Use and Management of cookies
We use cookies and other similar technologies on our website to enhance your browsing experience. For more information, please visit our
Cookies Policy.
Last updated April 2026
We, SCB Tech X Company Limited (“the Company”), care about the privacy of our employees, workers, service providers and contractors (“you”). Thus, we provide this Privacy Notice under the Personal Data Protection Act B.E. 2562 (“PDPA”) to inform you of (a) the methods, objectives and details of the data that we collect, store, use or disclose (b) duration of data collection; (c) disclosure of personal data; (d) your rights as the owner of personal data; and (e) the keeping of privacy and security of personal data and how you can contact us.
This Privacy Notice applies to the following natural persons:
(1) Employees or workers of the Company pursuant to employment agreements;
(2) Service providers and contractors of the Company, including their employees or staff under the agreements with the Company (e.g. service agreement, hire of work agreement, agency contract) including its employee or staff;
(3) Job applicants, whether they are applying directly with the Company, or through agency or other entities;
(4) Former employees, of whom the Company needs to retain or use their personal data as required by laws;
(5) Parents, descendants, relatives, spouses, or beneficiaries of employees;
(6) Guarantors of employees, staff, service providers or contractors under the employment agreements, service agreements, hire of work agreements, agency contracts or other similar agreements with the Company;
(7) Speakers, lecturers, and trainers in company training programs, including doctors and nurses who provide services at company premises for training courses organized by the Company;
(8) Trainees or participants in projects or activities organized or participated by the Company;
(9) Directors, advisors, or authorized persons of the Company;
(10) Employees of companies in SCBX Group;
(11) Reference persons in job applications or other contracts made with the Company;
(12) Student trainees, scholarship students of the Company including their guarantors or other relevant persons; and
(13) Any natural person entering into contract or participating in any activity (whether directly or indirectly) with the Company for the purposes stated in this Privacy Notice.
1. How the Company collects, uses, and discloses your personal data
The Company will only collect, use or disclose your personal data when it is necessary, or where there is a lawful basis to do so. This includes where the Company collects, uses or discloses your personal data based on (a) legal obligations; (b) performance of contract; (c) legitimate interests; (d) consent and/or (e) other lawful bases for the following purposes:
1.1. Legal obligations of the Company
As the Company is subject to supervision and regulations and must comply with appliable laws and regulations, it is necessary for the Company to collect, use or disclose your personal data for various reasons as required by the following laws and governmental regulations:
(1) the Personal Data Protection Act;
(2) the Civil and Commercial Code, Labour Protection Act, Labour Relations Act including other relevant labour laws;
(3) the Social Security Act, Provident Fund Act, Workmen Compensation Act, Cremation Fund Act, or other laws relating to the provision of welfare for employees or workers;
(4) the Empowerment of Persons with Disabilities Act, Skill Development Promotion Act and/or other relevant laws;
(5) the Revenue Code or other tax laws;
(6) the Orders and regulations issued by government authorities, such as court orders, orders from governmental or supervisory agencies, or regulatory authorities, etc.;
(7) the Anti-money laundering and suppression of terrorism funding (AML/CFT) laws;
(8) Checking of background, assets or securities holding of employees as required by laws, including reports made to relevant regulatory or governmental authorities; and
(9) Checking and verifying of background or qualifications for the appointment of executives or other key positions as required by rules and regulations issued by relevant regulatory authorities or other relevant laws.
1.2. Performance of contract made between you and the Company
The Company will collect, use and disclose your personal data in accordance with application documents, agreements or contracts made between you and the Company and for the purposes stated therein, as follows:
(1) Job application, recruitment, interview, questionnaire, performance assessment of the candidate;
(2) Employment, negotiation, employment approval, preparation, modification, change, renewal, or any other actions with respect to employment agreements and/or agency agreements, including change of working conditions;
(3) Preparation of employee profile registration, book-keeping of employee profile registration on the Company’s system, including to create, delete, edit employees’ personal data and grant or revoke the rights of the employee;
(4) Preparation of payroll and calculation of wages, salaries or compensations to be paid by the Company to you, including making payments or setting aside workers compensation reserves;
(5) Arrangement for welfare, benefits, payments, loans, credits and reimbursements concerning welfare programs granted by the Company to employees;
(6) Arrangement, change, or cancellation of health insurance, life insurance, accidental insurance or other types of insurances;
(7) Grant, permission or alteration, deletion and control of the rights to access or use the Company’s assets or systems;
(8) Arrangement and provision of office equipment and supplies for employees and sales agents e.g. uniform, name cards, signs, licenses, computers and mobiles distribution and employee or sales agent cards, including arrangement for returning of the same upon employment termination;
(9) Review and assessment for the appointment of executives or other key positions;
(10) Compliances with the employment agreement work rules, regulations and orders of the Company;
(11) Record and management of data concerning employees’ leaves and
entitlement;
(12) Performance review and job assessment;
(13) Grant of scholarships and internship;
(14) Arrangements relating to termination or expiration of the employment agreement between the Company and employee, including retirement;
(15) Organisation of activities by internal and external personnel;
(16) Arrangement in relation to any internal and external trainings, license acquisition, projects or employees’ or agents’ capacity development programs, including issuance of training certificates or licenses;
(17) Communications and announcements to employees related to the performance of contract via any communication channels;
(18) Use of any third-party services to perform the duties under the contract between you and the Company
(19) Preparation of Power of Attorney;
(20) Preparation of salary certificate, income statement, work certificate, or other certificates concerning employment, agency, or other types of service agreements;
(21) The analysis, evaluation, and report preparation through the Company’s system for considering performance and improving employee’s work efficiency;
(22) The collection, use or disclosure of your personal data provided to the Company and/or the companies in SCBX Group for the purpose of analysing and summarizing the overall Employee Survey, as well as for the benefit of managing human resources within SCBX Group; and
(23) The disclosure of your employment status to third parties via telephone or other channels, based on specific prior requests you have submitted to the Company on a case-by-case basis.
(24) Preparation of employee profile for any project proposals to customers.
1.3. Legitimate interests of the Company
The Company relies on the legitimate interests by balancing the nature of your personal data that the Company collects, uses and discloses with the normal reasonable expectations and provide safeguards to reduce any negative impacts on your fundamental rights and freedoms. This may include processing your personal data to:
(1) Use personal data of non-applicants during the process of recruitment, interview and assessment of applicants, including to store the personal data of the beneficiaries of employees;
(2) Perform duties under a contract between the Company and another person, where your personal data is necessary but you are not a contractual party;
(3) Record and keep personal data on the Company’s internal storage system;
(4) Enhance staff knowledge and capabilities including relevant management and planning for corporate structuring projects;
(5) Pursue safety and business continuity measures of the Company, the companies within SCBX Group (as listed at https://www.scbx.com/en/affiliates-financial-business-group/, and SCBX Group as a whole, including governance, auditing, risk management regarding internal personnel, and reporting operational incidents;
(6) Conduct employee and agent background check of the companies within SCBX Group and SCBX Group as a whole;
(7) Perform the Company’s accounting, financial, or other internal management operations;
(8) Undertake measures and actions towards surveillance, prevention, investigation, complaint handling, investigation of suspicious behaviours, or fraudulent behaviours, money laundering, and terrorism misconduct, including actions to prevent such incidents;
(9) Undertake and record of disciplinary action, make criminal report, give statements or information to the police, competence officer, court and other competent authorities;
(10) Take action relating to disputes, dispute resolution including establish, exercise, or defend the legal claim;
(11) Provide and disclose of information regarding employee status, employment information, human resource management, salary framework development, benefits, compensation, and employee welfare to third parties, such as companies within SCBX Group, etc., for the purpose of analysis and improvement to ensure alignment with the policies and standards of the companies in SCBX Group;
(12) Prepare reports for the Company’s internal departments including questionnaires, collecting, and analysing various data to support the work within the organisation or for planning, management, implementation of administrative measures, workforce development, or any related activities;
(13) Make travel and accommodations or other facilities arrangements for employees, such as ticket and hotel reservations, meals, etc.;
(14) Communicate with and make announcement to employees via any channels. This includes conversations conducted through channels established by the Company utilizing current or future technologies possessed by the Company, such as Chatbots, etc.; and
(15) Membership process for cooperatives and cremation fund
1.4. Consent
Normally, the Company will not collect, use or disclose your personal data if the Company does not have any lawful bases to do so. However, if necessary, the Company will ask for your consent to collect, use or disclose your personal data for your benefits the following purposes:
(1) The Company deems it necessary to collect and use sensitive personal data, for example, for the purposes of authentication (identity verification), criminal record checks, or providing health-related benefits and welfare to employees, etc.;
(2) Checking the background of employees or agents within SCBX Group (in cases where consent is required under the PDPA);
(3) Sending or transferring your personal data and sensitive personal data internationally, where the standards for personal data protection may be inadequate (unless the PDPA permits such action under other legal bases or without obtaining consent); and
(4) When the data subject is classified as a minor, quasi-incompetent or incompetent whose consent must be given by their parent, guardian or curator (as the case may be).
1.5. Other lawful bases
Apart from the above lawful bases, other lawful bases that the Company may rely on the following bases when collecting, using or disclosing your personal:
(1) Prepare historical documents or archives for the public interest, or purposes relating to research or statistics;
(2) Believe that the use of your personal data is of vital interest or to prevent or suppress a danger to a person’s life, body or health; or
(3) Believe that the use of your personal data is necessary to carry out a public task, or exercise official authority.
In addition, the Company may utilize technologies currently possessed or to be acquired in the future for the collection, use, or disclosure of your personal data in accordance with the purposes stated in clauses 1.1 – 1.5 above, including, but not limited to, Artificial Intelligence (“AI”), Generative AI Usage, such as AI Chatbot technology, Cloud Computing, etc.
Furthermore, the Company may establish the system(s) to support operations and business activities for shared use within SCBX Group and may collect, use, or disclose your personal data held by the Company and the companies in SCBX Group through such system(s) in accordance with the PDPA.
2. What personal data the Company collects
The personal data that the Company collects may vary depending on the objectives and necessities and may include both general and sensitive personal data.
Your personal data that the Company collects, uses, and discloses are as follows:
| Category | Examples of personal data |
|---|---|
| Personal details |
|
| Contact details |
|
| Identification and Authentication details |
|
| Employment details |
|
| Welfares and benefits |
Information relating to:
|
| Geographic information and information relating to your devices and software |
|
| Investigation data |
|
| User login and subscription data |
|
| Information concerning security and information required to support our regulatory obligations |
|
| Sensitive personal data |
|
| Other information |
|
3. Sources of your personal data
Normally, the Company will collect your personal data directly from you. The Company sometimes may get it from other sources, in which case the Company will ensure that our sources of your personal data comply with the PDPA.
Personal data that the Company collects from other sources may include:
(1) Information you have asked the Company to collect for you, e.g. information about your accounts or property holdings with other companies including transactional information. etc.;
(2) Information of any persons relevant to you (e.g. your family, relatives, job, or scholarship guarantor) that is necessary for the Company to proceed with the relevant employment, benefits and welfare purposes;
(3) Information from third-party service providers and/or governmental authorities, e.g. information that helps us to combat fraud or information related to your social interactions (including your communications on social media, with individuals, organisations, clearing houses, custodians, and any other stakeholders, obtained from the companies from which information is collected);
(4) Information from our trusted business partners or other third parties involved in your transactions;
(5) If information arises out of your insurance policy or claims thereunder, the Company may also collect:
(a) Information about your medical records obtained through an agreement or with your consent;
(b) Information about your insurance claims history;
(c) Information from other parties involved in your insurance policy or claim;
(d) Information from publicly available sources.
(6) Information from CCTV and surveillance devices; or
(7) Information from companies in SCBX Group, relating to your work or engagement.
Other than the above-mentioned information, the Company may collect personal data of the following third parties from you:
• Emergency contact;
• Guardian, family members or other individuals who have relationship with you;
• Beneficiaries to receive welfares from the Company; and
• Persons who you refer to in the job application or contract with the Company.
By providing the personal data of the above-mentioned parties, you have the obligation to inform the data subjects of the details of the collection, use and disclosure to the Company.
4. Your rights
PDPA aims to give you more control of your personal data. You have legal rights concerning your personal data. These rights include:
4.1 Right to access and obtain copy
You have the right to access and obtain your personal data held by the Company, except in the case where the Company is entitled to reject your request under the law or a court order, or where your request may affect the rights and freedoms of other persons.
4.2 Right to rectification
You have the right to rectify your personal data to be up-to-date, complete, accurate at any time.
4.3 Right to erasure
You have the right to request the Company to delete, destroy or anonymize your personal data, except in the case where the Company has the legal grounds to deny your request.
4.4 Right to restrict
You have the right to request the Company to restrict the processing of your personal data under certain circumstances, for example when your personal data is pending examination process to rectify your personal data, or when it is no longer necessary for the Company to retain the personal data.
4.5 Right to object
You have the right to object to the processing of your personal data, except in the case where the Company has compelling legitimate grounds which may override your own interests, or when the processing of your personal data is carried out to comply with, exercise or defend legal claims, or if such personal data processing is necessary for the performance of a task carried out under public interests.
4.6 Right to data portability
You have the right to request that the Company transfer your personal data to any third parties, or request to obtain your personal data that the Company has transferred to any third parties provided that it is technically feasible.
4.7 Right to withdraw consent
You have the right to withdraw your consent given to the Company at any time according to steps and procedures prescribed by the Company, except where such consent, by its nature, is non-withdrawable. Nevertheless, the withdrawal of your consent shall not affect the collection, use or disclosure of your personal data to which you already consented prior to the said consent withdrawal.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office to receive a fair remedial action.
5. How the Company shares your personal data
The Company may disclose your personal data to the following third parties or organisations under the rules prescribed by the PDPA:
(1) Companies in SCBX Group, business partners and/or other persons that the Company has legal relationship with, including directors, management, employees, workers, contractors, authorised persons and consultants of such persons;
(2) The Company’s customers or service receivers, where the disclosure is necessary for you to perform your duties, or it has other lawful bases to do so;
(3) Business partners, agents, third party service providers and other entities (e.g. external auditors, depositories, document warehouses providers, IT service providers), provided that the disclosure of your personal data must have a specific purpose, and is made on lawful basis, as well as is subject to appropriate security measures;
(4) Any relevant persons as a result of activities relating to sales claims and/or assets, corporate restructuring or merger of the Company where the Company may transfer their rights to such merged entity including any persons with whom the Company is required to share data for a proposed sale claims and/or assets, corporate restructuring, merger, financial arrangement, asset disposal or other transaction relating to the Company’s business and/or assets used in its business operation;
(5) Legal counsel, attorneys, fraud prevention agencies, courts or governmental authorities or any person with whom the Company is required or permitted by law and other relevant regulations, court orders or other authorities, to disclose the personal data;
(6) Third-party guarantors or other persons that provide benefits or services to you (such as insurance company relevant to work, products, or services;
(7) Your attorney-in-fact, legal representatives, sub-attorneys, or any other authorised persons or representatives legally empowered or entitled to use your account; and
(8) Governmental agencies, state enterprises, state agencies relating to the disclosure of your personal data in accordance with the law and/or regulatory authority (e.g. the Department of Labour, Legal Execution Department, Education Loan Fund, the Bank of Thailand, the Securities and Exchange Commission, the Office of the Insurance Commission or the Ministry of Digital Economy and Society).
6. International transfer of personal data
In case where it is necessary for the Company to transfer your personal data internationally, the Company will use its best efforts to send or transfer your personal data to reliable business partners, service providers or recipients of the Company in the safest way to keep your personal data secure, including the following circumstance:
(1) It is required by law;
(2) In the event that the destination country does not have adequate personal data protection standards, we will ensure that the sending or transfer of personal data complies with the requirements of the PDPA, and will implement measures for personal data protection deemed necessary and appropriate to ensure that your personal data is protected under standards equivalent to those in Thailand, such as entering into agreements with the data recipient to stipulate personal data protection with adequate security;
(3) It is necessary for the performance of a contract to which you are a party or in accordance with application/request prior to execution of contract;
(4) It is necessary to comply with a contract between the Company and other
individual or juristic parties, for your own interest;
(5) It is for a vital interest or it is to prevent or suppress a danger to a person’s life, body or health and you’re incapable of giving consent at such time; or
(6) The Company needs to carry out activities relating to the public interest.
7. Retention period of personal data
The Company will keep your personal data for as long as you still have the relationship with the Company as our employee, service provider, contractor under the employment agreement, service agreement, hire of work agreement, agency contract, or other agreements of the same kind that you have entered into with the Company. The Company will only keep your personal data for a period of time that is appropriate for the type of personal data and the purpose the Company holds it for in accordance with the PDPA.
The period of time that the Company retains your personal data is corresponding to the prescription period and law enforcement period under the laws. However, the Company may retain your personal data after the expiration of such period if the Company is obligated to do so under the laws, or if any existing claims or complaints will reasonably require the Company to keep your personal data, or for regulatory or technical reasons, whereby if the Company is required to keep your personal information for a longer period of time, the Company will continue to keep your personal data secure.
Apart from this, the Company may need to retain CCTV surveillance in our offices, branches or at ATM machines, records of visitors to our premises, and voice recordings to prevent fraud and for security reason, including to investigate any suspicious transactions at the request of our customers or related persons to validate those transactions.
8. Cookies
The Company may collect cookies and similar technologies when you use our systems, products and/or services, including when you use our websites for the operations and the Company’s services, electronic systems, to make transactions through internet banking, or applications of the Company.
The collection of cookies and similar technologies helps the Company to recognise you and your preferences, and customise our services to your needs. The Company may use cookies for a number of purposes, such as improving your online experience, as well as our understandings of how you interact with our e-mails, and allowing us to improve our communications with you, particularly, to ensure that online media displayed to you will be more relevant to you and of your interests.
9. Use of personal data according to the original purposes
The Company has the right to collect, use and disclose your personal information that the Company has collected before the enforcement of the PDPA if the collection, use and disclose are for the original purposes. If you do not wish the Company to collect and use such personal data, please inform the Company to withdraw your consent at any time.
10. Security
The Company has implemented different measures to ensure that your personal data is secure, such as data encryption, and also requires our staff and third-party contractors to follow our applicable privacy standards and policies and exercise due care and implement appropriate security measures when processing personal data.
11. How to contact us
In the event that you are the Company’s employee, if you have any questions regarding the Privacy Notice of the Company or wish to exercise your rights, please contact the Company via: HR@scbtechx.io
Alternatively, you may contact or exercise your rights via the following channels: email at tx.dpo@scbtechx.io or SCB Tech X Company Limited, office located at 21st Floor, SCB Park Plaza, West B Tower, No. 19, Ratchadapisek Road, Chatuchak Sub-district, Chatuchak District, Bangkok 10900.
12. Changes to this Privacy Notice
The Company may change or update this Privacy Notice from time to time by notification or announcement of the revised Privacy Notice on our website https://scbtechx.io
© Copyright 2021 SCB Tech X Company Limited. All rights reserved.
If you want to message us, please give your consent to SCB TechX to collect, use, and/or disclose your personal data.
