Use and Management of cookies
We use cookies and other similar technologies on our website to enhance your browsing experience. For more information, please visit our
Cookies Policy.
We, SCB Tech X Company Limited (“the Company”), care about your privacy, thus, we provide this privacy notice to inform you of our policy in relation to the collection, use and disclosure of personal data in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
• Individual customers: Customers who have products or services with the Company, including former and existing customers who are individual.
• Corporate customers: Directors, shareholders, ultimate beneficial owners, employees and legal representatives of our corporate customers and other individuals authorized to act on their behalf. Our corporate customer shall ensure that the authorized persons and any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. directors; investors; shareholders; debenture holders; counterparties; persons who have business relationship and their legal representatives; anyone that visits our website or office; beneficiaries under insurance policy, ultimate beneficial owner; directors or legal representatives of a company that uses our services; professional advisors; and anyone involved in transactions with us or our customers).
Please note that in the event that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and/or other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a) compliance with the PDPA and any amendment thereof;
b) compliance with laws (e.g. Financial Institution Business Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, Public Limited Companies Laws, Life and Non-life Insurance Laws and other laws to which we are subject both in Thailand and in other countries), including conducting identity verification, background checks and credit checks, Know Your Customer (KYC) process, Customer Due Diligence (CDD) process, other checks and screenings (including screening against publicly available database of regulatory authorities and/or official sanctions lists), and ongoing monitoring that may be required under any applicable law; and/or
c) compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) process your request prior to entering into an agreement, consider for approval and execute transactions or provide products and/or services, deliver products and/or services to you, provide advice and deal with all matters relating to products and/or services, including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b) authenticate when entering into, doing or executing any transactions;
c) carry out your instructions (e.g. processing your applications and/or your transactions, fulfilling a request for execution of transactions or utilization of products and/or services, responding to your enquiries or feedbacks, or resolving your complaints) including record images, videos and/or voices and/or any similar actions to enable us to efficiently carry out your instructions and/or to keep record as an evidence for proceeding with your instructions;
d) provide websites, mobile applications and other online product platforms;
e) track or record your transactions;
f) produce reports (e.g. transaction reports requested by you or our internal reports);
g) notify you with transaction alerts;
h) recover the money which you owe (e.g. when you have not paid for outstanding fees);
i) carry out account maintenance and operations relating to your user accounts and/or financial accounts, including but not limited to processing your applications or requests for services or products, processing your transactions, generating statement of your user accounts and/or financial accounts, and operating and closing your user accounts and/or financial accounts;
j) carry out or make transactions and/or payments (e.g. processing payments or transactions, fulfilling transactions, billing or processing activities, managing your relationship with us, and administering your account with us);
k) proceed with any acts relating to insurance policy (e.g. proceeding with or monitoring any claim under your insurance policy, claiming against third party);
l) enforce our legal or contractual rights;
m) provide IT and helpdesk supports, create and maintain codes and user accounts for you, manage your access to any systems to which we have granted you access, and remove inactive accounts; and/or
n) in the event of sale or transfer of claims, assets, debt or business, merger, reorganization, rehabilitation, or similar event, we may disclose and transfer your personal data to one or more third parties who are the transferees of claims, assets, debt, or business, or the parties involved in the merger or reorganizing, or the plan preparers and plan administrators, or those related to such similar event.
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a) conduct our business operation, the business operation of companies in SCBX Group as specified in https://www.scbx.com/en/affiliates-financial-business-group and the business operation of SCBX Group (e.g. to govern, to audit, to conduct risk management in business operations and internal management, to manage and audit financial and accounting, to conduct information technology and cybersecurity management, to conduct procurement management, to conduct human resource management, to define guidelines and strategic planning for operations, to conduct debt restructuring and manage the risks of customers of the companies in SCBX Group, to monitor, prevent, and investigate fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons related to our corporate customer, which may not be required by any governmental or regulatory authorities, and authenticating your identity to prevent such crimes);
b) conduct our relationship managements (e.g. to serve and facilitate you, to conduct survey, to manage customer segmentation, to handle complaints, to coordinate with relevant persons) including record images, videos and/or voices and/or any similar actions to enable us to efficiently conduct our relationship managements and/or to enhancing our services;
c) ensure security (e.g. to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building areas);
d) develop and improve our products, services and systems to enhance our services standard, and/or for the greatest benefits in fulfilling your needs, including to conduct research, analyse data and offer products, services and benefits suitable to you by considering the fundamental rights in your personal data. If you do not wish to receive the offering of products, services and benefits from us, you can contact us, details as specified in No.11;
e) record images, videos, and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities and use such recorded images, videos and/or voices for the purpose of making internal and/or external public relations relating to such meetings, trainings, seminars, recreations or activities;
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons or attorneys;
g) ensure business continuity;
h) handle claims and disputes, file lawsuits and process the relevant legal proceedings;
i) contact you prior to your entering into a contract with us;
j) protect against security risks (e.g. monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity);
k) comply with applicable foreign laws;
l) analyze, carry out research, plan and conduct statistical analysis (e.g. data analytics, assessments, surveys and preparations of reports on our products and/or services and your behavior, usage location and usage history);
m) organize our promotional campaigns or events, conferences, seminars, and company visits;
n) facilitate financial audits to be performed by auditors;
o) receive advisory services from legal counsels, financial advisors, and/or other advisors appointed by you or us;
p) in the event of sale, transfer, merger, reorganization, or similar event, or if such an action is contemplated, disclose and transfer your personal data to one or more third parties as part of that transaction;
q) maintain and update lists and directories of the customers (including your personal data) and keep contracts and associated documents in which you may be referred to; and/or
r) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems to keep our systems secured, performing our IT systems development, implementation, operation and maintenance).
1.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits and/or to enable us to execute transactions or provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect, use or disclose your sensitive personal data as necessary (e.g. your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) for verification of your identity before continuing the transaction and for Know Your Customer (KYC) process;
b) collect, use, or disclose your personal data and any information for the purpose of offering or providing suitable products, services, and benefits to you (in case where consent is required under the PDPA);
c) contact you to offer our products, services, and benefits which may interest you (in case the consent is required under the PDPA);
d) disclose your personal data and any other data to companies in SCBX Group as shown on https://www.scbx.com/en/affiliates-financial-business-group and our trusted business partners for purpose of analysis, carry out research, and prepare of statistical data, which will be beneficial in providing services that are more efficient and suitable for you;
e) send or transfer your personal data and sensitive personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed under other lawful basis or without obtaining consent);
f) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent); and/or
g) other activities which we may require your consent.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and/or
c) necessary to carry out a public task, or for exercising official authority
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to execute transactions with you or to provide (or continue to provide) some or all of our products and services to you if you do not provide such personal data when requested.
In addition, the Company may utilize technologies currently possessed or to be acquired in the future for the collection, use, or disclosure of your personal data in accordance with the purposes stated in clauses 1.1 – 1.5 above, including, but not limited to, Artificial Intelligence (“AI”), Generative AI Usage, such as AI Chatbot technology, Cloud Computing, etc.
Furthermore, the Company may establish the system(s) to support operations and business activities for shared use within SCBX Group and may collect, use, or disclose your personal data held by the Company and the companies in SCBX Group through such system(s) in accordance with the PDPA.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of transactions, products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
| Category | Examples of personal data |
|---|---|
| Personal details |
|
| Contact details |
|
| Identification and authentication details |
|
| Employment details |
|
| Financial details and data relating to your relationship with us |
|
| Market research and marketing data |
|
| Geographic data and data relating to your device and your software, and technical details |
|
| Investigation data |
|
| User login, subscription data, and profile details |
|
| Usage details |
|
| Spouse details |
|
| Data concerning security |
|
| Sensitive personal data |
|
| Other data |
|
© Copyright 2021 SCB Tech X Company Limited. All rights reserved.
If you want to message us, please give your consent to SCB TechX to collect, use, and/or disclose your personal data.
