Personal Information and Privacy Policy

Tinman (Thailand) Co. Ltd. (the “Company”) respects the privacy of its online visitors and customers of its products and services (including, but not limited to Tinman) and complies with applicable laws for the protection of your privacy, including, without limitation, the European Union General Data Protection Regulation (“GDPR”) and the Thai Data Protection Guidelines.

1. Definitions
Wherever we talk about Personal Data below (“Personal Data“), we mean any information that can either itself identify you as an individual (“Personally Identifying Information“) or that can be connected to you indirectly by linking it to Personally Identifying Information, for example:(i) your account registration information and any personal contact information on our website;(ii) your assessment information – results and information on when you took any test or assessment;(iii) information provided from using certain services or features;(iv) information from completion of a survey or questionnaire;(v) technical information, including, but not limited to, the Internet protocol (IP) address used and device MAC address(vi) and your log-in information, browser, time-zone setting, browser plug-in types and versions, operating system and platform;(vii) details of any transactions, purchases and payments you made;(viii) your general interaction with the website, including the full Uniform Resource Locators (URLs), clickstream to, through, and from our site, data searched for or viewed, page response times, download errors, length of visits to certain pages, page interaction information; (ix) information received from third parties, such as business partners, sub-contractors, payment services, referral by other users. The Company also processes anonymous data, aggregated or not, to analyse and produce statistics related to the habits, usage patterns, and demographics of customers as a group or as individuals. Such anonymous data does not allow the identification of the customers to which it relates. The Company may share anonymous data, aggregated or not, with third parties.

2. General Access to Tinman service and data types
Tinman is a member-only service. Only currently active and approved users may view data within the system. Personal data within the system is hidden from search engines, web crawlers or data scraping technologies.Tinman allows two types of users: student or supply-side users, and corporate or buy-side users. Visibility of data between users and user-types is very limited. 
Student users can only see their own data, and specific corporate-user data made visibly by corporate users.Corporate users can only see their own data and anonymised data describing student members. The data they can see, without specific permissions, is limited to assessment data, location(s) data, age, education status, courses taken and other profile data input by each student user. Specifically, corporate users cannot see names, email addresses, phone numbers of any other contactable ID such as a Line ID.Individual corporate users can request a student user to make their contact information visible where only the corporate user and other users at the same company requesting access will be able to additionally see full name and contact data supplied. Student users can specify which contact data is shared for each request made by corporate users.Student users will receive requests to connect from corporate users and have the sole authority and capacity to approve and revoke access to their personal data.Tinman technical users have access to all data within the system, but personal data is masked until senior staff allow access.

3. Why the Company Collects and Processes Data
The Company collects and processes Personal Data for the following reasons:(a) facilitating direct contact between you and another Member (subject to permissions defined by each party);(b) researching, designing and launching new assessments, features or products;(c) providing you with alerts, updates, materials or information about our services or other types of information that you requested or signed up to;(d) performing our agreement with you to provide content and services, including the creation of data, as well as providing, improving and developing our services;(e) delivering in-system benefits of any kind;(f) responding to or taking part in legal proceedings, including seeking professional advice, or for the purposes of the legitimate and legal interests of the Company or a third party (e.g. the interests of our other customers);(g) compliance with legal obligations that the Company is subject to;(h) communicating with you and responding to your questions or requests;(i) purposes directly related or incidental to the above; or(j) where you have given consent to it.These reasons for collecting and processing Personal Data determine and limit what Personal Data we collect and how we use it (section 3. below), how long we store it (section 4. below), who has access to it (section 5. below) and what rights and other control mechanisms are available to you as a user (section 6. below)

4. What Data We Collect and Process

  1. Basic Account Data
    When setting up an Account, the Company will collect your email address and/or Line ID and at least one approximate location related to your place of work or study. Either your Line ID or email is needed as your user name. You will also need to define a password. The provision of this information is necessary to register any type of Membership Account. You are responsible for keeping this password confidential. We ask you not to share a password with anyone. During setup of your account, the account is automatically assigned a number (the “ID”) that is used to anonymise you by acting as a reference to your user account without directly exposing Personally Identifying Information about you.
  2. Transaction and Payment Data
    In order to make a transaction online, you may need to provide payment data to the Company to enable the transaction. If you pay by credit card, you need to provide typical credit card information (name, address, credit card number, expiration date and security code) to the Company, which the Company will process and transmit to the payment service provider of your choice to enable the transaction and perform anti-fraud checks. Likewise, the Company will receive data from your payment service provider for the same reasons.
  3. Other Data You Explicitly Submit
    We will collect and process Personal Data whenever you explicitly provide it to us or send it as part of communication with others, e.g. authorising communications, or when you provide feedback. This data includes:(a) Information that you post in any of our Content and Services; (b) Information created by our third-party assessment partners; (c) Information you provide when you request information or support from us or purchase Content and Services from us, including information necessary to process your orders with the relevant payment merchant;(d) Information you provide to us when interacting with Content and Services.
  4. Your Use of the Websites
    We collect a variety of information through your general interaction with the websites Content and Services offered by us. Personal Data we collect may include, but is not limited to, browser and device information, data collected through automated electronic interactions and application usage data. Likewise, we will track your usage across Content and Services to verify that you are not a robot and to optimise our services.
  5. Your Use of Services and other Subscriptions
    In order to provide you with services, we need to collect, store and use various information about your activity in our Content and Services. “Content-Related Information” includes your ID, as well as information about your preferences, progress, time spent, as well as information about the device you are using, including what operating system you are using, device settings, unique device identifiers, and crash data.
  6. Tracking Data and Cookies
    We use “Cookies”, which are text files placed on your computer, to help us analyse how users use our services, and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers) to recognise you and/or your device(s) on, off and across different devices and our services, as well as to improve the services we are offering, to improve analytics or website functionality. The use of Cookies is standard on the internet. Although most web browsers automatically accept cookies, the decision of whether to accept or not is yours. You may adjust your browser settings to prevent the reception of cookies, or to provide notification whenever a cookie is sent to you. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to access the full functionality of our websites. When you visit any of our services, our servers log the IP address your Internet Service Provider assigns to you.
  7. Content Recommendations
    We may process information collected under this section 3 so that content, products and services shown on the pages and in update messages displayed when launching the service can be tailored to meet your needs and populated with relevant recommendations and offers. This is done to improve your customer experience.  Subject to your separate consent or where explicitly permitted under applicable laws on email marketing, the Company may send you marketing messages about products and services offered by the Company to your email address. In such a case we may also use your collected information to customise such messages as well as collect information on whether you opened such messages and which links in their text you followed. You can opt out or withdraw your consent to receive marketing emails at any time by either withdrawing the consent on the same page where you previously provided it or clicking the “unsubscribe” link provided in every marketing email.
  8. Information Required to Detect Violations
    We collect certain data that is required for our detection, investigation and prevention of fraud, cheating and other violations of the applicable laws (“Violations“). This data is used only for the purposes of detection, investigation, prevention and, where applicable, acting on of such Violations and stored only for the minimum amount of time needed for this purpose. If the data indicates that a Violation has occurred, we will further store the data for the establishment, exercise or defense of legal claims during the applicable statute of limitations or until a legal case related to it has been resolved. Please note that the specific data stored for this purpose may not be disclosed to you if the disclosure will compromise the mechanism through which we detect, investigate and prevent such Violations.

5. How We Store Data

  1. Period of Storage
    We will store your information as long as necessary to fulfil the purposes for which the information is collected and processed or — where the applicable law provides for longer storage and retention period — for the storage and retention period required by law. In particular, if you terminate your User Account, your Personal Data will be marked for deletion except to the degree legal requirements or other prevailing legitimate purposes dictate a longer storage. All your data and credits (including Credits) will be lost after deletion.
  2. Deletion of Data
    In cases where Personal Data cannot be completely deleted in order to ensure the consistency of the system, the user experience or the community, your information will be permanently anonymised. Please note that the Company is required to retain certain transactional data under statutory commercial and tax law for a period of up to ten (10) years. If you withdraw your consent on which a processing of your Personal Data, we will delete your Personal Data without undue delay to the extent that the collection and processing of the Personal Data was based on the withdrawn consent. If you exercise a right to object to the processing of your Personal Data, we will review your objection and delete your Personal Data that we processed for the purpose to which you objected without undue delay, unless another legal basis for processing and retaining this data exists or unless applicable law requires us to retain the data.
  3. Location of Storage
    The data that we collect from you may be transferred to, and stored at cloud storage globally, or a destination outside of your jurisdiction. It may also be processed by third parties who operate outside of your jurisdiction. By submitting your personal data you agree to this transfer, storing or processing of data outside of your jurisdiction. We will take all steps reasonably necessary to ensure that your data is treated securely in accordance with this privacy policy.

6. Who Has Access to Data

  1. The Company and its subsidiaries may share your Personal Data with each other and use it to the degree necessary to achieve the purposes listed in section 2. above. This includes our overseas offices, affiliates, business partners and counterparts (on a need-to-know basis only). In the event of a reorganisation, sale or merger we may transfer Personal Data to the relevant or proposed transferees of our operations (or a substantial part thereof) in any part of the world.
  2. We may also share your Personal Data with our third party providers that provide customer support services in connection with the Services. Your Personal Data will be used in accordance with this Privacy Policy and only as far as this is necessary for performing customer support services.
  3. We may also share your information with our personnel, agents, advisers, auditors, contractors, financial institutions, and service providers in connection services like support); persons under a duty of confidentiality to us; or persons to whom we are required to make disclosure under applicable laws and regulations in any part of the world.
  4. In accordance with internet standards, we may also share certain information (including your IP address and the identification of content you wish to access) with our third party network providers that provide content delivery network services and server services in connection with us. Our content delivery network providers enable the delivery of digital content you have requested, by using a system of distributed servers that deliver the content to you, based on your geographic location.
  5. The Company may allow you to link your User Account to an account offered by a third party. If you consent to link the accounts, the Company may collect and combine information you allowed the Company to receive from a third party with information of your User Account to the degree allowed by your consent at the time. If the linking of the accounts requires the transmission of information about your person from the Company to a third party, you will be informed about it before the linking takes place and you will be given the opportunity to consent to the linking and the transmission of your information. The third party’s use of your information will be subject to the third party’s privacy policy, which we encourage you to review.
  7. We make certain data related to your Student Account available to Corporate Members in results that match search criteria. For Student Members this means that your assessment results are accessible this way. The accessibility of any additional information about you can be controlled through your user profile page; your profile page is not publicly accessible, but can be accessed automatically within the system, but only by logged-in and authorised users of the correct user-type. While we do not knowingly share Personally Identifying Information about you such as your real name or contact information, any information you share about yourself on your public profile can be accessed, including information that may make you identifiable. To ensure your data is not exposed accidentally, please ensure that you only put your contact data in the specific contact data fields provided for you.
  8. The community includes assessment and corporate data used as a basis for communication. When posting content, please be aware that the information is being made available online to other users; therefore, you are doing so at your own risk. If your Personal Data is posted on one of our public areas against your will, please use the reporting function and the help site to request its removal.

7. Your Rights and Control Mechanisms
You have the right to: (a) check whether we hold personal data about you; (b) access any personal data we hold about you;  (c) require us to correct any inaccuracy or error in any personal data we hold about you; (d) request for the deletion of your personal data through the deletion of user account. The data protection laws of the European Economic Area and other territories grant their citizens certain rights in relation to their Personal Data. While other jurisdictions may provide fewer statutory rights to their citizens, we make the tools designed to exercise such rights available to our customers worldwide.Any resident of the European Economic Area has the following rights in relation to your Personal Data:

  1. Right of Access
    You have the right to access your Personal Data that we hold about you, i.e. the right to require free of charge (i) information whether your Personal Data is retained, (ii) access to and/or (iii) duplicates of the Personal Data retained. You can use the right to access to your Personal Data through the Privacy Dashboard. If the request affects the rights and freedoms of others or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs of providing the information or communication or taking the action requested) or refuse to act on the request.
  2. Right to Rectification
    If we process your Personal Data, we shall endeavour to ensure by implementing suitable measures that your Personal Data is accurate and up-to-date for the purposes for which it was collected. If your Personal Data is inaccurate or incomplete, you can change the information you provided via the Privacy Dashboard.
  3. Right to Erasure
    You have the right to request and expect deletion by us of Personal Data concerning you by deleting your User Account via the support page. As a result of deleting your User Account, you will lose access to services, including the User Account, Subscriptions and service-related information linked to the User Account and the possibility to access other services you are using the User Account for. We allow you to restore your User Account during a grace period of 30 (thirty) days from the moment you request deletion of your User Account. This functionality allows you not to lose your account by mistake, because of your loss of your account credentials or due to hacking. During the suspension period, we will be able to finalise financial and other activities that you may have initiated before sending the User Account deletion request. After the grace period, Personal Data associated with your account will be deleted subject to section 4. above.
  4. Right to Object
    When our processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR / section 2.c) of this Privacy Policy, you have the right to object to this processing. If you object we will no longer process your Personal Data unless there are compelling and prevailing legitimate grounds for the processing as described in Article 21 of the GDPR; in particular if the data is necessary for the establishment, exercise or defence of legal claims. You also have the right to lodge a complaint at a supervisory authority.

8. Children
The minimum age to create a User Account is 15. The Company will not knowingly collect Personal Data from children under this age. Insofar as certain countries apply a higher age of consent for the collection of Personal Data, the Company requires parental consent before a User Account can be created and Personal Data associated with it collected. The Company encourages parents to instruct their children to never give out personal information when online.

9. Contact Info
You can contact the Company’s data protection officer at the address below. While we review any request sent by mail, please be aware that to combat fraud, harassment and identity theft, the only way to access, rectify or delete your data is through logging in with your User Account at Attention: Privacy Officer

10. Revision Date
This Agreement was last updated on 22 November 2023 (“Revision Date”). If you were a user before the Revision Date, it replaces the existing Privacy Policy