Privacy Policy
Last Updated: June 6, 2026
Effective Date: June 6, 2026
This Privacy Policy ("Policy") outlines how THE RIZZ ENTERTAINMENT COMPANY LIMITED ("Company," "we," "us," or "our") collects, uses, processes, maintains, and discloses Personal Data obtained from users ("User," "you," or "your") of the Partigo mobile application and related services (the "Platform").
This Policy constitutes a legally binding agreement and is drafted in strict compliance with the laws of the Kingdom of Thailand, specifically the Personal Data Protection Act B.E. 2562 (2019) ("PDPA").
1. Definitions
- "Personal Data" means any information relating to a Person which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
- "Sensitive Personal Data" means Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
2. Data We Collect
We collect the following categories of data based on the necessity to perform our contract with you and for legal compliance:
2.1 Identity & Verification Data
- Name or display name used for account, booking, and venue verification.
- Date of birth or age confirmation where required to verify legal age for venue entry.
- Nationality and Gender.
- Verification photos or submitted proof images: Used strictly for age verification, booking verification, and fraud prevention when requested.
2.2 Contact Data
- Phone number (mobile).
- Email address.
- Social Media Handles (Instagram, TikTok, Line ID) – especially for Influencer accounts.
2.3 Financial & Transaction Data
- Partial Credit/Debit card details (First 6 and Last 4 digits). Note: Full PAN is processed by authorized payment gateways and banks, not stored by Partigo.
- Transaction history, payment receipts, refund logs, booking recovery notes, and duplicate-payment review records.
- Bank Account details (for Influencers receiving payouts).
2.4 Technical & Usage Data
- Internet Protocol (IP) address, login data, browser type and version.
- Device information: Model, OS version, app instance identifiers, push notification tokens, and similar identifiers used for account security and app functionality.
- Venue, booking, and check-in status information submitted through the app. The current mobile app does not require continuous background location access.
- App interaction logs, operational error reports, and performance data.
3. Lawful Basis & Purpose of Processing
We process your data under the following lawful bases pursuant to the PDPA:
3.1 Contractual Necessity (Art. 24(3))
- To create and manage your User Account.
- To process table bookings, deposits, and issue "Keep Cards".
- To pay fees to Influencers upon job completion.
3.2 Legal Obligation (Art. 24(6))
- To comply with the Alcoholic Beverage Control Act B.E. 2551 (Age verification).
- To comply with the Computer Crime Act B.E. 2550 (Log retention for 90 days).
- To cooperate with the Anti-Money Laundering Office (AMLO) for suspicious transactions.
- To comply with tax laws regarding withholding tax for Influencer payments.
3.3 Legitimate Interests (Art. 24(5))
- To prevent fraud, "No-Show" incidents, and platform abuse.
- To improve App performance and User Experience.
- To maintain the security of our IT systems.
3.4 Consent (Art. 19)
- For optional verification images or other sensitive data where a specific verification flow requires consent.
- For marketing communications and sharing data with third-party partners for promotional purposes.
4. Disclosure of Personal Data
We strictly do not sell your data. However, we must disclose data to the following third parties:
4.1 Partner Venues (Nightclubs/Bars)
When you book a table or claim a Keep Card, we share your Name, Profile Photo, Booking Details, and Verification Status with the venue management and staff for operational purposes (e.g., verifying identity at the door).
4.2 Service Providers (Data Processors)
- Cloud Infrastructure: Google Cloud Platform (Firebase) - Data hosted in Singapore/USA.
- Payment Gateways and Banking Partners: Authorized payment processors and banking partners used to process card, QR, transfer, refund, and settlement flows.
- SMS/OTP Providers: For phone number verification.
4.3 Law Enforcement
We will disclose your data to the Royal Thai Police, Courts, or other government bodies without your consent if we receive a lawful warrant, subpoena, or order, particularly concerning criminal investigations (e.g., drugs, violence, fraud).
5. Cross-Border Data Transfer
Your Personal Data may be transferred to and stored on servers located outside of Thailand (e.g., Google Cloud servers). We ensure that the destination country or the international organization has adequate data protection standards or that the transfer is compliant with Section 28 of the PDPA.
6. Data Retention
- General Account Data: Retained for the duration of your account activity plus 5 years after account deletion for legal defense.
- Transaction Logs: Retained for 10 years in compliance with Thai Tax and Civil Code regulations.
- Booking Chat Records: Retained for up to 90 days. Booking or billing disputes should be reported within 7 days of the incident so that records can be reviewed while available.
- Computer Traffic Data: Retained for at least 90 days as per the Computer Crime Act.
7. Your Rights
Subject to the PDPA, you have the following rights:
- Right to Access: Request a copy of your Personal Data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Deletion: Request erasure of data (Right to be Forgotten), provided there are no legal grounds for us to retain it.
- Right to Restrict Processing: Request suspension of data usage.
- Right to Data Portability: Request transfer of data to another controller.
- Right to Object: Object to processing for direct marketing.
To exercise these rights, please submit a formal request via email to our DPO. We will respond within 30 days.
8. Cookies and Tracking Technologies
We use Cookies, Pixel Tags, and similar technologies to track activity. You can instruct your browser to refuse all cookies, but some portions of our Service may not function properly.
9. Contact Information
Data Controller: THE RIZZ ENTERTAINMENT COMPANY LIMITED
Data Protection Officer (DPO):
- Email: lavie@rizzent.com
- Address: Bangkok, Thailand