PRIVACY
POLICY

ElephantStone (Thailand) Co., Ltd. (the “Company”) fully recognizes the importance of personal information in business operations and considers it its utmost responsibility to thoroughly protect personal information. For that reason, the Company will have all its officers and employees comply with the Act on the Protection of Personal Information, other related legislation, and regulations by thoroughly disseminating its internal regulations and will continue to make efforts for personal information protestation so that customers can use the various services with peace of mind which are operated by the Company (the “Services”).

Personal information means information entered by an individual when using the Services (i.e., name, date of birth, gender, address, telephone number, email address, credit card number or bank account number, and the inquiry details), and any other information acquired in connection with such use, which can be used to identify the specific individual, either on its own or in combination.

The Company will acquire personal information through lawful and fair means and will not obtain it through improper means against the customer’s will. Furthermore, when acquiring personal information from a third party, the Company will verify that the information provider has properly obtained the personal information in question.

The Company will implement the necessary measures to prevent the loss, damage, leakage, and unauthorized use of personal information and to ensure its secure management. The Company will also designate a person responsible for the handling of personal information to securely manage the information. Moreover, the Company will strive to keep personal information accurate and up to date within the scope of its intended purposes of use.

The Company will continuously improve the handling and management of personal information and its management systems.

The Company will not use any personal information that it has collected outside the following purposes of use unless the customer's consents to the use:

1. To provide the Service
2. To verify the identity of the customer or their agent
3. To contact the customer and provide information about the Company’s recommended products and services
4. To customize the Service, information on the Service, or ad delivery according to the customer’s age, occupation, gender, interests, and the like
5. To implement marketing (including surveys and questionnaires), data analysis, or the research and development of the Service
6. To perform transactions with the customer or other business partners properly and smoothly, or to implement administrative tasks related to transactions with the customer or other business partners
7. To exercise rights and fulfill obligations under the contract with the customers and applicable laws and regulations
8. To prohibit and prevent unfair transactions, including insider trading
9. To be used for any other purposes associated with the above

The Company will not disclose nor provide customers’ personal information in its possession to third parties without their consent. However, the Company may disclose or provide customers’ personal data without their consent if

1. it does so based on legislation;
2. it is necessary for the protection of human life, body, or property, and obtaining the customers’ consent is difficult;
3. it is particularly necessary for the improvement of public health or the promotion of healthy development of children, and obtaining the customers’ consent is difficult;
4. it is necessary to cooperate with a national government organ, local public entity, or person delegated thereby to perform business prescribed by legislation, and obtaining the customers’ consent is likely to impede the performance of the business;
5. the Company outsources all or part of the work necessary to operate the Services to a contractor that is bound by confidentiality obligations; or
6. personal information is provided to payment processors, credit card companies, and financial institutions that are bound by confidentiality obligations for the purpose of billing customers who use paid services.

When outsourcing the handling of obtained personal information to an external contractor, the Company will conduct a strict review of the contractor and provide necessary and appropriate supervision to ensure the maintenance of confidentiality.

A cookie is data exchanged between the computer browser of the customer and the website server to make their browsing experience more convenient when the customer revisits the site. Cookies are stored in the customer’s browser and may be referenced by the server. However, the file sent as a cookie from the Company website does not contain any personally identifiable information, does not infringe upon their privacy, and will not adversely affect their computer. The Company website uses cookies for the following purposes:

1. To check customers’ login status or implement various functions of the Service
2. To examine the usage status of the Company website, and to make advertising, marketing, or service improvement
3. To deliver display ads by third-party ad providers, such as Google. The cookie information obtained by such a third party will be handled in accordance with the privacy policy of the third party. A customer can choose their cookie settings from such options as “Allow all cookies,” “Block all cookies,” or “Notify me when cookies are received.” How to change the settings varies depending on the browser. For instructions on cookie settings, please refer to your browser’s “Help” menu. In the case of the above, please note that if you choose to block all cookies, your use of the various online services may be limited; for example, you may no longer access the services that require authentication. A third-party ad provider, such as Google, may use cookies to obtain the access information to the Company website to display the Company’s advertisements on other sites based on the information. A customer can stop ad delivery by the third party that uses the cookie information, by accessing the opt-out page provided on the third party’s website (e.g., the Google Analytics Opt-out Add-on).

Upon receiving a request from a customer, the Company will conduct an investigation regarding the request without delay. The Company will correct, discontinue using, or delete personal information if it is determined necessary. However, if disclosure gives rise to any of the following items, the Company may not disclose all or part of the information:

1. When it is likely to harm the life, body, property, or other rights and interests of a customer or third party
2. When it is likely to significantly impede the proper execution of the Company’s business
3. When it otherwise violates any legislation

The Company may revise all or part of the Privacy Policy at its discretion without the customers’ consent. Upon the revision to the Policy, the Company will announce it within the Service. A customer using the Service after the revision will be deemed to have consented to the revision.