Last updated and effective as of January 2023
Although the Company is not actively targeting persons within Thailand, they are not blocked from using certain services offered by the Company (the “Services”). Protecting their privacy are our primary concern.
1. Description of Our Activities
The Company’s commercial activity consists in providing you with payment services enabling you to make payments with a credit card registered with the Company at online and offline LINE Pay merchants.
2. Definitions and Interpretation
In this Addendum for PDPA, unless the context otherwise requires:
- a reference to a document is a reference to that document as modified or replaced from time to time.
- a reference to a person shall include any company, corporation or any corporate body wherever incorporated.
- words importing the singular shall be treated as importing the plural and vice-versa.
- unless expressly stated otherwise, any heading, caption or section title contained in this Addendum for PDPA is inserted only as a matter of convenience and in no way defines or explains any section or provision hereof.
3. Data Controller, Data Protection Officer, and Representatives
The Company, LINE Pay Corporation, incorporated under the laws of Japan, is the legal entity responsible for the collection and processing of your Personal Data.
- LINE Pay Corporation
22nd Floor, Osaki Garden Tower
1-1-1 Nishi-Shinagawa, Shinagawa-ku, Tokyo 141-0033, Japan
You can also contact our Data Protection Officer at 22nd Floor Osaki Garden Tower
1-1-1 Nishi-Shinagawa, Shinagawa-ku, Tokyo 141-0033, Japan.
As regards the processing of Personal Data concerning persons within Thailand, the Company has designated the following representatives to whom you can access on all issues related to the processing of your Personal Data:
Representative in Thailand: TMI Associates (Thailand) Co., Ltd.
Attn: LINE Pay Corporation PDPA Representative in Thailand
26th Floor #2608-2609, Sathorn Square Office Tower, 98 North Sathorn Road, Silom, Bangrak, Bangkok, 10500, Thailand
4. Categories of Personal Data Collected and Processed
4.1 Categories of Personal Data Collected
4.2 Possible Consequences of Refusal to Provide Your Personal Data
A number of the Personal Data we collect from you are required to enable us to fulfil our contractual duties to you or to others. Other items may simply be needed to ensure that our relationship can run smoothly. Depending on the type of Personal Data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue providing the Services. When providing Personal Data is legally or contractually required, or necessary to enter into a contract with us, we will bring it to your attention.
5. Purposes and Legal Basis of Processing
|Purposes of Processing
||Legal Basis of Processing
|For the provision, improvement, and development of the Services
- The processing is necessary to perform our obligations under a contract with you or to take steps, at your request, prior to entering into such contract; or
- The processing is necessary for our legitimate interests of promoting our economic activities and effectively providing the Services, as those will allow us to generate profits and to attract new customers.
|For the prevention of unauthorized use of the Services
- It is necessary to exercise our officially vested authorities; or
- The processing is necessary for our legitimate interests to protect us and our customers from possible damages from the unauthorized use.
6. Withdrawal of Your Consent
Please note that you have at any time the right to withdraw your consent with regard to the processing for which your consent is legal basis. To exercise this right, please contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.”
Upon the withdrawal of your consent, we will cease the processing unless we determine that there is an alternative legal basis to justify our continued processing of your Personal Data, in which case we will inform you of this alternative legal basis. The withdrawal of your consent shall however not affect the lawfulness of processing based on your consent before its withdrawal.
7. Age Limit
, the Services shall only be used by persons of 20 years old or older in case the persons are located in Thailand.
8. Keeping Your Personal Data Up-to-Date
You shall ensure that all Personal Data you directly provide to us are accurate, complete, true, and correct and shall keep such data up-to-data by reporting or registering to the Services any updates in a timely manner. Your failure to do so may result in your disadvantages such as being unable to use the Services. The Company is not responsible for any such disadvantages.
9. Your Rights
You have certain right regarding your Personal Data as described in 9.2 and 9.3 below. To exercise such rights outlined in this section, you can contact us using the contact details provided in “3. Data Controller, Data Protection Officer, and Representatives.” When sending us a request, please make clear which right you are exercising with regard to which of your Personal Data. Please also note that we may keep a record of your communications to help us resolve any issues arising in relation to your request.
Please be aware that your rights are not absolute, and it remains that, in accordance with the PDPA, your rights may be withheld. In such event, we will provide you with the reasons for not complying with your request.
We will process your request as soon as reasonably practicable and provide you with information on actions taken without undue delay and in any event within one month of receipt of your request. This period may be extended by a further two months where necessary, taking into account the complexity and number of your request. In this event, we will inform you of any such extension within one month of the receipt of your request, together with the reasons for the delay.
In the event that we decide to not comply with your request or has not processed your request within the aforesaid timeframe, you can lodge a complaint with the Personal Data Protection Committee in Thailand (“PDPC”) and you can seek a judicial remedy against our decision.
9.2 Your Right to Access, Rectification, Erasure, Restriction, Objection of Processing and Data Portability
You have, if applicable and within the limits of the PDPA, the right to request access to your Personal Data, to seek the rectification or erasure of your Personal Data, to request the restriction or objection of the processing.
In addition, you have, within the limits of applicable data protection laws, the right to receive the Personal Data you have submitted to the Company in a readable or commonly used format and to transmit such Personal Data to another controller without hindrance. We will, where applicable and technically feasible, transmit your Personal Data directly to the data controller of your choice.
9.3 Your Right to Lodge Complaint with the PDPC
You have the right to lodge a complaint with the PDPC in the event you think that we violate or do not comply with the PDPA.
10. International Transfers of Personal Data
The Company's servers are located in Japan, meaning that your Personal Data will be initially stored in Japan.
, we may transfer your Personal Data to the countries outside of Thailand, including Japan, South Korea, and the United States.
When the Company transfer Personal Data without the adequate decision, the Company will enter into standard data protection clauses approved by the PDPC to protect your Personal Data whenever it is being transferred between entities located outside of Thailand.
11. Disclosure and Sharing of Personal Data
and in the LINE Pay Privacy Addendum
. In addition, the Company may disclose your Personal Data to payment service providers such as payment gateways or payment processors in order to complete your payment.
12. Security of Personal Data
The Company protects your Personal Data by using appropriate administrative, technical and organisational security measures to reduce the risks of loss, theft, misuse, unauthorised access, disclosure, destruction and alteration of your Personal Data. For the details of our security measures, please also read “Data Security
13. Storage of Your Personal Data
Without prejudice to the Company’s right to further process your Personal Data for purposes that are not incompatible with the initial purpose, and subject to the Company’s own legal and regulatory obligations, the Company retains your Personal Data only for as long as necessary to fulfil the purposes described in this Addendum for PDPA, or as required by applicable laws including the laws of Japan. The criteria used to determine our storage periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is any legal obligation to which we are subject; and (iii) whether there is a need in order to perform a contract to which you are a party.
When the storage of your Personal Data becomes no longer necessary, the Company shall proceed to the erasure of your Personal Data in a secure manner.
Your continued use of the Services subsequent to the notification of such changes, or the absence of any objection thereto within thirty days from the date the amended Privacy Documentation have been made available on the Company’s website and mobile application, constitutes your acknowledgement of the amended Privacy Documentation.
15. Merger/Corporate Acquisition
If the Company merges with another company or entity, of whatsoever form, or is partially or entirely acquired by such company or entity, such company or entity shall have access to all your Personal Data in the Company’s possession. Without prejudice to the right to update the present Addendum for PDPA, such company or entity shall be bound by this Addendum for PDPA.