Privacy Policy

1. Introduction

Suankularb Astronomy Club ("we", "our", or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and safeguard your personal information when you visit our website, use our services, or make purchases from our shop. By using our website, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We may collect the following types of information:

• Personal Information: Name, email address, phone number, and shipping address when you place an order or create an account.
• Authentication Information: Google account profile data (name, email) when you choose to sign in with Google for faster checkout.
• Payment Information: Payment slip images and transaction details for verification of bank transfers through PromptPay.
• Order Information: Products purchased, quantities, sizes selected, order date, order status, and order history.
• Account Information: Username, password (encrypted), and preferences if you create an account.
• Technical Information: Browser type, operating system, IP address, device information, and browsing behavior for security and analytics purposes.
• Communication Data: Email correspondence, customer service interactions, and feedback submissions.

3. How We Use Your Information

We use your information to:

• Process and fulfill your orders efficiently
• Send order confirmations and status updates via email
• Verify payment through bank transfer slips
• Contact you regarding your order or customer service inquiries
• Provide customer support and respond to your questions
• Improve our products, services, and website experience
• Prevent fraud and ensure security of transactions
• Send promotional emails (with your consent only)
• Comply with legal obligations

3.1 Legal Basis for Processing (PDPA Compliance)

Under Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019), we process your personal data based on the following legal bases:

• Contractual Necessity: Processing is necessary for fulfilling our contractual obligations for product orders and services.
• Legitimate Interest: Processing is necessary for our legitimate interests in operating our astronomy club and e-commerce platform, including fraud prevention and service improvement.
• Legal Compliance: Processing is required for compliance with legal obligations under Thai law.
• Consent: Processing is based on your explicit consent for marketing communications and optional features.

4. Information Sharing and Third-Party Services

We do not sell, trade, or rent your personal information to third parties. Your information is only shared with trusted service providers and under specific circumstances:

• ImgBB: For temporary storage and processing of payment slip images (deleted after 60 days)
• Google Services: Google Identity Services for authentication and Google Apps Script for order processing and data storage
• Cloudflare: For security verification (Turnstile) and performance optimization
• Payment Providers: PromptPay and associated banking networks for payment processing
• Shipping Partners: Delivery services for order fulfillment
• Legal Authorities: Law enforcement or government agencies when required by law

5. Data Security and Protection

We implement appropriate technical and organizational security measures to protect your personal information:

• Cloudflare Turnstile verification to prevent bots and spam
• Email verification (OTP) for order confirmation and account security
• Secure data storage in encrypted Google Workspace servers
• Limited access to order data by authorized club staff only
• Regular security audits and vulnerability assessments
• SSL/TLS encryption for all data transmissions
• Secure password hashing for account protection
• Automatic deletion of sensitive data (payment slips after 60 days)

6. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law:

• Order Data: Retained for the duration of the academic year plus one additional year for record-keeping and warranty purposes
• Payment Slips: Automatically deleted after 60 days of verification
• Account Information: Retained until account deletion or prolonged inactivity (2 years)
• Analytics Data: Retained in anonymized form for website improvement purposes
• Communication Records: Retained for 3 years for customer service quality assurance

7. Your Rights and Choices (PDPA & GDPR)

Under Thailand's PDPA and international data protection laws, you have the right to:

• Access: Request a copy of your personal information within 30 days
• Correction: Request correction of inaccurate or incomplete information within 30 days
• Deletion: Request deletion of your personal data (subject to legal requirements)
• Portability: Request transfer of your data to another service provider
• Restriction: Limit how we use your personal information
• Objection: Object to processing of your personal information
• Withdraw Consent: Withdraw consent for marketing communications at any time
• Complaint: File a complaint with the Thai Personal Data Protection Committee (PDPC)
• Data Breach Notification: Be notified within 72 hours of any data breach

PDPA Specific Rights: Under Thai law, you have additional protections including the right to know when your data is collected, used, or disclosed, and the right to withdraw consent without detriment.

8.1 Google Sign-In Authentication

We offer Google Sign-In as an optional authentication method to streamline your checkout experience:

• Optional Service: Google Sign-In is completely optional - you can always fill out the form manually.
• Limited Data Access: We only request access to your basic profile information (name and email).
• No Password Storage: We never store your Google password or have access to your Google account credentials.
• One-Time Use: Google authentication is used only to pre-fill checkout form fields for your convenience.
• Data Minimization: We only collect the minimum information necessary to process your order.
• Secure Transmission: All authentication data is transmitted using secure HTTPS encryption.
• Privacy Controls: You can revoke Google app access at any time through your Google Account settings.

Your Choice: Using Google Sign-In means you consent to us collecting your Google profile information (name, email) for the purpose of auto-filling the checkout form. You can withdraw this consent at any time by using the manual form instead.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

• Essential Cookies: Required for basic website functionality
• Performance Cookies: Help us understand how our website is used
• Functionality Cookies: Remember your preferences and settings
• Security Cookies: Help protect against fraud and attacks

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect website functionality.

9. International Data Transfers

Your personal information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

10. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact us:

• Email: astronomyclub@sk.ac.th
• Club Address: 88 ถนนตรีเพชร แขวงวังบูรพาภิรมย์ เขตพระนคร กรุงเทพมหานคร 10200
• Phone: 02-2255605 ต่อ 631
• Facebook: Suankularb Astronomy Club
• Instagram: @skastronomy_official

For data protection inquiries, please include "Privacy Policy Request" in your email subject line. For PDPA complaints, contact the Thai Personal Data Protection Committee (PDPC).

12.1 Data Controller Information (PDPA)

Under the Personal Data Protection Act B.E. 2562 (2019), our data controller information is:

• Organization: Suankularb Astronomy Club, Suankularb Wittayalai School
• Address: 88 ถนนตรีเพชร แขวงวังบูรพาภิรมย์ เขตพระนคร กรุงเทพมหานคร 10200
• Contact Person: astronomyclub@sk.ac.th
• Phone: 02-2255605 ต่อ 631
• Registration: Educational organization operating under Ministry of Education
• Data Processing Activities: E-commerce operations, customer management, and club administration