Go to content

Kia ID Privacy Policy

  1. Home>
  2. Kia ID Privacy Policy

 

Kia ID Privacy Policy

 

 

 

Integrated Privacy Protection Policy [ 2023/11/29 ~ present]
[dated 20 23 . 11 . 29.]

 

 

1. General Rules

Kia Sales (Thailand) Co., Ltd. (hereinafter referred to as the 'Company') has compiled and published this Privacy Protection Policy pursuant to the Personal Data Protection Act B.E. 2562 (2019) in order to enable related complaints to be dealt with quickly and smoothly.

 

 

2. Personal Data Types, Processing and Retention

1) We shall not use your personal data for any purposes other than those mentioned hereunder. If we collect and process different types of data, we shall take appropriate actions, such as by seeking prior consent to use such data for other purposes as required by law.

We operate by using an account for the provision of website and application services online and the collection of the data mentioned hereinafter at the time of application for membership:

 

table fix area
Division
Kia ID
Joining membership, use of member services, complaints and satisfaction survey
Marketing and advertising
Service improvement
Purposes of Collection and Use of Data Types of Personal Data Data Retention Period
Self-identification for creation of account 
[necessary personal data in general]
 
name, birthdate, mobile number, email address, sex, PIN and password
 
[necessary personal data required at time of creation of online account ]
 
- Line: Line ID, email address and phone number 
From the time of creation of a Kia ID until account is closed.
- joining membership, use of member services,
 
- Response to applications for access, revision, suspension of processing of personal data or customer
 
- Survey on satisfaction with services 
[necessary personal data:] email address, name, birthdate and mobile number 
Notifications regarding new products, services, online activities and latest information on the company, and gifts, which shall be sent by direct message, SMS, mail. The data shall be used for customer statistical analysis and marketing research.  [necessary personal data:] email address, name, birthdate and mobile number  From the time of creation of Kia ID until closing of account or withdrawal of consent
Analysis and provision of services based on type of population; determination of frequency of access and service usage statistical processing  [necessary personal data:] email address, name, birthdate and mobile number 

 

We may collect additional data from the customer during the usage of personal services, applications to participate in activities and receiving rewards. When we collect additional data, we will notify you of the data type, purpose, use, retention, storage place, and other information required by law to be reported, subject to your prior consent, unless we are legally allowed to do so without your prior consent.

 

2) However, in the event that the law requires that personal data of customers be retained, we shall collect such personal data accordingly. In this regard, we shall collect the data for the purpose of retention for a certain period, as follows:

 

table fix area
Purchase of new car by customer
Customer test driving car, receiving a quotation or making inquiries
Records of operations without customer
Retention of Necessary Data Period of Data Retention
name, sex, address, mobile number, email address and information on the car being purchased  10 years
name, sex, address, mobile number, email address and information on the car being test driven (type of test driving, vehicle identification number, date and time of test driving); assessment (type of car being assessed, date and time of assessment); details of inquiries (date and details of inquiries)  5 years
name, sex, address, mobile number and email address  5 years

 

3) We shall record the data on confirmation of collection, use and disclosure of data on location of person on the GPS, and retain this information for 6 months to confirm the collection, use and disclosure of data on the location of the person.

 

4.) We may process personal data for scientific and statistical purposes, storage of public records, etc., and make such data anonymous and unidentifiable.

- Anonymized data is data which cannot be used to identify any specific person without combining it with other additional data (hereinafter referred to as "additional data") for restoring their original statuses by turning personal data into anonymized data.

- “ Making data anonymous” means processing data without identifying any specific person using additional data, e.g. deletion or change of some or all data.

- In principle, we shall not allow identification of customers, so we make their personal data anonymous.

- Anonymized data and additional data are stored separately and are technically protected and managed as necessary.

 

 

3. Destroying Personal Data

1) When personal data becomes unnecessary because we have attained our objectives or the data retention period ends, we shall promptly delete or destroy such personal data, unless it is necessary to retain such personal data to comply with certain laws.

 

2) We shall collect, use and disclose data on customers’ personal locations. If a customer withdraws their consent to have some or all of their personal location data collected, used or disclosed, we shall promptly delete and destroy such data.

 

3) Even if we have attained the objectives of collection of such personal data or the personal data retention period expires, we may retain such personal data as required by laws or internal policies or for other reasons. In this case, we shall transfer such personal data to a separate database, or a filing cabinet for hard copy data, and shall not use such personal data for any purposes, unless otherwise required by law.

 

4) Personal data in electronic form shall be destroyed in a manner that prevents its recovery. Personal data in hard copy form shall be shredded or incinerated.

 

 

4. Delivery of Processed Personal Data

1) We assign the following persons to process personal data smoothly:

 

table fix area
Service Name/div>
Kia ID
Kia ID
Division Consignment companies Business assignments
Online sale  Hyundai Autoever Co., Ltd. Computer system operation and maintenance
Customer service  Hyosung ITX Co., Ltd. Operation of customer service center

 

2) In the work delivery contract, agreements and other documents, there shall be provisions on the prohibition of processing of personal data for any purposes other than those set forth, technical and administrative measures, non-sub-service providers, management, suggestions to operators, liability for loss and damage, to ensure that personal data are managed safely.

 

3) Any change in assigns or assignments shall be promptly reflected in the personal data processing policy.

 

 

5. Disclosure of Personal Data to Third Parties

1) We shall process personal data within the scope specified in Article 2 (Purposes of Personal Data Processing), subject to your prior consent. We shall only disclose location data to third parties as permitted by the Personal Data Protection Act B.E. 2562 (2019).

 

2) We disclose the following personal location data to third parties:

 

table fix area
Service Name
Kia ID
Kia ID
Division Consignment companies Business assignments
Online sale  Hyundai Autoever Co., Ltd. Computer system operation and maintenance
Customer service  Hyosung ITX Co., Ltd. Operation of customer service center

 

3) Upon disclosure of personal location data to a third party, we shall promptly notify you of the recipient, date and time of disclosure and the purposes thereof via SMS; however, in any of the following circumstances, notifications shall be sent to the devices indicated by you, or to you by email.

- the device collecting personal location information cannot receive texts, sounds or videos

- the personal location data subject requests that notifications be sent by email or to a communication device other than the one collecting personal location information

※ However, within a maximum of 30 days, details of data disclosure may be notified once, according to the following standards:

- Number of times: 10, 20 or 30 times

- Period: 10, 20 or 30 days

 

 

6. Personal Data Safety

In the management of customers’ data, we adopt the following measures for the safety of personal data to prevent it from being lost, damaged, stolen, leaked or reproduced.

 

1) Technical Measures

① Encryption of Data on Customers

We encrypt unique data such as identification numbers and store them on a database. Even if such database is hacked, the data cannot be decrypted or used.

② Encryption of Communications

We use SSL for encryption of member registration and logging into our website to ensure the safety of customers.

③ Safety System Installation

To ensure safe service and data management, on our safety control center we set up an anti-virus program, database access control system and face recognition application, and keep them constantly updated and checked to prevent hacking and attacks from outside.

 

2) Administrative Measures

① Personal Data Management System Installation

To ensure data safety, we have set up and operate an internal personal data safety system.

② Personal Data Management

The manager of customers’ personal data shall take an oath for the protection of personal data and undergo training in the protection of personal data at least once per year to ensure safe data management. We also limit unnecessary access to and disclosure of customers’ personal data by regulating the personal data manager’s powers.

 

 

7. Installation, Operation and Rejection of Automatic Personal Data Collecting Devices

1) We may use cookies to collect and use data from time to time to improve the services for each user.

 

2) Cookies are small files that a server sends to a user’s browser, and they may be kept on the user’s computer hard disk.

① Cookies are used to provide data appropriate to the user. They indicate the types of visits and use of websites and services, and whether or not the user gains access safely. You may set your browser to accept or reject some or all cookies.

② Cookies Settings: You can set your browser to accept or reject some or all cookies. All cookie settings must be confirmed.

 

※ Settings

Microsoft Edge: Settings at top of web browser > Cookies and Site Permissions > Setting

Google Chrome: Settings at top of web browser > Privacy and Safety > Cookies and Other Site Information > Setting

 

 

8. Customer’s Rights and Obligations; Exercising Rights

1) At any time, you may withdraw consent to have your personal data collected, used or disclosed, and may also make other requests, e.g., for access, transmission, deletion and revision of personal data; objection and suspension of personal data processing.

 

2) After logging in and identifying yourself, you may exercise your rights as mentioned above by contacting our customer service center or personal data manager via text, phone or email, and we will process such requests promptly.

 

3) Deletion of data, making data anonymous or withdrawal of consent of the data owner can only be made as specified in the provisions of the laws and the contract with us. Additionally, it may affect the provision of services, and prevent the data owner from enjoying certain rights, services, benefits and news from us in the future.

 

4) Your rights may be limited under the laws.

 

5) An application for revision or deletion of personal data cannot be made if the collection of such personal data is required by laws and other regulations.

 

6) We shall identify the person or their representative who makes any such requests.

 

7) If you request the revision of personal data, we shall not use or disclose such personal data until it has been revised. If we have already disclosed personal data to any third party, we will notify you to correct the errors.

 

8) If you withdraw your consent or cancel your application for membership, we shall promptly delete your personal data, unless we are otherwise required to retain such personal data in order to comply with the laws and personal data processing policy [2. Duration of Retention and Use of Personal Data]. Various measures shall apply to see or use specific data only when it is necessary.

 

9) If you want to make a complaint or feel that we have not given satisfactory answers, you may lodge a complaint with the PDPC Office at:

 

• Ratthaprasasanabhakti Building (Building B) Floor 7, 120 Chang Wattana Road, Moo 3, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210

• Tel. 02 142 1033, 02 141 6993

• Email : saraban@pdpc.or.th

 

 

10. Personal Data Protection Officer, Responsible Persons and Business Processing Division

1) We shall be responsible for personal data management. We assign the following persons to the protection of personal data, dealing with customers’ complaints and relieving damage caused by personal data processing.

Personal Data Protection and Management Policy
table fix area
• Personal data protection: Lee Sang-hong, Managing Director

• Office: Hyundai Data Protection Center
 
• Personal Data Protection: Kim Jun-ho, Manager
• Division: Safety Requirements Compliance Team
• Tel: 080-600-6000
• Email: h-privacy@hyundai.com

 

2) You can inquire about personal data protection, complaints, alleviation of damage caused by our business or use of our services, etc. with the persons or divisions dealing with these matters. We shall answer your questions promptly.

 

 

11. Advertising

1) We shall not send data for advertising or commercial purposes without obtaining your prior consent.

 

2) We shall send data for advertising or commercial purpose, e.g., information on new cars or activities, subject to your prior consent.

 

 

12. Transmission of Personal Data Overseas

1) In principle, we shall not transmit your personal data to overseas service providers without obtaining your prior consent.

 

2) In any of the following circumstances, we may safely transfer personal data overseas with technical protection measures:

- You have specifically consented to the transmission of your personal data overseas

- Data are transmitted overseas for the purpose of retention and disclosure according to the personal data processing policy, and the customer is notified in writing to that effect by email

Personal data are transmitted overseas by a certain service

 

 

13. Scope of Privacy Policy

This privacy protection policy shall apply to our vehicle sale and maintenance, online services, web and mobile applications.

A different privacy protection policy may apply to certain personal services.

 

 

14. Revision of Personal Data Processing Policy

We shall announce any revision of this personal data protection policy in the column on the first page or a separate page before applying such revision.

 

When this personal data protection policy is revised, you can view the previous version on the top of the menu.

 

Date of issue: 2023.11.29
Date effective: 2023.11.29