Privacy Policy

Effective Date: May 1, 2019
Last Updated: June 8, 2025

1. Introduction

I Love Japan Group Co., Ltd. (“iLoveJapanSchool,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit or use our website (www.ilovejapanschool.com), mobile applications, and related online services (collectively, the “Online School”).

We process personal information in accordance with the Thailand Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), and, where applicable, the European General Data Protection Regulation (“GDPR”) and other applicable data protection laws.

By accessing or using the Online School, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Information You Provide to Us

We may collect personal information directly from you when you:

• Register for an account
• Purchase a subscription
• Contact our customer support team
• Complete forms or provide feedback
• Use our Single Sign-On (SSO) integrations (Google, Facebook, LINE, TikTok, LinkedIn, etc.)
• Upload payment slips for offline payments

The personal information we collect may include:

• Full name
• Email address
• Mailing address
• Phone number
• Profile images (uploaded or imported from SSO providers)
• Payment records (offline payment slips and confirmation documents)
• Other information you voluntarily provide

Note: We do not directly collect or store your credit card information. All online payment processing is handled by our authorized third-party payment processor (PaySolutions).

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• To create and maintain your account
• To provide, operate, and improve the Online School
• To process payments and manage subscriptions
• To respond to your inquiries and provide customer support
• To send service notifications, payment confirmations, and important updates
• To send newsletters or marketing communications (if you consent)
• To analyze website usage and improve functionality and content
• To comply with applicable laws and legal obligations

5. Information Sharing

We do not sell your personal information to third parties.

We may share your personal information in the following limited circumstances:

• With service providers who help us operate the Online School (e.g., cloud hosting providers, payment processors, CRM providers, customer support vendors, IT service providers)
• With third parties as required by law or legal process
• In the event of a business transaction, such as a merger, acquisition, or sale of assets, where customer information may be transferred as part of the transaction
• With your explicit consent

All service providers who process personal data on our behalf are required to follow appropriate data protection obligations under applicable law.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to collect information and improve your experience on the Online School.

7.1 What Are Cookies?

Cookies are small text files stored on your device to help websites function and analyze usage.

7.2 How We Use Cookies

We use both session and persistent cookies for purposes such as:

• Remembering your login preferences
• Personalizing your experience
• Analyzing site usage (e.g., via Google Analytics)
• Managing payment and subscription processes

You can control or disable cookies through your browser settings, but some features of the Online School may not function properly if you do so.

7.3 Third-Party Tracking

We may use third-party analytics providers (such as Google Analytics) to collect non-personal usage data. We do not control third-party cookies.

8. Data Security

We take reasonable technical and organizational measures to safeguard your personal information against loss, misuse, unauthorized access, disclosure, or destruction.

Our internal security measures include:

• Role-Based Access Controls: Only authorized personnel have access to systems containing personal information, and access is granted strictly based on job responsibilities.
• Access Audits: We maintain internal logs and conduct periodic audits to monitor and verify authorized access to personal data.
• Two-Factor Authentication (2FA): 2FA is enabled across all systems that store or process your personal information.
• Encrypted Data Transmission and Storage: Customer data is encrypted both in transit and at rest using industry-standard encryption protocols.

Password Management and Access Segregation

• Wherever technically possible, we use segregated individual staff accounts for system access to ensure auditability, accountability, and access traceability.
• In limited cases where certain accounts do not support individual credentials and sensitive client data is not involved, we may securely manage credentials using an enterprise-grade password manager that allows secure storage and controlled internal sharing.
• All shared credentials stored in the password manager are reviewed regularly, and access is strictly limited to authorized personnel only.

Bitrix24 CRM and Telephony

We use Bitrix24 as our Customer Relationship Management (CRM) system to store personal information collected during customer support activities and customer communications, including:

• Client records created during support requests
• Account-related communications
• Incoming and outgoing phone call data (processed via Bitrix24’s integrated VoIP telephony system)
• All inbound and outbound customer service calls are automatically recorded for quality assurance, training, and security purposes

Bitrix24 stores customer data on Amazon Web Services (AWS) infrastructure, with data centers located in either:

• The United States (Virginia)
• The European Union (Frankfurt, Germany)

Bitrix24 and its hosting provider AWS maintain multiple international certifications and compliance standards, including:

• HIPAA
• GDPR
• ISO 27001
• SOC 1 / SOC 2 / SOC 3
• PCI DSS Level 1
• Directive 95/46/EC

Further information on Bitrix24 security can be found at: https://www.bitrix24.com/security/

Google Workspace

We may store certain customer support communications and administrative data using Google Workspace (Gmail, Drive, Calendar, Chat), provided by Google LLC. Google Workspace services maintain industry-standard certifications including ISO 27001, ISO 27018, SOC 2, and GDPR compliance frameworks.

When accessing and processing data via Bitrix24 and Google Workspace, we use Two-Step Verification (2FA) internally for additional protection of your personal data.

While we implement reasonable and appropriate security measures, no method of transmission or storage can be guaranteed 100% secure. You are responsible for safeguarding your account credentials and taking appropriate precautions to protect your own data.

Important: iLoveJapanSchool will never request your password or credit card details via email, phone, or messaging apps. Please remain vigilant against phishing, spoofing, and other cyber threats.

9. Security Incident Notification

In the event of a data breach involving your personal information, we will:

• Notify you and relevant authorities promptly, as required by PDPA Section 37 or GDPR Article 33 (if applicable).
• Investigate the incident and take reasonable steps to minimize harm.
• Provide relevant information as part of our notification process.

Notifications may be sent to your registered email address or through other reasonable communication channels.