Good Life Tracker Privacy Policy

Privacy Policy

Outlier Co., Ltd. Effective 19 June 2026
Outlier Co., Ltd. (hereinafter referred to as the “Company”) recognizes the importance of personal data and other information relating to you, collectively referred to as “Data”. This Privacy Policy is issued to ensure that you may be confident that the Company processes your Data with transparency and accountability in accordance with the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Law”) and other applicable laws.

This Privacy Policy (the “Policy”) sets out the details regarding the collection, use, disclosure, and other forms of processing (collectively, “Processing”) of personal data carried out by the Company, as follows.

1.Scope of Application

This Policy applies to the personal data of individuals who currently have, or may in the future have, a relationship with the Company, and whose personal data is processed by the Company. This Policy also applies to contractual parties or third parties who process personal data on behalf of, or in the name of, the Company (“Personal Data Processors”) in connection with the Good Life Tracker application system and related services, collectively referred to as the “Services”.

Individuals having a relationship with the Company under the preceding paragraph include visitors to, and users of, the Good Life Tracker application system, hereinafter referred to as “you”.

In addition to this Policy, the Company may issue specific privacy notices (“Notices”) for certain Services in order to inform data subjects using such Services of the personal data being processed, the purposes and lawful bases for such Processing, the retention period of personal data, and the rights available to data subjects in relation to such specific Services.

In the event of any material inconsistency between the provisions of any Notice and this Policy, the provisions of the relevant Notice shall prevail in respect of that Service.

2.Definitions

  1. (a) Company means Outlier Co., Ltd.
  2. (b) Personal Data means any information relating to a natural person which enables the identification of such person, whether directly or indirectly, but does not include information of deceased persons in particular.
  3. (c) Sensitive Personal Data means personal data as prescribed under Section 26 of the Personal Data Protection Act B.E. 2562 (2019), including racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data which may similarly affect the data subject as prescribed by the Personal Data Protection Committee.
  4. (d) Processing of Personal Data means any operation performed on personal data, including collection, recording, copying, organization, storage, retention, modification, alteration, use, retrieval, disclosure, transmission, dissemination, transfer, combination, erasure, destruction, or any other similar act.
  5. (e) Data Subject means a natural person who owns the personal data collected, used, or disclosed by the Company.
  6. (f) Data Controller means a person or juristic person having the power and duty to make decisions regarding the collection, use, or disclosure of personal data.
  7. (g) Data Processor means a person or juristic person who carries out activities relating to the collection, use, or disclosure of personal data pursuant to the instructions of, or on behalf of, the Data Controller, provided that such person or juristic person is not itself a Data Controller.

3.Sources of Personal Data Collected by the Company

The Company collects or obtains various categories of personal data from the following sources:

3.1 Personal data collected directly from the Data Subject through various service channels, such as during application, registration, use of the Services, or when the Data Subject communicates with the Company at its office or through other contact channels managed by the Company.

3.2 Data collected when the Data Subject accesses the Company’s application, such as usage behavior tracking on the Company’s application or Services through cookies, similar technologies, or software installed on the Data Subject’s device.

4.Categories of Personal Data Collected by the Company

The Company may collect or obtain the following data, which may include your personal data. The categories of data listed below are provided only as a general framework for the Company’s collection of personal data. Only data relevant to the Services you use or the relationship you have with the Company shall apply.

4.1 Identity Data, namely data used to identify or address you, such as title, first name, last name, middle name, nickname, and similar data.

4.2 Personal Attribute Data, namely details relating to you, such as date of birth, gender, age, and similar data.

4.3 Contact Data, namely data used to contact you, such as mobile phone number, LINE ID, email address, and similar data.

4.4 Service Usage Data, namely details relating to the Company’s Services, such as username, password, PIN, Single Sign-on information (SSO ID), OTP, computer traffic data, geolocation data, usage behavior data, search history, cookies or similar technologies, device identifier (Device ID), device type, connection details, browser information, language settings, operating system, and similar data.

4.5 Sensitive Personal Data, namely your sensitive personal data, such as step count data, health-related information, exercise data, and information relating to participation in Company activities. Such Sensitive Personal Data shall be collected only where the Company has obtained your explicit consent.

The provision of your personal data to the Company is voluntary. However, if you do not provide or consent to the provision of your personal data to the Company as specified above, you may be unable to receive all or part of the Services, benefits, or promotional offerings of the Company as described in this Policy.

5.Personal Data of Minors, Incompetent Persons, and Quasi-Incompetent Persons

Where the Company becomes aware that personal data requiring consent for collection belongs to a Data Subject who is a minor, incompetent person, or quasi-incompetent person, the Company shall not collect such personal data until consent has been obtained from the person exercising parental authority, guardian, or curator, as the case may be, in accordance with the requirements prescribed by law.

Where the Company was not previously aware that the Data Subject is a minor, incompetent person, or quasi-incompetent person, and subsequently discovers that it has collected personal data of such Data Subject without obtaining consent from the person exercising parental authority, guardian, or curator, as applicable, the Company shall delete or destroy such personal data without delay, unless the Company has another lawful basis, other than consent, for the collection, use, or disclosure of such data.

6.Purposes of Collection of Personal Data

The Company collects, uses, and processes your personal data for various purposes. The purposes listed below constitute a general framework for the Company’s use of personal data. Only purposes relevant to the Services you use or the relationship you have with the Company shall apply to your data.

6.1 To perform the Company’s duties and responsibilities and to achieve the purposes of providing the Good Life Tracker service, particularly tracking daily walking activities.

6.2 To supervise, provide, monitor, inspect, and manage the Services in order to facilitate your use of the Services and ensure that the Services are aligned with your needs.

6.3 To maintain, update, and manage information relating to you or your use of the Services.

6.4 To prepare records of personal data processing activities as required by law.

6.5 To analyze data, resolve issues, verify accuracy, and improve the performance of the Services.

6.6 To verify identity, authenticate identity, and verify information when you register for the Services, contact the Company, use the Services, or exercise legal rights.

6.7 To improve and develop the quality of the Good Life Tracker application so that it remains appropriate, secure, and up to date.

6.8 To send notifications, confirmations of actions, communications, and service-related news or information to you.

6.9 To verify identity, prevent, detect, or suspend spam, unauthorized acts, or unlawful activities.

6.10 For any other purposes agreed between the Company and you from time to time, or as permitted by applicable law.

6.11 For public relations purposes and to invite you to participate in relevant special activities, only where you have given consent or where the Company is permitted to do so by applicable law.

7.Categories of Persons to Whom the Company May Disclose Your Personal Data

Subject to the purposes specified in Clause 6 above, the Company may disclose your personal data to the following categories of persons. The categories listed below are provided as a general framework for disclosure of personal data by the Company. Only recipients relevant to the Services you use or the relationship you have with the Company shall apply.

7.1 Personnel within the Company, where disclosure shall be made only to the extent necessary for internal organizational management.

7.2 Government agencies or competent authorities to whom the Company is required to disclose data for compliance with law or other important purposes, such as law enforcement agencies, regulatory or supervisory authorities, or other authorities with significant public purposes, including the Cabinet, responsible ministers, Department of Provincial Administration, Revenue Department, Royal Thai Police, courts, Office of the Attorney General, Department of Disease Control, Ministry of Digital Economy and Society, National Health Security Office, and similar authorities.

7.3 Technical consultants and experts.

7.4 Service providers, contractors, or agents acting on behalf of the Company.

8.Cross-Border Transfer of Personal Data

In certain cases, the Company may be required to transfer your personal data overseas in order to carry out the purposes of providing the Services to you, such as transferring personal data to cloud systems, platforms, or servers located overseas, including in Singapore or the United States of America, for the purpose of supporting information technology systems located outside Thailand. Such transfers shall depend on the specific Services used by you or the activities in which you are involved.

At the time of issuance of this Policy, the Personal Data Protection Committee has not yet issued a list of destination countries having adequate standards of personal data protection. Therefore, where it is necessary for the Company to transfer your personal data to a destination country, the Company shall take steps to ensure that the transferred personal data is subject to adequate protection in accordance with international standards, or shall comply with the legal conditions permitting such transfer, including where:

  1. (a) the transfer is made in compliance with applicable law requiring the Company to transfer personal data overseas;
  2. (b) you have been informed of, and have given consent to, the transfer where the destination country does not provide adequate personal data protection standards, subject to the list of countries announced by the Personal Data Protection Committee; or
  3. (c) the transfer is necessary for the performance of activities carried out for important public interest.

9.Retention Period of Your Personal Data

The Company shall retain your personal data for a period of ten (10) years. Upon expiry of such period, the Company shall delete, destroy, or anonymize your personal data so that it can no longer identify you, within thirty (30) days from the expiry of such period, in accordance with the forms and standards for deletion or destruction of personal data as may be prescribed by the Committee or applicable law, or in accordance with international standards.

Where you delete your user account with the Company prior to the expiry of the ten (10)-year period above, the Company shall retain your personal data for a further period of five (5) years from the date on which you delete your user account.

Notwithstanding the foregoing, in the event of any dispute, exercise of rights, or litigation relating to your personal data, the Company reserves the right to retain such data until the relevant dispute has been finally settled by order or final judgment.

10.Security of Personal Data

The Company shall maintain the security of your personal data in accordance with the principles of confidentiality, integrity, and availability, and shall apply appropriate technical and security standards to protect your personal data collected through the application against unauthorized access, misuse, loss, destruction, or inappropriate use.

In addition, the Company shall implement personal data security measures covering administrative safeguards, technical safeguards, and physical safeguards in relation to access to, or control of, the use of personal data.

11.Your Rights under the Personal Data Protection Act B.E. 2562 (2019)

The Personal Data Protection Act B.E. 2562 (2019) provides Data Subjects with several rights. Such rights shall become effective when the relevant provisions of law governing such rights come into force. These rights include the following:

11.1Right of Access

You have the right to request access to, obtain a copy of, and request disclosure of the source of personal data collected by the Company without your consent, except where the Company is entitled to refuse such request by virtue of law or court order, or where the exercise of your right may adversely affect the rights and freedoms of other persons.

11.2Right to Rectification

You have the right to request correction of your personal data to ensure that it is accurate, complete, and up to date. If you find that your personal data is inaccurate, incomplete, or outdated, you may request rectification so that such data is accurate, current, complete, and not misleading.

11.3Right to Erasure or Destruction

You have the right to request that the Company delete or destroy your personal data, or anonymize your personal data so that it can no longer identify you, where you consider that your personal data has been unlawfully collected, used, or disclosed, or where the Company no longer has a necessity to retain it for the relevant purposes under this Policy. The exercise of this right shall be subject to the conditions prescribed by law.

11.4Right to Restriction of Processing

You have the right to request that the Company restrict the use of your personal data where you contest the accuracy or completeness of the personal data collected by the Company.

11.5Right to Object

You have the right to object to the collection, use, or disclosure of personal data relating to you.

11.6Right to Withdraw Consent

Where you have given consent to the Company for the collection, use, or disclosure of your personal data, whether before or after the Personal Data Protection Act B.E. 2562 (2019) came into force, you have the right to withdraw such consent at any time during the period in which your personal data is retained by the Company, unless there is a legal restriction requiring the Company to continue retaining such data, or unless there remains a contract between you and the Company under which you continue to receive benefits.

11.7Right to Data Portability

You have the right to request to receive your personal data from the Company in a format that is readable or commonly usable by automatic tools or devices, and that can be used or disclosed by automated means. You may also request the Company to transmit or transfer such data directly to another Data Controller in such format, unless this is technically infeasible. The exercise of this right shall be subject to the conditions prescribed by law.

You may exercise your rights as a Data Subject by contacting the Company’s personal data protection contact person at the details provided at the end of this Policy. The Company shall notify you of the result of its consideration within thirty (30) days from the date on which the Company receives your request in the form or by the method prescribed by the Company. Where the Company rejects your request, it shall notify you of the reason for such rejection through appropriate channels, such as SMS, email, telephone, or letter.

12.Amendments to this Personal Data Protection Policy

The Company may review, amend, or modify this Policy as it deems appropriate and shall notify you through the Good Life Tracker application, with the effective date of each amended version specified accordingly.

Your continued use of the Company’s Services after the effective date of any amended Policy shall be deemed acknowledgement of, and agreement to, the terms of the amended Policy. If you do not agree with the details of this Policy, you should cease using the Services.

13.Privacy Policy of Other Application

This Policy applies only to the Company’s Services. If you access or are redirected to any third-party application, even through the application, you shall separately review and comply with the privacy policy appearing on such third-party application, which shall be independent from this Policy of the Company.

14.Contact and Exercise of Rights

If you have any questions, suggestions, or concerns regarding the Company’s collection, use, or disclosure of personal data, or regarding this Policy, or if you wish to exercise your rights under the Personal Data Protection Law, you may contact the Company at:

Outlier Co., Ltd.
944 Mitrtown Office Tower, 7th Floor, Rama IV Road, Wang Mai Sub-district, Pathum Wan District, Bangkok

This Policy shall become effective on 19 June 2026.