Bangkok Bank Public Company Limited (“Bank”) intends to provide you with quality services in order to meet your expectations, and the Bank realizes the importance of the protection of your personal data and compliance with relevant laws and regulations. The Bank has prepared this Privacy Notice to inform you, as the data subject, of personal data protection and your rights as the data subject rights.
The Bank would like to inform you, as a data subject, who are (1) a person interacting with the Bank whether you are a former, existing or prospective customer of the Bank, (2) an employee, staff, officer, representative, shareholder, director, contact person, agent of, or any person related to, a juristic person or a person as mentioned in (1) above, a trust or a group of persons interacting with the Bank, whether it is a former, existing or prospective customer of the Bank, (3) a person whether you are a former, current or prospective shareholder of the Bank, or any person related thereto, or (4) a person whether you are a former, current or prospective director of the Bank or a candidate for the Bank’s director, or any person related thereto, of the protection of your personal data that the Bank receives or will receive from business operation and service provision through branches, websites, telephones, electronic channels, applications, social media or other sources, in order to assure you that the Bank will take care of your personal information, and will collect, use or disclose your personal information only if the Bank deems it necessary, correct and appropriate, and to notify you of the data subject rights as stipulated in this Privacy Notice.
1. Personal Data of a Data Subject to be Collected, Used, and Disclosed by the Bank are as follows:
1.1 Data that can identify a data subject, whether directly or indirectly
(1) Personal information
, namely, name-surname, gender, date of birth, age, information stated or recorded in documents, such as, identification card, passport, securities holder number, residence certificate, alien identification card, work permit, social security card, driving license, car registration book, or house registration, signature, taxpayer identification number, information about family members, facial photograph
, education, occupation, status, membership, work history, benefits other than compensation for work, information relating to the taking out of insurance;
(2) Contact information
, namely, the address specified in the house registration, address for document delivery, electronic mail address (email Address), home phone number, mobile phone number, facsimile number, name or account for use of service via applications or digital channels, such as, LINE, Google, Facebook, YouTube, Twitter, WhatsApp or WeChat, information of contact person provided to the Bank;
(3) Information regarding financial conditions and transaction with the Bank
, namely, deposit account number, investment account number, credit card number, debit card number, type of credit and debit cards, deposit account movement, information on transactions made through electronic cards or via electronic or digital channels, income and expenditure information, credit information, credit rating information, debt payment information, asset information, financial status information, risk assessment information (such as information relating to suitability test for investment, financial transaction, investment aptitude, debt payment, or compliance with terms and conditions of service agreements), information generated from an analysis of personal data, information on any wrong doing including accusation thereof, information on any litigation or prosecution instituted against the data subject and enforcement thereof, information relating to taking out of insurance initiated by, or investments made through, the Bank, information on making or receiving payments, information for compliance with laws on Anti-Money Laundering and the US’ Foreign Account Tax Compliance Act (FATCA), any other information related to the use of or request for services and to the making of transactions with the Bank;
(4) Information relating to any contact with the Bank
, namely, information received by the Bank through branches, telephones, electronic or digital channels, social media, information from closed circuit TV (“CCTV”) camera and off-site services which may be displayed or recorded in written form, voice or transaction tape recording, photos or moving pictures;
(5) Technical information
, namely, internet protocol (IP) address, media access control (MAC) address, the identification code affixed to the network and the devices connected thereto (MAC Address), log, device ID, application programming interface (API), cookies, type and version of plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from the use of platform, application and operating system of the Bank;
(6) Usage information
, namely, username, password, search information, visit statistics, menu used, time spent on the website, platform and application, timestamp of last click, favorite items, Q&A, log file, communication information with the Bank;
(7) Behavioral information
, namely, information relating to personal interests or preferences, and manner of use or of service utilization.
1.2 Sensitive personal data that
the Bank must obtain your consent before collection thereof, namely, information concerning biometric data (such as facial recognition
, fingerprint recognition, iris recognition and voice recognition data), religion, criminal record, health data, disability or any other data as prescribed by the Personal Data Protection Committee.
2. Purposes of collection, use and disclosure of your personal data
The Bank will collect, use and disclose your personal data in accordance with the principles prescribed by the laws, namely, (1) necessity for the performance under a contract made with, or compliance with your request/application made to the Bank, (2) legal obligations which are required to be complied with by the Bank, (3) legitimate interest of the Bank or any other person or juristic person, (4) necessity for prevention of danger to a person’s life, body or health, (5) necessity for the public interest, task carried out in the public interest or the exercise of official authorities, or (6) your consent in cases that do not fall within the principles specified in (1) to (5), for the following purposes:
2.1 communicating or providing information related to or in connection with the products or services of the Bank that you utilize or will utilize;
2.2 performing the Bank’s obligations as stated in your request/application or agreement made to the Bank, or in connection with such request/application or agreement, such as, sending and receiving of documents and debt collection, as well as compliance with an agreement made between the Bank and any other person which is necessary and related to services provided to you;
2.3 managing your relationship with the Bank, and preparing details or records of your utilization of services for providing further service to you;
2.4 managing the information of corporate customers or trusts which may contain your personal data;
2.5 complying with relevant laws and regulations;
2.6 verifying and identifying your identity in accordance with the Know Your Customer procedures of the Bank, including verifying your information and auditing such verification in accordance with the procedures prescribed by the laws and the Bank;
2.7 taking any action as required or recommended by the supervisory authorities, such as actions to prevent vulnerable customers from certain restrictions or to prevent elderly customers from engaging in certain types of transactions, and actions for damage control;
2.8 managing and administrating the Bank's internal operations, such as, supervising, improving and auditing the Bank's internal operations;
2.9 managing or dealing with the risks, such as:
(1) preventing, dealing with, or mitigating, risks arising from illegal actions that may occur to you, the Bank's customers, staffs and the Bank, by using those information for improvement of security system relating to the utilization of services via various channels, the operating system and the security system in the Bank's information technology operation;
(2) providing security, such as, video recording (through CCTV) of visitors or customers who contact or transact with the Bank and identity card exchange before entering a building for the purpose of security within the Bank’s premises;
(3) risk management related to business operation of financial institutions, such as, credit risk, operational risk, legal risk, liquidity risk and market risk;
2.10 providing and offering products, services and their alternatives to you, which include public relations, communication, notification, offering or presenting privileges, benefits, rewards or information relating to products or services of the Bank, companies in the Bank's financial business group or business partners that may be of your interests; or organizing events and promotions, participating in the sweepstakes, or providing drawing prize for you;
2.11 examining the use of services or transactions/activities effected in accordance with your or your counter party’s instructions;
2.12 administering services and managing complaints, such as examining transactions/activities resulting from the use of financial services, erroneously effected financial transaction, or transmitting of data within the Bank or between the Bank and any other party, or accommodating customer complaints, providing compensation, or using information to improve the work process on such matters;
2.13 making statistical analysis or research related to the business operation of the Bank and the companies in the Bank's financial business group or the Bank’s affiliates;
2.14 making adjustment to the Bank’s strategy, protecting benefit or evaluating the performance or services of the Bank;
2.15 evaluating, developing and improving the Bank’s products or services, or exercising the Bank's rights (such as making credit scoring model, behavior scoring, and market surveys), and disclosing information generated from such evaluation to you for your financial planning or utilization of other services of the Bank or to the companies within the Bank's financial business group or business partners;
2.16 organizing promotional projects or activities, meetings, seminars, recreation and workplace site visits as well as recording information or photographs for publication or advertisement, and performing and complying with applicable laws;
2.17 storing data in a cloud storage and in other systems used by the Bank;
2.18 performing the Bank’s obligations under terms and conditions specified in an agreement to which the Bank is a party or enforcing legal or contractual rights of the Bank;
2.19 connecting to or facilitating the access to website, applications and platforms of the Bank or any other person;
2.20 performing personal background check as necessary or relevant to the consideration on your qualification as required by laws and specified by the Bank;
2.21 acting as representative, performing its obligation, executing, or carrying out any action in relation to a course of business of the Bank; or
2.22 managing any matter related to securities holders or proxies, attorneys or members of provident fund as well as performing its obligations as a securities issuer, or a business operator in relation to or in connection with securities business, or a contracting party with a securities issuer, or a business operator in relation to or in connection with securities business.
The collection, use or disclosure of your personal data as aforesaid shall also include the sending or transferring of your personal data overseas that the Bank has proceeded in accordance with the said principles.
3. Persons or entities to whom the Bank may disclose your personal data
The Bank may be required to disclose your personal data to other persons or entities located in Thailand or overseas in order to achieve the purposes stated in this Privacy Notice, namely:
3.1 The companies within the Bank's financial business group
as published on the Bank's website including Bualuang Asset Management Company Limited, Bualuang Securities Public Company Limited, Bangkok Capital Asset Management Company Limited, Sinnsuptawee Asset Management Company Limited and Bualuang Ventures Company Limited;
3.2 The Bank's business partners
, such as, business partners of the Bank relating to financial business, banking, service provision, investment, marketing, transportation, telecommunication, healthcare center, non-life insurance or life insurance; or any person involved in any promotion or loyalty program or data analysis; or platform provider or person whose name or logo appears in an agreement with the Bank, or electronic card, website or any other service channels of the Bank;
3.3 Persons involved in the Bank’s provision of services
, such as, those who act as intermediaries in banking transactions, settlement or payment service providers, the Bank’s service partners, outsource service providers, the Bank’s contractors or sellers of goods or services or the Bank’s agents both domestically and internationally, with whom the Bank has agreement or contract, e.g. infrastructure development service providers, internet service providers, telecommunication and communication service providers, technical infrastructure service providers, electronic system or information technology development service providers, logistics and warehousing service providers, cloud service providers, and research service providers, data analysis service providers, communication service providers, survey service providers, event and activities organizers, identity verification system service providers, Dip Chip service providers, identity verification service providers, credit rating agencies, courier service providers, producing of, and recording of data on, electronic cards service providers, the service providers who offers to sell the Bank's financial products or services and security and fraud prevention service providers;
3.4 Persons or authorities prescribed by laws
. The Bank may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, regulatory authorities or where the Bank believes that any action is necessary for compliance with the laws for protection of the rights of the Bank or any other person, for the safety of any person, for prevention and investigation of, or dealing with fraud, or for security or safety in various aspects;
3.5 The Bank’s advisors
, such as financial advisor, legal advisor, technical consultant and auditor;
3.6 Assignees of rights, obligations or claims of the Bank
, including those involved in corporate restructuring, business transfer, investment, merger and acquisition, purchase or sale of assets, shares, or business, in which case the persons involved in such actions will also comply with this Privacy Notice;
3.7 Other persons related to you
, such as, owners of a joint deposit account, joint debtors, trustees, beneficiaries, estate administrators, authorized persons, guarantors or any persons placing assets as security for your debt payment to the Bank;
3.8 Associations, organizations, clubs and agencies
, such as, the Thai Bankers' Association, Lawyers Clubs, Banks and Financial Institutions Internal Auditors Clubs, and Credit Card Club;
3.9 Websites and social media
, such as, Facebook, Google, or Instagram.
4. Retention of your personal data and retention period of your personal data
4.1 Retention of your personal data
The Bank has established security measures for protection of your personal data, whether in document and electronic form, in order to prevent loss, unauthorized or unlawful access, use, alteration, correction or disclosure of personal data.
4.2 Retention period of your personal data
The Bank will collect your personal data for the purposes notified to you in this Privacy Notice as required by the laws and for a maximum of 10 years from the cessation date of your relationship with the Bank, unless the Bank is otherwise justified by laws or such personal data are data that cannot be deleted or destroyed due to technical limitations.
5. Sending your personal data overseas
In case the Bank is required to send or transfer your personal data to a person overseas, such as, your counter party or the Bank's counter party, the Bank’s representative, the Bank’s overseas branches, the Bank’s affiliates, or international agency or organization, it must be noted that the recipient country may have inadequate standard for personal data protection as required by laws. The Bank will nevertheless provide appropriate measures to ensure that your personal data sent to such recipient is sufficiently secured.
6. The data collection through the Bank’s website
The Bank will automatically collect certain information from your use of the Bank’s website for the purposes stated in this Privacy Notice, for example, the information recorded or collected by cookies and similar technologies utilized by the Bank will be used for statistical analysis, other activities of the Bank’s website, or the Bank's business so as to enable the Bank to enhance your experience when browsing the Bank’s website, as well as improving the efficiency and quality of the Bank's website services.
7. Rights of the data subject
Your rights as the data subject are as follows:
7.1 Right to request access and obtain a copy of personal data
You have the right to request access to and obtain a copy of your personal data in the Bank's responsibility or to request the Bank to inform you of how such personal data has been obtained by the Bank without your consent.
7.2 Right to obtain or send or transfer personal data to another data controller
You have the right to obtain your personal data provided to the Bank with your consent, or collected by the Bank as may be necessary for the performance under the agreement or application made to the Bank or as prescribed by the Personal Data Protection Committee, where the Bank has made such personal data in a form readable or generally usable by means of automated tools or devices and such personal data can be used or disclosed by automated means. In addition, you also have the right to (1) request the Bank to send or transfer personal data in the said form to another data controller when it can be processed via automated means and (2) request to obtain personal data sent or transferred by the Bank in the above-mentioned form to another data controller unless it cannot be technically effected.
7.3 Right to object
You have the right to object to the Bank’s collection, use or disclosure of your personal data in the event that: (1) the Bank has collected your personal data to the extent necessary for the purpose of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies, or for legitimate interest of the Bank or other persons or juristic persons, (2) the Bank has collected, used or disclosed your personal data for direct marketing purposes, or (3) the Bank has collected, used or disclosed your personal data for scientific, historical or statistical purposes unless it is necessary to perform the Bank’s task for public interest.
7.4 Right to erase or destroy personal data
You have the right to request the Bank to erase, destroy or anonymize your personal data if (1) your personal data is no longer necessary for the Bank to keep for the purposes herein, (2) you withdraw your consent and the Bank has no lawful basis to collect, use or disclose such personal data, (3) you object to the collection, use, and disclosure of your personal data already collected by the Bank for the necessity of performing the Bank’s tasks for public interest or exercising of rights entrusted to government agencies or for legitimate interests of the Bank or other persons or juristic persons, and the Bank has no justifiable ground to reject such objection, (4) you object to the collection, use or disclosure of your personal data for direct marketing purposes, or (5) your personal data has been unlawfully collected, used or disclosed, provided that the Bank may keep your personal data as necessary for its compliance with any laws, institution of legal claims, exercising of the Bank's rights or the Bank’s defending of other parties’ claims.
7.5 Right to suspend the use of personal data
You have the right to suspend the use of your personal data in the event that (1) the Bank is in the process of verifying your personal data to be accurate and up-to-date as requested, (2) the Bank has unlawfully collected, used or disclosed your personal data, (3) it is no longer necessary for the Bank to collect, use or disclose your personal data for any purpose, but you have requested the Bank to collect your personal data for your lawful interest, or (4) the Bank is in the process of verification or examination of your objection request to the Bank’s collection, use or disclosure of your personal data.
7.6 Right to rectify personal data
You have the right to request the Bank to rectify your personal data so as to be accurate, up-to-date, complete and not misleading.
7.7 Right to withdraw consent
You have the right to withdraw your consent given to the Bank for the collection, use and disclosure of your personal data at any time.
7.8 Right to give notice of revocation of consent
You have the right to revoke your consent for the collection of personal data already collected by the Bank before the Personal Data Protection Act B.E. 2562 came into effect by giving a notice of revocation of consent to a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s services.
7.9 Right to lodge a complaint
You have the right to lodge a complaint to any competent agency or any entity with legal authority in the event that the Bank or its data processor, including employees or contractors of the Bank violate or do not comply with laws on personal data protection.
If you wish to exercise any rights under Clauses 7.1 to 7.7 set forth above, you can submit a request to the Bank through any branch of the Bank or through any other channel prescribed by the Bank. Once the Bank receives your request, the Bank will consider your request in accordance with the rules and regulations prescribed by the laws, comply with your request, and notify you of the result of the consideration and action taken within 30 days from the date of receipt of the request and all the supporting documents.
If you exercise any right of data subject, you may not be able to utilize certain services of the Bank while the Bank is in the process of considering or complying with your request.
The Bank will not charge a fee for exercising the said right, unless the Bank deems that your request is excessive or unreasonable. The Bank may charge a fee for compliance with your request at the rate announced by the Bank.
Provided that you may request to exercise your rights as from the date the Personal Data Protection Act B.E. 2562 comes into effect.
8. Amendment to this Privacy Notice
The Bank may amend this Privacy Notice from time to time as it deems appropriate and the Bank will notify you of such amendment through the Bank's branches, websites and applications. The Bank recommends that you read and check the details of Privacy Notice every time any such amendment is made.
9. Contact information
If you wish to contact or would like to receive more information or explanations on the collection, use and disclosure of your personal data, as well as the exercise of rights of the data subject specified in this Privacy Notice, please contact a main branch or unit of the Bank from which you utilize or used to utilize the Bank’s service.
Furthermore, you can contact Data Protection Officer or Data Protection Office at email address firstname.lastname@example.org
or at the Head Office of the Bank at 333 Silom Road, Silom Sub-District, Bangrak District, Bangkok 10500.
Updated December 2022