Privacy policy

Rabbit Bytes Co., Ltd. ("we," "us," or the "Company") recognizes the importance of protecting personal data and sensitive personal data (collectively referred to as "Personal Data") and is committed to complying with relevant laws to maintain the security and privacy of you as a customer, website user, mobile application user, platform user, and recipient of our other services.

This Privacy Policy ("Privacy Policy") explains how we collect, use, disclose, and/or transfer your Personal Data, both online and offline, and describes your rights as a data subject.

1. Personal Data We Collect

We may collect Personal Data directly from you or from other sources (such as companies within the Rabbit’s Data Ecosystem, BTS Group companies, business partners, or other third parties). The Personal Data we collect depends on your relationship with us and the products or services you choose to use, including but not limited to the following information:

  • Personal Information: Such as title, first name, last name, gender, age, nationality, date of birth, marital status, occupation, job title, business type, information in government-issued documents (e.g., national ID card number, passport number, tax identification number, driver's license information), signature, photograph, audio recording, and closed-circuit television (CCTV) footage.

  • Contact Information: Such as address as per national ID card, shipping address, billing address, telephone number, mobile phone number, email address, social media account names (e.g., LINE ID, Facebook ID, Instagram ID), and other contact details.

  • Account and Membership Information: Such as user account details, username, password, purchase and service history, point accumulation and redemption history (e.g., Rabbit Rewards points), membership status, and membership type.

  • Financial and Transactional Information: Such as credit/debit card details, bank account number, payment history, transaction details (e.g., date, time, amount, purchase location), refund information, and other financial-related data.

  • Technical and Usage Information: Such as IP Address, browser type, operating system, website access information (Log Data), search history, Cookies, location data, and information regarding the use of our platform.

  • Interests and Preferences Information: Such as types of products you are interested in, purchasing behavior, opinions on products and services, and survey responses.

  • Sensitive Data: In some cases, we may collect sensitive data such as religion, blood type (as appearing on the national ID card), or biometric data (e.g., facial recognition data) for the purpose of identity verification (e.g., e-KYC) as permitted by law or with your consent.

2. Purposes for Collecting, Using, and/or Disclosing Personal Data

We process your Personal Data under appropriate legal bases (such as contractual basis, legal obligation basis, legitimate interest basis, or consent basis) for the following purposes:

2.1 Purposes Based on Consent

Where required by law to obtain consent, we will request your consent for:

  • Marketing and Communications: To inform you of news, promotions, special offers, and various benefits from us, our affiliates, or business partners.

  • Data Analytics: To study and analyze your behavior and interests to develop products and services that meet individual needs (Personalization).

  • Other Businesses: Such as digital marketing, finance, insurance, and loyalty programs.

  • Sensitive Data: For identity verification (e.g., e-KYC) or other specific purposes.

2.2 Purposes Based on Other Legal Grounds

  • To Sell and Provide Products and Services: To process orders, payments, shipping, returns, and after-sales services.

  • For Communication: To answer inquiries, provide technical assistance, and notify you of important service information.

  • To Manage Relationships: To manage member accounts, loyalty programs, and various complaints.

  • For Business Development: To improve the efficiency of the website, applications, and information technology systems.

  • To Comply with Legal Obligations: Such as issuing tax invoices, complying with anti-money laundering laws, and orders from government officials.

  • To Protect Legitimate Interests: For security maintenance, fraud investigation, and the exercise of legal claims.

  • For Business Transfer: In the event of a merger or organizational restructuring.

3. Persons to Whom We May Disclose or Transfer Personal Data

We may share your Personal Data with the following persons or entities:

  • Rabbit’s Data Ecosystem and BTS Group: For data analysis and the presentation of joint benefits.

  • External Service Providers: Such as logistics providers, payment service providers, cloud service providers, and marketing consultants.

  • Business Partners: Such as banks, insurance companies, and participating partner stores in promotional campaigns.

  • Social Networking Websites: Such as Facebook or Google, in the event you choose to use social media login systems.

  • Government Agencies and Professional Advisors: To comply with the law or to protect the Company's rights.

4. International Transfer of Personal Data

We may transfer your Personal Data to servers or recipients abroad. In doing so, we will ensure that the destination country has adequate data protection standards or provide appropriate protection measures as required by law.

5. Data Retention Period

We will retain your Personal Data for as long as necessary to achieve the stated purposes or for the period required by law (such as tax laws or statutes of limitations). Once such period has elapsed, we will proceed to delete or destroy the data.

6. Cookies

We use cookies and similar technologies to improve website efficiency and provide a better user experience. You can set your browser to refuse cookies, but this may affect the use of certain website functions.

7. Security Measures

We have provided appropriate security measures, both technical and administrative (such as data access control, encryption), to prevent the loss, unauthorized access, use, or disclosure of data.

8. Rights of the Data Subject

You have the following rights under personal data protection laws:

  • Right to access and request a copy of the data.

  • Right to request correction of data.

  • Right to receive or transfer data (Data Portability).

  • Right to object to data processing.

  • Right to request suspension of data use.

  • Right to withdraw consent.

  • Right to request deletion or destruction of data.

  • Right to lodge a complaint with relevant authorities.

9. Contact Details

If you have any questions or wish to exercise your legal rights, please contact:

Rabbit Bytes Co., Ltd.
Address: 18 The Unicorn Building, 10th Floor, Phaya Thai Road, Thung Phaya Thai Subdistrict, Ratchathewi District, Bangkok 10400
Email: DPO@fanslink.co.th
Telephone: 02-2368755


This policy is effective from June 1, 2022.