Bangkok Bank Public Company Limited (the “Bank”) intends to provide you with quality services in order to meet your expectations. The Bank realizes the importance of the protection of your personal data and compliance with relevant laws and regulations. The Bank has provided this Privacy Notice to inform you of personal data protection and your rights as the data subject of personal data.
The Bank would like to inform you, as the data subject, who are (1) a person interacting with the Bank whether you are a current, former or prospective customer of the Bank, (2) an employee, staff, officer, representative, shareholder, director, contact person, agent, or a person related to a juristic person or a person as mentioned in (1) above, a trust or a group of persons interacting with the Bank, whether it is a current, former, or prospective customer of the Bank, (3) a person, whether a current, former or prospective shareholder of the Bank, or a person related thereto, or (4) a person, whether a current, former, prospective director of the Bank or a nominee for the Bank’s director, or a person related to the Bank’s director or the nominee for the Bank’s director, about the protection of your personal data that the Bank obtains or will obtain from business operation and service provisions through branches, websites, telephones, electronic channels, applications, social media or other sources, to ensure you that the Bank will maintain your personal data and will collect, use or disclose your personal data where the Bank deems necessary, accurate and appropriate, and to notify you of your rights as the data subject of personal data as specified in this Privacy Notice.
1. Personal data of the data subject to be collected, used and disclosed by the Bank are as follows:
1.1 Data that can identify the data subject whether directly or indirectly
(1) Personal information
, namely, name-surname, gender, date of birth, age, information stated or recorded in documents, such as national identification card, passport, securities holder number, residence certificate, alien identification card, work permit, social security card, driving license, car registration book, or house registration, signature, taxpayer identification number, information about family members, facial photograph
, education, occupation, status, membership, work history, other benefits other than compensation for work, information relating to insurance,
(2) Contact information with the Bank
, namely, the address of house registration, address for document delivery, electronic mail address (Email address), home telephone number, mobile phone number, facsimile number, name or account of applications or digital channels, such as LINE, Google, Facebook, YouTube, Twitter, WhatsApp or WeChat, information of contact person provided to the Bank,
(3) Financial and transaction information with the Bank
, namely, deposit account number, investment account number, credit card number, debit card number, type of credit and debit card, deposit account statement, transaction information made through electronic card or via electronic or digital channels, income and expenditure information, credit information, credit rating information, debt payment information, asset information, financial status information, risk assessment information (such as information relating to suitability test for investment or financial transaction, investment ability, debt settlement, or performance under a service agreement), information generated from analysis of the personal data, information about an act or accusation of an offense, prosecution and execution information, information relating to insurance or investments through the Bank, making payment or receiving payment information, information for compliance with Anti-Money Laundering law and Foreign Account Tax Compliance Act (FATCA), any other information related to the use of or request for services and transactions with the Bank,
(4) Contact information with the Bank
, namely, information received by the Bank through branches, telephones, electronic or digital channels, social media, information from CCTV and on-site services which may be displayed or recorded in written form, recording tape or record of transactions, photos or motion images,
(5) Technical information
, namely, Internet Protocol (IP address), Media Access Control (MAC) address, the identification code affixed to the device connected to the network and the network (MAC address), log, device ID, Application Programming Interface (API), cookies, type and version of Plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from the use of the platform, application and operating system of the Bank,
(6) Usage information
, namely, username, password, search information, visitation statistics, active menu, time spent on the website, platform, and application, timestamp of last click, favorite menu, Q&A, log file, communication information with the Bank,
(7) Behavioral information
, namely, information relating to personal interests or preferences, and characteristic of use or utilization of services;
1.2 Sensitive personal data
that the Bank must obtain consent from you before collecting the sensitive personal data, namely, biometric data (for example, facial recognition
, fingerprint recognition, iris and voice recognition data), religions, criminal records, data concerning health or any other data as prescribed by the Personal Data Protection Committee.
2. Purposes of the collection, use and disclosure of your personal data
The Bank will collect, use and disclose your personal data in accordance with the law, that is necessity for (1) the performance of a contract or a request you made to the Bank in order to comply with such contract or request, (2) legal obligations to comply with a law to which the Bank is subjected, (3) legitimate interest of the Bank or other persons or juristic persons, (4) necessity for preventing a danger to a person’s life, body or health, (5) necessity for the public interest, a task carried out in the public interest or the exercising of official authorities, or (6) your consent where any legal basis specified in (1) to (5) cannot be relied on, for the following purposes:
2.1 to contact, communicate or provide information related to or in connection with products or services that you use or will use with the Bank;
2.2 to process in accordance with the agreement as stated in your request or agreement made to the Bank, or in connection with such request or agreement, such as document delivery and debt collection, including compliance with an agreement made between the Bank and other person where necessary and related to services provided to you;
2.3 to manage your relationship with the Bank and to conduct details or record of your use of services for providing further service to you;
2.4 to manage the information of corporate customers or trusts which may contain your personal data;
2.5 to comply with relevant laws and regulations;
2.6 to identify and verify your identity in accordance with the Know Your Customer process of the Bank, including checking your information, and monitoring such verification as required by law and the Bank;
2.7 to take any action as required, requested or recommended by regulatory agencies oversighting the business conduct of the Bank, such as protecting vulnerable customers from certain restrictions or protecting elderly customers from engaging in certain types of transaction, and damage control;
2.8 to manage and administer the Bank's internal processes, such as supervising, improving and auditing the Bank's internal operations;
2.9 to manage or organize the risks, such as
(1) prevention, handling or mitigation of risks that may arise from illegal actions and may occur to you, the Bank's customers, the Bank’s staffs and the Bank itself by considering that information for improving the security system related to the use of channels, the operation system and the security system in the information technology operation of the Bank;
(2) security, such as video recording of visitors or customers of the Bank through closed-circuit television (CCTV) and identity card exchange before building entrance for security within the Bank’s premises;
(3) risk management related to a course of business of financial institutions, such as credit risk, operational risk, legal risk, liquidity risk and market risk;
2.10 to provide and suggest products, services and service options to you, as well as including advertising, communicating, notifying, offering or presenting privileges benefits, rewards or information about products or services of the Bank, companies in the Bank's financial group or business partners that may be of interest to you, or organizing events and promotions, participation in the sweepstakes, or drawing prize for you;
2.11 to inspect the use of services or transactions according to your instruction or your counter party’s instruction;
2.12 to manage services and complaints, such as checking financial service transactions, inaccurate financial transaction, transmission of information within the Bank or between the Bank and other parties, or accommodating customer complaints, compensation, or using information to improve the work process on such matters;
2.13 to conduct statistical analysis or research related to a course of business of the Bank and companies in the Bank's financial group;
2.14 to conduct strategic adjustment, benefit protection, or performance evaluation or service provision evaluation of the Bank;
2.15 to evaluate, develop and improve products or services of the Bank, or to exercise the Bank's rights (such as credit scoring, behavior scoring, and market surveys), and may disclose information from such analysis to you for your financial planning or utilization of other services of the Bank, or to companies within the Bank's financial group or business partners;
2.16 to organize campaigns or promotional activities, meetings, seminars, recreation and company site visits as well as to record information or photographs for publication or advertisement and to perform and comply with applicable laws;
2.17 to store data in the cloud storage and in other systems used by the Bank;
2.18 to perform the Bank’s obligations in accordance with terms and conditions set out in an agreement to which the Bank is a party or to enforce legal or contractual rights of the Bank; and
2.19 to connect to or facilitate the access to website, applications and platforms of the Bank or other persons.
2.20 to perform personal background check as necessary or relevant to the consideration on your qualification as required by laws and specified by the Bank;
2.21 to act as representative, perform its obligation, execute, or carry out any action in relation to a course of business of the Bank; or
2.22 to manage any matter related to securities holders or proxies, attorneys or members of provident fund as well as to perform its obligations as a securities issuer, or a business operator in relation to or in connection with securities business, or a contracting party with a securities issuer, or a business operator in relation to or in connection with securities business.
The collection, use or disclosure of your personal data includes sending or transferring your personal data overseas that the Bank proceeds in accordance with the aforementioned purposes and legal basis.
3. Persons or entities whom the Bank may disclose your personal data to
The Bank may be required to disclose your personal data to the following persons or entities located in Thailand or overseas in order to achieve the purposes stated in this Privacy Notice, namely:
3.1 The companies within the Bank's financial group
as published on the Bank's website, including Bualuang Asset Management Company Limited, Bualuang Securities Public Company Limited, Bangkok Capital Asset Management Company Limited, Sinnsuptawee Asset Management Company Limited and Bualuang Ventures Company Limited.
3.2 The Bank's business partners
, such as business partners of the Bank relating to financial, banking, service provision, investment, marketing, transportation, telecommunication, healthcare, insurance or life insurance companies, or any person involved in any promotion or loyalty program, data analytic, platform provider or person whose name or logo appears in the agreement, electronic card, website or other service channels of the Bank.
3.3 Persons involved in service provision of the Bank
, such as intermediaries in banking transactions, settlement or payment service providers, the Bank’s service partners, outsource service providers, operators or sellers of goods or services to the Bank or banking agents both domestically and internationally to which the Bank is a contracting party, such as infrastructure development service providers, internet network service providers, telecommunication and communication service providers, technical infrastructure providers, electronic system development or information technology providers, logistics and warehousing service providers, cloud service providers, service providers for research and data analytics, communication service providers, survey service providers, event and activities organizers, identity verification system service providers, Dip Chip service providers, identity verification service providers, credit rating institute, courier service providers, card printing and information recording in electronic card service providers, selling agents for the Bank's financial products or services, and security or fraud prevention service providers.
3.4 Persons or competent authorities
, the Bank may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, state enterprises, regulatory authorities, or in any case where the Bank believes that such disclosure is necessary to comply with the law, to protect the rights of the Bank or other persons, the safety of any person, to prevent, investigate or handle fraud, security or safety in various areas.
3.5 The Bank’s advisors
, such as financial advisor, legal advisor, technical consultant and auditor.
3.6 Assignees of the Bank’s rights, obligations and legal claims
, including any person involved in corporate restructuring, business transfer, investment, merger and acquisition, purchase or sale of assets, shares, or businesses provided that such person will comply with this Privacy Notice as well.
3.7 Other persons related to you
, such as owners of a joint deposit account, joint debtors, trustees, beneficiaries, estate administrators, authorized persons, guarantors or any person who place assets as collateral for your debt payment to the Bank.
3.8 Associations, organizations, clubs and agencies
, such as the Thai Bankers' Association, Lawyers Clubs, Bank and Financial Institution Internal Auditors Club, and Credit Card Club.
3.9 Websites and social media
, such as Facebook, Google, or Instagram.
4. Retention of your personal data and retention period of your personal data
4.1 Retention of your personal data
The Bank has established security measures for personal data both in form of document and electronic to prevent unauthorized or unlawful loss, access to, use, alteration, correction or disclosure of personal data.
4.2 Retention period of your personal data
The Bank will collect your personal data for the purposes stated by the Bank in this Privacy Notice to the extent necessary as long as required by law, and for a maximum period of 10 years from the cessation date of your relationship with the Bank unless the Bank is required otherwise by law or such personal data is data that cannot be deleted or destroyed due to technical limitations.
5. Sending your personal data overseas
In the event that the Bank has a necessity to send or transfer your personal data to a person overseas, such as your counter party or the Bank's counter party, the Bank’s representative, the Bank’s overseas branches, the Bank’s affiliates and subsidiaries, international agency or organization where the recipient country may have inadequate data protection standard as required by law. In such cases, the Bank will provide appropriate measures to ensure that your personal data sent to the recipient is secure.
6. The data collection through the Bank’s website system
7. Rights of the data subject
You, as the data subject, have the rights as follows:
7.1 Right to request access and obtain a copy of personal data
You have the right to request access to and obtain a copy of personal data related to you which is under the Bank's responsibility or to request the Bank to disclose the acquisition of the personal data obtained by the Bank without your consent.
7.2 Right to obtain or send or transfer personal data to another data controller
You have the right to receive personal data related to you which you provided to the Bank on the basis of your consent, the necessity for the performance of a contract or a request you made to the Bank, or requirement as prescribed by the Personal Data Protection Committee. In the event that the Bank has arranged such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you are also entitled to (1) request the Bank to send or transfer personal data in such formats to other data controller if it can be done by automated means; and (2) request to directly obtain personal data in such formats that the Bank sends or transfers to other data controller, unless it is impossible to do so because of technical circumstances.
7.3 Right to object
You have the right to object to the Bank’s collection, use or disclosure of your personal data in the event that (1) the Bank collects your personal data for the purposes of the necessity for a performance of a task carried out in the public interest by the Bank, or the exercising of official authorities, or for the legitimate interest of the Bank or other persons or juristic persons, (2) the Bank collects, uses or discloses your personal data for the purpose of direct marketing, or (3) the Bank collects, uses or discloses your personal data for the scientific, historical or statistic research purposes unless it is necessary to perform a task carried out for public interest by the Bank.
7.4 Right to erase or destroy the personal data
You have the right to request the Bank to erase, destroy or anonymize your personal data to become the anonymous data which cannot identify your identity where (1) your personal data is no longer necessary for the Bank to collect according to the purposes herein, (2) you withdraw your consent and the Bank has no other legal basis to collect, use or disclose such personal data, (3) you object to the collection, use, and disclosure of your personal data collected by the Bank for the purposes of the necessity for a performance of a task carried out in the public interest by the Bank, or the exercising of official authorities, or for the legitimate interest of the Bank or other persons or juristic persons and the Bank cannot reject such objection, (4) you object the collection, use or disclosure of your personal data for direct marketing purposes, or (5) your personal data has been unlawfully collected, used or disclosed, unless the Bank is obliged to collect your personal data for the purpose for compliance with the law, the establishment of legal claims or the exercise or defense of legal claims of the Bank.
7.5 Right to restrict the use of personal data
You have the right to request the Bank to restrict the use of your personal data where (1) the Bank is pending examination process in accordance with a request to rectify your personal data to be accurate and up-to-date, (2) the Bank collects, uses or discloses your personal data unlawfully, (3) it is not necessary for the Bank to collect, use or disclose your personal data for any purposes, but you request the Bank to collect your personal data for your legal interest, or (4) you request the Bank to temporarily restrict the use of your personal data because the Bank is pending verification or examination with regard to your objection request.
7.6 Right to rectification
You have the right to request the Bank to rectify your personal data to be accurate, up-to-date, complete and not misleading.
7.7 Right to withdraw the consent
You have the right to withdraw your consent given to the Bank for the collection, use and disclosure of your personal data at any time.
7.8 Right to revoke the consent
You are informed that you have the right to revoke your consent for the collection of personal data by the Bank before the Personal Data Protection Act B.E. 2562 comes into effect by submitting a request for revocation of consent to the branch or unit of the Bank that is the main branch or unit that you use or have used service.
7.9 Right to lodge a complaint
You have the right to lodge a complaint to a competent authority or legal authority in the event that the Bank or its data processor, including employees or contractors of the Bank or such data processor, violates or does not comply with personal data protection law.
If you wish to exercise any rights with regard to Clauses 7.1 to 7.7 set forth above, you can submit a request to the Bank through the Bank's branches or any other channels specified by the Bank. Once the Bank receives your request, the Bank will examine your request in accordance with the conditions prescribed by law, complete your request, and notify you of the result of the examination and completion of the request within 30 days from the date of receipt of all request and supporting documents.
If you exercise the rights of data subject, you may not be able to receive certain services from the Bank while the Bank is pending verification or examination of your request.
The Bank will not charge a fee for exercising the right, unless the Bank deems your request excessive or unreasonable that the Bank may charge a fee to process your request according to the rate announced by the Bank.
Provided that you may request to exercise your rights from the date the Personal Data Protection Act B.E. 2562 comes into effect onwards.
8. Changes to this Privacy Notice
The Bank may amend this Privacy Notice from time to time as appropriate. The Bank will notify you of such change through the Bank's branches, websites and applications, and the Bank would encourage you to read and check the details in Privacy Notice every time when such changes are made.
9. Contact information
If you wish to contact or would like to have more information or explanation for the collection, use and disclosure of your personal data, and exercise the rights of the data subject as specified in this Privacy Notice, you can contact the Bank at the branch or unit that is the main branch or unit that you use or have used service.
Furthermore, you can contact our Data Protection Officer or Data Protection Office through email address: firstname.lastname@example.org
or our Head Office of the Bank at 333 Silom Road, Silom Subdistrict, Bangrak District, Bangkok 10500.
Updated September 2022