Privacy Notice

SB Design Square Co., Ltd. (“Company”) places great importance on the protection of personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019). This Privacy Notice is issued to inform you, as a data subject, of the details regarding the collection, use, and disclosure of your personal data.

This Notice applies to natural persons who interact with the Company’s products or services, including prospective customers, current and former customers, and individuals acting on behalf of legal entities (e.g., directors, consultants, executives, employees, agents, coordinators), as well as service users, campaign participants, and legal representatives. Collectively referred to as “you”, “customer(s)”, or “data subject(s)”.

1. Purposes for Collection, Use, and Disclosure of Personal Data

The Company processes your personal data based on legal bases such as consent, contractual necessity, legal obligations, legitimate interest, legal claims, public interest in medical or social protection, and other grounds permitted by the PDPA. The purposes include:

 • To process your request before entering into a contract (e.g., inquiries, service registration, qualification checks, identity verification)

 • To fulfill contractual obligations (e.g., payments, product/service delivery, after-sales service, issue resolution)

 • To manage customer relationships (e.g., handling complaints, improving services, service usage audits)

 • For internal management (e.g., customer data storage, analytics, IT system maintenance)

 • For marketing and advertising (e.g., promotions, marketing campaigns, product development, media management)

 • For legitimate business interests (e.g., business operations, security, crime prevention, risk management, legal claims)

 • To comply with legal obligations (e.g., tax laws, anti-money laundering, personal data protection laws, criminal law)

 • For other purposes (e.g., customer communication, safety protection of life, body, or health)

If you refuse to provide necessary data, the Company may be unable to fulfill its obligations or provide the requested service.

2. Personal Data Collected

The Company collects personal data directly (e.g., during service registration, communication, surveys, system usage) and from external sources (e.g., government agencies, commercial data sources, social media). The data includes:

 1. Basic information: name, surname, gender, date of birth, photo, signature, ID card, house registration, passport.

 2. Contact information: current address, email, phone number, LINE ID.

 3. Financial information: bank account details, financial transactions.

 4. Sensitive data: criminal record, biometric data, religion.

 5. Third-party data: contact persons, coordinators.

 6. Other data: cookie data, usage behavior, technology data, participation in activities.

If a copy of your ID card is required (which may contain sensitive data like religion or blood type), the Company does not intend to collect such sensitive data unless legally permitted and will handle it in accordance with applicable guidelines.

If you provide third-party data (e.g., contact persons), you must notify such third parties of this Privacy Notice and, where necessary, obtain their consent unless otherwise exempted by law.

3. Disclosure of Personal Data

Your personal data may be disclosed to:

 • Government agencies: such as the Revenue Department, Consumer Protection Board, Department of Business Development, Ministry of Commerce, Anti-Money Laundering Office, courts, or other legally authorized agencies.

 • External service providers: such as IT and software providers, logistics providers, data analysts, marketing service providers, business consultants, auditors, legal and strategic advisors.

 • Other third parties: such as affiliates, trade associations.

4. Cross-border Data Transfers

Where personal data is transferred outside Thailand, the Company will comply with the PDPA and implement appropriate safeguards to prevent unauthorized or unlawful use or disclosure of such data.

5. Data Retention

The Company retains your personal data for as long as necessary to fulfill the purposes stated in this Notice or as required or permitted by law (e.g., up to 10 years under the statute of limitations).

6. Data Protection Measures

The Company applies appropriate technical and organizational security measures to safeguard personal data and prevent unauthorized access or data breaches, in compliance with the PDPA.

7. Your Rights as a Data Subject

You have the following rights under the PDPA:

 1. Right to withdraw consent – You may withdraw your consent at any time. This may affect your ability to receive certain services or benefits.

 2. Right of access and copy – You may request access to your data or obtain a copy and request disclosure of the source of data.

 3. Right to data portability – You may request to receive your personal data in a machine-readable format and transmit it to another data controller.

 4. Right to object – You may object to data processing under certain legal bases such as direct marketing or scientific/historical/statistical research.

 5. Right to erasure – You may request that your data be deleted, destroyed, or anonymized.

 6. Right to restriction – You may request temporary suspension of processing in certain cases, such as during data correction or objection reviews.

 7. Right to rectification – You may request that your data be corrected if inaccurate, outdated, or misleading.

 8. Right to lodge a complaint – You may file a complaint with the expert committee under the PDPA if you believe your data is unlawfully processed.

The Company may reject a request if it must comply with the law or protect the rights/freedoms of others and will inform you of the reasons.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to understand how visitors use our website and to enhance functionality (e.g., saving language preferences, remembering login information, tracking purchase history).

You can manage cookie settings in your browser. Disabling cookies may affect website functionality.

9. Changes to This Privacy Notice

The Company may amend this Privacy Notice occasionally. Notification will be posted on the Company’s website for 30 days. Continued use of our services constitutes acceptance of such changes.

For significant changes, we may notify you via our website, branch announcements, or other channels.

10. Contact Information

Data Protection Officer

SB Design Square Co., Ltd.

126/150 Moo 1, Pak Kret Subdistrict, Pak Kret District,

Nonthaburi 11120, Thailand

Email: data_privacy@sb-furniture.com

11. Governing Law

This Privacy Notice is governed by the laws of Thailand, and the Thai courts have jurisdiction over any disputes.