Privacy Policy

Your privacy is important to us

Effective Date: January 1, 2025 | Last Updated: January 2025

JR-Nexus Co., Ltd. ("JR-Nexus," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Nexus Talent platform and related services (collectively, the "Services").

Important: This policy complies with Thailand's Personal Data Protection Act B.E. 2562 (2019) ("PDPA") and other applicable data protection laws.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using our Services:

  • Account Information: Name, email address, phone number, company name, job title
  • HR Data: Candidate CVs/resumes, job descriptions, interview notes, assessment results
  • Payment Information: Billing address, payment method details (processed securely via Stripe)
  • Communications: Messages, support requests, and feedback you send us

1.2 Candidate Data (Processed on Your Behalf)

As a data processor, we process candidate information uploaded by our customers:

  • Personal details (name, contact information, address)
  • Professional information (work history, education, skills, qualifications)
  • CV/resume content and documents
  • Assessment scores and AI-generated insights

1.3 Automatically Collected Information

  • Device information (browser type, operating system)
  • Log data (IP address, access times, pages viewed)
  • Usage patterns and feature interactions
  • Cookies and similar tracking technologies

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve our recruitment platform
  • AI Processing: To analyze CVs, generate interview questions, and provide candidate assessments using artificial intelligence
  • Account Management: To manage your subscription, process payments, and provide customer support
  • Communication: To send service updates, security alerts, and promotional materials (with your consent)
  • Analytics: To understand usage patterns and improve our Services
  • Legal Compliance: To comply with applicable laws and regulations

3. Legal Basis for Processing (PDPA Compliance)

Under Thailand's PDPA, we process your personal data based on:

  • Consent: For marketing communications and optional features
  • Contract: To fulfill our service agreement with you
  • Legitimate Interest: For service improvement and security
  • Legal Obligation: To comply with Thai laws and regulations

4. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Cloud hosting (AWS), payment processing (Stripe), email services
  • AI Providers: OpenAI for AI-powered features (data is processed per their enterprise terms)
  • Legal Requirements: When required by law, court order, or government authority
  • Business Transfers: In connection with merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

5. Data Retention

  • Account Data: Retained while your account is active, plus 2 years after closure
  • Candidate Data: Retained according to your organization's settings (default: 2 years)
  • Financial Records: Retained for 7 years as required by Thai law
  • Log Data: Retained for 90 days for security purposes

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls (RBAC)
  • Regular security assessments and penetration testing
  • Multi-tenant data isolation
  • AWS infrastructure with SOC 2 compliance

7. Your Rights Under PDPA

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Restriction: Request limitation of processing
  • Portability: Receive your data in a structured format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at privacy@jr-nexus.com

8. International Data Transfers

Your data may be processed in countries outside Thailand (e.g., for AI processing). We ensure appropriate safeguards are in place, including:

  • Data processing agreements with service providers
  • Compliance with international data protection standards

9. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. Continued use of our Services after changes constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related inquiries or to exercise your rights: