XECO THAI PRIVACY
นโยบายความเป็นส่วนตัว
1. Your privacy
1.1 [Xeco (Thailand) Limited](I, me, my, mine or myself) respects your legal rights of privacy when collecting, storing, using, processing, disclosing and transferring Personal Data. ThisPPS explains my privacy practices. I am legally required to comply with thePersonal Data ProtectionAct B.E. 2562 (2019) of the Laws of Thailand when, in any combination, I collect, hold, use or process your Personal Data. In doing so, I will ensure compliance by my staff with the strictest standards of security and confidentiality.
1.2 Please read the following carefully to understand my policy and practices regarding how your Personal Data will be collected, treated and processed. By providing your Personal Data to me, you are consenting to this PPS and the collection, use, transfer, storage and processing of your Personal Data as described in this PPS.
1.3 Minors, incompetent persons and quasi-incompetent persons under the Thai laws are not authorized to use the EV charging services or payment app, and must not disclose or provide anyPersonal Data to me.
2. Definitions and interpretation
2.1 Unless otherwise defined, these terms should have the following meanings:
2.1.1 “Applications” means any and all versions (including, if any, updates, upgrades, beta versions or any combination of them) of the software or program used to provide my services in any form, format, media and medium, and any and all websites, micro-sites, software, computer programs, mobile applications and systems and, for such sites, programs and systems, any other combination of online, digital, electronic and interactive platforms (including front-end and back-end systems), and any Derivative Works created from or of them, whether conceived or existing before or after the date of this PPS.
2.1.2 “Derivative Works” means any work created from, based on or derived from the existing works(or any of them) concerned, including modifications, improvements, compilations, annotations and translations.
2.1.3 “Non-Personal Data” has the meaning set out in section 3.1.2.
2.1.4 “Personal Data” has the meaning set out in section 3.1.1.
2.2 Interpretation and variation.
2.2.1 In this PPS, unless stated otherwise, references to the words “include” and“including” are to be construed as illustrative and without limitation and the use of the words “must” or “should” in relation to an action, consideration or measure indicates that it is a mandatory requirement.
2.2.2 In the event that there is any inconsistency between the English and Thai versions of this PPS, the English version must prevail.
2.2.3 This PPS is subject to change. Any changes will be posted on this page. Your continued use of any combination of my Applications and services after the posting of such changes will be deemed to be your acceptance to such changes.
3. Collection of Personal Data
3.1 Depending on the types and combinations of goods and services I provide to you, I may collect two basic types of data from you, “Personal Data” and “Non-Personal Data”.
3.1.1 "Personal Data" means any personally identifying data, whether direct or indirect, which I may collect from you or ask you to provide voluntarily when you seek any combination of products and services from me. Personal Data may include your:
3.1.1.1 name as used on your credit card or car registration;
3.1.1.2 vehicle registration mark number;
3.1.1.3 credit card number, CCV number and expiration date If you choose to use your credit card as your selected method of payment;
3.1.1.4 mobile phone number; and
3.1.1.5 email addresses,
from which it is practicable to ascertain (directly or indirectly) the identity of an individual.
3.1.2 “Non-PersonalData” includes any combination of aggregate and automatic information, which is data collected about the use of any combination of my goods, services and Applications, or about a group or category of users from which individual identities or other individually identifiable information has been removed, disabling identification of any person. This PPS does not restrict or limit my collection, use and provision of Non-Personal Data.
3.2 PersonalData. The following are the common situations when I may collect, store, process, disclose and transfer your Personal Data, although these situations are not exhaustive:
3.2.1 any combination of you using or browsing my Applications;
3.2.2 my provision of services to you, including processing billing and payment for transactions conducted aspart of my services;
3.2.3 maintenance and operation of my services and Applications;
3.2.4 to contact you about the services or specific transactions;
3.2.5 collecting money due from outstanding payments for transactions conducted as part of my services or otherwise;
3.2.6 handling or responding to your enquiries, feedback, claims or disputes and communicating with you regarding such matters;
3.2.7 improving and expanding my offerings and providing you with a more personalised experience regarding the services;
3.2.8 conducting public data searches at the relevant governmental departments and authorities for serving demand and legal documentation in relation to the recovery of any outstanding payments forTransactions or otherwise;
3.2.9 reporting on the Services andTransactions to the relevant owners or operators of EV charging facilities(which may include audits of the services);
3.2.10 performing research, surveys, data sorting or analysis, to allow me to better understand how you and my collective user base for the purpose of improving my services;
3.2.11 to contact you about promotions and offers related to the services and EV charging services provided at EV charging facilities;
3.2.12 making such disclosures as maybe required by any law or regulation of any country applicable to any combination of me, my parent companies, government officials or other third party to which I have contractual or regulatory obligations. Disclosures may also be made pursuant to any subpoena, court order or other legal process or requirement in any country applicable to me or my parent companies. In cases where it is necessary to transfer Personal Data to a foreign country, I ensure that the destination country or organization that receive such Personal Data shall have adequate personal data protection standards, in accordance with the data protection criteria established by the PDPA;
3.2.13 making any disclosure to prevent any harm or financial loss, to report any suspected illegal activity orto deal with any claim or potential claim brought against me, my parent companies or other third party to which I have contractual or regulatory obligations;
3.2.14 enabling any due diligence and other appraisals or evaluations for actual or proposed merger, acquisition, financing transactions or joint ventures;
3.2.15 any other legitimate business purposes, such as protecting you and my other users from losses, protecting lives, maintaining the security of my systems and products, and protecting any of my other rights, properties or both; and
3.2.16 any other purposes directly relating to the purposes listed above.
3.3 Non-Personal Data. When you use my Applications, I may keep an activity log that does not identify you individually and cannot be used to identify the identity of any particular user. Generally, I collect and store the following categories of Non-Personal Data:
3.3.1 information about your use of an EV charging station for the purpose of charging a vehicle. This information may include EV charging station ID, location, charge start and end times, duration, fee, payment type, and the amount of charge provided expressed in kWh;
3.3.2 information about your device that you use to access any combination of my Applications. This information may include the geo-location information and preferences such as language and accessibility settings (i.e., font size, etc.); and
3.3.3 information about your use of any combination of my Applications including the domain names you visit and the specific actions you take on the Applications, the number of new or returning visits, statistics on the pages visited and referred, a reading history of the web pages and sites you have visited and viewed, search terms used and search results, error and crash statistics and traffic data (such as time, duration and date of access).
The above Non-Personal Data is collected and used to measure traffic, gauge the popularity of various parts of my websites, Applications and services, to gain general knowledge about my audience and market my websites, Applications and services to advertisers with whom I may share summarized traffic data. I may also share to third parties (including to those specified under section 4 below) this Non-Personal Data for any combination of customising, enhancing, optimising, maintaining and improving the quality of my websites, Applications and services such as for determining the optimal screen resolution, language and font settings, transaction flow, etc. This PPS in no way restricts or limits my collection, use, retaining, processing and disclosure of Non-PersonalData.
4. Purposes for which I will use your Personal Data
4.1 I collect your personal data directly from you when you apply for registration asa user of my services and Applications, when you undertake transactions conducted using any combination of my services and Applications or submit any inquiries, requests or complaints.
4.2 The purposes for which I may use your Personal Data will vary depending on the types and combinations of services and products (including the licensing of Applications)you seek from me, or relevant activities engaged by me. I will process yourPersonal Data to the extent necessary according to the lawful basis under thePDPA, which includes the following purposes:
4.2.1 Legal obligation: To comply with legal requirements, orders from regulatory agencies, independent organizations or authorized officials, such as complying with summonses or orders from courts, police, prosecutors, and to report or disclose information to government agencies or independent organizations;
4.2.2 Contractual basis: To process your requests prior to entering into a contract with me, including approval of transactions, to carry out your instructions or my obligations under the contract with you, including debt collection, notifying you of transactions and information related to therequested services and responding to your queries or suggestions, and to enforce our rights under the laws or contracts with you;
4.2.3 Legitimate interests: To conduct our business operations, manage relationships with you, ensure security of our properties, establish or enforce legal claims, receive advisory services from any advisor or consultant, and conduct activities related to the sale, transfer, merge, reorganization or rehabilitation of my business, whether in whole or in part; and
4.2.4 Your consent: In some circumstances, I may request consent from you for processing your Personal Data for your benefit and/or to enable me to execute transactions or provide services to you. This includes the processing of sensitive data, the processing of Personal Data for service and marketing development or any other actions for which require consent from you in accordance with the PDPA.
Such purposes will be stated in the terms and conditions, Applications or a combination of them relevant to your provision of Personal Data to me. If you fail to supply thePersonal Data required, I may be unable to provide the specific combination of requested products and services in full to you.
5. Disclosure and Transfer of Personal Data
5.1 In cases where I do collectPersonal Data from you, I will:
5.1.1 inform you (either upon collecting such Personal Data or bya separate notification) that I am doing so and any purpose of use that I will make of such Personal Data I collect; and
5.1.2 where relevant, give you the opportunity to object to particular uses of your Personal Data.
5.2 I will take all practicable steps to keep your Personal Data confidential, but I may (in any combination)disclose, transfer and assign such data to the following parties:
5.2.1 if I decide to sell, merge or re-organise (in any combination) any part of my business, to any actual or proposed assignee or transferee of or successor to my rights in respect of yourPersonal Data;
5.2.2 in any combination, my affiliates, business partners and persons with whom my affiliates, business partners or I (in any combination) have a juristic relationship, including directors, executives, employees, personnel, contractors, representatives and advisors;
5.2.3 in any combination, any agent, adviser, auditor, contractor or third-party service provider who provides administrative, telecommunications, computer, payment, fraud prevention, insurance, payment collection, courier, professional services, customer support, data processing, technical trade or other services (or any combination of them) to me in connection with the operation of my business and the relevant products and services (in any combination) that you seek from me, or who otherwise processes Personal Data for and on my behalf; and
5.2.4 any person (including government authorities, regulatory or administrative bodies or law enforcement agencies) to whom I or my parent companies (in any combination) are under an obligation to make disclosure under the requirement of any law binding on me or my parent companies (in any combination)or for the purposes of any guidelines or codes of practice issued by regulatory or other authorities with which me or my parent companies (in any combination) are expected to comply, or such parties who are authorised by law to request information from me or my parent companies (in any combination).
5.3 I may also disclose, transfer or disclose and transfer your Personal Data in the manner as stated in any applicable terms and conditions relevant to the combination of products and services you seek from me.
5.4 The parties to whom I disclose, transfer or disclose and transfer your PersonalData may be situated outside of Thailand. In such case, the destination country or organization that receive such Personal Data must have adequate personal data protection standards, in accordance with the data protection criteria established by the PDPA.
6. Links to other websites and applications
6.1 If you use my Applications, there may be advertisements or hyperlinks linking to other websites, applications or mobile apps. If you click on any of these advertisements or hyperlinks, you will leave my Application for another location. At any other website, application or mobile app, the protection of your privacy, Personal Data and your exposure to cookies are not my responsibility and you are advised to refer to the privacy policy of that other location (if any).
6.2 Some of my Applications may allow you to link, connect or both to third-party social networking sites. If you choose to link, connect or both to these third-party social networking sites, I may be able to collect certain Personal Data from your social networking profile provided to me by the social networking site. In that case, I will collect and use such Personal Data only for the purpose of providing you with the connection to the social networking site.
7. Cookies
7.1 Some of my websites use Google Analytics, a web analytics service provided byGoogle, Inc. (“Google”). Google Analytics uses "cookies” to help my websites analyze how users use those websites. A cookie is a small text file that is stored on your device (e.g., on your computer) when you visit or access a website. A cookie can be used to identify a computer or a mobile device. It, however, is not used to collect any personal information and does not recognize you personally. In other words, it does not have the function of identifying an individual user of my websites.
7.2 Cookies are used within my websites to track the use of and monitor traffic on my websites, as well as to improve, customize and enhance your browsing experience, for example:
7.2.1 strictly necessary cookies are used to indicate your active use of my websites and remember the information you have entered in a form or details about a payment you want to make. Without them, the information would be lost every time you move to a new page;
7.2.2 performance cookies are used to collect anonymous information about how you use my websites, such as which pages you visit on my websites. I use this aggregated information to improve my websites; and
7.2.3 functional cookies are used to record information about choices you have made and to recommend contents of my websites that are relevant to you and your interests.
7.3 On some pages, I feature embedded “share” buttons or widgets that enable you to connect to other social networking sites such as LinkedIn®. These sites may set cookies which can identify you as an individual when you are logged in to their services. I do not control these cookies, and you should check the relevant third-party website to see how your information is used and how to opt-out.
7.4 If you use or continue using my websites, I will assume that you are willing to have me set cookies. You may choose to reject all or some cookies at any time by changing the setting of your web browser on your device. Please visit www.allaboutcookies.org to find out how to manage cookies. However, please be aware that if you choose to delete or restrict cookies, you will not be able to use some of the functions of my websites.
8. Security and storage
Except as mentioned in section 5 above, your Personal Data, however stored, will be accessed only by my employees or contractors who are authorised to do so. Where Personal Data is stored electronically, it will be kept on a secure server and will be encrypted, password-protected (or under some equivalent form of protection) and accessible only by my authorised personnel or my contractors. The network transmission of Personal Data will also be protected by using the SSL protocol. Personal Data is treated as confidential information by me, and my employees and contractors designated to handlePersonal Data will be instructed to do so only in accordance with this PPS.
9. Use of Personal Data in legal proceedings
If it becomes necessary that I have to take action against you for any reason whatsoever including recovering from you any money you owe me, you expressly agree that the Personal Data provided by you can be relied upon in identifying and taking legal action against you.
10. Your right to access and correct Personal Data
10.1 You have the right under the PDPA to:
10.1.1 withdraw your consent for the purposes you have consented to my collecting, using and disclosing your Personal Data at any time, provided that there is no other legal basis for me to continue processing your Personal Data;
10.1.2 accessor request a copy of your Personal Data I am collecting, using and disclosing.You also have the right to request the disclosure of the acquisition of yourPersonal Data, in the event that your Required Information was collected without your consent;
10.1.3 rectify any incomplete, inaccurate, misleading or outdated Personal Data of yours;
10.1.4 request me to erase, destroy or de-identify your Personal Data, unless the PDPA does not obligate me to fulfill your request due to the purpose of establishing, exercising or defending legal claims or for my legal compliance;
10.1.5 receive your Personal Data in a structured, electronic-readable format and to have yourPersonal Data transferred to other data controllers;
10.1.6 request me to restrict the use of your Personal Data in certain circumstances;
10.1.7 object to certain collection, use or disclosure of your Personal Data in specific circumstances, such as in the event where the Personal Data is processed for the purpose of direct marketing; and
10.1.8 lodge a complaint to the Personal Data Protection Committee where you believe my collection, use and disclosure of your Personal Data is not compliant with the PDPA.
To exercise any of your rights, contact me at the address or email below marking your communication “Confidential”. In response, I may ask you to provide certain details about yourself so that I can be sure you are the person to whom the data refers. I am required to respond to your requests within 40 days. I may also charge you a reasonable fee for complying with any data access request.
10.2 Data Protection Officer. Any requests (in any combination):
10.2.1 for exercise of rights under the PDPA as data subject;
10.2.2 for general information regarding my policies and practices with respect to Personal Data;
10.2.3 about the kinds of Personal Data that I hold; and
10.2.4 general questions and complaints relating to this PPS,
should be addressed to the person below:
The Data Protection Officer
Marcus Lui
[99/916, Moo Baan Chollada Suvanarbumi, Latkrabung 54, Srisajorake Noi, Bangsaothong, Samutprakan, Thailand 1070.
Tel:+66 88 339 9800
Email: marcuslui@xeco.eco
11. Retention of Personal Data
Personal Data provided by you is retained for as long as the purposes and any directly-related purposes for which such data were collected continue. Once it is not necessary to use the Personal Data to fulfil such purposes (and directly-related purposes), it is then destroyed within a reasonable time unless its retention is required to satisfy legal, regulatory or accounting requirements or to protect my interests, the interests of my parent companies or any combination of them.
[23 July 2025]