Privacy policy

Last updated: January 29, 2026

Personal Data Protection Policy (Privacy Policy)

Primo World Company Limited and Spot On Laboratories Company Limited

Primo World Company Limited and Spot On Laboratories Company Limited (collectively, the “Company”) place great importance on the protection of personal data. Accordingly, the Company has established this Personal Data Protection Policy (“Policy”) in order to inform you of the Company’s policies regarding the collection, use, and disclosure of personal data, as well as your rights under applicable laws.

This Policy shall apply to the following individuals:

  1. Natural persons who are customers of the Company, such as those who use or have used the Company’s products or services, those who have made inquiries, or those who have received information or offers relating to the Company’s products or services.

  2. Natural persons involved in the Company’s business operations, such as business partners, contacts, shareholders, directors, and employees.

  3. Natural persons associated with juristic persons who are customers of, or involved in business operations with, the Company, such as shareholders, directors, employees, or authorized representatives of such juristic persons.

 


1. Channels for the Collection of Personal Data

The Company may collect personal data through the following channels:

  1. Personal data directly provided to the Company, provided through the Company, or otherwise obtained by the Company in connection with the use of products and/or services, communications, visits, participation in activities, searches, or interactions through the Company’s service channels and/or communication channels, such as offices, websites, applications, the Company’s social media accounts, email, telephone, postal mail, short message service (SMS), questionnaires, business cards, meetings, trainings, seminars, events, marketing activities, in-person meetings, or other channels.

  2. Personal data obtained or accessed by the Company from other sources, such as affiliated companies within the Company’s business group, business partners and their service providers, co-branded product and/or service partners, customer data service providers, individuals or juristic persons related to the Company’s business operations, social media platforms, third-party online platforms, public sources, government authorities, or other persons or entities with whom the Company interacts.

 


2. Types of Personal Data Collected

The Company may collect, use, or disclose the following categories of personal data:

  1. Personal identification data, such as name, surname, gender, date of birth, age, marital status, number of family members, nationality, signature, and information appearing on government-issued documents (e.g., copies of national identification cards, household registration documents, name change certificates, or similar identification and verification documents).

  2. Contact information, such as registered address, current residence address, telephone number, mobile phone number, email address, and names or account details used for electronic communications or social media.

  3. Education and employment information, such as educational background, occupation, and professional field.

  4. Transaction-related documents, such as company registration certificates, commercial registration documents, and powers of attorney.

  5. Financial information, such as bank account numbers and income information.

  6. Technical and device information, such as IP address or MAC address, cookies (Cookies ID), logs, time zone, and location data.

  7. Other information, such as records of communications, complaint details, requests for the exercise of rights, survey and evaluation results, event registration information, audio recordings, photographs, video recordings, or still or moving images captured by closed-circuit television (CCTV).

The Company does not intend to collect, use, or disclose sensitive personal data, as defined by law, unless explicit consent has been obtained from you or where permitted or required by law, on a case-by-case basis.

The Company does not intend to collect, use, or disclose personal data of minors, incompetent persons, or quasi-incompetent persons unless consent has been obtained from a legal guardian, custodian, or curator, or where such minors may provide consent on their own as permitted by law, and/or where processing is carried out under other lawful bases.

 


3. Purposes of Personal Data Processing

The Company shall collect, use, or disclose personal data for the purposes of performing contractual obligations, complying with legal obligations, pursuing legitimate interests, obtaining consent, or processing under other lawful bases, for the following purposes:

  1. To create and manage user accounts

  2. To deliver products or services

  3. To improve products, services, or user experience

  4. To manage internal operations of the Company

  5. For marketing and promotional activities

  6. For after-sales services

  7. To collect feedback

  8. To process payments for products or services

  9. To comply with terms and conditions

  10. To ensure security

  11. To comply with applicable laws and regulations

 


4. Disclosure of Personal Data

The Company may disclose personal data with your consent or as permitted by law to the following recipients:

  1. Companies within the Company’s business group

  2. The Company’s service providers, such as telecommunications and SMS service providers, cloud computing service providers, marketing service providers, social media service providers, payment service providers, printing service providers, and document or parcel delivery service providers

  3. Business partners of the Company

  4. Professional advisors or auditors, such as auditors, external examiners, and legal advisors

  5. Transferees or potential transferees of the Company’s rights

  6. Persons or entities as required by law, such as government authorities

 


5. Transfer of Personal Data to Foreign Countries

The Company may transfer personal data to persons or organizations located in foreign countries, such as storing personal data on cloud platforms or servers located abroad. The Company shall implement appropriate measures to ensure that the destination country provides an adequate level of personal data protection as required by law.

 


6. Use of Cookies or Similar Technologies

The Company may collect and use cookies or similar technologies when you use the Company’s website or applications in order to improve performance and enhance user experience in accordance with your needs and usage.

 


7. Retention Period of Personal Data

The Company shall retain your personal data for as long as a relationship exists with the Company or for such period as necessary to fulfill the purposes set out in this Policy. Thereafter, the Company shall delete, destroy, or anonymize personal data when it is no longer necessary or upon expiration of the applicable retention period.

 


8. Personal Data Security Measures

The Company shall maintain appropriate security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized access, use, alteration, modification, or disclosure of personal data. Such measures include administrative, technical, and physical safeguards, particularly access control measures.

 


9. Rights of Data Subjects

Under personal data protection laws, data subjects have the following rights:

  1. The right to withdraw consent

  2. The right to access personal data and request copies thereof, including disclosure of the source of such data

  3. The right to data portability

  4. The right to object to the collection, use, or disclosure of personal data

  5. The right to request deletion, destruction, or anonymization of personal data

  6. The right to request restriction of processing

  7. The right to request rectification of personal data to ensure accuracy, completeness, and up-to-date information

  8. The right to lodge a complaint with the competent authority

 


10. Amendments to the Personal Data Protection Policy

The Company may revise this Policy from time to time. Any amendments shall be published on the Company’s website.

 


11. Contact Details of the Data Protection Officer

For inquiries regarding this Policy or the exercise of your rights, please contact:

Data Protection Officer
Primo World Company Limited
34, 2nd Floor, Soi Pipat, Silom Road,
Silom, Bangrak, Bangkok 10500, Thailand
Email: dpo.office@primo.mobi




Personal Data Protection Policy (Privacy Policy)

For Job Applicants and Personnel of
Primo World Company Limited and Spot On Laboratories Company Limited

Primo World Company Limited and Spot On Laboratories Company Limited (collectively, the “Company”) recognize the importance of personal data protection. Accordingly, the Company has established this Personal Data Protection Policy (“Policy”) to inform you of the Company’s policies regarding the collection, use, and disclosure of personal data, as well as your rights under applicable laws.

This Policy applies to the following individuals:

  1. Job applicants and personnel of the Company, including job applicants, employees, workers, interns, directors, consultants, and instructors.

  2. Individuals related to job applicants and personnel of the Company, such as family members, beneficiaries of employee benefits, and emergency contacts, who have been informed of the purposes and details of the collection, use, or disclosure of their personal data, as well as their rights under applicable laws. The Company collects, uses, or discloses such personal data in order to achieve the purposes of recruitment, internship, or employment.

 


1. Types of Personal Data Collected

The Company may collect, use, or disclose the following personal data:

  1. Personal identification data, such as name, surname, nickname, photograph, gender, date of birth, age, marital status, number of family members, nationality, signature, and information appearing on government-issued documents (e.g., copies of national identification cards, household registration documents, name change certificates, or similar identification and verification documents).

  2. Contact information, such as registered address, current residence address, telephone number, mobile phone number, email address, and names or account details used for electronic communications or social media.

  3. Education and employment information, such as educational history, academic qualifications, academic results, educational institutions, curriculum vitae (CV), language proficiency, computer skills, employment history, length of service, skills and competencies, test results, training and learning history, certificates, training results, evaluation results, and professional licenses.

  4. Financial information, such as bank account numbers, income information, group insurance information, employee benefits usage information, and tax information.

  5. Technical and device information, such as IP address or MAC address, cookies (Cookies ID), logs, time zone, and location data.

  6. Personal data of related persons, such as names, surnames, and telephone numbers of family members, beneficiaries, or emergency contacts. By providing such third-party personal data, you represent and warrant that you have the authority to do so and authorize the Company to use such personal data in accordance with this Policy. You are also responsible for informing such individuals of this Policy and/or obtaining their consent.

  7. Other information, such as information provided by you to the Company, records of communications, survey and evaluation results, event registration information, audio recordings, photographs, video recordings, or still or moving images captured by closed-circuit television (CCTV).

The Company may collect sensitive personal data with your explicit consent, unless otherwise permitted by law, including:

  1. Religious information, for human resource management purposes, such as religious leave, religious-compliant benefits, and organizing religious activities.

  2. Health and disability information, for human resource management purposes, such as sick leave, benefit utilization, and compliance with applicable laws (e.g., labor laws).

  3. Criminal record information, for human resource management purposes, such as recruitment consideration, qualification verification, and assignment of appropriate roles and responsibilities.

  4. Biometric data, such as fingerprint data, for security purposes, including access control to the Company’s premises.

The Company does not intend to collect, use, or disclose personal data of minors, incompetent persons, or quasi-incompetent persons unless consent has been obtained from a legal guardian, custodian, or curator, or where permitted by law under other lawful bases.

 


2. Purposes of Personal Data Processing

The Company shall collect, use, or disclose personal data for the performance of contractual obligations, compliance with legal obligations, legitimate interests, consent, or other lawful bases, for the following purposes:

  1. To carry out recruitment and employment processes

  2. To manage human resources

  3. To process salaries, wages, and other compensation

  4. To organize Company activities

  5. To ensure security, such as access control to Company premises and intrusion prevention

  6. To comply with applicable laws, including labor, tax, and other relevant laws and regulations

 


3. Disclosure of Personal Data

The Company may disclose personal data with your consent or as permitted by law to the following recipients:

  1. Companies within the Company’s business group

  2. The Company’s service providers, such as employee benefit service providers, internal system service providers, payment service providers, printing service providers, and document or parcel delivery service providers

  3. Business partners of the Company

  4. Professional advisors or auditors, such as auditors, external examiners, and legal advisors

  5. Transferees or potential transferees of the Company’s rights

  6. Persons or entities as required by law, such as government authorities

 


4. Transfer of Personal Data to Foreign Countries

The Company may transfer personal data to persons or organizations located in foreign countries, such as storing personal data on cloud platforms or servers located abroad. The Company shall implement appropriate safeguards to ensure that the destination country provides an adequate level of personal data protection as required by law.

 


5. Retention Period of Personal Data

The Company shall retain personal data for as long as a relationship exists with the Company or for such period as necessary to fulfill the purposes set out in this Policy. The Company shall delete, destroy, or anonymize personal data when it is no longer necessary or upon expiration of the applicable retention period.

 


6. Personal Data Security Measures

The Company shall implement appropriate security measures in accordance with the principles of confidentiality, integrity, and availability to prevent loss, unauthorized access, use, alteration, modification, or disclosure of personal data. Such measures include administrative, technical, and physical safeguards, particularly access control measures.

 


7. Rights of Data Subjects

Under personal data protection laws, data subjects have the following rights:

  1. The right to withdraw consent

  2. The right to access personal data and request copies thereof, including disclosure of the source of such data

  3. The right to data portability

  4. The right to object to the collection, use, or disclosure of personal data

  5. The right to request deletion, destruction, or anonymization of personal data

  6. The right to request restriction of processing

  7. The right to request rectification of personal data

  8. The right to lodge a complaint with the competent authority

 


8. Amendments to the Personal Data Protection Policy

The Company may revise this Policy from time to time. Any amendments shall be published on the Company’s website.

 


9. Contact Details of the Data Protection Officer

For inquiries regarding this Policy or the exercise of your rights, please contact:

Data Protection Officer
Primo World Company Limited
34, 2nd Floor, Soi Pipat, Silom Road,
Silom, Bangrak, Bangkok 10500, Thailand
Email: dpo.office@primo.mobi