Privacy Policy

Thorn Field Crest KK | Corporate ID: 0111-01-234567 | 1-chōme-5-7 Sawamachi, Katsuyama, Fukui 911-0801 | Email: info@thornfieldcrest.com | Phone: +81 3-5625-3431

Scope Data we process Purpose & legal bases Retention Storage & transfers Your rights Security Cookies Incidents Contact DPO

1. Scope

This policy covers personal data processed for customers, prospects, and users of the Thorn Field Crest SaaS platform tailored for restaurants, cafés, sushi bars, izakaya, and hotel F&B outlets in Japan.

2. Data we process

Account & billing: name, role, company, seat count, payment tokens (no card numbers stored on our systems).
Operational telemetry: POS events, delivery orders, sensor data (keg, cold-chain, rail/weather feeds) pseudonymized where possible.
Support: chat/email/phone recordings with notice for quality and incident resolution.
Device data: IP (with truncation), user agent, coarse location for fraud prevention and language defaults.
Access logs: authentication, role changes, data export events for auditability.

3. Purpose & legal bases

We process data to provide and improve the service, ensure security, deliver support, and meet legal obligations. Legal bases: contract performance (APPI/GDPR Art. 6(1)(b)), legitimate interest (Art. 6(1)(f)) for security and service analytics, and consent where explicitly requested (e.g., marketing emails).

4. Retention

Account data is retained for the subscription term and up to 3 years after termination for legal defense unless a shorter statutory period applies. Logs older than 180 days are aggregated. Backups are retained 30 days.

5. Storage & transfers

Primary storage is in AWS Tokyo/Osaka. Cross-border transfers (if support escalations require) use SCCs where applicable. Subprocessors are limited to infrastructure, auth, and analytics providers; the current list is available on request.

6. Your rights

APPI rights: disclosure, correction, suspension of use. GDPR data subjects: access, rectification, erasure, portability, objection, and restriction. Submit requests to info@thornfieldcrest.com; we verify identity before action.

7. Security

TLS 1.3 in transit, AES-256 at rest; secrets managed via KMS.
Role-based access aligned to hall/kitchen/HQ, least-privilege enforced.
Audit logs for data export and role changes; quarterly penetration tests.
Chaos-tested failover between Tokyo and Osaka regions.

8. Cookies & tracking

We use essential cookies for authentication, and privacy-friendly analytics with IP truncation. No third-party advertising cookies. Do Not Track is honored where supported.

9. Incident response

Security incidents are triaged by our 24/7 NOC. Affected customers are notified without undue delay with scope, impact, and remediation steps. Breach reports are available to auditors upon request.

10. Contact DPO

Email: privacy@thornfieldcrest.com (routes to legal desk). Postal: Attn. DPO, Thorn Field Crest KK, 1-chōme-5-7 Sawamachi, Katsuyama, Fukui 911-0801.

Last updated: June 19, 2026

Back to home · Contact