Privacy Policy

TMBThanachart Financial Group comprises 4 entities: TMBThanachart Bank Public Company Limited, TMBThanachart Broker Company Limited, Phahonyothin Asset Management Company Limited and ttb Consumer Company Limited, hereinafter referred to as "TMBThanachart Financial Group", (collectively referred to as "we"). We are committed to protecting your personal information, whether you are a customer or another related party, such as employees, job applicants, and external service providers.

We utilize advanced security measures and stringent processes to prevent unauthorized access, use, or disclosure of personal information. We comply with the Personal Data Protection Act B.E. 2562 and related laws.

1. Personal data that the TMBThanachart Financial Group collects, uses, and discloses.

“Personal data” refers to information about individuals that can identify them, either directly or indirectly (excluding information about deceased persons). This includes information we receive from you directly or from reliable sources such as government agencies or credit reporting companies, etc.

In the case where you provide us with the personal information of another individual, please inform that person about the collection, use, and disclosure of their personal information according to this policy, and obtain their consent if necessary, so that we may collect, use, and/or disclose their personal information.

Personal data under this policy include:

1. Adults: A person who is 20 years of age or older, or a person who has reached the age of 17 and has entered a valid marriage according to the law.
2. Minors: Under 20 years old must obtain consent from a parent or guardian.
3. Person with Limited Legal Capacity and person who is incapable: Must obtain consent from the guardian or custodian (as the case may be)

1.1 General personal data

• Identity Information: Name, ID card number, date of birth, address, email, phone number
• Transaction Information: Account number, withdrawal/deposit reports, transaction history
• Financial Information: Income, account balance, credit history
• Personal Status Information: Single or married.
• Personal History: Work and education background
• Asset Information: Land title deeds, vehicle registration
• Online Behavior Information: Product information searches on the web
• Technical Information: IP address, Device ID, app usage data
• Audio/Visual Information: CCTV recordings, video calls, emails, chat messages
• Information of individuals related to a legal entity: Personal information of natural persons who have the authority to sign on behalf of the legal entity, representatives, or individuals associated with the legal entity, or those who conduct transactions with us on behalf of the legal entity.

1.2 Sensitive personal data

Sensitive Data means any personal data that considered as a confidential information that may cause unfair treatment such as race, religion, politic opinion, criminal record, labor union, disability record, genetic information, health record, credit information, biometric information used for verification purpose i.e., fingerprint, facial recognition, iris scan, or voice recognition etc.

We may collect your personal data including but not limited to the personal data as follows:

2. Source of personal data received by the TMBThanachart Financial Group

We may receive personal data from:

1. Data subject – an applicant who fills in his/her information through the product or service application request form or job application form, or when he/she wishes us to approach him/her, including accessing through various channels provided by us, such as website, applications, social media, etc.
2. Other sources apart from directly received from the data subject, which is trusted legal sources, the sources the data subject permitted to collect, use or disclose his/her personal data to us, public sources, inquiring from other persons who are in connection with the data subject, receiving personal data from companies in TMBThanachart Financial Group, business partner to serve specific purposes defined in this Privacy Policy. However, we will notify the data subject within 30 days from the date that we collect his/her information from such sources and will obtain his/her consent unless it falls into exemptional cases.

3. Lawful basis and data processing purposes

We process your personal data for the following purposes:

1. Contractual basis between the Customer and the TMBThanachart Financial Group including pre-contract actions.
   • Account opening and loan services through various channels such as mobile applications and internet banking.
   • Customer identity verification and data checks
   • Delivery of products and services for continuous service
   • Several types of insurance, such as life insurance, accident insurance, and loan insurance
   • Transfer of debt portfolios to other parties
   • Transactions, such as real estate purchases
   • Data and asset exchange between you and us
   • Debt collection as per the contract
   • Automatic entry of personal information for convenience in applying for products or services
   • fill your personal data to facilitate the application process for our products or services.
2. Legal obligation
   • To prevent and detect of irregular transactions that lead to illegal activities as defined by relevant laws, such as the Anti-Money Laundering Act, the Anti-Terrorism Financing and Proliferation of Weapons of Mass Destruction Act, etc.
   • To report personal information and complying with orders from government authorities, legal entities, or agencies responsible for regulating us, such as the Anti-Money Laundering Office, the Revenue Department, or when receiving a subpoena, attachment order, or court order, or a letter from government agencies, courts, the Office of the Attorney General, the Provincial Attorney's Office, or authorized law enforcement officials, etc.
   • To apply guidelines of the Bank of Thailand (BOT) and related laws regarding core purposes of personal data processing, for instance, the exercise of financial supervision and examination, reserve management, foreign exchange rate arrangement and control, including monetary policy implementation in their capacity as the nation’s central bank by referring to BOT’s Privacy policy at https://www.bot.or.th/English/Privacypolicy/Pages/default.aspx
   • To apply the Office of Insurance Commission (OIC)’s guidelines and related laws regarding life and non-life Insurance by referring to OIC’s Privacy policy at https://www.oic.or.th.
3. Legitimate interest of the TMBThanachart Financial Group
   • To prevent, oppose, reduce the risk of fraud, cybersecurity, law violation (such as money laundering, financial support for terrorism and the proliferation of weapons of mass destruction, any offenses that damage property/life/body/freedom/reputation), which includes disclosing personal data in order to lift up the organizational operating standards in the financial group to prevent and mitigate the mentioned risks.
   • To record CCTV of the Customer transaction activities with our Head Offices or at the branches or ATM Machines for security purpose in our buildings or properties.
   • To manage risks/auditing/internal management including personal data disclosure to subsidiaries in the same TMBThanachart Financial Group but not cover cross-border data transfer to other countries outside Thailand.
   • To monitor email traffic or surfing internet of our employee with you to prevent the disclosure of confidential our information to third parties.
   • To propose the same products and/or services or they are in the same family the customer has with us including contacting you if you have failed to apply for products and/or services (drop-off) to complete final stage.
   • To research for products development or maintain relationship with the Customer.
   • To Obtain consent in cases where it is not possible to rely on contractual grounds, compliance with the law, regulatory criteria, or the legitimate use of rights and benefits by the TMBThanachart financial group, especially for marketing purposes.
4. Consent in cases where it is not possible to rely on contractual grounds, compliance with the law, regulatory criteria, or the legitimate use of rights and benefits by the TMBThanachart financial group, especially for marketing purposes.

   If we cannot use contractual basis for collecting personal data or apply legal obligation or legitimate interest for such activity, we may request your consent for the collection, use or disclosure of your personal data to provide you with the best benefit that fits with your need. We are obliged to clearly state the purpose of collecting your personal sensitive data, latitude, and longitude etc.

   However, to consider giving consent in this item will not affect any benefits that you will receive from holding products and services under the contract. The benefit that you will receive from giving consent is that we can offer products or services that truly meets your needs. However, if you do not give consent to us, we may not be able to offer products or services that meet your needs. In other hands, it might cause losing opportunities of receiving full benefits you deserve.

   We will collect, use, and disclose your personal data by considering the accuracy and completeness of your personal data.

4. Personal data Disclosure and Reasonable

We will not disclose your personal data to anyone except (a) you gave the permission to us via your consent or (b) that processing activities are prescribed in Term and Condition of Agreement (T&C) or according to your purpose before signing a contract with us or (c) in compliance with the applicable laws or the order of regulatory authorities, governmental sections or any related regulatory authorities or (d) It is necessary for the legitimate interests of our organization. (e) another applicable lawful basis.

We will disclose your personal data to third parties in accordance with the rights mentioned above. Here are some examples:

5. Cookies Policy

We use cookies to help our website function effectively and enhance the user experience. We categorize cookies based on their usage as follows:

1. Strictly Necessary Cookies: These are essential for the basic functioning of the website and cannot be disabled.
2. Functional Cookies: These remember your preferences to make your experience more convenient. If you disable these cookies, it may affect your ability to fully use the website.
3. Performance and Analytics Cookies: These collect usage data to improve our services. The information is stored in an aggregated form and cannot identify you.

Additionally, we request permission to store Targeting & Advertising Cookies to offer information and ads that align with your interests. You can choose to allow these cookies; not allowing them will not affect your website usage, but the ads you receive may not match your interests.

If you would like to delete the Targeting & Advertising Cookies on ttbbank.com, please click here.

6. Privacy policy for the protection of personal data of employees, former employees, and job applicants.

We have issued a privacy policy for the management of human resources, which explains the principles of collecting, storing, using, and disclosing personal data, as well as the rights of the data subjects, including employees, former employees, and job applicants. The details are as follows: https://www.ttbbank.com/en/policy/candidate.

7. Data protection measures

We have set policies, guidelines and minimum standards for your personal data management covering administrative safeguard, technical safeguard, and physical safeguard to implement proper measures for personal data processing activities and data breach prevention, for instance, IT Security Standard or Data Protection Operating Procedures, etc.

We have updated the policies, operating procedures, and minimum standards on a regular basis in line with relevant laws. Besides, we require our employees, outsources and service providers to maintain the confidentiality of your personal data in accordance with the agreements signed with us.

8. Cross-border personal data transfers

If we have to send or transfer your personal data outside Thailand as part of the banking operations process. For example, in cases of storing data on foreign servers where foreign server administrators can access the data (e.g., in emergency situations where access to data is needed to mitigate incidents, etc.) or international money transfers, we will implement appropriate data protection measures in accordance with the law. Particularly in cases where the destination country has lower data protection standards than Thailand, we will establish agreements with the data recipients to ensure that your information is protected according to standards equivalent to those in Thailand.

9. Rights of data subject

As you are the owner of your personal data in accordance with the Personal Data Protection Act, you can exercise your rights as follows:

• Right to withdraw consent
  You have the right to withdraw your consent for collecting, using, and disclosing your personal data at any time unless there is a legal limitation, or it states in the agreement that benefits you. The consent withdrawal will not affect the use of the products or services you have or any of your benefits as prescribed in the agreement.
• Right to object for direct marketing
  You have the right to object to the collection, use and disclosure of personal data for direct marketing through specific channel such as email, SMS or letter for marketing purpose covering both products and services of the whole financial group and our business partners.
• Right to complain
  You have the right to file a complaint to us or third parties that we hire or personal data processor including our employees or contractors or personal data processors that violating and not following the Personal Data Protection Act, related laws, and regulations.
• Right to rectification
  You have the right to ask us to rectify the information so that the data is accurate, up-to-date, complete and does not cause misunderstanding.
• Right to get copy Consent
  You have the right to request to know and receive a copy of your consent given previously provided your most recent marketing and/or non-marketing consent to us.
• Right to access
  You have the right to know and obtain a copy of your consent for marketing purposes provided to us, including requesting that we disclose information obtained from other sources.
• Right to data portability
  You have the right to obtain information about you from us. If we have made the personal data in a format that is easily readable or usable by an automated tool or device and can use or disclose the personal data by automated means. Including the right to request that we send or transfer personal data in such form to another data controller when this can be done by automatic means and have the right to request personal data that we send or transfer personal data in such form directly to another data controller. Unless due to technical conditions this cannot be done. We will only process information that you directly provide to us or from an agent who can act on behalf of him according to law. However, it does not cover internal information that we have prepared for use in conducting business within the TMBThanachart financial business group in accordance with the law and to prevent risks that may occur to assets. our personnel and reputation, etc.
• Right to be forgotten
  You have the right to ask us to delete or destroy or anonymize your personal data is no longer necessary, its retention period ends prescribed by related laws or regulations, or when personal data has been unlawfully collected, used, and disclosed.
• Right to restriction of data processing
  You have the right to request us to suspend the use of personal data in the event that we are in the process of reviewing your request to exercise the right to request correction of personal information or the right to object to the collection, use, and disclosure of your personal information or you change your mind to ask us to suspend the use of personal data instead of deleting it from our storage after data retention period is expired for the establishment of legal rights, exercise of statutory claims or litigation of statutory claims.

  If you are not over 20 years of age or are limited in the ability to do legal acts, you can request to exercise your right by your parents or the authorized persons to act on your behalf.

  The exercise of your rights as mentioned above is subject to the conditions specified in the law. We may refuse to exercise your rights if the request conflicts with the law or a court order, affects the rights and freedoms of others, is an unreasonable request, or if we face technical limitations that prevent us from fulfilling the request. In such cases, we are obligated to notify you in writing, along with the reasons for the refusal.

10. Data retention period

We will store your personal data for the period necessary to achieve the purposes applicable to this Privacy Policy, or as required by law only. It has been documented as a policy and operating procedures regarding data archrival and data destruction and comply with data security measures.

11. Your personal data the TMBThanachart Financial Group has collected before PDPA full enforcement.

We have the right to collect, use and disclose your personal data that we have collected prior to the date of the Personal Data Protection Act shall full enforcement on 1 June 2022 according to the original purpose that you have given consent to the TMBThanachart Financial Group.

If you do not want the TMBThanachart Financial Group to collect, use and disclose your personal data anymore and that request is not against any law and not infringe on the privacy rights of others, You can notify us to withdraw your consent through our channels at any time.

12. Data Subject Rights Exercise’s channels

As a data subject, you can contact us to exercise your rights prescribed in PDPA via the following channels:

Remark: To exercise the rights in Sections 6-9, you must complete a form and submit your request along with proof of identity to the Data Protection Officer (DPO) of the TMBThanachart financial business group. For cases where you exercise rights in Sections 6-9 through branches or Relationship Managers (RMs), please ask the staff to forward the form to the DPO as well. This is for consideration of the rights request, with a processing time based on the Personal Data Protection Act, starting from the date the DPO receives complete and sufficient information to assess the exercise of the personal data subject's rights.

13. Data Breach Management

We place the highest priority on protecting your personal data by implementing strict prevention measures and response plans. In the event of a data breach, we will immediately assess and control the situation, considering appropriate actions. For instance, if an issue arises that may violate or impact personal data, and after review by the Data Protection Officer (DPO), we will report the incident to the relevant authorities within the specified time frame. In cases of high risk that affect data subjects, we will notify you along with corrective measures. Additionally, we regularly review and improve our security measures to ensure that your data is managed with the highest level of care.

14. Contact DPO in TMBThanachart Financial Group

• Data Protection Officer (DPO) of TMBThanachart Financial Group Address: 28th floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
• E-mail: dpo@ttbbank.com

In this regard, we may review or update this policy from time to time to comply with the Personal Data Protection Act or secondary laws, regulations, new announcements of government agencies and will publish it on our corporate website (https://www.ttbbank.com/en/policy/privacy) as soon as possible.

Version [December 2024]