CHANGAN Automotive APP is an application software developed by CHANGAN (Thailand) Automotive Technology Co., Ltd. (hereinafter referred to as "we") that connects your vehicles and provides related services. We attach great importance to your personal data and will strictly comply with the provisions of Thailand's Personal Data Protection Law B.E.2562 (2019) (PDPA) and other laws, adhering to the principles of legality, fairness, transparency, purpose limitation, and minimum necessity, to protect your personal data and related rights. Through this "CHANGAN Automotive APP Privacy Policy" (hereinafter referred to as "this Policy"), you will learn how we collect, use, store, disclose, and protect your personal data and other related information when using this APP or services we provide.
The authorized CHANGAN (Thailand) distributor (the "distributor") is an independent entity, as well as applications and other services provided by third parties, and is not related to us; Please understand and be aware of third-party privacy policies. If you have any questions, please contact the third-party directly.
This Policy applies to the internet and mobile internet related services provided by CHANGAN Automobile to you, including mobile clients and application forms, including CHANGAN Automobile APP, mini programs, etc.
Reminder:
If you are under 20 years of age, do not provide any personal data without the permission of your parents or legal guardian.
This Policy may be modified to comply with currently effective laws and regulations, functional services, and other circumstances. We will notify you of the modifications by means of a pop-up notification so that you are aware of the latest valid version.
We are aware of the importance of your personal data and will treat your personal data with care. We endeavor to create and maintain a relationship of mutual trust with you and adhere to the following principles for the protection of your personal data: lawfulness, fairness, transparency, purpose limitation, minimum necessity, accuracy, integrity and confidentiality, consistency of rights and responsibilities, and ensuring security. At the same time, we are committed to adopting appropriate security measures in accordance with the industry's mature security standards to fully protect your personal data.
By checking or clicking on "Read", "Agreed" or other actions with the same meaning on the page to which this Policy belongs, you are deemed to agree to the relevant content of this Policy and agree to our processing of your personal data in accordance with legal requirements and this Policy. If you do not agree to any content of this Policy, we will not process your relevant personal data. In general, this will not affect your use of our products or services, except for the processing of relevant personal data that is necessary for providing the products or services. Please carefully read this Policy before checking or clicking on "Read", "Agreed" or other actions with the same meaning, accepting products or services provided by CHANGAN Motors, and submitting personal data to ensure that you are fully aware and understand the meaning and corresponding legal consequences of its content. Use only after confirming full understanding and agreement.
We will identify, by bolding or other reasonable means, terms that are (potentially) materially related to your rights and interests, terms relating to sensitive personal data, etc., and you should focus on reading them. If you have any questions, comments, or suggestions about this Policy, you may contact us using the contact information provided in this Policy.
Please understand that our APP service is aimed at the public. If you are not the owner of CHANGAN, you can still download and use the CHANGAN APP and register to log in, but cannot bind to the vehicle. We will still collect your personal data based on the features or services you use.
Section 1. Definitions
1. Personal data: any data relating to a natural person (data subject) that directly or indirectly identifies that natural person. An identifiable natural person is one who is identified by name, identification card number, location data, online identification, or by reference to one or more elements of physical, physiological, genetic, psychological, economic, cultural, or social identity of that natural person, but does not include anonymized personal data.
2. Sensitive personal data: data such as race, ethnicity, political opinions, cultural, religious, or philosophical beliefs, sexual behavior, criminal record, health data, disability, trade union information, genetic information, biometric data or any data that may affect the data subject in the same way (sensitive data), etc., as well as the personal data of minors under the age of 20.
Section 2. Legal basis
We collect and use your personal data in accordance with the GDPR and PDPA. Generally, we do not collect personal data directly from any source other than the data subject and we collect and use your personal data for the purposes described in This Policy. In scenarios where sensitive personal data collection, cross-border data transmission, and other related matters may have a significant impact on your rights, we will remind you again and obtain your explicit consent through enhanced notification or instantaneous reminders (such as pop-up reminders) or request you to click on a separate confirmation or sign the " Consent for the Collection and Processing of Personal Data.".
We will generally collect, use, disclose or otherwise process your personal data with your consent or in accordance with the law, for the purposes set out in this Policy, including but not limited to the following circumstances:
Section 1. What personal data we collect from you
Section 2. We will only collect and use your personal data for the following purposes as set out in this Policy.
We will only collect and use your personal data for the purpose of providing you with products or services. The following personal data is necessary for providing the functionality or services of the CHANGAN APP. We will not perform automated decisions or send marketing information to you through email, cell phone, or other means based on the personal data we collect from you. Therefore, if you do not provide and authorize us to use the following personal data, we will not be able to provide you with products or services.
1. The personal data you provide us with
| Products or services | Personal Data | Purposes |
| Register / Login account | Cell phone numbers, phone verification codes, login passwords, device numbers, system version. | We collect cell phone numbers, phone verification codes, and login passwords for APP account registration and login. We collect device numbers and system version to ensure the normal use, operation, and account security of services. |
2. Personal data collected when you use the products or services
| Products or services | Personal Data | Purposes |
| Account and Security Management | Cell phone numbers, login passwords, camera scanning function, mobile network status | We collect cell phone numbers and login passwords to distinguish different accounts. We collect camera scanning function to add new accounts. We collect mobile network status to ensure the normal use of services. |
| Remote control of vehicles | The opening/closing or locking/unlocking status of the vehicle's doors, windows, sunroof, front lid, trunk, and headlights, as well as the air conditioning switch status, seat ventilation status, charging status, battery, mileage, temperature data, and control password | We collect this data for viewing when you bind your vehicle to our APP and enable vehicle related functions. If you activate the corresponding collection permission, it can provide you with functions to remotely control the relevant status of the vehicle, such as searching for the car, turning on the air conditioning and temperature settings in the car, and seat ventilation. |
| Vehicle management | Cell phone numbers, vehicle nicknames, license plate numbers, vehicle models, VIN codes, purchase records | We collect cell phone numbers to determine the account for management operations. We collect vehicle nicknames, license plate numbers, vehicle models, VIN codes, and purchase records for the system to identify and label the vehicles you wish to manage, to accurately identify and provide services for you, such as binding and unbinding vehicles. |
| Vehicle upgrades | Cell phone numbers, VIN codes, software version numbers | We collect cell phone numbers to identify and confirm your account. We collect VIN codes and software version numbers for system identification, determining the vehicle to be upgraded, and the system version to be upgraded. |
| Language settings | System language | We collect system language for switching APP language versions, making it convenient for you to use. |
| Bluetooth key | Location information, Bluetooth information | We collect this data to identify nearby devices for connection and control the vehicle through Bluetooth keys. |
3. We do not collect or receive your personal data from third parties that are provided to us by third parties.
Section 3. We will only require your authorization to turn on permissions for you to use our products or services as follows.
To provide relevant products and services, in addition to the personal data provided by you, we may also need you to authorize the opening of the following permissions, and the refusal to open these permissions may result in our inability to provide you with relevant products or services.
These permissions include network, Bluetooth, location, and camera device permissions, as shown in the table below:
| User Rights | Descriptions | Purposes |
| Network | When you use the APP, we may need to enable network permissions on your mobile device. | Enable network and networking services, browse APP pages, and use features. |
| Bluetooth | When you use the Bluetooth key function, we may need to enable Bluetooth permissions on your mobile device. | Use Bluetooth key to control the vehicle and search for nearby devices. |
| Location | When you use the Bluetooth key function, we may need to enable the location permissions of your mobile device. We will not continuously collect your location information unless necessary for functionality or services. | Use Bluetooth key to control the vehicle. |
| Camera | When you scan a QR code to login or scan a QR code to authorize, we may need to enable camera permissions on your mobile device. | To scan a QR code. |
We only collect the permissions mentioned in the above description and will not request additional permissions beyond the functional requirements. You can choose to turn off some or all permissions at any time in the device settings function; You can also operate within the APP: "Home" - "Personal Center" - "Settings" - "System Permission Management" to manage permissions and refuse us to collect corresponding personal data.
Section 4. We will only access third-party SDKs when you use our products or services as follows
For the purpose of providing services to you and with your consent, we may access and update from time-to-time software development kits (SDKs) provided by third parties to ensure the realization and stable operation of the APP functions. We will monitor the security of the third-party SDKs within the current state of technology and reasonable time and labor costs and will protect the security of your personal data as much as possible. However, because the third-party SDKs are not under our control, we can only carry out regular inspections of the third party in accordance with the contract signed with the third party or the industry practice, and we cannot prevent the third-party SDKs from violating the collection of your personal information or infringing on your other legitimate rights and interests. Of course, you can always refuse to use the third-party SDKs, but you will not be able to use the functions related to such third-party SDKs. Details are as follows.
| SDK | Personal Data | Scenarios and Purposes | Privacy Policy |
| Digital Key SDK | Equipment identification information and geographic location information. | Used to initiate Bluetooth connections with vehicle-to-vehicle devices and issue Bluetooth positioning calibration data | Privacy policy link is currently unavailable Developed by third-party supplier |
Section 1. Disclosure
Under normal circumstances, we will not disclose your personal data to third party subjects. In order to protect your rights and interests, fulfill contractual obligations with you, meet legal requirements or obtain your consent, we may disclose your personal data to third-party subjects as follows:
1. CHANGAN (Thailand) Affiliated Companies: In order to protect your rights and interests, fulfill contractual obligations with you, and provide complete products or services, we may disclose your personal data to third parties, but only to CHANGAN (Thailand) Affiliated Companies' subjects, and obtain your consent through this Policy or the privacy policies of other platforms of CHANGAN (Thailand) Company. The disclosure is related to the purposes described in this Policy.
We may disclose your personal data to the following third parties:
2. Third parties required by law: We may have to disclose your personal data where we are required to do so by law, for example where we have a legal obligation to comply with or need to protect our rights.
3. If we are required by law to obtain your consent, we will first obtain your consent.
Section 2. Storage
We will store your personal data collected and generated during the operation of our APP and other platforms within Thailand in accordance with the PDPA.
The duration of our storage of your personal data may vary depending on the purpose of the processing, legal requirements, your rights, etc. and will not exceed the time necessary for the processing of the personal data. Upon expiration of the storage period, we will delete and permanently destroy your personal data or make it impossible to identify and associate your personal data.
We have applied a series of technical, administrative, and organizational measures to protect stored personal data and minimize the risk of unauthorized use, disclosure, and inaccessibility. The security measures we have taken include, but are not limited to: data desensitization, data encryption, firewalls and data access authorization controls.
To protect your personal data, we do not normally process your personal data outside of Thailand. However, in order to comply with legal requirements, fulfill our contractual obligations with you, fulfill your functional use or ensure the safe and stable operation of your vehicle, provide other assistance services, etc., we may transfer your personal data to a third country outside of Thailand, provided that we have your consent to do so.
If the data protection standards in the third country are lower than those in Thailand or in a country recognized by the relevant Thai authorities as an equivalent country for the protection of personal data, we will take protection measures comparable to the PDPA to ensure that personal data transferred to the third country will be protected by data protection standards comparable to those required in Thailand; e.g., we will enter into a contract or establish binding corporate rules with the recipient in the third country. Or we will take technical measures to anonymize personal data so that it cannot be identified or associated with you.
We will provide appropriate security measures to protect against unauthorized or unlawful loss, access, use, alteration, correction or disclosure of personal data, and such measures must be reviewed as necessary or as technology changes to effectively maintain appropriate security. The security mechanisms used to protect data are regularly reviewed and updated to provide an effective means of protection against data misuse. If you believe that the security of your personal information has been compromised, or if you would like more information about the measures we use to protect data, please contact us using the contact details provided in this Policy.
We use encryption to ensure the confidentiality of personal data; we use trusted protection mechanisms to prevent malicious attacks on data; and we deploy access control mechanisms to ensure that only authorized personnel have access to personal data. We establish a dedicated privacy compliance organization and a management system for employees, suppliers, etc. We will hold regular security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal data. We will carefully select business partners and suppliers and conduct regular personal data protection audits.
In the event of a data breach, we will notify the Office of the Personal Data Protection Commission of Thailand in accordance with the PDPA, where practicable, within 72 hours of becoming aware of the data breach, unless it is unlikely that such a breach of personal data would pose a risk to your rights and freedoms. If the personal data breach is likely to pose a high risk to your rights and freedoms, we will immediately notify you of the remedial measures taken in relation to the personal data breach and notify the affected parties and relevant authorities.
We want to make sure that you are fully aware of all your data protection rights. In accordance with the relevant laws and regulations of Thailand, as well as common practices in other countries and regions, you have the following legal rights with respect to your personal data:
Section 1. Access, review and copy your personal data
Pursuant to Article 30 of the PDPA, you have the right to access, review and copy your personal data, subject to the exceptions provided for by law and regulation.
You can access and view some of your personal data through the "Home" - "Personal Center" operation within the APP.
You may at any time send an e-mail to [mailbox] to make an application to us for inquiring personal data and obtaining a copy of your personal data, and we will accept the request after verifying your identity and give you feedback on your request within thirty days from the date of the request.
If it is technically feasible and meets the conditions stipulated by the relevant departments, we may, at your request, transfer the copy of your personal data collected by us directly to you, or to the personal data processor designated by you, and we will provide you with the appropriate means of transfer.
Section 2. Deletion of your personal data
Pursuant to Article 33 of the PDPA, you have the right to request that we delete your personal data in such a way that the data subject cannot be identified, under the following conditions:
1. If our processing of personal data violates laws and regulations;
2. If the purpose of processing your personal data has been achieved, cannot be achieved, or is no longer necessary to achieve that purpose (such as: you are no longer a CHANGAN car owner, etc.);
3. If we collect or use your personal data without your authorization or consent, or if you object to our collection, use, or disclosure of your personal data;
4. If our processing of personal data violates our agreement with you;
5. We have stopped providing products or services, or the shelf life has expired;
6. You have withdrawn your authorization and consent to our processing of your personal data;
7. Other situations stipulated by law.
If you want to delete your personal data, you can send an email to: [email address]. We will accept your request after verifying your identity and provide feedback on your request within thirty days from the date of the request.
If you need to cancel your account, you can operate in the APP: "Home" - "Personal Center" - "Account and Security" - "Account and Security" - "Account Cancellation". After account cancellation, we will stop providing you with all products and services of CHANGAN Automotive APP and anonymize and delete your personal data in accordance with the requirements of laws and regulations.
If you are unable to cancel your account by the above method, you can send an email to: [email address]. We will accept your request after verification and provide feedback on your request within thirty days from the date of the request.
If we decide to respond to your deletion request, we will also notify other entities that have access to your personal data through us at the same time and ask them to delete it in a timely manner, unless otherwise required by law or regulation, or if these entities have obtained your independently authorized consent.
Due to legal requirements or technical limitations, we may not immediately delete or anonymize the corresponding personal data from the system. During this period, we will securely store your personal data and will not proceed with any further processing, leaving it in a state where it cannot be retrieved or accessed.
Section 3. Correction of your personal data
In accordance with Article 35 of the PDPA, you have the right to request us to correct or supplement your personal data processed by us when you find it inaccurate or incomplete.
You can complete and correct your personal data through "Home" - "Personal Center" - "Account and Security" - "Cell Phone Numbers".
If you are unable to correct your personal data by the above means, you can send an email to: [email address]. We will accept your request after verifying your identity and feedback your request within thirty days from the date of request.
Section 4. Objection to the processing of your personal data
Pursuant to Article 32 of the PDPA, you have the right to object at any time to the collection, use or disclosure of the personal data in question, e.g., you have the right to object to direct marketing.
You can object to our processing of your personal data by sending an email to [email address].
Section 5. Withdrawal of your consent
You also have the right to give or withdraw your consent to the collection, use or disclosure of personal data at any time. You can withdraw your authorization and consent through "Home" - "Personal Center" - "About Us" - "Privacy Policy" - Click on "More Actions" in the upper right corner - "Withdraw Consent" and click "Confirm” or send an e-mail to [email address]. After you withdraw your consent, we will no longer process the personal data within the scope of your withdrawal of consent, but the decision to withdraw your consent will not affect the collection, use or disclosure of the personal data to which you have already consented.
Section 6. Restriction of the processing of your personal data
Pursuant to Article 34 of the PDPA, you have the right to request that we restrict the processing of your personal data where the following applies
1. You contest the accuracy of the personal data, but please allow us to verify the accuracy of personal data within a certain period;
2. The processing is unlawful and you object to the erasure of the personal data and request the restriction of the use of the personal data;
3. Where we no longer require the personal data for the purposes of the processing, but you require the personal data for the establishment, exercise, or defense of legal rights;
4. When we are waiting for a verification or review to prove that we collected, used, or disclosed your personal data on the basis of an exemption or for the purposes of scientific, historical or statistical research in order to refuse your request to object to the processing of personal data.
Section 7. Responding to your requests and complaints above
In order to protect the security of your personal data, we may need you to verify your identity by means of a written request, etc. before accepting your request, and we will respond to your request within thirty days of the date of the request, which may sometimes take longer than thirty days if your request is particularly complex or if you have already made a number of requests. In such cases, we will notify you and keep you updated.
In principle, we will not charge you any fees for reasonable requests, but we will charge a fee for multiple, repeated requests that exceed reasonable limits, depending on the circumstances. We may refuse requests that are unfounded, require excessive technical means (such as the development of new systems or fundamental changes to existing current practice law), pose a risk to the legitimate interests of others, or are highly impractical.
Pursuant to Section 33 of the PDPA, if you believe that our collection, use and disclosure of your personal data is unlawful or does not comply with applicable data protection laws, you may you have the right to file a complaint with the competent authorities in Thailand: กระทรวงดิจิทัลเพื่อเศรษฐกิจและสังคม MDES. Section 8. We will not be able to respond to your request in the following circumstances:
1. with our fulfillment of obligations under laws and regulations;
2. directly related to national security, national defense security;
3. directly related to public safety, public health, and significant public interests;
4. directly related to crime investigation, prosecution, trial and execution of judgment;
5. We have sufficient evidence to show that you have subjective malice or abuse of rights;
6. out of the maintenance of your or others' lives, property and other important legitimate rights and interests but it is difficult to get your consent;
7. Responding to your request will lead to serious damage to your legitimate rights and interests or those of other individuals or organizations.
Our products or services are primarily intended for adults. Minors under the age of 20 may not create their own accounts without the consent of a parent or other guardian. We do not knowingly collect personal data from users under the age of 20 without the prior consent of a parent or other guardian. If we learn that we have inadvertently collected the personal data of any minor under the age of 20, we will delete the relevant data immediately or process the minor's personal data only if we can rely on a legal basis other than consent.
Section 1. What are Cookies
Cookies are small files that are temporarily stored on a visitor's computer or mobile device to recognize and remember you. It is sent to your browser and stored on your computer's hard drive, tablet, or mobile device. When you visit our App, we may automatically collect data about you through cookies or similar technologies. For a more detailed explanation of what cookies are and how they work, you can visit the EU Cookie Guide: Cookies policy (europa.eu)。
Section 2. How we use Cookies
By using Cookies, other organizations can help us analyze the use of our APP, measure the number of visitors to our APP, and understand how you use our APP to improve your experience.
When you visit our APP, we will send cookies to your device and to [to whom the cookies are sent]. We promise that we will not use cookies for any purpose other than the purposes set out in this Policy.
Section 3. What type of cookies we use
| Cookie | Cookie field | Purposes |
| Example: Google Analytics | IDE _auc _ga _gat_newsTracker _gat_webTracker | These cookies are used to collect information about your use of our website. We use them to estimate the number of visitors to our website and the pages they visit. We then use this information to improve our website and its content. |
Section 4. How to Manage Your Cookies
We respect your privacy, and you can choose to disable certain types of cookies. most browsers or mobile devices could accept cookies automatically, and you can change these default settings through your browser's or mobile device's settings function. However, if you choose not to accept certain types of cookies, it may affect our ability to provide you with our services and your experience with the APP.
We reserve the right to modify this Policy at any time. If such changes are material, we will automatically consider your consent withdrawn until you agree again to the terms of our Privacy Policy. We will not reduce your rights under this Policy without your express consent.
In order to better protect your personal data, we encourage you to check back frequently to keep up to date with our Privacy Policy. We will periodically post any changes to this Policy on this page. We will archive older versions of this Policy, which can be accessed by going to "Home" - "Personal Center" - "About Us" - "Privacy Policy" - click on "Historical Versions".
We will also provide more prominent notice of material changes (including, but not limited to, special notices on viewing pages, pop-up notices, etc.) and will ask for your consent again if necessary and required by law.
Material changes within the meaning of this Policy include, but are not limited to:
1. When there is a significant change in our service model, such as the purpose of processing personal data, the type of personal data processed, the way personal data is used, etc.;
2. When there is a significant change in our ownership structure, organizational structure, etc., such as change of data controller due to business restructuring, bankruptcy and merger and acquisition, etc.;
3. When there is a change in the main targets of personal data disclosure, cross-border situations, etc.;
4. When there is a significant change in your right to participate in the processing of personal data and the way of exercising your right;
5. When there is a change in the department responsible for handling personal data security, contact information and complaint channels.
When and if you have any questions, comments or suggestions about this Policy or matters relating to your personal data, or if you wish to exercise any of your rights, you can contact us at the following address
Phone: +6620385696
Email: cathsocial@changan.com.cn
Address: 88 The Parq Building, 7th-8th Floor, Ratchadaphisek Road, Klongtoey Sub-district, Klongtoey District,Bangkok, 10110, Thailand
Zip code: 10110
We will respond as soon as possible after receiving your information and thank you for your patience and understanding. Given the complexity and volume of requests, this deadline may be extended when necessary.