Privacy Policy

Privacy Policy

O-Well (Thailand) Co., Ltd. (the “Company” or “O-Well”) respects your privacy and values the relationship we have with you. Accordingly, the Company has adopted this External Privacy Policy (the “Policy”) to protect your rights in relation to the processing (as defined below) and management of Personal Data by the Company, and will take all reasonable and necessary measures to safeguard Personal Data in accordance with the Personal Data Protection Act B.E. 2562 and other applicable Personal Data protection laws and regulations (collectively, the “Law”), and to uphold good data protection practices. This Policy describes our practices in connection with your data (as defined below), and your related rights, that we collect in the following ways:

  • On websites operated by us, from which you are accessing this Policy (our “Websites”);
  • From our clients who use our service;
  • From recruitment service (in case of job applicant); and
  • In offline interactions you have with us.

In this Policy, we refer to our Websites, Apps, service, and offline activities collectively as the “Services”.

This Policy applies to the processing of Personal Data by the Company within Thailand, but may also apply to processing outside Thailand in limited circumstances, such as offshore cloud storage. Any breach of the Law or this Policy will be taken very seriously, and disciplinary action may be taken.

This Policy works in tandem with the applicable External Consent Form which you have signed, including those specifically designed for cookies policy. Please study such External Consent Form carefully to understand how we use your Personal Data under consent basis.

For clarity, this Policy applies when the Company acts as a controller of Personal Data only. In case that the Company is a processor or service provider of Personal Data in any activities, the data subject may check the details of such processing activities from the privacy policy or notice of processing of the company or organization who is the controller of Personal Data for those activities directly.


Personal Data” is any data about an individual which can be used to trace back to any such individual, whether by such data alone or in combination or in conjunction with other data available for any particular processing.

Processing” and all of its derivatives are any type of treatment of Personal Data, including collection, transfer, disclosure, use, etc.

List of Personal Data that the Company specifically is using and/or will use and their purposes and other details are described in the table below. Please study them carefully to understand how we process your Personal Data. Please note that the list below is not exhaustive, although we have afforded our utmost ability to provide as complete a list as possible. This table of specific processes should be reviewed in conjunction with other principle-based explanations that follow it in order to afford to you the most comprehensive understanding of how we use, or may use, your Personal Data.

Unless we specifically request it, we ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., data related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics, blood type or genetic characteristics, criminal background, or trade union membership) on or through the Services or otherwise to us. Otherwise, we will redact that information before processing your Personal Data.

Collection of Personal Data
We and our service providers collect Personal Data in a variety of ways, including:

Through the Services

We collect Personal Data through the Services, for example, when you sign up for our service.


We collect Personal Data from you offline, for example:

  • When you communicate with us over the phone, contact Marketing team or reach out to us with any other inquiry; and
  • When you or someone on your behalf reports an adverse event with respect to one of our Services.

From Other Sources

We may also receive your Personal Data from other sources, for which we will do our best to notify you, for example:

  • Publicly available databases and sources;
  • Our client who uses our services;
  • Our business partners;
  • Third parties who report adverse events regarding a service to us; and
  • If you connect your social media account to any account offered by us, you will share certain Personal Data from your social media account with us, such as your name, email address, photos, list of social media contacts, and any other data that may be (or that you make) accessible to us when you connect your social media account to any account offered by us.

In many instances, we need to collect Personal Data in order to provide the requested Services to you. If you do not provide the Personal Data requested, we may not be able to provide the Services. If you disclose any Personal Data relating to other people to us or to our service providers in connection with the Services, you represent that you have the authority to do so and to permit us to use the Personal Data in accordance with this Policy.

Disclosure of Personal Data
We disclose your Personal Data:

To our Japanese parent company for the purposes described in this Policy.
To our third-party service providers, to facilitate services they provide to us.

These can include providers of services such as website hosting, data analysis, payment processing, information technology and related infrastructure provision, customer service, email delivery, recruitment, auditing, and other services. We engage in these activities to manage our relationship with you, comply with a legal obligation, or provide you with Services / perform a contract with you, where the processing is in our legitimate interest and not overridden by your data protection interests or fundamental rights, or with your consent, which shall be obtained via the External Consent Form, the particular consent collection mechanism for a particular Website or an App, or via other means as allowed by the circumstances.

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Data within our organization. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us by contacting our Data Protection Staff as listed below.

Right to access: You may, at any time, request to have access to your Personal Data in order to review it and also request to know about how we have come to possess your Personal Data. In addition, you may request for a copy of your Personal Data in a form that can be reasonably accommodated. Right to request for personal data transfer: You may request us to transfer your Personal Data in a format
that is reasonable and acceptable to another entity of your choice. Right to correction: If your Personal Data has been changed or is not up-to-date, you have the obligation to ensure that your Personal Data is accurate, up-to-date, complete, and not misleading by submitting a request to rectify it in accordance with the procedures announced by us. This, besides being your obligation, is also your right.

Right to withdraw consent: You may withdraw your consent at any time. We may deny your withdrawal only if the law or the contract does not allow so. Your withdrawal will not have any effect on our previous collection, usage, and disclosure of your Personal Data. If your withdrawal will affect any part of your Personal Data, rights, or benefits, we will notify you of such effect before your withdrawal if it is possible, or as soon as practicable thereafter.

Right to erasure: You may request to erase or make your Personal Data pseudonymized under any of the following circumstances: (a) your Personal Data is no longer needed for the intended purposes, (b) you withdraw your consent and we no longer have any legal right to collect, store, use, or disclose your Personal Data, (c) you object to the collection, storage, use, or disclosure of your Personal Data and we do not have any legitimate reason to reject your objection, or (d) your Personal Data was collected, stored, used, or disclosed in contravention of the Law. However, we may deny your request if our collection of your Personal Data is made for the purposes authorized by the Law, which include a data collection for statistical research purpose with appropriate protective measures, or for establishment of legal claims, legal compliance, or exercise of legal rights or defenses.

Right to restrict the processing of your Personal Data: You may request us to suspend the use of your Personal Data in any of the following events: (a) when we are in the process of verifying certain information for the purpose of rectifying or updating your Personal Data under your request, (b) when your Personal Data is to be erased but you instead request to suspend its use, (c) when it is no longer necessary to store your Personal Data, but you request us to continue the storage of your Personal Data for establishing legal claims, legal compliance, or exercise of legal rights or defenses, or (d) when we are in the process of verifying our legitimate interests, against your objection or, in our collection, storage, use, or disclosure for various purposes including the statistical research, as may be permitted by the Law.

Right to object the processing of Personal Data: You may object to the collection, storage, use, or disclosure of your Personal Data in any of the following events: (a) in case where your Personal Data was collected for the purpose of (i) public interest, (ii) our compliance with a governmental order, or (iii) any legitimate interest of ours or other legal entity (we may object to such request if (aa) your objection will
lead to a non-compliance with the law, or (bb) it relates to an establishment of legal claims, legal compliance, or exercise of legal rights or defenses, (b) in case where we have collected, stored, used, or disclosed your Personal Data for the purpose of direct marketing, or (c) in case where we have collected, stored, used, or disclosed your Personal Data for any research purposes as specified in the Law, including for statistical purpose.

Right to complain: You have the right to lodge any complaint to the Thailand Personal Data Protection Commission (“PDPC”) due to O-Well’s misconduct under the Law. However, we would appreciate the opportunity to address your complaint in the first instance.


Your Personal Data may be stored and processed in any country where we have facilities or in which we engage service providers, and, by using the Services, you understand that your Personal Data will be transferred to countries outside of your country of residence, to business which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your Personal Data.

Some countries will be recognized by the PDPC as providing an adequate level of data protection according to standards set by the PDPC. For future transfers from Thailand to countries not considered adequate by the PDPC, we have put in place adequate measures, such as standard contractual clauses which meet the requirement set by the PDPC, to protect your Personal Data.

The “LAST UPDATED” legend at the top of this Policy indicates when this Policy was last revised. Any changes will become effective when we post the revised Policy on the Services. Your use of the Services following these changes means that you accept the revised Policy.

If you have any questions about this Policy, please contact:

O-Well (Thailand) Co., Ltd.
Address: 89 AIA Capital Center, Unit 1106, 11th Floor, Ratchadaphisek Road, Dindaeng, Dindaeng, Bangkok, 10400, Thailand
Tel: 02-001-8900-1
Data Protection Staff: Khun Amornrat Sawang
Email Address: