1. Principles and rationale.
The Personal Data Protection Act B.E. 2562 (2019) was enacted to ensure effective protection of personal data and to provide effective remedies for data subjects whose personal data rights have been violated. The enactment of this Act is in accordance with the conditions stipulated in Section 26 of the Constitution of the Kingdom of Thailand.
The website www.talonjapan.com ("the Website" or "we") is committed to conducting business ethically, respecting and complying with applicable laws. We recognize the importance of data privacy and are dedicated to protecting personal information. Therefore, we have announced a policy to guide our data protection. We understand the need for security in transactions and the storage of personal information, and thus prioritize respecting individual privacy rights and maintaining data security. We have established various policies, regulations, and guidelines with stringent security measures to ensure that the personal information we receive is used appropriately and in accordance with the law.
This privacy policy describes how we collect, use, disclose, share, store, and transfer your information when you use our Services (collectively referred to as the Services). We act as the Data Controller for any information collected through the Services.
2. Personal Information
Personal data (“Personal Data”) is information about an identifiable individual or that can be used to identify that individual, directly or indirectly, but excludes information about deceased individuals. This data may be collected in the following ways:
Personal information is defined as information provided to us directly or received through other channels, whether through the use of our services, contact, visits, searches via digital channels, websites, call centers, authorized representatives, surveys, or any other means.
Personal information that we receive or access from sources other than directly from you, such as parents, children, spouses, siblings, government agencies, financial companies, financial institutions, financial service providers, business partners, credit bureaus, and data service providers, etc., will be disclosed to you within 30 days of the date of collection. We will inform you of the details of the personal information we collect and the details of third parties.
3. Personal information collected by the website.
Personal information that the website collects, uses, and/or discloses includes:
Personal information such as name, surname, age, date of birth, marital status, national identification number, and passport number.
Contact information such as residential address, workplace, phone number, email, and Line ID.
Information about the device or tool you use to access our services, such as IP address, MAC address, cookie ID, filename and version, selected language, unique device identifier, advertising identifier, serial number, device movement data, and mobile network information.
Other information, such as website usage data, audio, still images, moving images, information about your interests, and any other information considered personal data under personal data protection laws.
Information is obtained from cookies when you access our website. Cookies may be used in some cases. Cookies are small data files that store information exchanged between your computer and our website. We use cookies only to store information that may be useful to you the next time you visit our website. When you use your web browser, you can set it to accept all cookies or reject all cookies, or be notified when a cookie is sent. You can learn how to change your cookie settings in the "Help" menu of your browser. Please note that disabling cookies may affect the use of some services.
Information obtained from third parties, such as websites, may collect account information from data subjects from external service providers when data subjects log in to those account services. Websites may collect and use information about data subjects' activity on third-party services, such as marketing service providers, social media service providers, or application providers that use our APIs or that we use APIs from (e.g., Facebook, Google, or other service providers). We will inform you of the details of the personal information we collect and the details of the external service providers. Such notification will be made within 30 days of the date of collection.
Details of the external service provider will be provided, and such notification will be made within 30 days of the date of collection.
4. Purpose and details of the collection, use, and/or disclosure of personal data.
We will collect personal data for the purpose of conducting our business, as well as to comply with any laws that we or individuals are required to comply with, and for any other related purposes as specified in this policy, as follows:
4.1 To enable the website to conduct business according to its objectives, such as:
To provide service.
To maintain and develop services.
To provide you with personalized service.
To develop new services.
For advertising purposes.
For advertising tailored to you.
To measure and analyze performance.
To communicate with you.
To protect ourselves, our users, and the public.
For other purposes, such as data processing as specified in Section 5 below.
4.2 To perform duties in accordance with relevant or applicable laws (Legal Obligation), such as:
Complying with the orders of those in legal authority.
Compliance with business laws, financial institution laws, securities and exchange laws, life insurance laws, non-life insurance laws, tax laws, anti-money laundering laws, laws on preventing and suppressing the financing of terrorism and the proliferation of weapons of mass destruction, computer laws, bankruptcy laws, and other laws that we are required to comply with, both in Thailand and abroad, including announcements and regulations issued under such laws.
4.3 For necessary operations under legitimate interest, without exceeding the limits that a person can reasonably expect (Legitimate Interest), such as:
Maintaining customer relationships includes handling complaints, conducting satisfaction surveys, and providing customer care by our staff.
Risk management, oversight, and internal management.
Anonymous data is the process of making personal data unidentifiable.
Preventing, responding to, and mitigating potential risks associated with fraudulent activities, cyber threats, defaults or breaches of contract (e.g., bankruptcy information), and various illegal acts (e.g., money laundering, financing of terrorism and the proliferation of weapons of mass destruction, offenses against property, life, body, liberty, or reputation), including sharing personal information to enhance the office's operational standards in preventing, responding to, and mitigating the aforementioned risks.
The collection, use, and/or disclosure of personal information of directors, authorized representatives, and agents of corporate clients.
Recording, video recording, and audio recording of meetings or conversations.
The collection, use, and/or disclosure of personal information of individuals whose assets have been placed under court-ordered receivership.
Parcel receiving and delivery
4.4 If the data subject does not provide your personal information to the website that is necessary for compliance with the law or to fulfill a contract between you and us, you may not be permitted to use certain services of the website.
4.5 We may disclose personal information to others with your consent, using a consent form, or under the guidelines permitted by law.
4.6 If there is a change to the purpose of using personal data (legally justified), we will notify you within 30 days.
5. Legal basis for processing personal data.
The personal information we receive may be processed separately according to legal basis, as follows:
Contract basis
Vital Interest
Legal Obligation
Public Task
Legitimate Interest
Consent basis
6. Processing of personal data by third parties.
We may need to send or transfer personal data to third parties for processing, such as service providers, technical support teams, customer management teams, IT service providers, advertising service providers, etc. We will ensure that the sending or transfer of personal data complies with the law and will implement necessary and appropriate data protection measures that are consistent with confidentiality standards. This includes data segregation before transfer, having confidentiality agreements with such recipients, or we may choose to implement a personal data protection policy that has been reviewed and approved by the relevant legal authority and ensure that the sending or transfer of personal data to third parties for processing complies with that policy instead of complying with legal requirements.
7. Sending or transferring personal data abroad.
We may need to send or transfer personal data to our affiliated companies located overseas or to other recipients as part of the normal operation of the website. This may include sending or transferring personal data to servers/clouds in various countries, such as Japan. If the destination country's standards are insufficient, we will ensure that the transfer of personal data complies with applicable laws and implement necessary and appropriate data protection and confidentiality measures. For example, we may enter into data protection agreements related to cross-border data transfers, have confidentiality agreements with recipients in those countries, or, in cases where the recipient is an affiliated company located overseas, we may choose to use a data protection policy that has been audited and approved by the relevant legal authority and ensure that the transfer of personal data to our overseas affiliated companies complies with that policy instead of complying with legal requirements.
8. Duration of personal data retention.
We will retain personal data for the period necessary to conduct our business for the purposes stated in this policy, or for the duration necessary to achieve the relevant objectives, or until the data subject requests us to delete or destroy your personal data, which may need to be retained further if required or permitted by law, such as retention under the Anti-Money Laundering Act, or retention for verification purposes in case of potential disputes within the statute of limitations of no more than 10 years. We will delete or destroy personal data, or anonymize it, when it is no longer needed, or when requested by the data subject, or after the aforementioned period has expired.
9. Protection of personal data and risk and impact assessment.
We will securely store personal data using technical and organizational measures to maintain appropriate security in the processing of personal data and to prevent data breaches. We have established relevant regulations and guidelines for data protection and conduct risk and impact assessments on data protection, such as information technology security standards and measures to prevent recipients of data from the website from using or disclosing information outside the intended purpose, without authority, or improperly. We regularly update these regulations, guidelines, and risk and impact assessments as needed and appropriate. Risk and impact assessments include loss of credibility, trust, and confidence from customers; disadvantage in market and trade competition; and legal proceedings. Furthermore, our directors, personnel, contractors, agents, consultants, and data recipients are obligated to maintain the confidentiality of personal data according to our established confidentiality measures. We require notification of data breaches to data subjects within 72 hours of an incident occurring.
10. Rights of individuals regarding personal data.
The rights of individuals regarding personal data are legal rights that they should be aware of. Data subjects can exercise various rights under the provisions of the law and policies currently in place or subject to future amendments, as well as guidelines we have established. In cases where an individual is a minor or has limitations in their ability to perform legal acts, they can request to exercise their rights through their parents, legal guardians, or authorized representatives. These rights include:
10.1 Right to be informed.
If an individual consents to our collection, use, and/or disclosure of personal data, they have the right to know the details of the purposes for collecting, using, and/or disclosing their personal data. Requests for information are made in cases where the data subject may or may not provide the information, or where the law mandates it.
10.2 Right to withdraw consent.
If an individual has given consent for a website to collect, use, and/or disclose personal data (whether the consent was given before or after the Personal Data Protection Act came into effect), the individual has the right to withdraw their consent at any time for the duration that the personal data is held by the website, unless such right is limited by law or there is a contract that benefits the individual. However, withdrawing consent may affect the individual's ability to perform the contract. For the individual's benefit, it is advisable to study and inquire about the potential consequences before withdrawing consent.
10.3 Right to request access to information.
Individuals have the right to request access to their personal data that is under our responsibility, to request a copy of such data for them, and to request disclosure of how we obtained that personal data.
10.4 Right to request data transfer.
Individuals have the right to request personal data if we have prepared that data in a format that can be read or used by automated tools or devices, and if the data can be used or disclosed automatically. They also have the right to request that we send or transfer such data to another data controller when this is possible automatically, and the right to receive the personal data that we have sent or transferred to another data controller directly, unless this is impossible due to technical reasons.
However, the personal data of the individual mentioned above must be data that they have consented to the website collecting, using, and/or disclosing, or data that the website needs to collect, use, and/or disclose in order to fulfill the contract as intended, or other personal data as determined by the authorized person.
10.5 Right to object to the collection, use, or disclosure of personal data.
Individuals have the right to object to the collection, use, and/or disclosure of personal data at any time if the collection, use, and/or disclosure of personal data is done for the necessary operations within the legitimate interests of the website's operation or as required by law, without exceeding the limits that an individual can reasonably expect, or to carry out a mission for the public interest. If an individual objects, we will continue to collect, use, and/or disclose personal data only where we can legally demonstrate that such action outweighs your fundamental rights, or to affirm legal rights, comply with the law, or defend against legal proceedings, as each case may be.
10.6 Right to request the deletion or destruction of data.
Individuals have the right to request the deletion or destruction of their personal data, or to anonymize their personal data, if they believe their personal data has been collected, used, and/or disclosed unlawfully under applicable laws, or if they believe the website no longer needs to retain it for the purposes outlined in this policy, or when they have exercised their right to withdraw consent or their right to object as stated above.
10.7 Right to request suspension of data usage.
Individuals have the right to request a temporary suspension of the use of their personal data in cases where we are investigating a request for correction of personal data, an objection from an individual, or any other case where we do not need to delete or destroy personal data in accordance with applicable law.
10.8 Right to request correction of information.
Individuals have the right to request corrections to their personal data to ensure it is current, complete, and not misleading.
10.9 Right to complain.
Individuals have the right to file a complaint with the relevant legal authority if they believe that the collection, use, and/or disclosure of their personal data is in a manner that violates or fails to comply with applicable laws.
10.10 Limitations on the exercise of rights.
The exercise of the aforementioned rights may be restricted by applicable laws, and there may be instances where we may refuse or be unable to process a request to exercise these rights, such as complying with laws or court orders, serving the public interest, or potentially infringing upon the rights or freedoms of others. If we refuse such a request, we will inform the individual of the reasons. We will process any request to exercise these rights within 30 days of the date the individual submits the complete request and supporting documents to our Managing Director.
11. Policy review.
We will review this policy at least once a year, or whenever there are changes or amendments to the law.
12. Contact Information
If you have any questions about this privacy policy, please contact us here or through the contact methods below.
12. Contact Information
If you have any questions about this privacy policy, please contact us here or you can contact us through the contact channels below.
InboundBuzz Inc.
Prime Terrace KAMIYACHO 9F 4-1-13
Toranomon, Minato-ku, Tokyo,
105-0001, Japan
talonjapan@inboundbuzz.co.jp