Section 1: Introduction and Scope
THE EMLIVE CO., LTD. (“the Company”, “we”, “us”, or “our”), as the operator of the UOB LIVE entertainment venue, recognizes the importance of protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
1.1 Scope of Application
This Policy applies to individuals who interact with the Company, including customers, event attendees, campaign participants, and other related parties. We may collect personal data through offline channels (such as venue visits, CCTV, ticket purchases, and customer service interactions) and online channels (such as websites, applications, social media, and campaign forms). The Company acts as a Data Controller, except where personal data is disclosed to third parties acting as independent Data Controllers as specified in this Policy.
1.2 Terms and Conditions
This Policy should be read together with any applicable terms and conditions relating to specific services or campaign, which may include additional details on data processing.
1.3 Third-Party Platforms
This Policy applies only to the Company. If you access third-party platforms, their privacy policies will apply separately.
1.4 Policy Updates
The Company may update this Policy from time to time. Material changes will be communicated through appropriate channels before taking effect.
Section 2: Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings set out below:
2.1 “Personal Data” means any information relating to an identified or identifiable natural person, whether directly or indirectly, but excluding information of deceased persons.
2.2 “Sensitive Personal Data” means personal data classified as sensitive under applicable law, including but not limited to data relating to race, religion, health, disability, criminal records, biometric data, or any other data which may affect the data subject in a similar manner.
2.3 “Processing” means any operation or set of operations performed upon personal data, whether by automated means or not, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, transfer, dissemination, alignment, restriction, erasure, or destruction.
2.4 “Company” or “Data Controller” means THE EMLIVE CO., LTD., which has the authority to determine the purposes and means of processing personal data.
2.5 “Data Subject” or “you” means a natural person whose personal data is collected, used, or disclosed by the Company, including but not limited to customers, website users, campaign participants, event attendees, and any individuals entering areas managed by the Company.
2.6 “Business Partners and Sponsors” means individuals, legal entities, or organizations that collaborate with the Company in organizing events, campaigns, or promotional activities, including but not limited to promoters, ticketing partners, and other business partners.
In the case where the Company discloses personal data to UOB Bank Public Company Limited (“UOB Bank”) based on your consent for UOB Bank’s own purposes, such as offering financial products and services, direct marketing, or customer analytics, UOB Bank shall act as an independent Data Controller. UOB Bank shall independently determine the purposes and means of processing such personal data, and such processing shall be governed by UOB Bank’s own privacy policy. The Company shall have no control over such processing after the disclosure.
2.7 “Service Providers” or “Data Processors” means third parties who process personal data on behalf of the Company or under the Company’s instructions, such as cloud service providers, IT system providers, communication service providers, and security service providers.
2.8 “Platforms” means all service and communication channels operated by the Company, including websites, mobile applications, landing pages, and social media platforms under the Company’s control.
Section 3: Personal Data We Collect
The Company may collect or receive your personal data both directly and indirectly, depending on your interactions with us, the services or platforms you use, and the campaigns in which you participate. The categories of personal data we may collect include the following:
3.1 Personal Details
Such as title, name, surname, nickname, gender, age, date of birth, nationality, photographs, and information contained in government-issued identification documents (e.g., national ID card number, passport number, or driver’s license number), which may be required for identity verification in connection with participation in activities or receipt of benefits or prizes. The Company does not intend to collect Sensitive Personal Data appearing on such documents (e.g., religion or blood type). We request that you redact such information prior to submission. If such information is provided, the Company reserves the right to redact such data and shall not be deemed to have collected such Sensitive Personal Data.
3.2 Contact Details
Such as mailing address, email address, telephone number, and social media account information (e.g., LINE ID, Facebook, Instagram, Google ID, or other accounts used to interact with the Company).
3.3 Transaction and Campaign Data
Such as ticket purchase information (if applicable), participation history, service usage history, survey responses, feedback, campaign entries, submitted content (e.g., contest answers), rewards received, and other data generated through your interaction with our services or platforms.
3.4 Technical and Usage Data
When you access our platforms, we may collect technical data such as IP address, cookies, browser type and version, browsing behavior, clickstream data, device identifiers, and log files for the purpose of improving user experience and system performance.
3.5 Security Data
Such as images, video recordings, audio recordings, and CCTV footage captured within UOB LIVE premises or related areas, as well as access registration data for security and safety purposes. This includes the temporary holding of physical identification documents (e.g., National ID cards) in exchange for visitor/contractor badges in accordance with venue security measures. The Company will return the documents upon your departure and will not make any copies of such documents.
3.6 Marketing and Communication Data
Such as your preferences in receiving marketing communications, promotions, benefits, or offers from the Company and/or business partners, including your preferred communication channels.
3.7 Sensitive Personal Data
The Company does not generally collect Sensitive Personal Data unless it is necessary and lawful to do so. In such cases, the Company will obtain your explicit consent or rely on other lawful bases as permitted by applicable law (e.g., health-related information for accessibility arrangements).
3.8 Data of Minors and Incompetent Persons
Where the Company becomes aware that personal data belongs to a minor, incompetent person, or quasi-incompetent person, the Company will only process such data upon obtaining consent from a parent, guardian, or legal representative, unless otherwise permitted by law. If we become aware that such data has been collected without proper consent, we will take steps to delete such data promptly.
Section 4: Purposes of Processing and Legal Bases
The Company collects, uses, and discloses your personal data for the purposes set out below, based on the applicable legal bases under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
4.1 Processing Based on Consent
In certain cases, the Company will request your explicit consent prior to processing your personal data, including the following purposes:
(a) Disclosure of Personal Data to UOB Bank
The Company may disclose your personal data to UOB Bank Public Company Limited (“UOB Bank”) for the purposes of offering financial products and services, conducting direct marketing, and performing customer analysis and profiling. Such disclosure will only take place where you have provided your explicit consent. Upon receipt of your personal data, UOB Bank shall act as an independent Data Controller, having full authority to determine the purposes and means of processing such data in accordance with its own privacy policy. The Company shall have no control over the processing activities of UOB Bank after such disclosure.
(b) Marketing and Promotional Communications by the Company
The Company may use your personal data to send you news, promotional offers, special privileges, or marketing communications relating to events, activities, or services of the Company via channels such as SMS, email, telephone, or other electronic means.
(c) Processing of Sensitive Personal Data
In cases where the Company needs to process Sensitive Personal Data, the Company will obtain your explicit consent unless otherwise permitted by law. You may withdraw your consent at any time. However, such withdrawal shall not affect the lawfulness of any processing carried out prior to the withdrawal of consent.
4.2 Processing Based on Other Legal Bases
The Company may process your personal data without consent where permitted by law, including the following legal bases:
(a) Contractual Necessity
For the performance of a contract with you or to take steps prior to entering into a contract, such as participation in campaigns, ticketing services, or fulfillment of rewards and benefits.
(b) Legitimate Interest
For the legitimate interests of the Company or third parties, provided that such interests do not override your fundamental rights, including fraud prevention, security monitoring (e.g., CCTV), service improvement, internal analytics, and operational management.
(c) Legal Obligation
For compliance with applicable laws and regulations, including tax, accounting, and regulatory requirements.
(d) Vital Interest
For the prevention or suppression of danger to life, body, or health of any individual.
4.3 Consequences of Non-Provision of Personal Data
Where personal data is required under a contractual basis, failure to provide such data may result in the inability of the Company to provide services, allow participation in activities, or deliver benefits to you. Where personal data is processed based on your consent (e.g., for disclosure to UOB Bank or for marketing purposes), you may refuse to provide or withdraw your consent at any time. Such refusal or withdrawal will not affect your ability to participate in activities or receive services from the Company; however, you may not receive marketing communications or offers from the Company or UOB Bank.
Section 5: Disclosure of Personal Data
The Company may disclose your personal data to third parties only to the extent necessary for the purposes described in this Privacy Policy and in accordance with applicable law. Such disclosure will be carried out under appropriate safeguards to ensure the protection of your personal data.
5.1 Disclosure to UOB Bank
The Company may disclose your personal data to UOB Bank Public Company Limited (“UOB Bank”) for the purposes of offering financial products and services, conducting direct marketing, and performing customer analysis and profiling. Such disclosure will only take place where you have provided your explicit consent. Upon receipt of your personal data, UOB Bank shall act as an independent Data Controller and shall independently determine the purposes and means of processing such personal data in accordance with its own privacy policy. The Company shall have no control over the processing activities of UOB Bank after such disclosure.
5.2 Disclosure to Business Partners and Sponsors
The Company may disclose your personal data to business partners, promoters, ticketing partners, or other entities involved in organizing events or campaigns, where necessary for the performance of services or activities in which you participate. Such parties may act as either Data Controllers or Data Processors depending on the nature of their role.
5.3 Disclosure to Service Providers (Data Processors)
The Company may disclose your personal data to service providers who process personal data on behalf of the Company under the Company’s instructions, such as cloud service providers, IT system providers, payment processors, communication service providers (e.g., SMS or email distribution), and security service providers. Such service providers will only process personal data in accordance with the Company’s instructions and are subject to appropriate contractual obligations to protect personal data.
5.4 Disclosure to Government Authorities or Regulators
The Company may disclose your personal data to competent authorities, regulatory bodies, or government agencies where required by law, court order, or legal process.
5.5 Disclosure to Professional Advisors
The Company may disclose your personal data to professional advisors such as legal advisors, auditors, or consultants where necessary for business operations, legal compliance, or dispute resolution.
5.6 Disclosure in Connection with Business Transfers
In the event of a merger, acquisition, restructuring, or transfer of business, the Company may disclose or transfer your personal data to the relevant parties, provided that appropriate safeguards are implemented to protect your personal data.
Section 6: Cross-Border Transfer of Personal Data
The Company may transfer or disclose your personal data to recipients located in foreign jurisdictions where necessary for the purposes described in this Privacy Policy, including the use of cloud-based services, IT infrastructure, or international service providers.
In such cases, the Company will ensure that the destination country or international organization has an adequate level of data protection as required under applicable law, or that appropriate safeguards are implemented to protect your personal data, in accordance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
Such safeguards may include, but are not limited to, contractual arrangements incorporating standard contractual clauses, binding corporate rules, or other legally recognized mechanisms to ensure that your personal data is adequately protected. Where required by law, the Company will obtain your consent prior to transferring your personal data to a foreign country that does not have adequate data protection standards.
In all cases, the Company will take reasonable steps to ensure that any recipient of your personal data in a foreign jurisdiction provides appropriate safeguards and processes such data in a manner consistent with this Privacy Policy and applicable laws.
Section 7: Data Retention
The Company will retain your personal data only for as long as necessary to fulfill the purposes for which such data was collected, as described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. In determining the appropriate retention period, the Company takes into account the nature of the personal data, the purposes of processing, the necessity for business operations, and applicable legal or regulatory requirements. The Company may retain personal data for the following indicative periods:
• Customer and transaction data: retained for up to 10 years from the date of last interaction, in accordance with applicable legal and regulatory requirements.
• CCTV and security data: retained for a period of approximately 30 to 90 days, unless required for investigation or legal proceedings.
• Marketing and consent records: retained for as long as consent remains valid or until withdrawal of consent, and for a reasonable period thereafter for evidentiary purposes.
Where personal data is no longer necessary for the purposes for which it was collected, the Company will take reasonable steps to delete, destroy, or anonymize such data in accordance with applicable laws and internal data retention policies.
Section 8: Data Security Measures
The Company has implemented appropriate security measures to protect your personal data against unauthorized or unlawful access, use, disclosure, alteration, or destruction, in accordance with applicable laws and industry standards. Such security measures include administrative, technical, and physical safeguards, as outlined below:
Administrative Measures
The Company has established internal policies, procedures, and controls governing the collection, use, and disclosure of personal data. Access to personal data is restricted to authorized personnel on a need-to-know basis. The Company also provides training and awareness programs to ensure that personnel understand their responsibilities in handling personal data.
Technical Measures
The Company implements appropriate technical safeguards, including access control systems, user authentication, encryption where appropriate, firewalls, and monitoring systems to prevent unauthorized access or data breaches. The Company also maintains system logs and conducts regular reviews to enhance system security.
Physical Measures
The Company has implemented physical security controls to protect areas where personal data is stored or processed, including restricted access to facilities, secure storage of documents, and surveillance systems such as CCTV within relevant premises. The Company regularly reviews and updates its security measures to ensure that they remain appropriate in light of technological developments, operational changes, and evolving security risks.
Section 9: Rights of Data Subjects
Under the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), you have the following rights in relation to your personal data:
9.1 Right of Access
You have the right to request access to your personal data and to obtain a copy of such data held by the Company.
9.2 Right to Rectification
You have the right to request that the Company correct or update your personal data if it is inaccurate, incomplete, or misleading.
9.3 Right to Data Portability
Where applicable, you have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit such data to another data controller.
9.4 Right to Object
You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
9.5 Right to Erasure
You have the right to request that the Company delete, destroy, or anonymize your personal data where there is no legal basis for continued processing.
9.6 Right to Restrict Processing
You have the right to request that the Company restrict the processing of your personal data in certain circumstances.
9.7 Right to Withdraw Consent
Where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time. Such withdrawal shall not affect the lawfulness of processing carried out prior to the withdrawal.
9.8 Right to Lodge a Complaint
You have the right to lodge a complaint with the competent supervisory authority if you believe that the Company’s processing of your personal data is unlawful. The Company will consider and respond to your request within a reasonable period, typically within 30 days, unless otherwise required or permitted by law. The Company reserves the right to refuse or limit your request where permitted by applicable law.
Section 10: Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, you may contact the Company through the following channels:
THE EMLIVE CO., LTD.
628 Emsphere Building, 6M Floor, Sukhumvit Road, Khlong Tan,
Khlong Toei, Bangkok 10110, Thailand
Telephone: +66 2-367-0188
Email: cs@uoblive.asia
Data Protection Officer (DPO)
Email: dpo@uoblive.asia
In addition, you may contact the Personal Data Protection Committee (PDPC), Thailand, if you wish to lodge a complaint:
Office of the Personal Data Protection Committee (PDPC)
Email: pdpc@mdes.go.th
Website: https://www.pdpc.go.th
