Privacy Policy
At burstinggleam, we respect your privacy and are committed to protecting your personal information. This policy outlines how we collect, use, and safeguard your data when you interact with our machine learning scoring services.
Last Updated: March 15, 2025
This privacy policy explains how burstinggleam collects, processes, and protects personal data in accordance with Thailand's Personal Data Protection Act (PDPA) B.E. 2562 (2019) and international best practices.
By using our services, you acknowledge that you've read and understood how we handle your information. We've designed our data practices to give you control while enabling us to provide effective financial scoring solutions.
Information We Collect
Personal Information You Provide
When you register for our services or contact us, we collect information that you directly share with us. This might include your name, email address, phone number, company details, and professional role. We also gather any information you include in messages or support requests.
Contact Information
Name, email address, phone number, and mailing address for communication and service delivery purposes.
Professional Details
Company name, job title, industry sector, and business requirements to customize our scoring models.
Financial Data
Transaction records, credit history elements, and payment information necessary for scoring analysis.
Technical Information
IP addresses, browser types, device identifiers, and system specifications for security and optimization.
Automatically Collected Data
Our systems automatically gather certain technical information when you access our platform. This includes your IP address, browser type, operating system, referring URLs, and interaction patterns. We use this data to improve our service performance and detect potential security issues.
We also collect usage analytics through cookies and similar technologies. These help us understand how users navigate our platform and which features are most valuable.
How We Use Your Information
We process your data for specific purposes that support our service delivery and business operations. Here's what we do with the information we collect:
- Develop and refine machine learning models for credit scoring and risk assessment
- Provide personalized scoring reports and financial insights tailored to your business needs
- Process payments and maintain accurate billing records
- Communicate service updates, technical changes, and important account information
- Respond to support requests and resolve technical issues
- Detect and prevent fraudulent activity, unauthorized access, and security threats
- Comply with legal obligations under Thai law and international regulations
- Analyze platform performance and user behavior to enhance service quality
Legal Basis for Processing
Under Thailand's PDPA, we process your personal data based on your consent, contractual necessity, legal obligations, and legitimate business interests. You can withdraw consent at any time, though this may affect our ability to provide certain services.
Data Sharing and Disclosure
We don't sell your personal information to third parties. However, we do share data with specific partners and service providers who help us operate our business. Every third party we work with is carefully vetted and contractually obligated to protect your information.
Service Providers and Partners
We share data with cloud hosting providers, payment processors, analytics services, and technical infrastructure partners. These organizations only access information necessary to perform their specific functions. For example, our payment processor receives transaction details but doesn't access your complete profile.
Legal Requirements
Sometimes we're required to disclose information to comply with Thai laws, respond to valid legal requests from authorities, or protect our rights and property. This might include cooperating with law enforcement investigations or responding to court orders.
| Recipient Category | Purpose | Data Shared |
|---|---|---|
| Cloud Infrastructure | Platform hosting and data storage | All platform data encrypted at rest |
| Payment Processors | Transaction processing and billing | Payment details and transaction records |
| Analytics Services | Usage analysis and performance monitoring | Anonymized usage patterns and metrics |
| Email Service Providers | Communication delivery | Contact information and message content |
We may also share aggregated, anonymized data that cannot identify individuals. This statistical information helps us participate in industry research and demonstrate service effectiveness without compromising privacy.
Your Rights Under Thai Law
Thailand's Personal Data Protection Act grants you several rights regarding your personal information. We've established clear procedures to help you exercise these rights.
Access and Portability
Request copies of your personal data in a commonly used format. We'll provide this within 30 days of your verified request.
Correction Rights
Update or correct inaccurate information in your account. You can modify most details directly through your dashboard.
Deletion Rights
Request deletion of your personal data, subject to legal retention requirements and active service obligations.
Processing Restrictions
Object to certain data processing activities or request temporary restrictions while we investigate concerns.
How to Exercise Your Rights
To exercise any of these rights, contact us at help@burstinggleam.com with your request. We'll verify your identity and respond within the timeframes required by Thai law. Some requests may require additional documentation to protect against unauthorized access.
If you're not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Committee in Thailand. We'll provide information about filing complaints upon request.
Data Security Measures
Protecting your information is central to how we operate. We've implemented multiple layers of security controls to safeguard data against unauthorized access, disclosure, alteration, and destruction.
Technical Safeguards
All data transmitted to our servers uses industry-standard TLS encryption. Information stored in our databases is encrypted using AES-256 encryption. We maintain regular security audits and penetration testing to identify vulnerabilities before they can be exploited.
Access to personal data is restricted based on job responsibilities. Our employees and contractors undergo security training and are bound by confidentiality agreements. We log all data access and monitor for unusual patterns that might indicate security incidents.
Organizational Measures
We maintain a dedicated security team that responds to incidents 24/7. Our incident response plan outlines specific procedures for containing breaches, assessing impact, and notifying affected users. In the event of a significant data breach, we'll notify you and relevant authorities within 72 hours as required by Thai law.
Third-Party Security
All service providers we work with must demonstrate compliance with international security standards such as ISO 27001 or SOC 2. We regularly review their security practices and require immediate notification of any incidents affecting our data.
Data Retention and Deletion
We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law.
Retention Periods
Active account data is retained throughout your service relationship with us. After account closure, we keep certain information for specific periods based on legal and business requirements. Financial records are retained for seven years to comply with Thai accounting regulations. Communication logs and support tickets are typically deleted after three years.
- Account profile information: Duration of active service plus 90 days
- Transaction records: Seven years from transaction date
- Support communications: Three years from last interaction
- Marketing consent records: Five years from consent withdrawal
- Security logs: Two years from creation date
- Anonymized analytics: Indefinitely for research purposes
Deletion Procedures
When retention periods expire or you request deletion, we securely erase your data using methods that prevent recovery. Backups containing your information are overwritten according to our backup rotation schedule, typically within 90 days. Some anonymized data may persist in aggregated reports where individual identification is impossible.
International Data Transfers
While our primary operations are in Thailand, some of our service providers operate servers in other countries. This means your data may be transferred outside Thailand for processing and storage.
When we transfer data internationally, we ensure adequate protection through approved mechanisms under Thai law. This includes using standard contractual clauses, verifying recipient countries have adequate data protection laws, or implementing supplementary security measures.
You have the right to obtain information about the safeguards we use for international transfers. Contact our privacy team if you'd like details about specific transfers or the protections in place.
Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience on our platform. These small data files help us remember your preferences, analyze site traffic, and provide personalized content.
Types of Cookies We Use
Essential cookies are necessary for basic platform functionality like authentication and security. Analytics cookies help us understand how users interact with our services. Preference cookies remember your settings and choices. We don't use advertising cookies or share cookie data with ad networks.
You can control cookies through your browser settings. Disabling certain cookies may limit platform functionality. Most browsers allow you to view, manage, and delete cookies. Refer to your browser's help documentation for specific instructions.
Children's Privacy
Our services are designed for business use and are not intended for individuals under 18 years of age. We don't knowingly collect personal information from children. If we discover that we've inadvertently gathered data from someone under 18, we'll delete it promptly.
Parents or guardians who believe we may have collected information from a minor should contact us immediately at help@burstinggleam.com.
Changes to This Policy
We update this privacy policy periodically to reflect changes in our practices, legal requirements, or service offerings. When we make significant changes, we'll notify you via email or through a prominent notice on our platform.
The "Last Updated" date at the top indicates when we most recently revised this policy. We encourage you to review it regularly to stay informed about how we protect your information. Continued use of our services after policy changes constitutes acceptance of the updated terms.
Contact Us About Privacy
If you have questions about this privacy policy, want to exercise your data rights, or need to report a privacy concern, our team is here to help. We respond to all privacy inquiries within five business days.
burstinggleam217, Chok Chai Road
Photharam, Photharam District
Ratchaburi Province 70120
Thailand
This privacy policy is effective as of March 15, 2025, and applies to all information collected by burstinggleam through our website, platform, and related services.