We believe in being open and honest. Here’s a simple summary of our privacy promise to you. For all the details, we encourage you to read the full policy below.
Who We Are | Veda Siam Co., Ltd. and our affiliated restaurant and food & beverage brands (collectively the "Veda Siam Group"). We act as the Data Controller for your personal data. |
What We Collect | We collect a wide range of data, including your identity, contact details, membership history, payment and transaction data, dining preferences, and technical data from our online platforms. A full, detailed list is provided in Section 3. |
Why We Use It | To manage your membership contract, process transactions, personalize your experience, conduct data analytics for business improvement, and, with your consent, send you marketing and promotions from us and our partners. |
Who We Share It With | We share data within the Veda Siam Group, with our trusted service providers (e.g., IT, payment gateways), business partners, and legal authorities when required. We do not sell your personal data. |
Your Key Rights | You have the right under law to access, correct, or request the deletion of your data, withdraw your consent at any time, and object to certain data uses, such as direct marketing. Details are in Section 11. |
The Veda Siam Group is committed to protecting the personal data of our customers and members in full compliance with Thailand's Personal Data Protection Act, B.E. 2562 (2019) ("PDPA"). This policy details how we collect, use, disclose, and secure your data across all our brands.
This policy applies to all personal data collected through any of our restaurants, websites, mobile applications, membership forms, call centers, social media channels, and all other interactions with the Veda Siam Group.
We collect data necessary to provide our services and manage your membership across our brands. The specific data collected depends on your interaction with us.
Our services are not intended for individuals under the age of 20. We do not knowingly collect personal data from minors without verifiable parental or guardian consent. If we learn that we have unintentionally collected such data, we will take immediate steps to delete it.
We process your data based on lawful grounds. The table below outlines our purposes and the legal basis for each.
Purpose of Processing | Examples of Data Used | Lawful Basis Under PDPA |
To Provide Our Services & Manage Your Membership | Identity, Contact, Membership, Transaction, Financial | Contractual Necessity |
To Send Marketing, Promotions & Personalized Offers | Identity, Contact, Profile, Transaction, Marketing | Consent |
To Improve Our Business, Products & Services | Transaction, Profile, Behavioral, Technical | Legitimate Interest |
To Conduct Data Analytics & Profiling | Transaction, Behavioral, Profile, Technical | Legitimate Interest or Consent |
To Communicate With You & Manage Our Relationship | Identity, Contact, Membership, Transaction | Contractual Necessity |
To Ensure Your Dining Safety (Allergies) | Sensitive Data | Explicit Consent |
To Comply with Legal & Regulatory Obligations | Identity, Financial, Transaction | Legal Obligation |
To Protect Our Interests & Prevent Fraud | All relevant categories | Legitimate Interest |
We may disclose or transfer your data to the following parties:
Some of our service providers or group companies may be located outside of Thailand. In such cases, we will ensure your data is transferred securely and receives a level of protection compliant with the PDPA, using measures such as Standard Contractual Clauses or transferring to countries deemed to have adequate data protection standards.
We retain your personal data only for as long as is reasonably necessary to fulfill the purposes for which it was collected, including to satisfy any legal, regulatory, or accounting requirements.
As a general rule, your membership data will be retained for the duration of your membership and for up to 3 years after its termination to resolve any disputes and comply with legal obligations.
We have implemented robust administrative, technical, and physical security measures to safeguard your personal data. This includes access controls, data encryption, firewalls, and regular training for our staff to prevent unauthorized access, alteration, loss, or disclosure of your information.
When you visit our websites or use our apps, we use cookies and similar tracking technologies to enhance your experience, analyze trends, and administer the platform. These may include tools like Google Analytics and Facebook Pixel. You have control over these cookies through your browser settings and our cookie consent banner. For full details, please see our group Cookie Policy https://loyalty.lumagroup.rest/doc/cookie_policy.pdf
You have the following rights over your personal data:
To exercise your rights or if you have any questions about this policy, please contact us:
You may also make inquiries at any of our restaurant locations, and they will direct your request to the appropriate corporate channel.
We may update this policy from time to time to reflect changes in our practices or the law. The latest version will always be available on our main group website and at our venues. We will notify you of any significant changes.