Recognition Data
- Any data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee
In case the personal data collected by the Company as specified above is necessary for the vendor selection process or any legal compliance. If you do not provide the Company with such necessary personal data, the Company may not be able to process your vendor application further.
Storage of Personal Data
We will keep your personal data in document and electronic form. We store your personal information on our company’s server in Thailand and in Amazon Web Services (AWS) cloud system in Singapore.
Use of Personal Data
We use the collected personal data for various purposes:
- Vendor assessment and application procedures.
- Create and manage the vendor account in the database.
- Perform a contractual obligation between you and the Company.
- Internal record and management of the Company.
- Procedure for conducting background and qualification check.
- Internal audit or investigation of the Company.
- Monitor security in the Company’s area such as recording photos via CCTV and ID card deposit before entering into the building or area of the Company.
- To comply with any related law, government orders or regulation.
Disclosure of Personal Data
We may disclose your personal data to the following parties in certain circumstances.
Organization Management
We may disclose your personal data within our affiliate company and group company only as necessary for the procurement assessment procedure or the purposes specified above.
Law Enforcement
Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by government authorities such as court or a government body.
Business Partner
We may disclose your personal data to the business partners in order to pursue the purposes of this Vendor Privacy Policy.
Service Providers
We may disclose your personal data to the service providers for the purposes as follows:
Business Transfer
In connection with any reorganization, restructuring, merger or acquisition, or other transfer of assets, we will transfer information, including certain your personal data, provided that the receiving party agrees to respect your personal data in a manner that is consistent with this Vendor Privacy Policy and Personal Data Protection Laws.
Organization Management
We may disclose your personal data within our affiliate company and group company only as necessary for the procurement assessment procedure or the purposes specified above.
Law Enforcement
Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by government authorities such as court or a government body.
Business Partner
We may disclose your personal data to the business partners in order to pursue the purposes of this Vendor Privacy Policy.
Service Providers
We may disclose your personal data to the service providers for the purposes as follows:
- Document storage and destruction service
- Security service
- Criminal record and background checks service
- Information technology service
- Logistic service
- Marketing service
- Print media service
- Professional services such as business consultant, technicians, auditor, legal firm, tax firm or any other advisors.
Business Transfer
In connection with any reorganization, restructuring, merger or acquisition, or other transfer of assets, we will transfer information, including certain your personal data, provided that the receiving party agrees to respect your personal data in a manner that is consistent with this Vendor Privacy Policy and Personal Data Protection Laws.
Cross-Border Data Transfer
We may disclose or transfer your personal data to third parties, organizations or servers located in Singapore, i.e., Amazon Web Services (AWS). We will take steps and measures to ensure that your personal data is securely transferred, and the receiving parties have an appropriate level of personal data protection standard or as allowed by laws.
Data Retention
We will retain your personal data for as long as you are our or still in relationship as our vendor, necessary for the purposes set out in this Vendor Privacy Policy unless law requires or permits longer retention period. We will erase, destroy, or anonymize your personal data when it is no longer necessary or when the period lapses.
Data Subject Rights
Subject to the Personal Data Protection Laws thereof, you may exercise any of these rights in the following:
You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email, telephone, registered mail (if applicable)
- Withdrawal of consent: If you have given consent to us to collect, use or disclose your personal data whether before or after the effective date of the Personal Data Protection Laws, you have the right to withdraw such consent at any time throughout the period your personal data available to us, unless it is restricted by laws or you are still under beneficial contract.
- Data access: You have the right to access your personal data that is under the company’s responsibility; to request us to make a copy of such data for you; and to request us to reveal as to how we obtain your personal data.
- Data portability: You have the right to obtain your personal data if we organize such personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request us to send or transfer the personal data in such format directly to other data controllers if doable by automatic means; and to request to obtain the personal data in such format sent or transferred by us directly to other data controller unless not technically feasible.
- Objection: You have the right to object to collection, use or disclosure of your personal data at any time if such doing is conducted for legitimate interests of us, corporation or individual which is within your reasonable expectation; or for carrying out public tasks.
- Data erasure or destruction: You have the right to request us to erase, destroy or anonymize your personal data if you believe that the collection, use or disclosure of your personal data is against relevant laws; or retention of the data by us is no longer necessary in connection with related purposes under this Vendor Privacy Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
- Suspension: You have the right to request us to suspend processing your personal data during the period where we examine your rectification or objection request; or when it is no longer necessary and we must erase or destroy your personal data.
- Rectification: You have the right to rectify your personal data to be updated, complete and not misleading.
- Complaint lodging: You have the right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use or disclosure of your personal data is violating or not in compliance with relevant laws.
You can exercise these rights as the Data Subject by contacting our Data Protection Officer as mentioned below. We will notify the result of your request within 30 days upon receipt of such request. If we deny the request, we will inform you of the reason via SMS, email, telephone, registered mail (if applicable)
Cookies
We use "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
We may use cookies to collect, store, and track information for statistical purposes to operate our website and services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you will not be able to use and experience the features of the website and services.
We may use cookies to collect, store, and track information for statistical purposes to operate our website and services. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you will not be able to use and experience the features of the website and services.
Cookie
Cookies are small pieces of data stored in text files that are saved on your computer or other devices when websites are loaded in a browser. They are widely used to remember you and your preferences, either for a single visit (through a "session cookie") or for multiple repeat visits (using a "persistent cookie").
Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser.
Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting our Website or using our Services.
Cookies may be set by the website ("first-party cookies"), or by third parties, such as those who serve content or provide advertising or analytics services on the website ("third party cookies"). These third parties can recognize you when you visit our website and also when you visit certain other websites.
Session cookies are temporary cookies that are used during the course of your visit to the Website, and they expire when you close the web browser.
Persistent cookies are used to remember your preferences within our Website and remain on your desktop or mobile device even after you close your browser or restart your computer. They ensure a consistent and efficient experience for you while visiting our Website or using our Services.
Cookies may be set by the website ("first-party cookies"), or by third parties, such as those who serve content or provide advertising or analytics services on the website ("third party cookies"). These third parties can recognize you when you visit our website and also when you visit certain other websites.
What type of cookies do we use?
- Necessary cookies
Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our Website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account to access the content. - Functionality cookies
Functionality cookies let us operate the Website and our Services in accordance with the choices you make. For example, we will recognize your username and remember how you customized the Website and Services during future visits. - Analytical cookies
These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the Website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the Website. - Social media cookies
Third-party cookies from social media sites (such as Facebook, Twitter, etc) let us track social network users when they visit our Website, use our Services or share content, by using a tagging mechanism provided by those social networks.
These cookies are also used for event tracking and remarketing purposes. Any data collected with these tags will be used in accordance with our and social networks’ privacy policies. We will not collect or share any personally identifiable information from the user.
Data Security
We endeavor to protect your personal data by establishing security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard, technical safeguard, physical safeguard and access controls.
Data Breach Notification
We will notify the Office of the Personal Data Protection Committee without delay and, where feasible, within 72 hours after having become aware of it, unless such personal data breach is unlikely to result in a risk to the rights and freedoms of you. If the personal data breach is likely to result in a high risk to the rights and freedoms of you, we will also notify the personal data breach and the remedial measures to you without delay by SMS, email, telephone call or registered mail if applicable.
Changes to this Vendor Privacy Policy
We may change this Vendor Privacy Policy from time to time in accordance with our processing activities. Any changes of this Vendor Privacy Policy, we encourage you to frequently check on our website or internal communication.
Links to Other Sites
The purpose of this Vendor Privacy Policy is for our vendor and prospective vendor. Any websites from other domains found on our site are subject to their privacy policy which is not related to us.
Contact Information
If you have any questions about this Vendor Privacy Policy, please contact us by using the contact information through the following channels:
Data Wow (Thailand) Company Limited
7 Summer Point Building, 2nd Floor, Room No. 9, 10A, 11,
Soi Sukhumvit 69, Phra Khanong Nua, Watthana,
Bangkok 10110 Thailand
Website: https://datawow.co.th
Tel: 02 024 5560
This Vendor Privacy Policy was last updated and effective on 3 December 2025.
Data Wow (Thailand) Company Limited
7 Summer Point Building, 2nd Floor, Room No. 9, 10A, 11,
Soi Sukhumvit 69, Phra Khanong Nua, Watthana,
Bangkok 10110 Thailand
Website: https://datawow.co.th
Tel: 02 024 5560
This Vendor Privacy Policy was last updated and effective on 3 December 2025.
