EVOLUTION WELLNESS (THAILAND) COMPANY LIMITED (“the Company”) realizes the importance and obligation under the Personal Data Protection Act B.E. 2562, which focuses on respecting the privacy rights of the Clients. This includes a natural person who acts on behalf of a juristic person which is the Data Subject (hereinafter referred to as “Clients”). The Company is committed to protecting your Personal Data as pursuant to Personal Data Protection Law and other relevant laws. Therefore, the company has prepared this Privacy Notice to inform about the details relating to the collection, use and disclosure of Personal Data (collectively referred to as “Processing”) as well as the Data Subject’s right as described below.

This Privacy Notice applies to the Personal Data of the Clients including a natural person acting on behalf of a juristic person who is the Data Subject. This includes directors, consultants, executives, employees, representatives, and other related Company personnel.

“Client” is a person who is the target of the Company to sell its products or services including participants in marketing campaigns or activities, those who are interested in the Company's products or services through various channels and/or the users of the Company's services through social media and electronic media, as the case may be. This includes authorized persons who acts on behalf of the Clients such as a guardian of a minor, a guardian of an incompetent, a guardian of a quasi-incompetent, etc.

2.1. “Personal Data” refers to any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular. This Personal Data includes first name, last name, nickname, address, phone number, ID card number, passport number, social security card number, tax identification number, bank account number, credit card number, email address, IP Address, Cookie ID, Log File, etc.
 
Personal Data, however, does not include business contact information that does not identify an individual personally. These would include items such as company name and address, registration number, company telephone number, or a business email address such asinfo@company.co.th. Personal Data also does not include anonymous data or pseudonymous data, or that of deceased persons.
 
2.2. “Sensitive Data” is defined as Personal Data pertaining to racial or ethnic origin, genetic and biometric data, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union association, or any other data which would affect the Data Subject in such manner defined by the Personal Data Protection Committee. The Company shall process such data with special care and attention. The Company will collect, use and/or disclose sensitive Personal Data only after having received your explicit consent, or in cases where it is required by law.
 
When there is no specific mention of “Personal Data” or “Sensitive Data”, it shall be collectively referred to as “Personal Data”.
 
In the cases that the Company obtained information your ID Card copies or accessed your information from the identification card through an electronic means for the purpose of authentication to establish legal obligation and/or any transactions with the Company. The collected data will also include religious data, which is Sensitive Data. The Company shall determine how to manage such Sensitive Data in accordance with applicable Company guidelines and as permitted by law.

The Company collected your Personal Data as necessary according to the purposes of using the data that the Company will inform in the next part.
 
(1). In this regard, the Company has classified the types of Personal Data collected by the company as shown below Type of Data- Personal Data Types of Data that the Company Collects, Uses and/or Discloses- Title, First name, Middle name, Last name, ID Card number / Passport number, Date of birth, Customer taste, Gender, Emergency contacts, Health information, Vaccination information, Occupation, AIA insurance status, Payment details, Photograph, Signature.
Type of Data- Sensitive Data Types of Data that the Company Collects, Uses and/or Discloses
1).  Physical Examination Records: Heart disease information: history and current condition, Chest pain or tightness condition, Prescription history of Heart disease, Blood pressure or Diuretics, Bone and joint issues, Balance and dizziness issues, other diseases that affect exercise, such as gout,
2).  Collecting data from Boditrax: pH Impedance, Fat-free mass, Muscle rate, Fat rate, Bone rate, BMR rate, Age, BMI rate, Weight, Height.
3).  Other health data Type of Data- Contact Information Types of Data that the Company Collects, Uses and/or Discloses– Current address, Phone number, Mobile phone number, E-mail address. Type of Data- Educational Information and work experience Types of Data that the Company Collects, Uses and/or Discloses– Occupation, Company Name. Type of Data- Financial Information Types of Data that the Company Collects, Uses and/or Discloses- Bank account number, Credit card number, Payment or debt settlement records, The Company's services and products usage, Purchase and sales history and balance, Payment and transaction history. Type of Data- Visual and audio information Types of Data that the Company Collects, Uses and/or Discloses- CCTV footage, Communication record via online or other channels. Type of Data- Usage information Types of Data that the Company Collects, Uses and/or Discloses- usage Information of the Company’s website or platform, Use of the Company's products and services, Cookies data, other data collected through the Company's platforms
(2). Sensitive Data refers to that is purely personal but sensitive and may cause risk of discrimination, such as racial, ethnic origin, political opinions, cult, religious of philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union data, genetic data, biometric data or any other data which affects the data subject in such manner as prescribed and announced by the Personal Data Protection Committee.
The Company has explicitly requested your consent prior the collection of such personal data unless there is a legal basis to collect such information without obtaining consent, details appear in the consent form.
(3) Personal Data of minor. The minimum requirement for determining the age of users of the Company is 15 years and above, which is a minor who is a person under 20 years of age. In this regard, the collection of personal data of the minor, the Company has requested consent from the holder of parental responsibility over the minor before taking any action regarding the collection, use and/or disclosure of personal data, details appear in the consent form from the holder of parental responsibility.
The minimum age requirement for Company users is 15 years old. Under these criteria, the user is minor who is a person under 20 years of age. Regarding the collection of Personal Data of a minor, the Company shall request consent from the responsible parent before taking any action. This action includes the collection, use and/or disclosure of Personal Data. Details are specified in the parental consent form