PRIVACY POLICY

(นโยบายความเป็นส่วนตัว)

Last Updated: May 15, 2026

1. OVERVIEW AND DEFINITIONS

The "Poems Dimension Back Stage" application (hereinafter referred to as the "Application") is an internal room reservation system operated by Poems Dimension under Charoensook Corporate Group Co., Ltd. (hereinafter referred to as "the Company" or "We"), which acts as the "Data Controller" pursuant to the Personal Data Protection Act B.E. 2562 (2019) (the "PDPA").

This Privacy Policy explains the types of personal data we collect, how we use it, your rights as a data subject, and our compliance with applicable Thai law.

2. PERSONAL DATA WE COLLECT

We collect the following categories of personal data:

2.1 Google Account Information

Full Name
Email Address
Line ID

Such information is obtained through Google Sign-In (OAuth 2.0) and is used solely for identity verification and allowlist authentication purposes.

2.2 Booking Information

Room reservations
Date and time
Performance type
Recurrence details

This data is submitted by you when creating a room reservation through the system.

2.3 Session Data

Encrypted cookies with a 5-day expiry period to maintain your login session across requests.

3. LEGAL BASIS AND PURPOSE OF DATA PROCESSING

We process your personal data under the following legal bases:

3.1 Contractual Necessity

(Section 24(1) of the PDPA)

To authenticate your identity and verify system access permissions
To create, display, and manage your room bookings
To enable administrators to manage room availability and schedules

3.2 Legitimate Interests

(Section 24(5) of the PDPA)

To improve system performance and usability
To maintain security and prevent unauthorized access

Critical Assurance: We will never sell, rent, or share your personal data with third parties for marketing or advertising purposes.

4. DATA STORAGE AND SECURITY

4.1 Storage Location

All data is stored in Google Firebase (Firestore), a cloud service operated by Google LLC, located in the United States of America.

4.2 Security Measures

Firebase Security Rules: Role-Based Access Control (RBAC) enforcement
Only you and authorized administrators can access your booking data
Encryption in Transit: HTTPS/TLS protocols
Encryption at Rest: Provided by Google Cloud infrastructure

4.3 International Data Transfers

As we utilize Google Firebase services with servers located in the United States, your personal data will be transferred to that jurisdiction. We conduct such transfers in compliance with Section 28 of the PDPA, and Google maintains security measures in accordance with international standards.

5. THIRD-PARTY SERVICE PROVIDERS

The Application utilizes the following third-party services:

5.1 Google Sign-In (OAuth 2.0)

Purpose: Authentication management

Privacy Policy: https://policies.google.com/privacy

5.2 Firebase / Google Cloud

Purpose: Database and session management

Privacy Policy: https://cloud.google.com/privacy

5.3 Vercel

Purpose: Application hosting and analytics (page views only, no personal identifiers)

Privacy Policy: https://vercel.com/legal/privacy-policy

6. DATA RETENTION PERIOD

We retain your personal data for the following periods:

Booking Records: Retained for operational purposes or until you request deletion
Account and Authentication Data: Retained for the duration of your service usage
Session Cookies: Automatically expire within 5 days

Should you request data deletion, you may contact an administrator at any time. We will process your request within 30 days of receipt.

7. YOUR RIGHTS UNDER THE PDPA

You have the following eight (8) statutory rights:

Right to Withdraw Consent — Where you have provided consent for data processing, you may withdraw it at any time
Right to Access — You may request access to and obtain copies of your personal data
Right to Rectification — You may request correction of inaccurate or incomplete data
Right to Erasure — You may request deletion or destruction of your personal data
Right to Restriction of Processing — You may request temporary suspension of data processing
Right to Data Portability — You may request to receive your data in a machine-readable format
Right to Object — You may object to the processing of your personal data
Right Related to Automated Decision-Making — You have the right not to be subject to decisions based solely on automated processing

How to Exercise Your Rights:

To exercise any of the above rights, please contact us at: rr@charoensook.com
We will process your request within 30 days of receipt, or provide reasons if we are unable to comply.

8. DATA BREACH NOTIFICATION

In the event of a personal data breach, we will:

Notify the Personal Data Protection Committee within 72 hours of becoming aware of the breach
Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms
Implement remedial measures and take steps to prevent recurrence

9. POLICY AMENDMENTS

We may update this Privacy Policy from time to time to reflect changes in law or business operations. Material changes will be communicated to you in advance via the Application or email. The date of the most recent update will be displayed at the top of this document.

10. DATA CONTROLLER INFORMATION

Legal Entity: Charoensook Corporate Group Co., Ltd.
Registered Address:
CHAROENSOOK CORPORATE GROUP CO., LTD.
No. 1213/496 Soi Ladprao 94 (Panjamit)
Phlabphla, Wangthonglang
Bangkok 10310, Thailand
Telephone: +66 (0) 2 115 1994
Email: rr@charoensook.com

11. CONTACT AND COMPLAINTS

For questions or concerns regarding this Privacy Policy, or to exercise any of your rights, please contact:
Email: rr@charoensook.com

Additionally, you have the right to lodge a complaint with the Personal Data Protection Committee if you believe we have processed your personal data unlawfully.

Personal Data Protection Committee Office:
Website: https://www.pdpc.or.th
Telephone: +66 (0) 2 142 1033
Email: pdpc@mdes.go.th

This document has been prepared in compliance with the Personal Data Protection Act B.E. 2562 (2019) and is governed by Thai law