Privacy Policy

ALL SEASONS STUDIO STORE

Privacy Policy (PDPA & GDPR Compliant)

All Seasons Studio (“we,” “us,” or “the Company”) operates this website as an online platform for the sale of bags, leather goods, and related products. We are committed to protecting your personal data and respecting your privacy in accordance with the Personal Data Protection Act B.E. 2562 (PDPA) of Thailand and the General Data Protection Regulation (GDPR) of the European Union.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data, as well as your rights as a data subject.

1. Personal Data We Collect

When you place an order, register as a member, or interact with our website, we may collect the following personal data:

  • Full name

  • Shipping and billing address

  • Email address

  • Telephone number

  • Payment-related information (processed via secure third-party payment providers)

  • Account login information

  • Technical data such as IP address, browser type, and cookies

We collect only the personal data that is necessary for the purposes described in this policy.

2. Purposes and Legal Basis for Processing

We collect and process your personal data for the following purposes:

  • To process and fulfill orders, including payment, delivery, and customer support

  • To create and manage user accounts

  • To communicate with you regarding orders, services, and inquiries

  • To send marketing communications, promotions, and product updates only with your consent

  • To improve our website, products, and services

  • To comply with legal obligations

Under PDPA and GDPR, we process your personal data based on one or more of the following legal bases:

  • Performance of a contract

  • Compliance with legal obligations

  • Legitimate interests (without overriding your fundamental rights)

  • Your consent (where required)

3. Disclosure of Personal Data

We may disclose your personal data to the following parties only as necessary:

  • Shipping and logistics service providers

  • Payment service providers

  • IT service providers and website hosting partners

  • Legal or regulatory authorities when required by law

All third parties are required to process your personal data in accordance with applicable data protection laws and to maintain appropriate security measures.

4. Data Security and Protection

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Payment transactions, including credit card information, are processed using industry-standard encrypted technologies through secure and certified payment gateways. We do not store your full credit card details on our servers.

Access to personal data is strictly limited to authorized personnel who require such access for legitimate business purposes.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by applicable laws and regulations.
When personal data is no longer necessary, it will be securely deleted or anonymized.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Enable website functionality

  • Improve user experience

  • Analyze website usage and performance

You may manage or disable cookies through your browser settings. Please note that disabling cookies may affect certain features of the website.

7. Your Rights as a Data Subject

In accordance with PDPA and GDPR, you have the following rights:

  • Right to access your personal data

  • Right to rectification of inaccurate or incomplete data

  • Right to erasure (“right to be forgotten”), subject to legal limitations

  • Right to restriction of processing

  • Right to data portability

  • Right to object to the processing of your personal data

  • Right to withdraw consent at any time (without affecting prior lawful processing)

You may exercise these rights by contacting us at the email address provided below.

8. Account and Password Security

You are responsible for maintaining the confidentiality of your account credentials.
We will never request your password via email or other communication channels.

If you forget your password, you may reset it through the secure password recovery process using your registered email address.

9. International Data Transfers

If your personal data is transferred outside Thailand or the European Economic Area (EEA), we will ensure that appropriate safeguards are in place in accordance with PDPA and GDPR, such as standard contractual clauses or equivalent legal mechanisms.

10. Limitation of Liability

To the extent permitted by applicable law, the Company shall not be liable for any loss or damage arising from unauthorized access or use of personal data, except where such loss or damage is caused by the Company’s negligence or failure to comply with applicable data protection laws.

11. Changes to This Privacy Policy

We reserve the right to update or amend this Privacy Policy at any time. Any changes will be published on this website and will become effective immediately upon posting.

By using our website or purchasing products or services, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

12. Contact Information

If you have any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data, please contact us at:

Email: info@allseasonstudio.com