Data Protection Notice for Users
Starfish Innovation

What is personal data?

Personal data is any information that relates to or identifies a living individual, both directly or indirectly. This also includes the collection of less explicit data that leads to an identification of a particular person.

Collection of Personal Data

We may collect the following data from the users:

  1. 1. Personal identification data including age, nationality, date of birth, etc.
  2. 2. Contact information including address, phone number, e-mail address, etc.
  3. 3. Payment data including bank account, payment method, etc.
  4. 4. Transaction data including transaction number, purchase history, etc.
  5. 5. On-site or in-app personal data including account name, password, personal interest regarding services, etc.
  6. 6. Technical data including IP address number, log-in history, setting, web browser connection, etc.
  7. 7. Marketing data including service satisfaction and feedback, etc.
  8. 8. images, texts, files, sound records, videos

Access to Personal Data

We access users personal data through 2 main following channels:

  1. 1. We access personal data directly from the users via the collection during the provision of service including:
    1. 1. User’s account registration, and the submission of application for any services
    2. 2. User’s subscription of any marketing and sales information including advertisement and promotion
    3. 3. User’s consensual agreement when filling out the survey
    4. 4. User’s cookies or user’s in-app activities when accessing the platform
    5. 5. Mutual contact between users and service providers both offline and online such as email enquiries and phone calls
    6. 6. User’s purchase of any particular service or product
    7. 7. User’s log-in on both service provider’s platform and associated sites such as Facebook and Google
  2. 2) We collect personal data of the users indirectly from the third-parties in the following cases: Facebook Login, LINE Login, Email & Password Login, Apple Login

Data Collection Objectives

We may collect and use users personal data for any or all of the following purposes:

  1. 1. To perform obligations in the course of or in connection with our provision of the goods and/or services requested by the user and to improve our services or products.
  2. 2. To process the payment of a particular service or product such as tours, attraction tickets, transportation service, etc.
  3. 3. For post-sale customer service such as promotions and feedback enquiries
  4. 4. To verify user’s identity
  5. 5. For marketing research and customer relationship optimization
  6. 6. To comply with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority
  7. 7. To transfer data to any unaffiliated third parties including our third party service providers and agents, relevant governmental and/or regulatory authorities, for the aforementioned purposes

Third Party Data Collection

Starfish Innovation relies on third party service providers to help us process your personal data in some cases, including but not limited to:

Mailgun

Starfish Innovation uses Mailgun’s services to send transactional e-mails. The data of the users is not stored as such within Mailgun but they can appear in the logs of the service for tracking emails delivered, pending or failed. For more information about Mailgun's privacy policies, please visit: https://www.mailgun.com/privacy-policy
https://www.mailgun.com/gdpr
https://www.privacyshield.gov/participant?id=a2zt0000000PCbmAAG&status=Active

Cloudflare

Starfish Innovation uses Cloudflare as our Content Delivery Network (CDN) to protect our website and to improve its performance. CloudFlare may collect information such as IP addresses, system configuration information, and other information about traffic. For more information on why CloudFlare collect this information please visit:

https://www.cloudflare.com/privacypolicy/
https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active

Youtube

Starfish Innovation uses the YouTube video platform operated by YouTube LLC. YouTube is a platform that enables playback of audio and video files. When you load a page on our website, the integrated YouTube player establishes a connection to YouTube in order to ensure the technical transmission of the video or audio file. When the connection to YouTube is established, data is transferred to YouTube. For more information, please visit:

https://www.youtube.com/t/privacy_guidelines

Facebook pixel

This website uses the so-called Facebook Pixel (Website Custom Audience Pixel). This pixel collects information about the usage of this website (e.g. products you have looked at) and transmits it to the social network Facebook. Facebook uses this information for advertising and profiling purposes. The Facebook Pixel allows us to target you with individualised advertisement in the Facebook network (e.g. in your Facebook account). For more information, please visit:

https://www.facebook.com/about/privacy
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

External links

This website contains links to external websites. Please note that we are not responsible for their data protection policies. We recommend that all users, when leaving our website, inform themselves about the privacy statements of these other websites.

Personal Data Processing

After the collection of users personal data, we may store the data regarding the following processes:

  1. 1. Computer System including Google Cloud Platform, Amazon AWS, DigitalOcean, Cloudflare, Mailgun, Facebook pixel, Youtube
  2. 2. We may use the collected personal data with the purposes mentioned in “Data Collection Objectives”
  3. 3. We may disclose users personal data:
    • to staff members under Starfish Innovation, in order to perform obligations in the course of or in connection with our provision of the goods and services requested by users; or
    • to third party service providers, agents and other organisations we have engaged to perform any of the functions with reference to the above mentioned objectives and for safety purposes.

Data Storage and Data Retention

We may store users personal data using the following systems:

  1. 1. Users personal data will be saved as soft copy data stored in our computer systems.
  2. 2. Users personal data will be saved in service provider’s devices, such as computers, phones, and tablets. This includes the mentioned Computer System (Google Cloud Platform, Amazon AWS, DigitalOcean, Cloudflare, Mailgun, Facebook pixel, Youtube).
  3. 3. Data retention period will be illustrated in the “Data Retention” section below.

Data Retention Period

No. Type of Personal Data Retention Period
1 Personal identification data including age, nationality, date of birth, etc. 10 years from contract termination date
2 Contact information including address, phone number, e-mail address, etc. 10 years from contract termination date
3 Payment data including bank account, payment method, etc. 10 years from contract termination date
4 Transaction data including transaction number, purchase history, etc. 10 years from contract termination date
5 On-site or in-app personal data including account name, password, personal interest regarding services, etc. 5 years from contract termination date
6 Technical data including IP address number, log-in history, setting, web browser connection, etc. 5 years from contract termination date
7 Marketing data including service satisfaction and feedback, etc. 5 years from contract termination date
8 images, texts, files, sound records, videos 5 years from contract termination date

Data Subject Rights

Data subjects have the following rights:

  1. 1. Right to withdraw consent: Users can withdraw their consent and request the processors to stop collecting their personal data.
  2. 2. Right of Access: Users can submit data access requests, which oblige processors to provide a copy of any personal data they hold regarding data subjects. This includes a request for a disclosure of platforms and methods in which the processors collected the data from.
  3. 3. Right of Rectification: Users can request an update on an inaccurate or incomplete personal data.
  4. 4. Right to Erasure: Users can request that the service provider erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed or is no longer meeting the lawful ground for which it was collected. This includes the instance where the individual withdraws consent.
  5. 5. Right to Restriction of Processing: Users can request the service provider to limit the way their personal data is used.
  6. 6. Right to Data Portability: Users are permitted to obtain and reuse their personal data for their own purposes across different services.
  7. 7. Right to be informed: Users have the right to be notified about the collection of their personal data such as storage periods and purposes.
  8. 8. Right to Object: Users can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority.

You may contact our Data Protection Officer if you have any enquiries or feedback on our personal data protection policies and procedures, or if you wish to make any request, in the following manner If you wish to learn more about our terms and conditions, please visit https://www.starfishlabz.com/term-and-condition. For full guidelines, please visit Thailand Data Protection Guideline 2.0, Ministry of Digital Economy and Society website http://www.mdes.go.th, Personal Data Commission Singapore https://www.pdpc.gov.sg. Note: There is no additional charge regarding the mentioned right entitlement, and users will be contacted within 30 days from the date of request. However, in the case that the request cannot be processed in time, users will be notified within 30 days from the date of request.

Personal Information Request Form

In the case that you would like to manage your personal data, including:

  1. 1. Data access request
  2. 2. Data correction request
  3. 3. General Consent Withdrawal request
  4. 4. Complaint submission

Please contact our Data Protection Officer through the following details in the "Contact Us" section down below.

Personal Data and Marketing Activities

To optimize users satisfaction, we may distribute the information regarding our marketing activities such as promotion, discount, and news. This also includes information related to your preferences. Users can withdraw their consents after the subscription contacting [email protected]

What are Cookies?

Cookies are text files stored on your computer's browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site. If you wish to learn more about cookies, visit https://www.allaboutcookies.org/.

How Do We Use Cookies?

  1. 1. To increase the efficiency and safety in users log-in process
  2. 2. To collect user’s platform usage, content adjustments, and personal settings
  3. 3. To research an individual user’s behaviour on the platform for satisfaction optimization purposes
  4. 4. To research the behavioral trend of all users in order to increase the efficiency of the platform

Types of Cookies

  1. 1. Functionality Cookies: Functionality cookies record information about choices you have made in the platform such as personal settings, languages, and fonts. This allows us to tailor our platform to you.
  2. 2. Advertising Cookies: Advertising cookies record your on-site behaviour and history of sites visited. This allows us to provide you the services, products, and advertisements that suit your preferences.
  3. 3. Strictly Necessary Cookies: These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site.
  4. 4. Performance Cookies: These are cookies used for gathering site visitors data anonymously, including the page that is visited most frequently in the website. This allows us to efficiently improve our platform regarding users preferences.
  5. 5. Third-party Cookies: These cookies will be determined by the third parties such as Google Analytics

Cookies Setting

Users can disable cookies on their browsers, by following these steps:

For Safari Users:

  1. 1) Click the “Safari” menu, and tap “Preferences”.
  2. 2) Click the “Privacy” tap and manage the following setting choices:
    1. 1. Enabling “Prevent cross-site tracking” to block third-party cookies and prevent third-party websites from storing data on your computer.
    2. 2. Enabling “Block all cookies” will prevent First-Party cookies, as well as Third-Party cookies. Enabling this may cause websites to work improperly, and Safari will warn you about this if you choose this option.
    3. 3. Choose the “Manage Website Data” button to remove certain website domains which have stored data on your computer.

For Google Chrome Users:

  1. 1. Open Chrome and tap on “Settings” at the top right.
  2. 2. Click “Advanced” at the bottom.
  3. 3. Under 'Privacy and security', click “Site Settings”.
  4. 4. Click “Cookies”, then tap “ See all Cookies and Site Data”.
  5. 5. If you wish to remove your cookies, tap “Remove All”.

For Internet Explorer Users:

  1. 1. Open Internet Explorer and click “Tools” in the browser toolbar.
  2. 2. Choose “Internet” Option.
  3. 3. Click the “Privacy” tap.
  4. 4. Under “Settings” move the slider to the top to block all cookies or to the bottom to allow all cookies, and then click OK.

Effect of Notice and Changes to Notice

This Notice applies in conjunction with any other notices, contractual clauses and consensual clauses that apply in relation to the collection, usage and disclosure of your personal data by us. Any links from other domains found on our site may be under a different personal data protection act.

We may revise this notice from time to time without any prior notification. You may determine if any such revision has taken place by referring to the date on which this notice was last updated. Your continual use of our services constitutes your acknowledgement and acceptance of such changes. If you do not agree to the terms of this Privacy Policy, please do not use our services.

Effective date:
15/09/2020

Last updated:
15/09/2020

Contact Us

Data Processor

Name: Starfish Innovation

Address: 76 Rama IX Soi 57/2, Suan Luang, Bangkok, Thailand 10250

Contact detail: 02-8215055

Email address: [email protected]

Website: https://www.starfishinnovation.org

Data Protection Officer

Name: Ms. Nopawan Komyoung

Address: 71/11 Wiengping Road, Tambon Chang Klan, Amphoe Muang, Chiang Mai, Thailand

Contact detail: 053-277288

Email address: [email protected]

In the case that you find any of our staff members does not act in compliance with the aforementioned regulations, you can file a request or a complaint at the following organisation:

Data Protection Committee, Ministry of Digital Economy and Society, Thailand

Address: The Government Complex Commemorating His Majesty the King's 80th BirthDay Anniversary 5th December, B.E.2550 (2007), Building B 6th - 7th Floor 120 Chaengwattana Road, Lak Si Intersection, Bangkok, 10210

Phone number: +662 142 2233


Data Protection Notice for Users

Personal Data Processing

The basis of our personal data processing is illustrated in (a) The Collection of Personal Data (b) Data Storage and Data Retention. The purposes of our data collection are as stated in (b) Data Collection Objectives. Our procedure are complied with the following standards:

  1. 1. Contract execution including payment confirmation emails after the purchase of services provided by the company, bank account transfer, or any other agreements that you have executed with the company.
  2. 2. Data Subject's Consent: Regarding your agreement during our service registration, you can withdraw your consent by following these steps:
    • You can withdraw personal data disclosure consent, used in the mentioned objectives, at any circumstances. This includes the request of personal data removal and data anonymity change. To withdraw your consent, contact our data processors through following channels:
    • Electronic channel such as email or website or mobile application
    • Verbal channel such as phone call or staff member
    • Written channel such as information letter

    Once our staff members have received your withdrawal submission, the request will be forwarded to our data processors. However, your consent withdrawal has no effect on the data processing of your previous consensual personal data.

Exception of Personal Data Collection

The service providers are unable to collect your personal data without your consent, except for the following purposes:

  1. 1. To obtain data for public benefits such as scientific research and historical data.
  2. 2. To assure critical benefits concerning the security of data subjects including physical health and safetiness.
  3. 3. To act in compliance with the consensual agreement that the data subject is a contract party.
  4. 4. To act in compliance with applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcements and investigations conducted by any governmental or regulatory authority.
  5. 5. For benefits legally obtained by service providers, data processors, and associated legal entities, except that the mentioned benefits are incompatible to basic data subjects right.
  6. 6. For public and legitimate interests of data processors.

Access to Personal Data

We access your personal data via following processes:

  1. 1. When you log-in or register your account on our platform.
  2. 2. When you submit registration forms, request forms, or any form associated with our service, both online and offline.
  3. 3. When you make agreements or submit any information and file associated with our services.
  4. 4. When you make contact with our service providers such as recorded phone calls, letters, faxes, face-to-face meetings, social media platforms, and emails.
  5. 5. When you use our services on electronic or online platforms, including the use of cookies which will be adjusted once you have logged-in.
  6. 6. When you process your transactions through our services.
  7. 7. When you submit feedback or complaints.
  8. 8. When you register or make any consensual agreement during our marketing and advertising campaigns such as contests and discounts. This includes the activities launched with our partners and associated third parties.
  9. 9. When you request certain services provided by our on-site outsource service providers such as transaction and logistics services.
  10. 10. When you visit or log-in the websites or applications of our partners and associated third parties.
  11. 11. When you install our application on your devices such as mobile phones, computers, or tablets.
  12. 12. When you connect your account with third party’s websites or applications.
  13. 13. When you submit your personal information to us for any reason.

Persona Data Storage and Retention

Further details are clarified in the Data Protection Notice for User’s “Data Storage and Data Retention” section.

Data Subject’s Right

Further details are clarified in the Data Protection Notice for User’s “Data Subject’s Right” section.