Privacy Policy

This "Privacy Policy" (hereinafter referred to as the "Policy") sets forth the fundamental principles, objectives, conditions, and methods of processing personal data of users of the website http://agni.gallery/ (as defined in Section 1 below) by "AGNI DEV LIMITED," as well as any other individuals providing their personal data to the Operator.


1. General Provisions

    The following terms and definitions are used in this Policy:

    - Operator  – "AGNI DEV LIMITED," a limited company incorporated and existing under the laws of Thailand, with its registered office at 15/2 Soi Ruamrudee, Lumpini, Pathum Wan, Bangkok, Email: contact@agni.gallery, Tel. +66 84735468.

    - User – the subject of personal data who is a visitor to the Site, accepts the terms of this Policy, and wishes to place or has placed orders in the online store http://agni.gallery/, or uses any other functions of the site.

    - Personal Data – any information relating to an identified or identifiable individual.

    - Processing of Personal Data – any action (operation) or set of actions (operations) performed with personal data, whether automated or not, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transmission (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.

    - Subject of Personal Data – an individual who is identified or identifiable based on the information received about them.

    - Protection of Personal Data – the Company's activities aimed at ensuring the confidentiality of Personal Data, establishing and complying with the procedure for processing Personal Data, as well as applying organizational and technical measures to ensure the security of Personal Data, and other measures in accordance with the legislation of the Kingdom of Thailand.

    - Confidential Information – information (in documented or electronic form) access to which is restricted in accordance with the legislation of the Kingdom of Thailand, as well as local regulations of the Company.

    - Automated Processing of Personal Data – processing of personal data using computing means.

    - Cross-Border Transfer of Personal Data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual, or a foreign legal entity.


    2. Rights and Obligations of Personal Data Subjects and the Operator

      2.1. The Personal Data Subject has the right to:

      2.1.1. obtain information regarding the processing of their personal data, in the form, manner, and timeframes established by law;

      2.1.2. request clarification of their personal data, destruction, or blocking if the personal data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing;

      2.1.3. withdraw their consent to the processing of personal data in accordance with the procedure specified in this Policy;

      2.1.4. opt out of receiving informational materials from the Operator;

      2.1.5. exercise other rights provided by applicable law.

      2.2. The Operator has the right to:

      2.2.1. process personal data of Personal Data Subjects in accordance with the stated purposes and established requirements;

      2.2.2. require Personal Data Subjects to provide accurate personal data necessary to achieve the stated purposes;

      2.2.3. restrict a Personal Data Subject's access to their personal data in cases where the processing is carried out in accordance with anti-money laundering legislation, or if access to the personal data violates the rights and legitimate interests of third parties, as well as in other cases provided by law.

      2.3. The Operator is obliged to:

      2.3.1. organize the processing of personal data in accordance with the requirements of the Personal Data Protection Law;

      2.3.2. respond to inquiries and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Protection Law;

      2.3.3. provide the authorized body for the protection of the rights of personal data subjects with the necessary information within 30 days of receiving such a request.

      2.4. Control over compliance with the requirements of this Policy is exercised by an authorized person responsible for organizing the processing of personal data at the Operator's office.

      2.5. Responsibility for violations of the legislation of the Kingdom of Thailand and the Operator's regulations in the field of processing and protecting personal data is determined in accordance with the laws of the Kingdom of Thailand.


      3. Scope and Categories of Processed Personal Data

        3.1. The Operator processes the personal data of Personal Data Subjects within the limits defined by the objectives of processing personal data. For Users of the Site, their personal data as defined in this Policy includes:

        3.1.1. data provided by the User independently during registration or while using the Site, namely: last name, first name, patronymic, date of birth, gender, postal address; home, work, mobile phone numbers, email address, password for the personal account on the website http://agni.gallery/. Required information to be provided on the Site is specially marked. Other information is provided at the User's discretion;

        3.1.2. technical data that is automatically transmitted to the Operator during the use of the Site through software installed on the User's device, including IP address, cookie data, information about the User's browser (or other software used to access the Site), technical characteristics of the hardware and software used by the User, date and time of access to the Site, requested page addresses, and other similar information;

        3.2. The Operator does not process special categories of personal data of Users (information concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, intimate life), nor their biometric personal data.

        3.3. The Operator does not control and is not responsible for the processing of personal data of Users by third-party websites that the User may visit via links available on the Site.

        3.4. The Operator does not verify and is not responsible for the accuracy of the information provided by the User on the Site.


        4. Purposes of Processing Personal Data

          4.1. The Operator processes only those personal data that are necessary to achieve the purposes defined in Section 4.2 of this Policy.

          4.2. Personal data are processed by the Operator for the following purposes:

          4.2.1. Ensuring compliance with the legislation of the Kingdom of Thailand;

          4.2.2. Conducting activities in accordance with the charter of "AGNI DEV LIMITED";

          4.2.3. Conducting civil law relations;

          4.2.4. Ensuring interaction with clients and contractors of the Operator, concluding and performing contracts with them;

          4.2.5. For Users of the Site, the purposes of processing their personal data by the Operator include:

          - registration of Users on the Site and placing orders for goods, or purchasing goods on the Site without registration;

          - processing requests and applications from Users submitted through the Site;

          - improving the quality of the Site's operation, its usability for Users, developing new services and offerings;

          - targeting advertising materials;

          - conducting advertising and marketing activities, programs, promotions, surveys, lotteries, etc., as well as promoting goods and services in the market through direct contact (advertising and informational mailings) with the User using various means of communication, including, but not limited to: postal mail, email, telephone, the Internet;

          - conducting statistical and other research based on anonymized data to improve service quality.


          5. Principles of Processing Personal Data

            5.1. The Operator processes the personal data of Personal Data Subjects in accordance with the following principles:

            5.1.1. Personal data of the Personal Data Subject are processed for predetermined and lawful purposes listed in Section 4 of this Policy.

            5.1.2. The Operator processes only those personal data necessary to achieve the purposes indicated in this Policy.

            5.1.3. The Operator ensures the accuracy and relevance of the processed personal data, ensuring they are sufficient for the purposes of processing.

            5.1.4. The Operator ensures confidentiality while processing personal data and applies all necessary measures in accordance with Section 9.1 of this Policy.


            6. Procedure and Conditions for Processing Personal Data and Their Transfer to Third Parties

            6.1. Processing of the personal data of the Personal Data Subject includes collection, systematization, accumulation, storage, clarification, use, transfer to third parties both within the territory of the Kingdom of Thailand and cross-border transfer, anonymization, blocking, destruction of personal data to fulfill the Operator's obligations under this Policy, as specified in Section 4 of the Policy.

            6.2. Personal data of the Personal Data Subject are processed by the Operator both using automation tools (through automated database management systems and other software) and without such tools.

            6.3. If necessary to achieve the purposes stated in this Policy, the Operator may provide access to or transfer personal data to other companies. Furthermore, if necessary to achieve the stated purposes of processing personal data, access to personal data may be granted to third-party service providers, such as technology service providers, financial transaction management services, logistics. Access to personal data/transfer of personal data is carried out based on a contract with such entities, provided that these third parties comply with the confidentiality of personal data and security measures during processing.

            6.4. Personal data of the Personal Data Subject are processed only with their consent. This consent for the processing of personal data is indefinite and may be revoked by the Personal Data Subject or their representative by sending a written request to the Operator's address specified in this Policy or by sending a written notification to the email address (contact@agni.gallery).


            7. Modification and Deletion of Personal Data. Mandatory Data Storage

              7.1. The Operator is obliged, at the request of the Personal Data Subject, to clarify, block, or delete processed personal data if such data is incomplete, outdated, inaccurate, unlawfully obtained, or unnecessary for the stated purpose of processing.

              7.1.1. The Operator is obliged to make corrections within a period not exceeding 10 (ten) calendar days from the date of receiving information from the Personal Data Subject that the personal data is incomplete, inaccurate, or outdated, and inform the Personal Data Subject accordingly.

              7.1.2. Personal data shall be destroyed in the following cases:

              1) if it is impossible to ensure the unlawful processing of personal data within a period not exceeding 15 (fifteen) calendar days from the date of detection of such unlawful processing;

              2) upon receipt of a written request from the Personal Data Subject for the destruction of personal data or withdrawal of consent to the processing;

              3) upon reaching the purpose of processing personal data or losing the necessity to achieve it;

              4) upon expiration of the retention period for personal data.

              7.1.3. Personal data shall be destroyed within 30 (thirty) calendar days unless a different period is provided for by the legislation of the Kingdom of Thailand or this Policy.

              7.2. The rights provided under this Policy may be restricted in accordance with legal requirements. For example, such restrictions may require the Operator to retain modified or deleted information for a period established by law and to transfer such information according to the legally established procedure to a government authority.

              7.3. Retention of personal data is carried out only for as long as necessary to achieve the purposes of processing, unless a retention period is established by law, contract, or by a party that is the personal data subject.


              8.Processing of Personal Data using Cookies and Counters

              8.1. Cookies transmitted by the Operator to the User's device and to the Site may be used by the Operator to provide personalized services to the User, for targeting advertisements presented to the User, for statistical and research purposes, and to improve the Site's performance.

              8.2. The User acknowledges that the hardware and software used to visit websites on the Internet may have a function to prohibit operations with cookies (for any sites or for specific sites) and to delete previously received cookies.

              8.3. Search engines may stipulate that the provision of a certain service or service is only possible if the acceptance and receipt of cookies are allowed by the User.

              8.4. The structure of the cookie, its content, and technical parameters are determined by the Operator and may be changed without prior notice to the User.

              8.5. Counters placed on the Site may be used to analyze the User's cookies, to collect and process statistical information about the use of the Site, and to ensure the functionality of the Site as a whole or of its specific functions. The technical parameters of the operation of the counters are determined by the Operator and may be changed without prior notice to the User.


              9.Protection of Personal Data

                9.1. The Operator takes necessary and sufficient legal, organizational, and technical measures to protect personal data of Personal Data Subjects from unlawful or accidental access, destruction, alteration, blocking, copying, distribution, as well as from other unlawful actions by third parties.

                9.2. To ensure adequate protection of personal data, the Operator assesses the potential harm that may arise from a breach of personal data security, as well as identifies current threats to personal data security during processing in personal data information systems.


                10. Policy Changes

                  10.1. The Operator reserves the right to make changes to this Policy without the consent of the Personal Data Subject. When changes are made, the date of the last update is indicated in the current edition. The new version of the Policy comes into effect from the moment it is posted and remains in effect until the Policy is approved in a new edition unless otherwise provided in the new version of the Policy. The current version is continually available at http://agni.gallery/.


                  11. Contacts and Inquiries Regarding Personal Data

                  11.1. All suggestions, questions, requests, and other inquiries regarding this Policy and the use of their personal data may be directed by the Personal Data Subject to the Operator:

                  - via email: (contact@agni.gallery).

                  - via postal address: 15/2 Soi Ruamrudee, Lumpini, Pathum Wan, Bangkok.