Privacy Notice For the ONE GRAND Website and Application
Miss Grand International Public Company Limited

Miss Grand International Public Company Limited (the “Company”) is the operator of the ONE GRAND website, mobile application, and official social media pages. ONE GRAND is a platform that consolidates various types of content—including videos, images, events, and concerts—into one convenient location, allowing users to easily access both information and entertainment. The platform offers a variety of membership options, including free and monthly-paid subscriptions, designed to provide special privileges and an exceptional user experience for all members. In addition, it enables users to closely follow updates related to international beauty pageants and associated events through live streaming, offering a unique and unmatched experience in accessing global pageant-related content. Moreover, the application features a point accumulation and redemption system. Users can earn points by participating in in-app activities and exchange those points for attractive rewards based on their preferences.

In compliance with the Personal Data Protection Act B.E. 2562 (2019) and its subordinate regulations (collectively referred to as the “Personal Data Protection Laws”), the Company recognizes the importance of personal data and respects the rights of data subjects. Therefore, this Privacy Notice (“Notice”) has been prepared to ensure that the Company’s operations comply with the Personal Data Protection Laws. This Notice aims to inform users of the Company’s policies, procedures, and purposes regarding the collection, use, disclosure, and/or international transfer of personal data (“Processing of Personal Data”), including internal policies and operational procedures related to the security of such data. It also outlines the rights of data subjects as required under the law. The Company issues this Notice to promote transparency and fairness in its data processing activities. It applies to all personal data collected, used, disclosed, or transferred by the Company when a data subject (“you”) accesses the ONE GRAND website, mobile application, or official social media channels—whether directly or indirectly and regardless of the operating system used. This ensures that all personal data obtained by the Company will be processed strictly in accordance with the stated purposes and legal obligations.

The Company may review and update this Privacy Notice from time to time. If any material changes are made to the content of this Privacy Notice, the Company will publish such updates on www.onegrand.com and through other official communication channels. However, if such changes have a significant impact on you as a data subject, the Company will provide advance notice, as appropriate, before the changes become effective. Details of such changes are as follows:


Clause 1 – Definitions in This Notice

  • “Privacy Notice” refers to this personal data protection policy issued in accordance with the Personal Data Protection Act B.E. 2562 (2019).
  • “Personal Data” means any information relating to an individual that is defined as personal data under the Personal Data Protection Act B.E. 2562 (2019).
  • “Personnel” refers to executives, directors, employees, staff, and individuals working for the Company under an employment or service contract, including interns, trainees, and probationary employees.
  • “Data Subject” means a natural person who owns the personal data being processed by the Company.
  • “Personal Data Protection Committee” refers to the official committee appointed under the Personal Data Protection Act B.E. 2562 (2019).
  • “Data Controller” refers to the Company or any individual or legal entity that has the authority to decide on the collection, use, or disclosure of personal data.
  • “Data Processor” means the Company or any individual or legal entity that collects, uses, or discloses personal data on behalf of or under the instruction of the Data Controller. Such parties are not considered Data Controllers themselves.
  • “Data Protection Officer (DPO)” refers to the person or unit responsible for personal data protection within the Company, or a contractor appointed by the Company to carry out the roles and responsibilities in accordance with the Personal Data Protection Act B.E. 2562 (2019).
  • “Services” refers to the range of services provided through the ONE GRAND website or application, including video and/or image content publication, promotion of events and concerts by artists under the Company’s Talent division, the sale of products through the Company’s platform, membership services offering exclusive entertainment benefits, access to global pageant updates via live streaming, and a point accumulation and redemption system allowing users to earn points from participating in in-app or on-site activities.
  • “Cookies” refers to small text files stored temporarily on the data subject’s computer that retain necessary personal data to facilitate faster and more convenient communication during website usage. These are active only while the user is browsing the website.

Clause 2 – Sources of Personal Data Collection

The Company collects personal data from the following sources:

  • (1) Directly from you: This includes personal data you provide when registering to use the ONE GRAND website or application, purchasing products or services from the Company, responding to surveys, or using the ONE GRAND platform through cookies. Such data may include, for example: ONE GRAND account/profile information, Purchase details, Usage data, Advertising interaction data, Device and network data, Communications and related information.
  • (2) From third-party sources (not directly from you):
    • - The Company may collect your personal data by searching publicly available sources or through the website system.
    • - The Company may also obtain your personal data from third parties, including partners whose products or services you use to access, pay for, or interact with the ONE GRAND Services. This may include personal details, payment information, or usage data. The types of data shared may vary depending on the nature of the partner, your relationship with them, or service providers, agents, or contractors who collect personal data on behalf of ONE GRAND, such as: System security providers, Payment processors, Server providers, Marketing service providers.

In such cases, the Company will inform you of the collection without delay—within 30 days from the date the data is obtained—and will seek your consent unless the law provides an exemption from consent or notification obligations.


Clause 3 – Principles for Personal Data Collection

  • (1) Collection of Sensitive Personal Data: The Company will obtain your explicit consent prior to or at the time of collecting any sensitive personal data, following the procedures specified by the Company and in compliance with applicable laws.
  • (2) Collection of Personal Data from Minors, Incompetent, or Quasi-Incompetent Persons: The Company places the highest priority on the protection of personal data belonging to minors, persons with legal incompetency, and quasi-incompetent persons, in accordance with the Company’s internal guidelines and legal requirements.
  • (3) Provision of Third-Party Personal Data: If you provide the Company with personal data of third parties—such as information identifying your spouse, children, employees related to your engagement with the Company, or any other related persons—you are required to inform such third parties about this Privacy Notice, so that they are aware of the Company’s principles and practices regarding the protection of their personal data.
  • (4) Requirement to Provide Personal Data: If the provision of personal data is necessary to comply with legal obligations or contractual requirements—or is required to enter into a contract—but you choose not to provide such data, the Company may be unable to proceed with the relevant contract or provide services under that agreement.

Clause 4 – Definition and Types of Personal Data

(1) Definition of Personal Data: “Personal Data” as defined under the Personal Data Protection Act B.E. 2562 (2019), means any information relating to a person that enables the identification of such person, whether directly or indirectly. This does not include information pertaining to deceased persons specifically.

(2) Types of Personal Data Collected by the Company

  • General Personal Data:
    • Personal Details: When you create an account on the ONE GRAND website or application, the Company collects your contact information (e.g., email address) and login credentials (e.g., password). Additional information may include your full name, phone number, gender, date of birth, and other identifiable details based on your account setup, payment methods, and used features.
    • Payment Details: The Company collects data related to payment or top-up activities (e.g., bank account, mobile banking, credit/debit card), billing address, and details on point accumulation and redeemed promotions.
    • Purchase Information: The Company gathers data on your purchase history (e.g., ordered items, order amount, carted products, buying behavior) from transactions made through ONE GRAND.
    • ONE GRAND Account/Profile Information: This includes data linked to your ONE GRAND account/profile (e.g., name, profile image, social media accounts, membership type, saved videos, packages, and settings).
    • Usage Information: The Company collects data from your interactions with ONE GRAND services such as feature choices in interactive systems, viewing history, favorites, social media sharing, search terms, app clicks, text input, page visits, session duration, access logs, and permissions like camera/photo access (e.g., for QR codes).
    • Advertising Data: The Company gathers data on ads viewed or interacted with on ONE GRAND (e.g., IP address, targeted ad content, inferred interests based on your visits to other sites or apps).
    • Device and Network Information: Includes IP address (can indicate general location such as city, province, or zip code), device/software characteristics, referring URLs, browser/mobile app logs, performance data (e.g., crash reports, timestamps, debug logs), cookie identifiers, resettable device IDs, ad identifiers, and other technical identifiers.
    • Communications: If you contact ONE GRAND (e.g., via customer service, survey responses, feedback), the Company collects the contents of these communications, messages sent to you (e.g., email, push notifications), and interaction records within ONE GRAND platforms.
  • Sensitive Personal Data means personal data as defined under Section 26 of the Personal Data Protection Act B.E. 2562 (2019).

Processing of Sensitive Personal Data: The Company does not intend to process your sensitive personal data. However, in cases where such data appears on documents you voluntarily provide to the Company—such as your national ID card, house registration, or other documentation—such as racial or religious information, and you submit those documents (in physical or digital form), the Company recommends that you redact such sensitive personal data yourself, for example, by crossing out the sensitive information before submission. Nevertheless, if you do not redact the sensitive information yourself, the Company will deem that you have explicitly consented to the Company redacting such information on your behalf. Once redacted by the Company, such documents shall be considered complete and legally valid, and the Company shall be permitted to process them in accordance with the Personal Data Protection Act B.E. 2562 (2019). In cases where the Company is unable to redact such sensitive personal data due to technical or other limitations, the Company will retain such sensitive data solely as part of the identity verification process.


Clause 5: Legal Basis for the Processing of Personal Data

When collecting personal data, the Company will obtain your consent prior to or at the time of data collection, through electronic or other means, while informing you of the purposes of processing your personal data. However, there are cases where the Company is legally authorized to process your personal data without your consent, including:

  • (1) To prevent or suppress danger to life, body, or health, such as in emergency contact situations or for the control and prevention of communicable diseases.
  • (2) To carry out your requests or intentions prior to or upon entering into a contract, including contacting you before the conclusion of a contract with the Company and taking necessary actions to ensure the continuity of the Company’s business operations.
  • (3) For legitimate interests of the Company or a third party, except where such interests are overridden by your fundamental rights and freedoms with respect to personal data.
  • (4) To comply with legal obligations, including laws, regulations, and rules applicable domestically or internationally, and to comply with legal orders issued by authorities, such as court orders, government agencies, regulatory bodies, or authorized officials. This also includes legal processes or litigation proceedings, where the Company relies on a legal obligation as the basis for processing your personal data.

Clause 6: Purposes of Collecting, Using, or Disclosing Personal Data

The Company collects your personal data for the following purposes:

  • (1) To provide the Company’s services, fulfill contractual obligations between the Company and you, or take steps at your request prior to entering into a contract via the ONE GRAND website or application.
  • (2) To identify or verify your identity.
  • (3) To manage and operate the business, including maintaining a database and service history with the Company. This includes purposes such as processing payments, managing point accumulation and promotional redemptions, sending transactional communications (e.g., wallet top-ups, membership payments, or account updates), identifying your internet service provider to help resolve network issues, responding to inquiries or requests, and assisting with actions such as password resets.
  • (4) To analyze, study, and improve the Company’s services, including understanding user behavior, enhancing content delivery, tailoring ONE GRAND features to user preferences, and analyzing user statistics to better reach the target audience on the Company’s website and application.
  • (5) To publicize activities related to the Company’s contractual obligations with partners, affiliates, collaborators, or other contractual parties or similar entities.
  • (6) To enable integration and promotions with partners so they may promote ONE GRAND services to you through their devices or platforms, based on your specific relationship with those partners.
  • (7) To provide content and updates from the Company, including marketing communications, new features, available ONE GRAND content, and special offers—customized to suit your interests.
  • (8) To support advertising, including analysis, processing, marketing, research, and promotional activities, for the Company’s products and services or those of its business partners or third parties, via notifications on mobile phones, desktops, and similar devices.
  • (9) To maintain security, including protecting the Company’s systems and business, and to monitor, prevent, and detect unlawful or prohibited activities or other security/technical issues.
  • (10) To comply with laws, regulations, orders, or other legal obligations applicable to the Company, as well as to support legal proceedings or government requests, and to prevent harm to the rights, property, or safety of ONE GRAND, its users, or the public as permitted or required by law.

Clause 7: Persons or Organizations to Whom the Company May Disclose Personal Data

The Company may use and disclose your personal data for the purposes and in accordance with the principles mentioned above. Personal data may be disclosed only as necessary and to the following individuals or organizations:

  • (1) Other organizations with which the Company has a legal relationship, including Company personnel, contractors, agents, consultants, and related parties.
  • (2) Government authorities and/or regulatory agencies overseeing the Company, such as the Department of Business Development, the Anti-Money Laundering Office (AMLO), and the Securities and Exchange Commission (SEC).
  • (3) Business partners, representatives, or other entities such as Provincial Directors who are under contract with the Company, professional associations in which the Company is a member, and independent auditors. Disclosure of employee personal data in such cases is made for specific purposes under legal bases and appropriate security measures.
  • (4) Other companies and financial institutions, as well as third parties when required by law.
  • (5) External service providers to the Company, including cloud system processors, agents, subcontractors acting on behalf of the Company, personal data processors, or sub-processors.
  • (6) Social media platform providers.
  • (7) Authorized persons, sub-authorized representatives, agents, or legal representatives of employees acting within their lawful authority.

Clause 8: Transfer or Transmission of Personal Data to Foreign Countries

The Company may need to transfer or transmit personal data to foreign countries, such as to service providers, cloud computing service providers located abroad, or data recipients of the Company who maintain personal data security standards that are equivalent to or higher than those in Thailand. In cases where the destination country has insufficient or lower data protection standards, the Company will ensure that the transfer or transmission of personal data complies with the Personal Data Protection Act B.E. 2562 (2019), and appropriate and necessary safeguards will be implemented to ensure the security of the personal data.


Clause 9: Security Measures for Personal Data

The Company has implemented appropriate security measures to protect personal data from loss, unauthorized access, use, alteration, modification, or disclosure (in violation of the law). The Company will review such measures as necessary or when there are technological changes to ensure continued effectiveness in safeguarding data.

In cases where the Company assigns an external agency or individual to process personal data on its behalf, the Company will require such agency or individual to maintain the confidentiality and security of the personal data and to prevent any unauthorized or unlawful processing of the data for any purposes other than those assigned.


Clause 10: Retention Period of Personal Data

The Company will retain personal data for as long as necessary to fulfill the purposes for which the data was collected. To comply with legal obligations, the Company may retain personal data for a longer period if required by law. Once the retention period has expired or the data is no longer necessary for the stated purposes, the Company will delete, destroy, or anonymize the personal data so that it can no longer be used to identify the data subject.


Clause 11: Your Legal Rights as a Data Subject

Under the Personal Data Protection Act, you have the following rights regarding your personal data:

  • - Right to Withdraw Consent: You have the right to withdraw your consent to the processing of your personal data at any time. However, such withdrawal shall not affect the lawfulness of the processing carried out prior to the withdrawal.
  • - Right of Access: You have the right to access your personal data and request a copy of such data. You also have the right to request information on how your data was obtained if it was collected without your consent.
  • - Right to Rectification: You have the right to request that the Company correct inaccurate, outdated, or misleading data, or to complete incomplete data.
  • - Right to Erasure: You have the right to request the deletion, destruction, or anonymization of your personal data if it is no longer necessary for the purposes of processing, or if you have withdrawn your consent and the Company has no legal basis to continue processing, or if you have objected to the processing and the Company has no legitimate grounds to override your objection, or if the data processing was unlawful.
  • - Right to Restriction of Processing: You have the right to request the restriction of the use of your personal data while the accuracy of the data is being verified, or in lieu of deletion in the case of unlawful processing, or when the data is no longer necessary but you require it for legal claims, or during the Company’s verification of an objection request.
  • - Right to Data Portability: You have the right to receive your personal data from the Company in a structured, commonly used, and machine-readable format, and to request the transfer of that data to another data controller, where applicable and technically feasible.
  • - Right to Object: You have the right to object to the processing of your personal data where it is based on the Company’s legitimate interest or public interest, or for direct marketing purposes, or for scientific, historical, or statistical research.
  • - Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Committee if you believe that the Company, its data processors, employees, or contractors have violated or failed to comply with the Personal Data Protection Law.

However, the Company may reject the exercise of the above rights based on legal grounds or the criteria established by the Company, provided such rejection is in compliance with the law. In such cases, the Company will inform you of the reasons for the refusal.


Clause 12: Cookie Policy

The Company’s website and application use cookies to collect information such as browser type, time of online access, pages visited, referring URLs, language preferences, and other computer traffic data. These cookies are used for purposes including security, enhancing website functionality, improving content display efficiency, gathering statistical data, and enhancing your user experience to better match your preferences during online usage. The use of cookies complies with the Company’s Cookie Policy.


Clause 13: Privacy Notice of Other Platforms

This Privacy Notice applies solely to the processing of your personal data provided to the Company, and the services or online activities conducted through the Company’s ONE GRAND platform. The ONE GRAND platform may contain links to other platforms operated by third parties. If you click on a link to another platform, you should review the privacy notice or policy of that specific platform separately from the Company and/or its affiliates. The Company is not responsible for the protection of personal data on platforms operated by third parties.


Clause 14: Contact Channels – Inquiries or Exercising Your Legal Rights

If you have any questions or require further information regarding this Privacy Notice, or if you have suggestions regarding the Company’s processing of personal data, or wish to exercise your legal rights under personal data protection laws, you may contact us through the following channels:

  • Company Name: Miss Grand International Public Company Limited
  • Contact Address: 1751 Ladprao 94, Ladprao Road, Phlabphla Sub-district, Wang Thonglang District, Bangkok 10310
  • Phone: 02-5309656
  • Email: info@missgrandinternational.com

How to Contact the Data Protection Officer (DPO):
Address: 1751 Ladprao 94, Ladprao Road, Phlabphla Sub-district, Wang Thonglang District, Bangkok 10310
Email: DPO@missgrandinternational.com


Last Updated: May 2025