This Privacy Notice covers personal data of customers as well as natural persons acting on behalf of the legal entity that owns the personal data, such as directors, consultants, executives, employees, agents and any person related to the Company's personnel.

“Customer” means a person who is a target for the Company’s product or service sales and includes participants in the Company’s campaigns or marketing activities, those who are interested in the Company’s products or services through various channels and/or users of the Company’s various services through online and electronic media, as the case may be, including persons authorized to act on behalf of the customer according to the law, as the case may be, such as those exercising parental authority over minors, guardians of incompetent persons, guardians of quasi-incompetent persons, etc.

2.1 “Personal Data” means information about an individual which enables the identification of that individual, either directly or indirectly, but does not include information about a deceased person specifically, such as name, surname, nickname, address, telephone number, national identification number, passport number, social security number, taxpayer identification number, bank account number, credit card number, email address, IP Address, Cookie ID, Log File, etc.
However, the following information is not personal information, such as business contact information that does not identify an individual, such as company name, company address, company registration number, work telephone number, work email address, company group email address such as info@company.co.th, Anonymous Data or pseudonymous data that has been made unable to identify an individual by technical means (Pseudonymous Data), deceased information, etc.
2.2 “Sensitive data” means personal data regarding race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disability information, trade union information, genetic information, biometric information or any other information that affects the owner of the personal data in a similar manner as specified by the Personal Data Protection Committee, which the Company must handle with special care. The Company will collect, use and/or disclose sensitive personal data only when receiving express consent from the person or in cases where the Company is required to do so as permitted by law.
In this Privacy Notice, unless otherwise specified, “Personal Data” and “Sensitive Personal Data” relating to the above service users shall be collectively referred to as “Personal Data”.
In the event that the Company receives a copy of your national ID card or the Company removes your information from your national ID card electronically for the purpose of verifying your identity in establishing legal relations and/or conducting any transactions with the Company, the information received will include religious information, which is considered sensitive personal data. The Company has no policy to collect sensitive personal data from you unless the Company has received your consent. The Company will determine the management method in accordance with the guidelines and as permitted by law.
2.1 “Personal Data” means information about an individual which enables the identification of that individual, either directly or indirectly, but does not include information about a deceased person specifically, such as name, surname, nickname, address, telephone number, national identification number, passport number, social security number, taxpayer identification number, bank account number, credit card number, email address, IP Address, Cookie ID, Log File, etc.
However, the following information is not personal information, such as business contact information that does not identify an individual, such as company name, company address, company registration number, work telephone number, work email address, company group email address such as info@company.co.th, Anonymous Data or pseudonymous data that has been made unable to identify an individual by technical means (Pseudonymous Data), deceased information, etc.
2.2 “Sensitive data” means personal data regarding race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disability information, trade union information, genetic information, biometric information or any other information that affects the owner of the personal data in a similar manner as specified by the Personal Data Protection Committee, which the Company must handle with special care. The Company will collect, use and/or disclose sensitive personal data only when receiving express consent from the person or in cases where the Company is required to do so as permitted by law.
In this Privacy Notice, unless otherwise specified, “Personal Data” and “Sensitive Personal Data” relating to the above service users shall be collectively referred to as “Personal Data”.
In the event that the Company receives a copy of your national ID card or the Company removes your information from your national ID card electronically for the purpose of verifying your identity in establishing legal relations and/or conducting any transactions with the Company, the information received will include religious information, which is considered sensitive personal data. The Company has no policy to collect sensitive personal data from you unless the Company has received your consent. The Company will determine the management method in accordance with the guidelines and as permitted by law.

The Company collects your personal data only as necessary for the purposes of data use, which the Company will inform you later.
(1). The types of personal information that the company stores are classified as follows:
Type of data - Personal information
Examples of the information the Company collects, uses and/or discloses - Title, First Name, Middle Name, Last Name, National ID Card Number/Passport Number, Date of Birth, Marketing Preferences, Gender, Emergency Contacts, Health Details, Vaccination Status, Occupation, AIA Insurance Status, Payment Details, Photograph, Signature.
Type of data - Sensitive data
Examples of information that the Company collects, uses and/or discloses
1. Data collected from the physical readiness test include information on past and present heart problems, symptoms of chest pain or tightness in the chest, history of taking medications for heart disease, blood pressure or diuretics, problems with bone and joint illness, problems with balance and loss of consciousness, and other diseases that affect exercise such as gout.
2. Data collection from Boditrax - impedance, Fat free mass, Muscle, Fat, Bone, BMR, age, BMI, weight and height.
3. Other health information

Type of information - Contact information
Examples of information that the Company collects, uses and/or discloses - Current address, telephone number, mobile phone number, email address.
Type of data - Education and employment data
Examples of information that the Company collects, uses and/or discloses - Occupation and Company Name
Type of data - Financial data
Examples of information that the Company collects, uses and/or discloses - account numbers, credit card numbers, payment or debt repayment information, use of the Company's services and products, trading history and balances, payment and transaction history.
Types of information - Visual and audio data for contacting the company
Examples of information that the Company collects, uses and/or discloses - CCTV footage, records of communications via online channels or other electronic channels of the Company.
Type of data - Usage data
Examples of information that the Company collects, uses and/or discloses - Information about usage on the website platform, use of the Company's products and services, cookie information, other technical information from the use of the Company's platform and operating system.
(2) Sensitive Data means:
Data that is truly personal to an individual but is sensitive and may be at risk of unfair discrimination, such as race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal history, health information, disability, trade union information, genetic information, biometric data, or any other data that affects the owner of personal data in a similar manner as announced by the Personal Data Protection Committee.
The Company has requested your express consent prior to collecting such personal data or unless there is a legal reason to collect such data without requesting consent. Details are shown in the consent request letter.
(3) Personal information of minors
The minimum age criteria for the company's service users is 15 years and above, which means that the person is considered a minor, i.e. a person under 20 years of age. In collecting any personal information from this group of people, the company has written a letter requesting consent from the person exercising parental authority to act on behalf of the minor before taking any action regarding the collection, use and/or disclosure of personal information. The details are shown in the letter requesting consent from the person exercising parental authority.

The Company collects your personal and sensitive information through the following processes:

4.1 Information you provide directly to the Company
For example, information that appears in the service application, including various supporting documents, requests to change personal information or change other information, requests to use the service or requests for other information about the company's products or services, complaints about products and/or services, information used to register for an account or profile with the company to use the company's services both offline and online, information that you contact the company, whether in the form of letters or electronic communications, as well as information that you provide to the company through surveys, providing suggestions or comments through various channels, including information that you use the services at the head office or branch offices, customer service centers, or product or service exhibition booths, etc.


4.2 Information that the Company automatically collects
When you access the Company's services through the system or visit the Company's website through electronic devices such as mobile phones, computers, laptops, etc., using technology called "cookies" or other technologies that work in the same or similar way.


4.3 Information from external sources or reliable public information
Such as the Department of Provincial Administration, Department of Business Development, commercial information sources, websites, applications, social media information sources, data providers, agencies or companies or associations or federations related to your products or services, etc.


4.4 Information you contact the Company with
Information that you contact with the Company, its employees, employees, agents, business partners or allies, authorized representatives or agents, or other persons or agencies related to or assigned by the Company via the website, application, social media, telephone, email, meeting, interview, short message (SMS), fax, post, or by any other means. The Company may collect information in the form of text, images, and audio.


4.5 Information about your participation in activities with the Company
In terms of marketing activities, events or competitions organized by or on behalf of the Company and/or partners or allies who participate in activities with the Company or the Company assigns or permits such activities.
When you agree and consent to provide any personal information related to a third party to the Company, such third party includes but is not limited to those related to the customer who uses the service, whether in business or otherwise, such as family members, etc., you represent and warrant the accuracy of such personal information and you represent and warrant that you have fully informed such persons about this Privacy Notice.

The Company collects, uses or discloses your personal data for the following purposes under the data processing bases:
5.1 Contractual Basis: For the performance of a contract to which you are a party, such as a service contract, sales contract, membership contract, or any other contract, or for use in taking action according to your request/application before entering into a contract, as the case may be.
5.2 Legal Obligation: To perform duties as prescribed by law, such as tax laws, electronic transaction laws, civil and commercial laws, laws related to public health, etc.
5.3 Legitimate interest: For the legitimate interests of the Company, not exceeding the extent that you can reasonably expect and which will not infringe your fundamental rights or freedoms.

5.4 Consent The Company will request your consent in cases where the law requires consent or where the Company has no reason to use the above processing bases to process personal data collected from you.

The Company collects, uses or discloses your personal information for the following purposes:
1. Purposes based on consent
Objective of the operation
1). To check health conditions and verify identity.
details
1.1 Health data is used to check health conditions before exercising and to measure various values ​​related to the body for use in processing and analyzing the body.
1.2 Religious information for verification and identification when applying for service

Data processing bases - Consent bases

2). To analyze website usage.
details
2.1 The collection of cookies that are not necessary for the use of the website to improve the efficiency of the website's use and to analyze the information for marketing purposes.
Data processing bases - Consent bases
2. Purposes based on legal basis other than consent.
Objective of the operation
1). To proceed as requested by you before entering into a contract or to perform the contract.
details
1. To sell products and/or services to you or perform any contract to which you are a party, to manage your account.

2. For membership application
3. Deliver accounting and financial operations, after-sales service and product returns.
4. Take any action to obtain the goods and/or services or as requested by you.
Data Processing Base - Contractual Base

2). For the management of advertising and public relations.
details

1. Advertising and public relations
2. Conduct marketing campaigns, analyze and develop products.
3. Contact customers to provide advice or present products.

Data processing bases - legitimate interests
3). For operational management and after-sales customer care.

details
1. Check and analyze personal information.

2. To develop the company's online service channels so that you receive the company's services with quality, speed and convenience.
3. Delivery, accounting and financial operations, after-sales service and product returns.
Data processing basis - Legitimate interest basis Contractual basis

4). Information technology management

details
1. Create an information system to collect data, process data, and connect data with customer representatives.
Data processing basis - Legal basis, legitimate interest basis

2. Create and provide information technology systems to process customer data from the use of the company's website, applications, and various social media, such as Facebook, Line, etc.
Data processing basis - Contract basis, Legitimate interest basis
5. To be able to manage, develop and carry out any actions to enable the business to operate more efficiently.

details
1. Management of products and/or services (including websites and applications), detection and prevention of fraud or other crime, management of customer and prospective customer relationships, maintenance and use of IT systems.
Data processing basis - Legal basis, legitimate interest basis
2. To measure the effectiveness of the company's marketing policies and to measure the effectiveness of the company's advertising through various channels.
Data processing bases - legitimate interests
6. Management of work, complaints, disputes, lawsuits and risk management
details
1. Investigation and investigation of corrupt behavior, fraud, or actions that violate the law or public order.
Data processing basis - Legal basis, legitimate interest basis

7. Safety management for you and your company
details
1. Record images from CCTV cameras to maintain security inside and outside the building. The company will install such CCTV cameras without violating your privacy rights.
Data processing bases - legitimate interests

In order to carry out the purposes set out in this Privacy Notice, your personal data may be disclosed or transmitted to various departments within the Company and to external individuals or agencies as follows:

Recipient Type - Internal Company
details
Your personal information may be disclosed or forwarded to various departments within the Company only as necessary for the purposes. These individuals or teams of the Company will be permitted to access your personal information as necessary and appropriate.
• Sales staff or other relevant staff with specific access rights to the data according to their responsible roles.
• Your executives or direct supervisors who are responsible for managing or making decisions about you or when involved with
Human Resources Procedures
• Support departments or teams include Marketing, Corporate, Call center, Club operation, Fitness, Admin and
Accounting, HR, procurement, Leasing, Property, IT

Type of data recipient - Government agencies, regulatory agencies, or other agencies as required by law.
details
Your personal data may be disclosed or transmitted to external organizations such as the Revenue Department, Social Security Office, Department of Labor Protection and Welfare, Department of Enforcement, Ministry of Commerce, Ministry of Labor or any other agencies that exercise legal authority.

Type of recipient - External organization or individual
details
The Company may disclose your information to external organizations or individuals that are contacted for the purpose of verifying your transactions and in order to provide services or products in accordance with your or our business partners' needs.

7.1 In the event that the Company collects, uses or discloses personal data based on your consent, you have the right to withdraw your consent given to the Company at any time, which withdrawal of consent will not affect the collection, use or disclosure of personal data to which you have already consented.
7.2 If you are a minor under the Civil and Commercial Code, before giving consent, please inform the Company of the details of the person exercising parental authority so that the Company can request consent from the person exercising parental authority.
You may withdraw your consent to the collection, use or disclosure of all or some of your personal data as set out in this Privacy Notice by notifying the Company.
If you withdraw your consent to the Company to collect, use or disclose your personal data for reasons or purposes other than for marketing operations, the Company may not be able to carry out various processes or services and/or manage the products or goods or your relationship and/or account with the Company, which may result in you losing the benefits of using the Company's services at the same level as if you had given your consent to collect, use or disclose your personal data to the Company.

8.1 The Company may send or transfer your personal data to other persons both domestically and internationally in cases where necessary to perform a contract to which you are a party or to perform a contract between the Company and another person or juristic person for your benefit or to use in taking action at your request before entering into a contract or to prevent or suppress danger to the life, body or health of you or another person, to comply with the law or as necessary to carry out a mission for important public interest.
8.2 The Company may store your information on computer servers (Server) or clouds (Cloud) provided by other persons and may use programs or applications of other persons in the form of ready-made software services and ready-made platform services to process your personal information. However, the Company will not allow unrelated persons to access personal information and the Company will require those other persons to have appropriate measures to protect personal information security.
8.3 In the event that it is necessary to send or transfer your personal data abroad, the Company will comply with the Personal Data Protection Act and take appropriate measures to ensure that your personal data is protected and that you can exercise your rights regarding your personal data as prescribed by law. The Company will also require those who receive your personal data to have appropriate measures to protect your data and process such personal data only as necessary and take steps to prevent others from using or disclosing your personal data without authorization.

9.1 The Company will retain your personal data for as long as necessary taking into account the needs and purposes for which the Company collects, uses and processes it, including compliance with applicable legal requirements.
9.2 The Company will continue to collect, use and disclose your personal data even if you terminate your relationship with the Company only as required by law for legitimate interests or in a form that does not directly or indirectly identify an individual, such as “Anonymous Data” or “Pseudonymous Data”.
9.3 The Company will take action to delete or destroy Personal Data to permanently anonymize the owner of the Personal Data or otherwise to limit all Personal Data when the retention period has expired or when it is no longer relevant or necessary for the purpose for which the Personal Data was collected or when the Company must comply with your request for the Company to delete your Personal Data.

The Company places a high priority on the security of your personal data, such as encryption, restricting access to personal data, to ensure that the Company's personnel and third parties acting on its behalf comply with appropriate data protection standards, including duties to prevent data leakage, and that the Company uses appropriate security measures for data processing.
The Company will keep your personal data in good condition in accordance with technical measures and organizational measures to maintain appropriate security in the processing of personal data and to prevent the violation of personal data. The Company has established policies, regulations and criteria for the protection of personal data, including measures to prevent recipients of data from the Company from using or disclosing data outside the objectives or without authority or improperly. The Company has revised such policies, regulations and criteria from time to time as necessary and appropriate. In addition, executives, employees, contractors, agents, consultants and recipients of data from the Company are obliged to maintain the confidentiality of personal data in accordance with the confidentiality measures set by the Company.
The Company has regularly reviewed and improved its personal data security procedures and measures to ensure that they are up-to-date in order to achieve a level of personal data security that is appropriate for the risk and to ensure that the confidentiality, integrity, availability, and agility of personal data processing are maintained continuously, including protection against loss and unauthorized collection, access, use, modification, alteration, or disclosure of personal data. The Company will apply various measures to the security of its personal data to all types of personal data processing, regardless of whether the personal data processing is electronic or in document form.

11.1 You have the right to do the following:

(1) Right to revoke consent.
If you have given your consent for the Company to collect, use and/or disclose your personal data (whether the consent was given by you before the effective date of the Data Protection Act or thereafter), you have the right to withdraw your consent at any time during the period that your personal data is with the Company, unless such right is restricted by law or there is a contract in your favor.
However, withdrawing your consent may affect your use of products and/or services, such as not receiving new benefits, promotions or offers, not receiving better products or services that meet your needs, or not receiving information that is useful to you, etc. For your benefit, you should study and inquire about the impact before withdrawing your consent.
(2) Right to access personal data
You have the right to access your personal data and request that the Company provide you with a copy of such personal data, including requesting that the Company disclose the source of the personal data in its possession. However, the Company may refuse your request if accessing and requesting a copy of the personal data would affect the rights and freedoms of other persons or if the Company is required to comply with the law or a court order prohibiting the disclosure of such personal data.
(3) The right to have personal data transferred.
You have the right to request your personal data where the Company has prepared such personal data in a format that can be read or used by automatic tools or devices and can use or disclose personal data by automatic means, including the right to request that the Company send or transfer personal data in such format to another data controller when it can be done by automatic means and the right to request personal data that the Company sends or transfers personal data in such format directly to another data controller, unless it is impossible to do so due to technical reasons.
Your personal data above must be personal data that you have given consent to the Company to collect, use and/or disclose or personal data that the Company is required to collect, use and/or disclose in order for you to use the Company's products and/or services as desired for which you are a party to a contract with the Company or for use in taking action according to your request before using the Company's products and/or services or other personal data as required by the authorized person under the law.
(4) The right to object to data processing.
You have the right to object to the collection, use and/or disclosure of your personal data at any time if the collection, use and/or disclosure of your personal data is necessary for the Company’s or another person’s or entity’s legitimate interests, not exceeding the extent that you may reasonably expect, or to carry out a task in the public interest. If you file an objection, the Company will continue to collect, use and/or disclose your personal data only where the Company can demonstrate that it is overridden by your fundamental rights or for the purpose of asserting legal rights, complying with the law or defending legal claims, as applicable.
You also have the right to object to the collection, use and/or disclosure of your personal data for marketing purposes or for scientific, historical or statistical research purposes.
(5) The right to request deletion of personal data.
You have the right to request the deletion or destruction of your personal data or anonymize your personal data if you believe that your personal data has been collected, used and/or disclosed unlawfully or that the Company no longer needs to retain it for the purposes related to this Privacy Notice or when you have exercised your right to withdraw your consent or exercise your right to object as stated above, except in cases where the Company is required to comply with the law or exercise its rights under the relevant law to retain such data.
(6) The right to request suspension of use of personal data.
You have the right to request a temporary suspension of the use of your personal data in the event that the Company is investigating your request to exercise your right to correct your personal data or to object, or in any other case where the Company no longer needs to delete or destroy your personal data in accordance with relevant laws, but you request the Company to suspend the use instead.
(7) The right to correct personal data.
You have the right to request that the Company correct your personal data to keep it accurate, current, complete and not misleading.
(8) Right to lodge a complaint
You have the right to lodge a complaint with the relevant legal authority if you believe that the collection, use and/or disclosure of your personal data is in violation of or does not comply with the relevant laws.
If you have any concerns or questions about the Company's practices regarding your personal data, please contact the Company using the contact details provided in Section 15 of this Customer Privacy Notice. In the event that there are reasonable grounds to believe that the Company has breached the Personal Data Protection Act, you have the right to lodge a complaint with a committee of experts appointed by the Personal Data Protection Commission in accordance with the rules and procedures prescribed by the Personal Data Protection Act.
In the event that the owner of personal data files a request to exercise his/her rights under the Personal Data Protection Act, when the Company receives such request, it will take action within the time period prescribed by law. The Company reserves the right to refuse or not take action on such request in cases where the law prescribes.
11.2 The Company has all rights and sole discretion to accept, process or reject your request.
Your exercise of the rights under Section 11.1 may be restricted under applicable laws and there are some cases where the Company may refuse or be unable to comply with your request to exercise the above rights, such as to comply with the law or court order, for the public interest, the exercise of the rights may infringe the rights or freedoms of others, etc. If the Company refuses the above request, the Company will inform you of the reasons for the refusal.

When using the Company's website, there may be links to social networks, platforms and other websites operated by third parties. The Company tries to link only to websites that have privacy standards. However, the Company cannot be responsible for the content or privacy standards of such other websites unless otherwise stated. Any personal information you provide to such third-party websites will be collected by such parties and is subject to the privacy notice/policy of such third party (if any). In such cases, the Company requests that you study and comply with the privacy notice/policy that appears on such websites, which is separate from the Company's.

The Company will review this Privacy Notice for Customers regularly to ensure compliance with applicable practices and laws and regulations. If the Privacy Notice changes, the Company will notify you of any material changes to this Privacy Notice, together with the updated Privacy Notice, through the appropriate channels. The Company encourages you to check back periodically for changes to this Privacy Notice.

If you have any questions or would like to inquire about the collection, use and/or disclosure of your personal data rights under this Privacy Notice, you may contact the Data Protection Officer at
Email: info@wellionco.com
Call: 02-125-326

You acknowledge and agree that this Privacy Notice shall be governed by and construed in accordance with the laws of Thailand and that the courts of Thailand shall have exclusive jurisdiction over any disputes that may arise.

Effective May 30, 2018