Last updated April, 2020
KASIKORN RESEARCH CENTER Co., Ltd. (“Company”) is a leading economic and business institution in Thailand that adheres to ethical business conducts and compliance with applicable legal framework. The Company is aware of your trust in the Company’s products and services and recognizes your need for security in transaction and the handling of your personal data.
For prioritizing your privacy and safeguarding your personal data, the Company, therefore, has set out policies, regulations and rules for the Company’s business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to the Company will be processed to meet your needs and in accordance with the laws.
1. What is the purpose of this Policy?
This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.
2. Which personal data that the Company collects, uses, and/or discloses?
2.1 Personal Data is data that can directly or indirectly identify you, i.e.
2.1.1 Personal data that you give directly to or through the Company, or available to the Company by your use of products and/or services, contact, visit, search via digital channels, branches, website, Social Media Channel, assigned persons or other means.;
2.1.2 Personal data received or accessed by the Company from other sources not directly from you. For example, government entities, companies in KASIKORNBANK Financial Conglomerate, financial institutions, financial service providers, business partners, the National Credit Bureau, and information service provider, etc. The Company will collect data from other sources only when your consent is given as consistent with laws unless where necessary for the Company as permissible under laws.
Your personal data that the Company collects, uses and/or disclose are such as
- Personal information such as name, surname;
- Contact information such as home address, workplace, telephone number, E-mail;
- Data related to devices or machines such as IP address, MAC address, Cookie ID;
- Other information such as website-visiting data, voice, still picture, moving picture, and other information deemed personal data under the Personal Data Protection Laws
2.2 Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by the Company only when the Company has obtained explicit consent from you or where necessary for the Company as permissible under law. The Company may collect, use and/or disclose biometric identifiers (Biometrics), e.g., facial recognition, fingerprint recognition, retina recognition, voice recognition for the purpose of verifying and confirming identity of applicants for services and/or transaction via digital channels, branches, website, call center or other channels, etc.
(Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “Personal Data”)
3. What are the Company’s purposes of collecting, using and/or disclosing your Personal data?
The Company will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to the Company or you; and for any purposes provided in this Policy, as follows;
3.1 For your benefits in using the Company’s products and/or services that meet your own purposes and for other purposes necessary under laws
3.1.1 To allow you to use the Company’s products and/or services that meet your purposes under your contract with the Company or to take steps at your request prior to using the Company’s products and/or services (Contractual Basis), for instance,
(1) to approve the using of any products and/or services, e.g. the use of data services on website Website
(2) to take any steps in relation to the use of any products and/or services, e.g. processing, contact, notification of news about products and/or services
3.1.2 To comply with relevant or applicable law (Legal Obligation), for instance,
(1) to comply with an order from a competent authority; and/or
(2) to comply with Financial Institution Law, Securities and Exchange Law, Life Insurance Law, Non-life Insurance Law, Tax Law, Anti-money Laundering Law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Law, Computer Law, Bankruptcy Law, and other laws to which the Company is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws.
If the Company is required to collect, use and/or disclose your Personal Data to meet our legal obligations or enter into an agreement with you, the Company may not be able to provide (or continue to provide) our products and/or services to you if the Company cannot collect your Personal Data when requested.
3.1.3 To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance,
(1) to record images from CCTV, to exchange ID cards before entering buildings;
(2) to maintain relationship with customers, e.g. complaint handling, satisfaction survey, customer service by the Company’s staff, notification or offer on any products and/or services of the same types you are using for your benefits;
(3) to manage risks, monitor, manage within organization including to refer such tasks to affiliated companies in the conglomerate under the Personal Data related policy of the conglomerate (Binding Corporate Rules);
(4) to anonymize your Personal Data (Anonymous Data);
(5) to prevent, respond, and minimize potential risks arising from corruption, cyber threat, debt default or contractual breach (e.g. bankruptcy related data), law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks;
(6) to collect, use and/or disclose the Personal Data of directors, representatives, agents of customers that are juristic person;
(7) to contact, voice or image recording during meetings, trainings, seminars or booth activities;
(8) to collect, use, and/or disclose the Personal Data of person under court’s receivership order; and
(9) to receive - dispatch parcels.
3.2 To enable you to receive benefits from using products and/or services according to your given consent, for instance,
(1) For you to receive products and/or services that are better and suitable for your need;
(2) For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities;
ทregardless of being products and/or services, privileges, promotions, information or special activities of the Company, companies in KASIKORNBANK Financial Conglomerate, or person of whom the Company is an agent, agent, distributor, business partner or a third party associated with the Company, depending on your given consent.
4. To whom may the Company disclose your Personal Data?
The Company may disclose your Personal Data to other person to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy.
The Company may disclose your Personal Data for various purposes, e.g. providing services to you; analyzing and developing products and/or services, conducting research or analyzing statistical data; promoting sales and advertising by the Company; managing organization; preventing corruption; allowing the Company’s supporting service providers; verifying customers’ identity, etc. The Company may disclose the data to other persons or entities. For example, companies in KASIKORNBANK Financial Conglomerate, the Personal Data processors, external service providers, the Company’s agents, sub-contractors, financial institutions, auditors, external auditors, credit rating companies, asset management companies, the National Credit Bureau, competent authority, prospective assignees and/or assignees in any transaction or business merger of the Company, any corporations or individuals under relationship or contract with the Company; including executives, staff, employees, contractors, agents, the Company’s advisor and of those person or entity who receive the data, etc.
In case of disclosing your Personal Data to other persons for the marketing purposes of the data receiver, e.g. sale promotions, advertisements or products and/or services offers for you, etc., the Company will notify you of a list of the data receivers to take into consideration when making a decision to give consent.
5. Can the Company send or transfer your Personal Data to other countries?
When it is necessary, the Company may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of the Company’s business, e.g. sending or transferring the Personal Data to be stored on Server/Cloud in other countries.
If the receiving countries do not maintain adequate standard levels, the Company will ensure that the sending and the transferring are in compliance with legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements.
6. How long does the Company retain your Personal Data?
The Company will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with the Company, or for as long as necessary in connection with the purposes set out in this Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc.
The Company may erase, destroy, or anonymize the Personal Data when it is no longer necessary or when the period lapses.
7. How does the Company protect your Personal Data?
For retention of your Personal Data, the Company implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. The Company has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. The Company has amended the policy, rule and regulation as frequently as necessary and appropriate.
Moreover, the Company’s executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by the Company.
8. What are your rights related to Personal Data?
Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Company. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.
8.1 Right to withdraw consent : If you have given consent to the Company to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to Company, unless it is restricted by laws or you are still under beneficial contract.
Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
8.2 Right of access : You have the right to access your Personal Data that is under the Company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how to Company obtain your Personal Data.
8.3 Right to data portability : You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Company directly to other data controller unless not technically feasible
ทYour Personal Data above must be under your consent given to the Company to collect, use, and/or disclose; or those the Company deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Company; or to take steps at your requests before using products and/or services; or as legally required by competent authority.
8.4 Right to object : You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Company will continue collecting, using and/or disclosing your Personal Data only when the Company can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend legal proceedings, depending on a case by case basis.
In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research.
8.5 Right to erasure : You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described.
8.6 Right to restriction of processing : You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request the Company to suspend the processing.
8.7 Right to rectification : You have the right to rectify your Personal Data to be updated, complete and not misleading.
8.8 Right to complaint : You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
8.9 The exercise of rights above may be restricted under relevant laws and it may be necessary for the Company to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Company denies the request, the Company will inform you of the reason.
You may request to exercise your rights via the following channels:
9. How can you contact the Company and the Data Protection Officer?
If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the Company and/or the Data Protection Officer via the following channel:
- KR Contact Center Tel : 02-2731144
Address : KASIKORN RESEARCH CENTER COMPANY LIMITED, 400/22 KASIKORNBANK Building, Phahon Yothin Rd., Samsen Nai, Phayathai, Bangkok 10400
Data Protection Officer E-mail : firstname.lastname@example.org
Address : KASIKORN RESEARCH CENTER COMPANY LIMITED, 400/22 KASIKORNBANK Building, Phahon Yothin Rd., Samsen Nai, Phayathai, Bangkok 10400