Morinaga Institute of Biological Science, Inc., (the “Company”) shall comply with all applicable data protection laws including the Personal Data Protection Act B.E.2562 (2019) of Thailand (the “PDPA”) in connection with the operation of the website (https://www.miobs-e.com/index.html, https://www.miobs-e.com/esp/index.html) (the “Website”) to Customers (the “Customers”), and therefore hereby establishes this Privacy Policy (this “Privacy Policy”) in order to appropriately process the personal data and other data of Customers. The Company may establish specific privacy policies applicable to specific countries or areas, and in such case, such policies are applicable to Customers located in such countries or areas.
On the Website, the Company uses cookies to enhance the information and services provided to the Customers and to make the comfortable use of the Website. The Company will use cookies as provided in our Cookie Policy.
1. Definitions
“Personal Data” means any data relating to an identified or identifiable natural person, including, without limitation, names, addresses, dates of birth, telephone numbers, e-mail addresses, and any other information collected in connection with operation of the Website.
“Processing” means any operation or set of operations which is performed on Personal Data, etc. or on sets of Personal Data, etc., whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2. Personal Data to be collected
The Company may collect the following Personal Data about Customers:
- - Personal Data acquired from e-commerce transactions
- - Personal Data acquired from promotional activities or surveys of purchasing behaviors
- - Personal Data required from inquiry forms or other Q&A processes
- - Personal Data acquired through transactions or business contracts
- - Other data concerning the Customers’ use of the Website (e.g. cookies)
3. Purpose of Collecting the Personal Data
The Company will process the Customers’ Personal Data only for the following purposes of use:
3.1. Purposes requiring other lawful basis other than consent
3.1.1. Contract basis
1) Any operation related to consideration of products and/or service provision, such as
- - Delivery of documents or parcels, processing or responding of request or inquiry and operation per such request or inquiry.
- - Issuance of relevant commercial documents.
2) Execution of contract or agreement and delivery of products and/or services under the contract or agreement the Customer have entered into with the Company, such as
- - Delivery of merchandise or letter, notification, or other documents in accordance with or in connection with the contract or agreement.
- - Delivery of giveaways or presents from consumer promotional activities.
- - Membership recognition on the Website where membership is a requirement for exercising the rights provided to the Website’s members.
3) To proceed the operation specified in 1) and 2) of above 3.1.1, the collected Personal Data will transfer and assign the process to Morinaga Asia Pacific CO.,LTD. which is affiliated company in Thailand.
3.1.2. Legal obligation basis
- - Coordination with the government offices pursuant to the laws and regulations, including but not limited to, Revenue Department, Ministry of Commerce and so on.
3.2. Purposes requiring consent
- - Delivery of notifications of new items, publications, or services.
- - Sending of invitation of surveys for product development, marketing strategy or the other consumer-related research
- - Delivery of information about promotional activities or new merchandise via e-mail.
- - Analyzing the effectiveness of advertising, conducting a market analysis and marketing
In the case where it is necessary to process the Customer’ Personal Data for purposes other than above specified, the Company shall notify the Customer of such new purposes of use and other matters by announcing on this Website or by other method, and ask for the Customer’ consent for such new purpose in case the consent is required by the PDPA.
The Company shall process Personal Data concerning the Customer to the minimum extent necessary for the Company to achieve the purposes of use above. For the Personal Data that the Company receives, it is required to fulfill the aforementioned purposes. The Customer' failure to give all or any of the necessary Personal Data or the Customer’ refusal to permit the Company to process the Personal Data may hinder the Company's ability to fulfill the aforementioned purposes. In this regard, the Company may not be able to offer the Customer the required products and/or services, and the Customer may experience some inconvenience while attempting to use the Company's products and/or services.
4. Sensitive Personal Data
Any collection, use and/or disclose of Personal Data pertaining to racial, ethnic, origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the Customer, in the same manner (the “Sensitive Personal Data”), shall not be collected without the explicit consent from the Customer or allowed by the PDPA.
The Company may also obtain the Customer’ Sensitive Personal Data from other parties when it is allowed by law. In this regard, the Company shall inform such obtainment to the Customer at the soonest opportunity but not exceed thirty (30) days upon the date of such collection.
5. Retention Period
The Company will retain the Customers’ Personal Data as long as the Company requires such data for achieving the purposes of use specified above. The Company may further retain the Customer’ Personal Data for a period as required or permitted by PDPA. In this regard, the Company shall ensure that after such retention period has elapsed, the Personal Data concerning the Customer shall not be stored on the Company’s server and shall be destroyed or deleted immediately.
In order to protect the Customer’ Personal Data, the Company shall take appropriate security measures to retain the Customer’s Personal Data throughout the retention period.
6. Transfer
Except for the previously mentioned purposes, the Company will never reveal or provide the Customers’ Personal Date to other third parties without the Customers’ consent. However, the collected Personal Data may be provided to the third parties without the Customer’ prior consent to the extent that such provision does not violate the PDPA:
Please be informed that the Customer’ Personal Data may be transferred to other affiliates companies in a country outside Thailand which may not offer an adequate level of data protection as recognized by the Personal Data Protection Committee. Furthermore, the Customer’ Personal Data may also be processed by staff operating inside or outside of Thailand. In case the destination country has insufficient standards of Personal Data protection, the Company shall ensure that the Customer’ Personal Data will be transferred in accordance with the PDPA and shall set standards for transfer the Personal Data as deemed necessary, and shall ensure that all affiliates companies are required to follow this Privacy Policy.
7. Rights of Customers
The Customers may have the rights allowed in accordance with PDPA, as follows..
(a) Rights to withdraw the consent, that the Customer have given to the Company at any time,
unless there is a restriction of the withdrawal of consent by law, or the contract which gives benefits to
the Customer.
In this regard, the collection, use, disclosure and/or processing of the Customer’ Personal Data which was
undertaken before withdrawal of the Customer’ consent shall not be affected.
(b) Rights to access to, receive and obtain the copy of the Personal Data related to the Customer or to request the disclosure of the acquisition of the Personal Data.
(c) Rights to object the collection, use, or disclosure of the Personal Data at any time.
(d) Rights to request to erase or destroy the Personal Data, or anonymize the Personal Data to become the anonymous data which cannot identify the Customer.
(e) Rights to request to restrict or suspend the use of the Personal Data.
(f) Rights to modify the Personal Data or request the Personal Data to be kept accurately, up-to-date, and completely.
(g) Rights to file a complaint in the event that the Company violates or does not comply with the PDPA.
(h) Rights to be notified if the Customer`s Personal Data is at high risk in accordance with standards stipulated by the PDPA.
(i) Rights to request data portability. The Company accepts such Customer’ requests at the contact point set forth in “10. Contact Information” below.
The Company may refuse the Customers’ requests if the Company deems that there is no basis for such Customers’ requests or if they are deemed excessive.
The Customers may raise objections with the data protection authorities having jurisdiction over the location of the Customers’ domicile with regard to the processing of their Personal Data.
8. Safety Management Measures
In order to protect from unauthorized access to Personal Data, loss, etc. of Personal Data, taking into account the type of Personal Data, the degree of sensitivity and the degree of economic influence and mental harm caused to Customers in the case of a Personal Data breach, the Company comprehensively evaluates and judges the risks of Personal Data breaches, implements appropriate personal, organizational and technical safety management measures based on the risk of a Personal Data breach, if necessary, checks such safety management measures, sets up a process for correction, and constantly strives to improve security.
The Company shall strive to appropriately manage Personal Data by restricting the entry of outsiders into the offices which are processing Personal Data, conducting educational awareness activities for all officers and employees involved in the protection of Personal Data, and placing a manager in charge for each division processing Personal Data.
9. Modification and Revision
The Company may modify, revise, or otherwise amend this Privacy Policy as deemed appropriate and permitted by the law. In this regard, the Company will notify such modification and revision to the Customer by updating the change through the Website.
10. Contact
In the event of Customers having any questions or concerns regarding this Privacy Policy or the processing of Personal Data by the Company or having any requests concerning the access to, rectification of, erasure of, or restriction of processing of Personal Data, or regarding data portability, please contact the Company.
The contact information for the Company is as follows:
< Morinaga Institute of Biological Science, Inc. >
2-1-1 Shimosueyoshi, Tsurumi-ku, Yokohama-shi, 230-8504, Japan
+81-45-586-2515