Maintaining the security of your data is a priority at Sprout Story and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Any contact you have with us via the website will be respected.

Cookies

What are cookies?

Like most websites, we use cookies to collect information.  Cookies are small data files which are placed on your computer or other devices (such as smart ‘phones or ‘tablets’) as you browse this website.  They are used to ‘remember’ when your computer or device accesses our websites.  Cookies are essential for the effective operation of our websites and to help you shop with us online.

Information collected

Some cookies collect information about browsing and purchasing behaviour when you access this website via the same computer or device.  This includes information about pages viewed, products purchased and your journey around a website.  We do not use cookies to collect or record information on your name, address or other contact details.  Sprout Story can use cookies to monitor your browsing and purchasing behaviour.

What are cookies used for?

The main purposes for which cookies are used are:

  1. For technical purposes essential to effective operation of our websites, particularly in relation to on-line transactions and site navigation
  2. To enable us to collect information about your browsing and shopping patterns

How do I disable cookies?

If you want to disable cookies you need to change your website browser settings to reject cookies.  How you can do this will depend on the browser you use.

What happens if I disable cookies?

This depends on which cookies you disable, but in general the website may not operate properly if cookies are switched off.  If you only disable third party cookies, you will not be prevented from making purchases on our site.  If you disable all cookies, you will be unable to complete a purchase on our site.

PDPA Personal Data Protection Act, Thailand 2562 [2019]

Overview

Maintaining the security of your data is a priority at Sprout Story and we are committed to respecting your privacy rights.  We pledge to handle your data fairly and legally at all times. Sprout Story is also dedicated to being transparent about what data we collect about you and how we use it.

This policy, which applies whether you visit our stores, use your mobile device or go on line, provides you with information about:

  1. How we use your data
  2. What personal data we collect
  3. How we ensure your privacy is maintained
  4. Your legal rights relating to your personal data

How we use your data

General

Sprout Story uses your personal data to:

  1. To provide goods and services to you
  2. To manage registered accounts that you hold with us
  3. To verify your identity
  4. For crime and fraud prevention, detection and related purposes
  5. With your agreement, to contact you electronically about promotional offers and products and services which we think may interest you
  6. For market research purposes - to better understand your needs
  7. To enable Sprout Story to manage customer service interactions with you
  8. Where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute)

Marketing

Sprout Story uses your personal data for electronic marketing purposes (with your explicit consent only) to update you on the latest offers. You have the right to opt out of receiving promotional communications at any time by:

  1. Making use of the simple “unsubscribe” link in emails
  2. Contacting us via the contact channels set out in this policy

Sharing data with third parties

In order to make a delivery service available to you, we may need to share your personal data with some of our delivery partners. We only allow service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. 

Aside from our service providers, Sprout Story will not disclose your personal data to any third party, except as set out below.  We will never sell or rent our customer data to other organisation for marketing purposes.

We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:

  1. To comply with our legal obligations
  2. To exercise our legal rights (for example in court cases)
  3. For the prevention, detection, investigation of crime or prosecution of offenders
  4. For the protection of our employees and customers

How long do we keep your data?

We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.

WHAT personal data do we collect?

Sprout Story may collect the following information about you:

  1. Your name
  2. Your address including billing and delivery addresses
  3. Telephone numbers
  4. Email address
  5. Purchases and orders made by you;
  6. Your on-line browsing activities on Sprout Story website
  7. Your password (Used for you account creation with Sprout Story)
  8. Your communication and marketing preferences
  9. Your interests, preferences, feedback and survey responses
  10. Your location
  11. Your correspondence and communications with Sprout Story
  12. Other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page)

We do not collect your card payment details when you make a purchase or place an order with us - These are only collected by SagePay and Paypal.

How we protect your data

Sprout Story is committed to keeping your personal data safe and secure. Our security measures include:

  1. Encryption of data
  2. Regular cyber security assessments of all service providers who may handle your personal data
  3. Regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents
  4. Daily penetration testing of systems
  5. Security controls which protect the Sprout Story IT infrastructure from external attack and unauthorised access
  6. Internal policies setting out our data security approach and training for employees 

What you can do to help protect your data

Sprout Story will never ask you to confirm any bank account or credit card details via email.  If you receive an email claiming to be from us asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety both in relation to Sprout Story and more generally:

  1. Keep your account passwords private
  2. When creating a password, use at least 8 characters. A combination of letters and numbers is best.  Do not use dictionary words, your name, email address or other personal data that can be easily obtained.
  3. Avoid using the same password for multiple online accounts

Your rights

You have the following rights:

  1. The right to ask what personal data that we hold about you at any time - We do not charge a fee for this
  2. The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you free of charge
  3. The right to opt out of any marketing communications that we may send you

If you wish to exercise any of the above rights, please contact us using the contact details set out below.

Legal basis for using data

We are required to set out the legal basis for our ‘processing’ of personal data.

General

Sprout Story collects and uses customers’ personal data because is it necessary for:

  1. The pursuit of our legitimate interests (as set out below)
  2. The purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer
  3. Complying with our legal obligations

In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message.

Customers have the right to withdraw consent at any time.  Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Our legitimate interests

The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of Sprout Story, including:

  1. Selling and supplying goods and services to our customers
  2. Protecting customers, employees and other individuals and maintaining their safety, health and welfare
  3. Promoting, marketing and advertising our products and services
  4. Sending promotional communications which are relevant and tailored to individual customer
  5. Understanding our customers’ behaviour, activities, preferences and needs
  6. Improving existing products and services and developing new products and services
  7. Complying with our legal and regulatory obligations
  8. Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies
  9. Handling customer contacts, queries, complaints or disputes
  10. Managing insurance claims by customers
  11. Protecting Sprout Story, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us
  12. Effectively handling any legal claims or regulatory enforcement actions taken against Sprout Story
  13. Fulfilling our duties to our customers, colleagues, shareholders and other stakeholders

Contact information

If you have any questions about how Sprout Story uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us

Cookie Policy PDPA

This website uses Cookies for a better experience. Click 'OK' or browse to another page to accept.