Bangkok Bank Public Company Limited (“Bank”) intends to provide you with quality services in order to meet your expectations. The Bank realizes the importance of the protection of your personal data and compliance with relevant laws and regulations. The Bank has prepared this Privacy Notice to inform you, as the data subject, of personal data protection and data subject rights.
The Bank would like to inform you, as the data subject, who are (1) a person interacting with the Bank whether you are a former, existing or prospective customer of the Bank, or (2) an employee, staff, officer, representative, shareholder, director, contact person, agent, person related to a juristic person or a person as mentioned in (1) above, a trust or a group of persons interacting with the Bank, whether it is a former, existing or prospective customer of the Bank, about the protection of your personal data that the Bank receives or will receive from operating business and providing services through branches, websites, telephones, electronic channels, applications, social media or other sources, to assure you that the Bank will take care of your personal information, and will collect, use or disclose your personal information only if the Bank deems it necessary, correct and appropriate, and to notify you of data subject rights as stipulated in this Privacy Notice.
1. Your Personal Data to be Collect, Used, and Disclosed by the Bank
The Bank will collect, use and disclose the personal data that you provide to the Bank, and that the Bank receives from your use of the service, as well as that the Bank receives from other sources as necessary and appropriate for providing services to you. The said data can be classified as follows:
1.1 Data that can identify you, whether directly or indirectly
(1) Personal information
, namely, name-surname, gender, date of birth, age, information stated or recorded in documents, such as national identification card, passport, residence certificate, alien identification card, work permit, social security card, driving license, car registration book, or household registration, signature, taxpayer identification number, marital status, information about family members, facial photograph, education, occupation, work history, other benefits other than compensation for work, information relating to insurance,
(2) Contact information
, namely, the address of the household registration, address for document delivery, electronic mail address (Email Address), home telephone number, mobile phone number, facsimile number, name or account for applications or digital channels, such as LINE, Google, Facebook, YouTube, Twitter, WhatsApp or WeChat, information of contact person provided to the Bank,
(3) Financial and transaction information with the Bank
, namely, deposit account number, investment account number, credit card number, debit card number, type of credit and debit card, deposit account statement, transaction information made through electronic card or via electronic or digital channels, income and expenditure information, credit information, credit rating information, debt payment information, asset information, financial status information, risk assessment information (such as information relating to suitability test for investment or financial transaction, investment ability, debt settlement, or performance under a service agreement), information generated from analysis of your personal data, information about an act or accusation of an offense, prosecution and execution information, information relating to insurance or investments through the Bank, making payment or receiving payment information, information for compliance with Anti-Money Laundering and Foreign Account Tax Compliance Act (FATCA), any other information related to your use of or request for services and transactions with the Bank,
(4) Information about your contact with the Bank
, namely, information received by the Bank through branches, telephones, electronic or digital channels, social media, information from CCTV and on-site services which may be displayed or recorded in written form, recording tape or record of transactions, photos or motion images,
(5) Technical information
, namely, Internet Protocol (IP address), Media Access Control (MAC) address, the identification code affixed to the device connected to the network and the network (MAC Address), log, device ID, Application Programming Interface (API), Cookies, type and version of Plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from your use of the platform, application and operating system of the Bank,
(6) Usage information
, namely, username, password, search information, visitation statistics, active menu, time you spent on the website, platform, and application, timestamp of last click, favorites, Q&A, log file, communication information between you and the Bank,
(7) Behavioral information
, namely, information relating to your personal interests or preferences, and characteristic of use or utilization of services
1.2 Sensitive personal data
that the Bank must obtain consent from the data subject before collecting sensitive personal data, as it is information about racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, data concerning heath, disability, trade union information, and biometric data (for example, facial recognition, fingerprint recognition, iris and voice recognition data), or any other data as prescribed by the Personal Data Protection Committee.
2. Purposes of the collection, use and disclosure of your personal data
The Bank will collect, use and disclose your personal data in accordance with the law, which is (1) necessity for the performance of a contract or request you made to the Bank in order to comply with such contract or request, (2) necessity for legal obligations which the Bank must comply with, (3) necessity for legitimate interest of the Bank or any other persons or juristic persons, (4) necessity for preventing or suppressing a danger to a person’s life, body or health, (5) necessity for the public interest, task carried out in the public interest or the exercising of official authorities, or (6) your consent, in case where the Bank cannot rely on any legal basis specified in (1) to (5), for the following purposes:
2.1 contacting, communication or providing information related to or in connection with the products or services that you use or will use with the Bank;
2.2 performing the Bank’s obligations as stated in your request or agreement made to the Bank, or in connection with such request or agreement, such as the document delivery and debt collection, including compliance with an agreement made between the Bank and other person which is necessary and related to services provided to you;
2.3 managing your relationship with the Bank, and to conduct details or record of your use of service for providing further service to you;
2.4 managing the information of corporate customers or trusts which may contain your personal data;
2.5 compliance with relevant laws and regulations;
2.6 identifying and verifying your identity in accordance with the Know Your Customer procedure of the Bank, including verifying your information, and auditing such verification as required by the law and the Bank;
2.7 taking any action as required or recommended by the banking regulatory authorities, such as protecting vulnerable customers from certain restrictions or protecting elderly customers from engaging in certain types of transaction, and damage control;
2.8 managing and administrating the Bank's internal operations, such as supervising, improving and auditing the Bank's internal operations;
2.9 managing and dealing with the risks, such as;
(1) preventing, dealing with, or mitigating risks that may arise from illegal actions and occur to you, the Bank's customers, staffs and the Bank, by using those information for improving security system related to the use of various channels, the work system and the security system in the Bank's information technology operation;
(2) security, such as video recording of visitors or customers with the Bank through closed circuit camera TV (CCTV) and identity card exchange before entering a building for the purpose of security within the Bank’s area;
(3) risk management related to a course of business of financial institutions, such as credit risk, operational risk, legal risk, liquidity risk and market risk;
2.10 providing and offering products, services and service options to you, including public relations, communication, notification, giving or presenting privileges benefits, rewards or information about products or services of the Bank, companies in the Bank's financial business group or business partners that may be of your interests, organizing events and promotions, participation in the sweepstakes, or drawing prize for you;
2.11 inspecting the use of services or transactions according to your instruction or your counter party’s instruction;
2.12 managing services and complaints, such as reviewing financial service transactions, inaccurate financial transaction, transmission of information within the Bank or between the Bank and other parties, or accommodating customer complaints, compensation, or using information to improve the work process on such matters;
2.13 statistical analysis or research related to a course of business of the Bank and companies in the Bank's financial business group;
2.14 strategic adjustment, protecting benefit, or evaluating the performance or providing services of the Bank;
2.15 evaluating, developing and improving products or services of the Bank, or exercising the Bank's rights (such as credit scoring, behavior scoring, and market surveys), and disclosing information generated from such analysis to you for your financial planning or utilization of other services of the Bank, or to companies within the Bank's financial business group or business partners;
2.16 organizing projects or promotional activities, meetings, seminars, recreation and company visits;
2.17 storing data in the cloud storage and in other systems used by the Bank;
2.18 performing the Bank’s obligations under terms and conditions stated in an agreement to which the Bank is a party or enforcing legal or contractual rights of the Bank; and
2.19 connecting to or facilitating the access to website, applications and platforms of the Bank or other persons.
The collection, use or disclosure including sending or transferring of your personal data overseas, the Bank proceeds your personal data in accordance with the aforementioned purposes and legal basis.
3. Persons or entities whom the Bank may disclose your personal data to
The Bank may be required to disclose your personal data to following persons or entities located in Thailand or overseas in order to achieve the purposes stated in this Privacy Notice, namely:
3.1 The companies within the Bank's financial business group
as published on the Bank's website, including, Bualuang Asset Management Company Limited, Bualuang Securities Public Company Limited, Bangkok Capital Asset Management Company Limited, Sinnsuptawee Asset Management Company Limited and Bualuang Ventures Company Limited.
3.2 The Bank's business partners
, such as business partners of the Bank relating to financial, banking, service provider, investment, marketing, transportation, telecommunication, healthcare insurance or life insurance companies, or any person involved in any promotion or loyalty program, data analytic , platform provider or person whose name or logo appears in the agreement, electronic card, website or other service channels of the Bank.
3.3 Persons involved in providing services of the Bank
, such as those who act as intermediaries in banking transactions, settlement or payment service providers, the Bank’s service partners, outsource service providers, operators or sellers of goods or services to the Bank or banking agents both domestically and internationally to which the Bank is a contracting party, such as infrastructure development service providers, internet network service providers, telecommunication and communication service providers, technical infrastructure providers, electronic system development or information technology providers, logistics and warehousing service providers, cloud service providers, and service providers for research and data analytics, communication service providers, survey service providers, event and activities organizers, identity verification system service providers and Dip Chip service providers, identity verification service providers, credit rating institute, courier service providers, card printing and recording of information in electronic card service providers, the service providers who offers to sell the Bank's financial products or services and security, and fraud prevention service providers.
3.4 Persons or competent authorities
, the Bank may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, regulatory authorities, or the Bank believes that any action is necessary to comply with the law for protection the rights of the Bank or other persons, the safety of any person, prevention, investigation or dealing with fraud, security or safety in various areas.
3.5 The Bank’s advisors
, such as financial advisor, legal advisor, technical consultant and auditor.
3.6 Assignees of rights, obligations and legal claims of the Bank
, including those involved in corporate restructuring, business transfer, investment, mergers and acquisitions, purchase or sale of assets, shares, or businesses; such persons involved in such actions will comply with this Privacy Notice as well.
3.7 Other persons related to you
, such as owners of a joint deposit account, joint debtors, trustees, beneficiaries, estate administrators, authorized person, guarantors or any person who place assets as collateral for your debt payment to the Bank.
3.8 Associations, organizations, clubs and agencies
, such as the Thai Bankers' Association, Lawyers Clubs, Banks and Financial Institutions Internal Auditors Clubs, and Credit Card Club.
3.9 Websites and social media
, such as Facebook, Google, or Instagram.
4. Retention of your personal data and retention period of your personal data
4.1 Retention of your personal data
The Bank has established security measures for personal data protection both in document and electronic form in order to prevent loss, unauthorized or unlawful access, use, alteration, correction or disclosure of personal data.
4.2 Retention period of your personal data
The Bank will collect your personal data for the purposes notified you by the Bank as detailed in this Privacy Notice as long as required by law and for a maximum of 10 years from the cessation date of your relationship with the Bank, unless the Bank has other necessities as required by law or such personal data is data that cannot be deleted or destroyed due to technical limitations.
5. Sending your personal data overseas
In case that the Bank has a necessity to send or transfer your personal data to a person overseas, such as your counter party or the Bank's counter party, the Bank’s representative, the Bank’s overseas branches, the Bank’s affiliates and subsidiaries, international agency or organization where the recipient country may have inadequate standard for personal data protection as required by law. In such cases, the Bank will provide appropriate measures to ensure that your personal data sent to the recipient is sufficiently secure.
6. The data collection through the Bank’s website system
To access the Bank's website system, the Bank will automatically collect certain information from your use for the purposes stated in this Privacy Notice; for example, the Bank will use the information recorded or collected by cookies and similar technologies for statistical analysis, other activities of the website system, or the Bank's business, for purpose of enabling the Bank to provide you with a good experience when you browse website, as well as enhancing the efficiency and quality of the Bank's website system services.
7. Rights of the data subject
You, as the data subject, have the rights as follows:
7.1 Right to request access and obtain a copy of personal data
You have the right to request access to and obtain a copy of your personal data related to you which is under the Bank's responsibility or to request the Bank to disclose the acquisition of such personal data obtained by the Bank without your consent.
7.2 Right to obtain or send or transfer personal data to another data controller
You have the right to obtain your personal data about you, if such personal data collected by the Bank based on your consent, on necessity for the performance of a contract or request made to the Bank, or on requirement as prescribed by the Personal Data Protection Committee, and the Bank has made such personal data in a form readable or generally usable by means of automated tools or devices, as well as such personal data can be used or disclosed by automated means, you also have the right to (1) request the Bank to send or transfer personal data in such form to other data controller when possible by automated means; and (2) request personal data in such form sent or transferred by the Bank to another data controller, unless it cannot be done by technical conditions.
7.3 Right to object
You have the right to object to the Bank’s collection, use or disclosure of your personal data in the event that: (1) the Bank collects your personal data for the purposes of the necessity for a performance of a task carried out for the Bank's public interest, exercising governmental rights, or for the legitimate interest of the Bank or any other persons or juristic persons, (2) the Bank collects, uses or discloses your personal data for direct marketing purposes, or (3) the Bank collects, uses or discloses your personal data for scientific, historical or statistics unless it is necessary to perform a task carried out for public interest of the Bank.
7.4 Right to erasure or destroy of personal data
You have the right to request the Bank to erase, destroy or make your personal data non-identifiable information if (1) your personal data is no longer necessary for the Bank to store according to the purposes herein, (2) you withdraw your consent and the Bank has no other lawful basis to collect, use or disclose such personal data, (3) you object the collection, use, and disclose of your personal data collected by the Bank due to the necessity in carrying out missions for the Bank's public interest or the exercise of governmental rights or for the legitimate interests of the Bank or any other person or juristic person, and the Bank may not be able to reject such objection, (4) you object the collection, use or disclosure of your personal data for direct marketing purposes, or (5) your personal data has been unlawfully collected, used or disclosed, unless the Bank is obliged to collect your personal data to comply with the law, establishment, legal claims or the use or defense of the Bank's claims.
7.5 Right to restriction of personal data
You have the right to restrict the use of your personal data in the event that (1) the Bank is under verification of the request to rectify your personal data to be accurate and up-to-date, (2) the Bank collects, uses or discloses your personal data unlawfully, (3) it is not necessary to the Bank to collect, use or disclose your personal data for any purpose, but you request the Bank to collect your personal data for your benefit, or (4) you request the Bank to suspend the use of your personal data because it is in the process of verifying or reviewing the request to object to processing your personal data.
7.6 Right to rectification
You have the right to request the Bank to rectify your personal data to be accurate, up-to-date, complete and not misleading.
7.7 Right to withdraw the consent
You have the right to withdraw your consent given to the Bank for the collection, use and disclosure of your personal data at any time.
7.8 Right to be informed about withdrawal of the consent
You are informed that you have the right to withdraw your consent for the collection of personal data collected by the Bank before the Personal Data Protection Act B.E. 2562 comes into effect by submitting a request for revocation of consent to the branch or unit of the Bank that is the main branch or unit that you use or have used service of.
7.9 Right to lodge a complaint
You have the right to lodge a complaint to a competent authority or legal authority in the event that the Bank or its data processor, including employees or contractors of the Bank, or such data processor, violate or do not comply with personal data protection law.
If you wish to exercise any rights under Clauses 7.1 to 7.7 set forth above, you can submit a request to the Bank through the Bank's branches or any other channels prescribed by the Bank. Once the Bank receives your request, the Bank will review your request in accordance with the conditions prescribed by law, complete your request, and notify you of the result of the reviewing and completion of the request within 30 days from the date of receipt of all request and supporting documents.
If you exercise rights of data subject, you may not be able to obtain certain services from Bank while the Bank is in process of reviewing or processing your request.
The Bank will not charge a fee for exercising the right, unless the Bank deems that your request is excessive or unreasonable; the Bank may charge a fee to process your request according to the rate announced by the Bank.
Provided that you may request to exercise your rights from the date the Personal Data Protection Act B.E. 2562 comes into effect onwards.
8. Changes to this Privacy Notice
The Bank may change this Privacy Notice from time to time as it deems appropriate. The Bank will notify you such changes through the Bank's branches, websites and applications, and the Bank recommends you to read and check the details in Privacy Notice every time when such changes are made.
9. Contact information
If you wish to contact or would like to receive more information or explanations about the collection, use and disclosure of your personal data, and exercise the rights of the personal data subject stated in this Privacy Notice, please contact the Bank at the main branch or unit that you use or have used the service of the Bank.
Furthermore, you can contact Data Protection Officer or Data Protection Office through email address: firstname.lastname@example.org
or Head Office of the Bank at 333 Silom Road, Silom Subdistrict, Bangrak District, Bangkok 10500.