- Compliance with Laws and Regulations
The Company complies with any applicable laws and regulations that may apply to the handling and protection of personal data by the Company.
- Collection of Personal Data
Upon collecting your personal data, the Company specifies the intended use of the data to the best of its ability and complies with all applicable laws and regulations.
The Company collects the following categories of personal data.
Your name, telephone number, home address, e-mail address, company name, title or position, cookie and other online identifier, date of birth, nationality, education and qualification details, your gender, your CV, photograph, passport number, marital status, other details set out in your application, responses to questionnaire, inquiry details and any other information you provided to us.
- Sources of Personal Data
The Company may obtain your personal data directly from you or any other source, including, but not limited to the following:
- provided directly by you when we are establishing a business relationship with you, including information obtained by business card exchange and submitted by you in various documents; and/or
- provided when you respond to questionnaires or surveys or when you communicate with us through phone calls, emails, and/or other correspondence.
- Obligation to Provide Personal Data
In general, providing your personal data shall be made voluntary. In some cases, however, the Company may need your personal data; for example, when we enter into a contract with you. In such case, your refusal to provision of your personal data may cause us impossible to enter into a contract with you or provide any other services relating to your personal data.
- Legal Grounds and Purposes of Use of Personal Data
The Company shall only use your personal data when supported by appropriate legal grounds under the applicable laws and regulations within the scope of the following purposes of use.
- To provide consulting and related services;
- To provide guidance/information on products and services by the Company or its business partners;
- To provide guidance/information on after-sale follow-up services by the Company or its business partners;
- To provide guidance/information on seminars sponsored or co-sponsored by the Company or its business partners;
- To send required materials, inquiries, or questionnaires;
- To search for a counterparty with regard to leasing, buying, selling, or managing of real estate, to enter into a contract for sale, lease, brokerage, or management of real estate, or to provide services based on such a contract
- To respond to a client’s intention including proceeding with inheritance procedure;
- To submit attendance records to qualification bodies;
- To develop new products and improve services;
- To recruit personnel
- To reply to inquiries;
- To use such information within the scope of prior consent from you;
- To improve your online activities based on your online identifier.
- Disclosure of Personal Data
For the purposes stated in “5. Legal Grounds and Purposes of Use of Personal Data”, the Company may disclose your Personal Data:
- to companies and entities within its group, including foreign entities specified here;
- The Company’s business partners listed below;
- Spire Research and Consulting (India) Pvt Ltd
- Spire Research and Consulting Sdn Bhd
- Spire Research and Consulting Co., Ltd
- Spire Research and Consulting MENA LLC
- Spire Research and Consulting Pte Ltd Vietnam Representative Office
- Yamada Legal Consulting Shiho-shoshi Office
- Yamada Legal Consulting Gyosei-shoshi Office
- Yamada Labor Consulting and Social Security Attorney Office
- General Incorporated Association Yamada Research Institute of Economy and Management
- Y&P Legal Professional Corporation
- Kawada Tax Accountant Corporation
- to the extent required by laws, regulations, or court orders (for example, if we are under a duty to disclose your personal data in order to comply with a legal obligation); and/or
- to Google
- How Google uses Information from sites or Apps that use Google’s services
- Security Management Measures
The Company takes the following security management measures for personal data.
In order to ensure the proper handling of personal data, the Company has defined basic rules on relevant matters, including compliance with applicable laws and regulations.
2) Establishment of Rules
The Company has established rules on handling methods, persons in charge, its duties, and other relevant matters at each stage of collection, use, storage, provision, deletion, and disposal of personal data, and periodically reviews them.
3) Organizational Security Management Measures
In addition to appointing a person responsible for the handling of personal data, the Company has clarified its officers/employees, and the scope of personal data handled by such officers/employees, and has established a system to report to the responsible person when an officer/employee is aware of any facts or signs that violate laws and regulations.
The Company conducts periodical self-inspections and audits on the handling of personal data.
4) Human Security Management Measures
The Company conducts periodic training for officers/employees on the handling of personal data, incorporates confidentiality obligations in the Company’s Rules of Employment, and makes them aware within the Company.
5) Physical Security Management Measures
In areas where personal data is handled, the Company controls the entry and exit of officers/employees and equipment, and implements measures to prevent unauthorized persons from viewing personal data.
In addition to taking measures to prevent theft or loss of equipment and electronic media that handles personal data, the Company has implemented measures to prevent the easily revealing of personal data when carrying such equipment and electronic media.
6) Technical Security Management Measures
The Company has introduced a system to limit the scope of officers/employees and the scope of personal data handled by such officers/employees by controlling access, and to protect information systems that handle personal data from external unauthorized access or software.
- Continuous Improvement
The Company shall strive to protect personal data by continuously improving its handling of personal data.
- Transfer of Personal Data to Foreign Countries
The Company may transfer personal data outside of your countries of residence. These countries may not have personal data protection laws as comprehensive as those that exist in your country of residence, and the same level of protection as that set forth in the personal data protection laws in your country may not necessarily be guaranteed. In such case, the Company shall implement necessary safety management measures pursuant to the requirements of the applicable laws.
- Retention Period
Your personal data will be stored securely in the Company’s data server or in a third party’s data server. The Company will strictly control access to personal data and will review such access control from time to time. The Company will retain and use your personal data until the purpose of processing of personal data is achieved. When the purpose is achieved, such personal data will be destroyed without delay.
The Company may retain the personal data for a longer period if it is necessary, provided, however, your personal data will never be kept for longer than required for the purpose of which it has been collected or processed, in accordance with the applicable laws or legislations.
- Data Subjects’ Rights
With respect to personal data managed by the Company, you have certain rights pursuant to the applicable laws and regulations, which may include the following rights of the data subject:
- the right to be informed (the right to be informed about the details such as the identity of the controller, the purposes of the processing, legitimate interests pursued by the controller, and when the controller collects personal data);
- the right of access (the right to obtain from the controller confirmation as to whether or not your personal data is held);
- the right to rectification (the right to obtain from the controller without undue delay the rectification of your inaccurate personal data);
- the right to erasure (the right to obtain from the controller the erasure of your personal data);
- the right to restrict processing (the right to obtain from the controller restriction of processing);
- the right to data portability (the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit to another controller without hindrance from the controller);
- the right to object (the right to object, on grounds relating to your particular situation, at any time to processing of your personal data, including the rights to withdraw the consents to process personal data.);
- the rights in relation to automated decision making and profiling (the right not to be subject to a decision based solely on automated processing, including profiling):
- the rights to demand data confidentiality;
- the rights to file a complaint with the Ministry of Information and Communication when personal data is handled illegally (in violation of confidentiality obligations).
- Contact Information on Privacy
YAMADA Consulting & Spire (Thailand) Co., Ltd.
Level 16, 689 Bhiraj Tower at EmQuartier,
Unit 1608-1610 Sukhumvit Road(Soi 35),
Klongton Nuea, Vadhana, Bangkok
Email : email@example.com