Besides “Tokaido Sanyo Kyushu Shinkansen Internet Reservation Service Privacy Policy”, this Privacy Policy sets forth the policies which will be applied to the processing of Personal Data of data subjects in Thailand in accordance with the Personal Data Protection Act of Thailand, B.E. 2562 (A.D. 2019) (“PDPA”). In the event of the provisions resulting in a conflict between “Tokaido Sanyo Kyushu Shinkansen Internet Reservation Services Privacy Policy” and this Privacy Policy, this Privacy Policy will prevail.
In this Privacy Policy, “Personal Data” means any information relating to a person, which enables the identification of such a person, whether directly or indirectly, but not including the information of deceased persons in particular. We may collect and process Personal Data, such as membership IDs, names, dates of birth, email addresses, credit card expiration dates, IC card numbers (for transportation systems), IP addresses, cookie information, smartphone terminal IDs, transaction histories, voice recordings, opinions, questions, inquiries, and the like which concern the use of the service and which are collected through the communication between you and us by phone, email, or other forms of communication.
(1)Purposes of use of Personal Data
a)We collect, process, and provide your Personal Data in order to achieve the purposes set forth below.
·For transactions with you concerning or for the provision of train tickets, travel-related products, and other services related thereto and the like;
·For the purposes of conducting investigations necessary to respond to requests made by you and analyzing and preparing statistics on trends related to our customers; and
·For sales analysis and product development.
b)We collect, process, and provide your Personal Data in order to achieve the purposes set forth below only if we obtain your explicit consent separately;
·For the delivery of advertising and other items and printed materials, as a way of advertising our business, by the Internet or via any other means.
(2)Legal Grounds for handling the Personal Data
We may handle Personal Data based on the following legal grounds:
·To perform your instructions or fulfill the obligations under other contracts with you;
·Your consent expressly given to us to handle the Personal Data in such manner. You may withdraw your consent to this handling at any time. However, this will not affect the lawfulness of any handling activity carried out by us prior to such withdrawal of consent.
·To comply with legal and regulatory obligations; and
·Legitimate interests or those of any third-party recipients of the Personal Data, provided that such interests are not overridden by your interests or fundamental rights and freedoms; and
·Other grounds as prescribed by laws, including when it is necessary for the performance of a task carried out in the public interest by us, or it is necessary for the exercising of official authority vested in us.
(3)Additional processing
In the case of processing the Personal Data for purposes other than the foregoing, we will notify you in advance of such purposes of use and other matters as required by applicable laws.
(4)Necessity of providing Personal Data
The Personal Data that you provide is necessary in order for us to provide our services to you. Therefore, without such Personal Data, there may be cases where we will not be able to provide the services to you, either in whole or in part.
(5)Retention period
We will retain your Personal Data for the following periods.
·Membership information: 190 days after withdrawal from membership.
·Usage history information: 2 years and 1 month
·Emergency Report: 8 years and 3 months.
·Certificate of receipt: 8 years and 3 months
Other than as indicated above, we will retain your Personal Data as long as such data is necessary to provide the services to you, but we will promptly delete the same in the case that such data is no longer needed.
We may need to retain your Personal Data longer than the period given above for the establishment, compliance, or exercise of legal claims, or the defense of legal claims
(6)Transfer of Personal Data
We may provide your Personal Data to third parties, such as our subsidiaries and affiliates, cloud vendors, outside contractors, and other professionals (including tax firms and law firms), etc., and your Personal Data will be processed by such third parties in order to carry out the purposes of use specified above.
The Personal Data may be transferred to entities in countries or jurisdictions outside Thailand, such as Japan, if required for the purposes as described above. Please note that such countries or jurisdictions may not have the same data protection laws as Thailand and that they may not afford many of the rights conferred upon you in Thailand. We will ensure that any such international transfers are made subject to appropriate and suitable safeguards as required by the PDPA or other relevant laws. When doing so, we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of the Personal Data.
You may submit a request to us for access to, obtaining a copy of, correction (including recording reasons when the correction is rejected) or deletion of, or restriction of processing of your Personal Data, and may submit a request for data portability in regard to your Personal Data retained by us. When we receive such a request based on the rights specified above, we will conduct any necessary investigation without undue delay and provide you or a nominated third party with the Personal Data or respond to such requests without undue delay.
Please note that you may raise an objection to the data protection authorities having jurisdiction over us or in Thailand with regard to the processing of your Personal Data.
Please see the contact channel for exercising your rights as shown in Clause 4. below.
If you have any questions or concerns in regard to this Privacy Policy or our processing of Personal Data, or any requests concerning the access to, obtaining a copy of, correction (including recording reasons when the correction is rejected) or deletion of, or restriction of processing of Personal Data, or with regard to data portability, please contact us via at the following contact information after confirming Section 6(2) of the Global Privacy Policy:
We may change the contents of this Privacy Policy when necessary, and we will announce the revised Privacy Policy on our website when a revision is made. Please make sure to regularly check the contents of this Privacy Policy.
After the policy is revised, you will be deemed to have agreed to the revised policy when you use our services or view this Privacy Policy.
Revision Date: August 1, 2022
Back