āļāđāļāļĄāļđāļĨāļŠāđāļ§āļāļāļļāļāļāļĨāļāļāļāļāļļāļāļāļēāļāļāļđāļāđāļāļāđāļĨāļ°āļāļąāļāđāļāđāļāđāļ§āđāļāļāļāļāļĢāļ°āđāļāļĻāđāļāļĒ āļĢāļ§āļĄāļāļķāļāļāļĩāđāļŠāļīāļāļāđāļāļĢāđāļāļķāđāļāđāļāđāļāļŠāļāļēāļāļāļĩāđāļāļąāđāļāđāļāļīāļĢāđāļāđāļ§āļāļĢāđāļŦāļĨāļąāļāļāļāļāđāļĢāļē āđāļĄāļ·āđāļāļĄāļĩāļāļēāļĢāđāļāļāļāđāļāļĄāļđāļĨāļāđāļēāļĄāļāļĢāļĄāđāļāļ āđāļĢāļēāļāļ°āļāļģāđāļāļīāļāļĄāļēāļāļĢāļāļēāļĢāļāđāļāļāļāļąāļāļāļĩāđāđāļŦāļĄāļēāļ°āļŠāļĄāđāļāļ·āđāļāļāļļāđāļĄāļāļĢāļāļāļāđāļāļĄāļđāļĨāļŠāđāļ§āļāļāļļāļāļāļĨāļāļāļāļāļļāļāđāļŦāđāļŠāļāļāļāļĨāđāļāļāļāļąāļāļāđāļāļāļģāļŦāļāļāļāļēāļāļāļāļŦāļĄāļēāļĒāļāļĩāđāđāļāļĩāđāļĒāļ§āļāđāļāļ āļĢāļ§āļĄāļāļķāļ PDPA āđāļĨāļ°āđāļāļāļĢāļāļĩāļāļĩāđāđāļāļĩāđāļĒāļ§āļāđāļāļāļĢāļ§āļĄāļāļķāļ GDPR āļāđāļ§āļĒ
Privacy Policy
Effective Date: May 1, 2019
Last Updated: Jan 18, 2026
1. Introduction
Filatov Group Co., Ltd. (“iLoveJapanSchool,” “we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit or use our website (www.ilovejapanschool.com), mobile applications, and related online services (collectively, the “Online School”).
We process personal information in accordance with the Thailand Personal Data Protection Act B.E. 2562 (2019) (“PDPA”), and, where applicable, the European General Data Protection Regulation (“GDPR”) and other applicable data protection laws.
By accessing or using the Online School, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
2.1 Information You Provide to Us
We may collect personal information directly from you when you:
- Register for an account
- Purchase a subscription
- Contact our customer support team
- Complete forms or provide feedback
- Use our Single Sign-On (SSO) integrations (Google, Facebook, LINE, TikTok, LinkedIn, etc.)
- Upload payment slips for offline payments
The personal information we collect may include:
- Full name
- Email address
- Mailing address
- Phone number
- Profile images (uploaded or imported from SSO providers)
- Payment records (offline payment slips and confirmation documents)
- Other information you voluntarily provide
Note: We do not directly collect or store your credit card information. All online payment processing is handled by our authorized third-party payment processor (PaySolutions).
2.2 Information Collected Automatically
When you visit the Online School, we automatically collect certain technical information, including:
- IP address
- Browser type and version
- Device information
- Operating system
- Referring/exit pages
- Usage data such as pages visited, links clicked, and time spent on pages
We may also collect information through cookies, analytics tools (such as Google Analytics), web beacons, and similar technologies. For more information, see Section 7 (Cookies and Tracking Technologies).
3. How We Use Your Information
We use the personal information we collect for the following purposes:
- To create and maintain your account
- To provide, operate, and improve the Online School
- To process payments and manage subscriptions
- To respond to your inquiries and provide customer support
- To send service notifications, payment confirmations, and important updates
- To send newsletters or marketing communications (if you consent)
- To analyze website usage and improve functionality and content
- To comply with applicable laws and legal obligations
4. Legal Bases for Processing
We process your personal information based on one or more of the following legal bases:
- Your consent
- The necessity to perform a contract (i.e., providing you with access to the Online School)
- Compliance with legal obligations
- Our legitimate business interests (e.g., improving services, protecting security, preventing fraud)
5. Information Sharing
We do not sell your personal information to third parties.
We may share your personal information in the following limited circumstances:
- With service providers who help us operate the Online School (e.g., cloud hosting providers, payment processors, CRM providers, customer support vendors, IT service providers)
- With third parties as required by law or legal process
- In the event of a business transaction, such as a merger, acquisition, or sale of assets, where customer information may be transferred as part of the transaction
- With your explicit consent
All service providers who process personal data on our behalf are required to follow appropriate data protection obligations under applicable law.
6. Data Location and Cross-Border Transfers
Your personal data may be transferred and stored outside of Thailand, including in Singapore where our primary servers are located. Where such cross-border transfers occur, we ensure that appropriate safeguards are implemented to protect your personal data, consistent with applicable legal requirements, including PDPA and, where applicable, GDPR.
7. Cookies and Tracking Technologies
We use cookies and similar technologies to collect information and improve your experience on the Online School.
7.1 What Are Cookies?
Cookies are small text files stored on your device to help websites function and analyze usage.
7.2 How We Use Cookies
We use both session and persistent cookies for purposes such as:
- Remembering your login preferences
- Personalizing your experience
- Analyzing site usage (e.g., via Google Analytics)
- Managing payment and subscription processes
You can control or disable cookies through your browser settings, but some features of the Online School may not function properly if you do so.
7.3 Third-Party Tracking
We may use third-party analytics providers (such as Google Analytics) to collect non-personal usage data. We do not control third-party cookies.
8. Data Security
We take reasonable technical and organizational measures to safeguard your personal information against loss, misuse, unauthorized access, disclosure, or destruction.
Our internal security measures include:
- Role-Based Access Controls: Only authorized personnel have access to systems containing personal information, and access is granted strictly based on job responsibilities.
- Access Audits: We maintain internal logs and conduct periodic audits to monitor and verify authorized access to personal data.
- Two-Factor Authentication (2FA): 2FA is enabled across all systems that store or process your personal information.
- Encrypted Data Transmission and Storage: Customer data is encrypted both in transit and at rest using industry-standard encryption protocols.
Password Management and Access Segregation
- Wherever technically possible, we use segregated individual staff accounts for system access to ensure auditability, accountability, and access traceability.
- In limited cases where certain accounts do not support individual credentials and sensitive client data is not involved, we may securely manage credentials using an enterprise-grade password manager that allows secure storage and controlled internal sharing.
- All shared credentials stored in the password manager are reviewed regularly, and access is strictly limited to authorized personnel only.
Bitrix24 CRM and Telephony
We use Bitrix24 as our Customer Relationship Management (CRM) system to store personal information collected during customer support activities and customer communications, including:
- Client records created during support requests
- Account-related communications
- Incoming and outgoing phone call data (processed via Bitrix24’s integrated VoIP telephony system)
- All inbound and outbound customer service calls are automatically recorded for quality assurance, training, and security purposes
Bitrix24 stores customer data on Amazon Web Services (AWS) infrastructure, with data centers located in either:
- The United States (Virginia)
- The European Union (Frankfurt, Germany)
Bitrix24 and its hosting provider AWS maintain multiple international certifications and compliance standards, including:
- HIPAA
- GDPR
- ISO 27001
- SOC 1 / SOC 2 / SOC 3
- PCI DSS Level 1
- Directive 95/46/EC
Further information on Bitrix24 security can be found at: https://www.bitrix24.com/security/
Google Workspace
We may store certain customer support communications and administrative data using Google Workspace (Gmail, Drive, Calendar, Chat), provided by Google LLC. Google Workspace services maintain industry-standard certifications including ISO 27001, ISO 27018, SOC 2, and GDPR compliance frameworks.
When accessing and processing data via Bitrix24 and Google Workspace, we use Two-Step Verification (2FA) internally for additional protection of your personal data.
While we implement reasonable and appropriate security measures, no method of transmission or storage can be guaranteed 100% secure. You are responsible for safeguarding your account credentials and taking appropriate precautions to protect your own data.
Important: iLoveJapanSchool will never request your password or credit card details via email, phone, or messaging apps. Please remain vigilant against phishing, spoofing, and other cyber threats.
9. Security Incident Notification
In the event of a data breach involving your personal information, we will:
- Notify you and relevant authorities promptly, as required by PDPA Section 37 or GDPR Article 33 (if applicable).
- Investigate the incident and take reasonable steps to minimize harm.
- Provide relevant information as part of our notification process.
Notifications may be sent to your registered email address or through other reasonable communication channels.
10. Your Rights
Depending on applicable law, you may have the following rights regarding your personal information:
- The right to access and review your data
- The right to correct inaccurate or incomplete data
- The right to request deletion of your data (“right to be forgotten”)
- The right to object to certain types of processing
- The right to withdraw consent at any time (where processing is based on consent)
You may exercise these rights by contacting us at:
info@ilovejapanschool.com
or via our contact form: https://ilovejapanschool.com/contact
We will respond to all data requests within a reasonable period and in accordance with applicable legal requirements.
11. Data Retention
We retain your personal data for as long as your account remains active or as long as necessary to provide services. We may retain certain information after account closure as required for:
- Legal compliance
- Dispute resolution
- Accounting, tax, or regulatory obligations
- Fraud prevention and security
12. Payments Security
Online credit card payments are processed securely by our third-party provider: PaySolutions.
iLoveJapanSchool does not store or process your full credit card details directly.
For offline payments, uploaded payment slips are stored temporarily for verification and are automatically deleted after 40 days following approval.
13. Third-Party Links and Widgets
The Online School may contain links to third-party websites or embedded widgets (e.g. video streaming, social sharing, etc.). Any personal information you provide to third parties is governed by their privacy policies. We encourage you to review their privacy terms before providing any information.
14. Testimonials and User Content
With your consent, we may display your testimonials, questions, comments, or reviews publicly along with your name. You may request removal of such content by contacting us at info@ilovejapanschool.com.
15. Privacy Policy Updates
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Online School prior to the changes taking effect. The most recent version will always be available on our website.
16. Contact Information
If you have any questions or concerns about this Privacy Policy, you may contact us at:
Filatov Group Co., Ltd.
Park Ploenchit 61/7 Sukhumvit 1 Road
Khongtoey Nua, Wattana
Bangkok, Thailand 10110
Phone: +66 2 105 4703
Email: info@ilovejapanschool.com
17. Opt-Out Options
You may opt out of receiving our newsletters at any time by using the unsubscribe link in each email or by updating your preferences in your account settings.
Note: You may not opt out of system notifications (such as payment confirmations) which serve as essential service communications.
