Privacy & Cookie Policy

Last Updated: 21 March 2026

1. Introduction

This Privacy & Cookie Policy (“Policy”) explains how HSN-Thailand Co., Ltd. and its affiliated group companies (“HSN Group”, “we”, “us”, or “our”) collect, use, store, and protect personal data when you visit any of our websites (collectively, the “Websites”):

  • www.hsnthailand.co.th
  • www.me-hsn.ae
  • www.hsnindonesia.co.id
  • www.hsnsouthafrica.co.za
  • www.hsn.com.fj

HSN Group operates internationally and serves clients across multiple regions, including Thailand, the United Arab Emirates (UAE/Dubai), Indonesia, Fiji, South Africa, and other global markets. This Policy governs all users of the Websites, regardless of location.

We are committed to protecting the privacy of website visitors and business partners. We process personal data in accordance with applicable international data protection laws, including:

  • The EU General Data Protection Regulation (GDPR) – where applicable to EU/EEA residents
  • Thailand’s Personal Data Protection Act B.E. 2562 (PDPA)
  • South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA)
  • UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL)
  • Indonesia’s Personal Data Protection Law (UU PDP) No. 27 of 2022
  • Fiji’s Online Safety Act and applicable data protection principles
  • Other applicable national and regional data protection regulations

2. Data Controller

For the purposes of applicable data protection laws, the data controller responsible for this Website is:

HSN-Thailand Co., Ltd.

171/13 Maison168,
Muangthong, Pakkret District
Nonthaburi 11120 THAILAND

Email: [email protected]

Certain personal data may also be processed by affiliated entities within the HSN Group, depending on the geographic location of a project or inquiry. In such cases, those entities act as joint controllers or processors, as appropriate.

3.  Scope of This Policy

This Policy applies to:

  • Visitors browsing the Website
  • Individuals who contact us through website contact forms
  • Business partners and potential clients communicating with us via the Website

Note: These Websites are designed to present information about natural stone products and services. We do not operate an e-commerce store, process payments, or operate a newsletter subscription service through these Websites.

4.  Personal Data We Collect

We collect personal data only when necessary and proportionate to the purposes described in this Policy.

4.1  Information You Provide Voluntarily

When you choose to contact us through a form on the Websites, we may collect:

  • Full name
  • Email address
  • Telephone number
  • Company name and job title
  • Country or region
  • Details of your inquiry or message
  • Any other information you voluntarily provide in your communication

This information is collected only when you actively choose to submit it. You are not obliged to provide this information, but without it we may be unable to respond to your inquiry.

4.2  Automatically Collected Technical Data

When you visit our Websites, certain technical information is automatically collected by our web servers and analytics tools:

  • IP address (which may be anonymized where technically possible)
  • Device type, model, and operating system
  • Browser type and version
  • Pages visited and content viewed
  • Time and date of visits and session duration
  • Referring website or source
  • General geographic location derived from IP address (typically city or country level)

This data is used to operate, secure, and improve the Websites. Where possible, it is processed in aggregated or anonymized form.

5. CRM and Offline Data Collection

In addition to data collected through the Websites, HSN Group may collect and process personal data provided directly by individuals through business communications, meetings, inquiries, or other offline interactions, including data stored and managed within HSN’s customer relationship management (CRM) systems.

Such data may include contact details, company information, communication history, and project or inquiry records voluntarily provided by the individual.

This data is:

  • Collected only where voluntarily provided in a business context
  • Used solely for the purposes of managing business relationships, responding to inquiries, and supporting HSN’s commercial operations
  • Retained only for as long as necessary for those purposes or as required by applicable law
  • Processed by HSN’s CRM service provider, who acts as a data processor on HSN’s behalf and is contractually bound to protect personal data
  • Subject to the same rights and protections described in Section 14 of this Policy

Where CRM data is stored or processed outside the country in which it was collected, HSN applies appropriate safeguards consistent with those described in Section 11 of this Policy.

6.  How We Use Personal Data

We process personal data for the following lawful purposes:

6.1  Responding to Inquiries

To respond to messages and inquiries submitted through contact forms or other communication channels on the Websites.

6.2  Business Development

To evaluate potential customer requests, project inquiries, and business opportunities relevant to the HSN Group’s operations.

6.3  Website Operation and Improvement

To operate, maintain, analyze, and improve the functionality, performance, and security of the Websites.

6.4  Security and Fraud Prevention

To monitor Website activity and protect the Websites and our systems against unauthorized access, misuse, or malicious activity.

To comply with applicable legal obligations in the jurisdictions in which we operate.

We do not sell, rent, or trade personal data to third parties for their own marketing purposes.

Where applicable under data protection laws, we rely on the following legal bases to process personal data:

Legitimate interests: Responding to business inquiries and operating and improving our Websites, where such interests are not overridden by your rights.

Consent: Where cookies or analytics technologies require prior consent under applicable law (e.g., GDPR, Thailand PDPA). You may withdraw consent at any time.

Contractual necessity: Where communications relate to a potential or existing contractual business relationship.

Legal obligation: Where required to comply with applicable laws and regulations.

For users in jurisdictions without a consent or legitimate interest framework, we process data in accordance with local requirements, including obtaining explicit consent where required (e.g., under Indonesia’s UU PDP, UAE PDPL, Fiji’s applicable laws).

8.  Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance user experience and analyze Website performance.

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work efficiently and to provide information to website operators.

8.1  Types of Cookies We Use

Essential Cookies (Strictly Necessary)

These cookies are required for the Websites to function correctly and cannot be disabled without affecting core Website functionality. They include:

  • Security and session management functions
  • Page navigation and load balancing
  • Contact form functionality

Legal basis: Legitimate interest / strictly necessary (no consent required).

Analytics Cookies

These cookies help us understand how visitors interact with the Websites, enabling us to improve content and performance. Information collected includes page views, navigation paths, traffic sources, and session duration. Analytics data is generally aggregated and anonymized where possible. These cookies are placed only with your prior consent where required by applicable law.

Functional Cookies

Functional cookies remember user preferences to improve usability (e.g., language or region settings). These are placed with your consent where required.

Where required by applicable law (including GDPR and Thailand PDPA), we will request your consent before placing non-essential cookies. A cookie consent banner or notice will be displayed on your first visit to the Websites.

You may withdraw or amend your cookie preferences at any time using the cookie settings on the Websites or through your browser settings (see Section 9).

8.3  Third-Party Cookies

Some cookies may be set by third-party service providers (such as analytics platforms). These third parties are contractually bound to process data only as instructed by us and in compliance with applicable data protection laws. We do not permit third-party advertising cookies on this Website.

9.  Managing Cookies

You can control and manage cookies through your browser settings. Most modern browsers allow you to:

  • Block all or specific categories of cookies
  • Delete cookies already stored on your device
  • Receive notifications when cookies are set
  • Browse in private/incognito mode (which limits cookie storage)

Please note that disabling cookies – particularly essential cookies – may affect the availability and functionality of certain parts of the Websites.

For guidance on managing cookies in your browser:

  • Google Chrome: Settings > Privacy and Security > Cookies
  • Mozilla Firefox: Options > Privacy & Security
  • Safari: Preferences > Privacy
  • Microsoft Edge: Settings > Cookies and Site Permissions

You may also opt out of certain analytics tools directly. For example, Google Analytics offers an opt-out browser add-on at: https://tools.google.com/dlpage/gaoptout

10.  Third-Party Service Providers

We may engage third-party service providers to assist us in operating the Websites and supporting business operations. These may include:

  • Website hosting and infrastructure providers
  • Analytics and performance monitoring services
  • Website security and monitoring services
  • IT support and maintenance providers

These providers are permitted to process personal data only on our instructions and for the specific purposes for which they are engaged. We require them to implement appropriate technical and organizational measures to protect personal data and to comply with applicable data protection requirements.

We do not sell or disclose personal data to third-party providers for their own independent marketing or commercial purposes.

11.  International Data Transfers

HSN Group operates internationally. As a result, personal data may be transferred to, stored in, or processed in countries outside your country of residence, including countries that may not have data protection laws equivalent to those in your jurisdiction.

Where such international transfers occur, we implement appropriate safeguards to ensure personal data remains protected to a standard consistent with applicable regulations. These safeguards may include:

  • Standard contractual clauses (SCCs) approved by relevant authorities
  • Data processing agreements with all data recipients
  • Transfers to countries recognized as providing adequate levels of data protection
  • Other appropriate transfer mechanisms as required under applicable law

If you have questions regarding international transfers of your personal data, please contact us using the details in Section 18.

12.  Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required or permitted by law. Our general retention guidelines are:

Contact form inquiries: Retained for up to 24 months from the date of last communication, unless a business relationship develops requiring longer retention.

Business communications: Retained for as long as required for operational or legal purposes, including where required to defend or bring legal claims.

Technical and analytics data: Generally retained for up to 26 months in aggregate or anonymized form.

Upon expiry of the relevant retention period, personal data will be securely deleted, anonymized, or archived in accordance with applicable legal requirements.

13.  Data Security

We implement appropriate technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:

  • Secure hosting environments with encryption in transit (SSL/TLS)
  • Access control and authentication procedures
  • Regular Website security monitoring and vulnerability assessments
  • Staff awareness of data protection obligations

Notwithstanding these measures, no system can guarantee the complete security of information transmitted over the internet. If you believe your personal data has been compromised, please contact us immediately using the details in Section 18.

In the event of a personal data breach, we will comply with applicable notification obligations under relevant data protection laws (e.g., GDPR Articles 33-34, Thailand PDPA Section 37, POPIA Section 22).

14.  Your Data Protection Rights

Depending on the applicable law in your jurisdiction, you may have the following rights regarding your personal data:

Right of access: Obtain confirmation of whether we process your personal data and receive a copy.

Right to rectification: Request correction of inaccurate or incomplete personal data.

Right to erasure: Request deletion of your personal data in certain circumstances (“right to be forgotten”).

Right to restrict processing: Request that we limit the processing of your personal data in certain circumstances.

Right to object: Object to processing based on our legitimate interests.

Right to data portability: Where applicable, receive your personal data in a structured, machine-readable format.

Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

Right to lodge a complaint: Lodge a complaint with your local data protection supervisory authority if you believe your rights have been infringed.

These rights may be subject to limitations and conditions under applicable law. To exercise any of these rights, please contact us using the details in Section 18. We will respond within the timeframes required by applicable law (generally within 30 days).

15.  Third-Party Websites

Our Website may contain links to external websites operated by third parties. This Policy does not apply to such external sites.

We are not responsible for the privacy practices, cookie use, or content of any third-party websites. We encourage you to review the privacy policies of any external websites you visit.

16.  Children’s Privacy

This Website is intended for professional and commercial audiences. We do not knowingly collect, use, or store personal data from individuals under the age of 16 (or such other age as defined as a minor under applicable local law).

If you believe we have inadvertently collected personal data from a minor, please contact us immediately using the details in Section 18 and we will take prompt steps to delete such data.

17.  Updates to This Policy

We may update this Privacy & Cookie Policy periodically to reflect changes in applicable legal requirements, business practices, or Website functionality.

The updated version will be posted on this page with a revised “Last Updated” date. Where changes are material, we will take reasonable steps to notify users (for example, by displaying a notice on the Websites).

We encourage you to review this Policy periodically to stay informed of how we protect your personal data.

18.  Contact Information

For any questions, requests, or complaints relating to this Privacy & Cookie Policy or our data protection practices, please contact:

HSN-Thailand Co., Ltd.

171/13 Maison168,
Muangthong, Pakkret District
Nonthaburi 11120 THAILAND

Email: [email protected]

We are committed to resolving any concerns promptly and in accordance with applicable data protection laws.