Privacy Policy

Effective Date: //____

www.digalla.com (“the Site”) respects and protects the personal information of all users who use the Site’s services (“Users”).

The Site strictly complies with the Thailand Personal Data Protection Act (PDPA B.E.2562) and applicable laws, and commits to properly collecting, using, storing, and protecting Users’ personal information to safeguard data security and legal rights.

This Privacy Policy explains how the Site processes Users’ personal information. Please read and understand it carefully.

1. Scope of Information Collection

The Site collects only necessary information required for using services, completing transactions, and processing payments, without excessive collection:

• Personal identification: name, contact details (phone, email), Thai national ID (if required for verification), shipping address, etc.

• Payment information: bank card number (only last 4 digits collected; full card number encrypted and stored by payment partners), payment records, transaction amount, payment method, etc.

• Usage behavior: browsing history, order history, product favorites, login time, and device information (for security verification only).

• Other necessary information: supporting documents voluntarily provided by Users for transactions, refunds, returns, or dispute resolution (e.g., product photos, shipping documents).

2. Purposes of Information Use

Collected personal information is used only for the following lawful purposes. Without explicit User consent, it will not be used for other purposes:

• Complete transactions: order creation, product/service delivery, payment settlement, logistics, etc.

• After-sales support: refunds, returns, complaints, disputes, and technical support.

• Compliance review: cooperation with Thai regulators and payment partners for compliance checks and anti‑money laundering (AML) verification (suspicious transaction reports for transactions ≥ 500,000 THB).

• Security protection: prevention of fraud, account theft, and violations; account and payment security via KYC verification, OTP two‑factor authentication, etc.

• Service improvement: optimization of product display, payment flow, and service quality based on usage behavior (without disclosing personal identity).

3. Information Storage and Protection

• Storage: Personal information is stored using encryption technology. Personal data of Thai citizens is stored within Thailand to meet local data residency requirements.

• Retention period: Personal information is retained for at least 5 years from collection as required by Thai law. After expiration, it will be anonymized or permanently deleted.

• Protection measures: HTTPS encryption, access control, security audits, and other technical and administrative safeguards to prevent leakage, misuse, alteration, or loss.

Sensitive information such as full bank card passwords is not stored by the Site; payment‑related sensitive data is stored and processed by authorized payment partners.

4. Information Sharing and Disclosure

The Site will not intentionally disclose, sell, or rent Users’ personal information to third parties, except in the following cases:

• Sharing with payment partners (Omise, 2C2P, PayPal, TrueMoney, Airwallex): only necessary information for payment processing (e.g., transaction amount, payment method), who must comply with PDPA and relevant regulations.

• Sharing with logistics providers: only delivery address and contact information for shipping.

• Legal requirement: disclosure to Thai authorities (Bank of Thailand, Revenue Department) for compliance, tax reporting, or legal requests.

• User consent: explicit written or online consent from the User for sharing with designated third parties.

5. User Rights (PDPA)

Under PDPA, Users may exercise the following rights by submitting a request via the “Contact Us” page. The Site will respond within 30 business days:

• Right to access: inquire about collection, use, and storage of personal data.

• Right to rectification: request correction of inaccurate or incomplete information.

• Right to erasure: request deletion of information no longer required (without affecting transaction records or legally required retention).

• Right to withdraw consent: withdraw consent for collection and use (may affect部分 service availability).

6. Updates and Notices

This Privacy Policy may be revised to reflect legal updates or business changes.

Revised terms will be posted on the Site’s homepage and take effect 7 days after publication.

If Users do not agree to revised terms, they may stop using the Site. Continued use constitutes acceptance of the updated policy.