Privacy Policy
“TMBThanachart Financial Group”, which consists of, TMBThanachart Bank Public Company Limited TMBThanachart Broker Co., Ltd, Phahonyothin Asset Management Co., Ltd, and TTB consumer Co., Ltd are collectively referred to "TMBThanachart Financial Group” and in this privacy policy, references to “we”, “us” or “our” are reference to all companies of TMBThanachart Financial Group or any one company in TMBThanachart Financial Group.
We realize about the importance of the security of your personal data as (1) you are a person who has used our products and services whether you are existing customer, former customer or to-be customer (“prospect customer”) or (2) a person apart from the definition including in (1) but not limited to employees, candidates, staff, officer, legal representative, contact persons, service providers, visitors, guest, representative, shareholders, directors, or authorized persons acting on behalf of their organization. Therefore, we provide advanced personal data security measures and strict operating procedures to ensure that the security of your personal data is in place to prevent unauthorized access, misuse, unlawful process with dishonest intent that may cause damage, change or loss of personal data in accordance with the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act"), relevant laws and regulations.
1. Personal data that the TMBThanachart Financial Group collects, uses, and discloses.
“Personal data” under applicable law means any data of an individual person which can identify yourself whether directly or indirectly (except for the deceased) that we have received it from you directly or obtained from any reliable sources, such as Department of Business Development (DBD) under Ministry of Commerce, Department of Provincial Administration under Ministry of Interior, Department of Consular Affairs under Ministry of Foreign Affairs, Legal Execution Department under Ministry of Justice, National Credit Bureau, including but not limited to financial institutions, business partners and financial advisors, etc.
In the event that you have provided us the personal data of another person in connection with our transactions or in any other circumstance, you are liable to inform such person of the details of data collection, use and disclosure including his/her right in accordance with this privacy policy, and obtaining their consent if necessary, or establishing other legal bases to ensure that we can collect, use and/or disclose their personal data of such individual persons.
Data Subject Definition
- Major means a person aged 20 years and over, or a person who has been married from 17 years or older, or a person who has been married before the age of 17 years which was allowed marriage with judicial approval.
- Minor means a person who is under 20 years of age and is not married according to clause 1. In this regard, consent must be obtained from the parental authority of the minor.
- A quasi-incompetent person means a person who is physically handicapped or has a mental disorder (but not a person of unsound mind) or regularly behave uneconomical or addicted to drugs or for other similar reasons making it impossible to arrange the work by themselves or arrange business in a way that may damage their own or family's assets and the court ordered to be a quasi-incompetent person. In giving consent, the consent of the kindergartener who has the power to act on behalf of the quasi-incompetent person must be obtained.
- Incompetent person means a person who is incompetent because insanity until unable to manage his own business. and the court ordered to be incompetent. In giving consent must be consented by the kindergartener who has the power to act on behalf of the incompetent.
There are two kinds of personal data that we collect, use, and disclose customer’s data; general personal data and sensitive data hereinafter referred to “data” with the following details:
1.1 General personal data
- Identification Information such as first name, last name, identification card number, passport number, birth date, address, email address, telephone number etc.
- Transactional Information with us such as account number for deposits/investment fund, credit card number, debit card number, statement of credit/debit account, transaction history, registration number of insured property, policy number, endorsement number, underwriting information report etc.
- Financial Information such as income, expense, deposit amount in your account opened with us, credit history or repayment records, or information from the Legal Execution Department’s database, investment proportion, credit card debit information, payment date and time information, premium reimbursement information etc.
- Marital Status such as single, or married etc.
- Personal history such as work experiences history and education history, etc.
- Asset information such as title deed or car registration etc.
- Online Behavior Information from surfing internet, such as website browsing to search for our products, Cookies, or any connection to search engines, etc.
- Technical data such as IP address, Device ID, Application usage data, application Log, Web beacon, Mobile phone details and technology installed in your device, Access data, and other technical data which uses on the platform and operating system, etc.
- Audio and Visual Information including VDO and CCTV when the customer contacts us or conduct transaction via video call or via phone, chat messages in email or social media or chat bot, etc.
- Identification information of authorized representative of juristic persons, for example, first name – last name, identification number, passport number, date of birth, address, email, telephone number, etc.
1.2 Sensitive personal data
Sensitive Data means any personal data that considered as a private information that may cause unfair treatment such as race, religion, politic opinion, criminal record, labor union, disability record, genetic information, health record, credit information, biometric information used for verification purpose i.e., fingerprint, facial recognition, iris scan, or voice recognition etc.
We may collect your personal data including but not limited to the personal data as follows:
Identifiable information or status |
Contact information |
Products information and others
|
- First name, last name in Thai
- First name, last name in English
- National ID number/Passport number/ driving license number (as the case maybe)
- Date of birth
- Occupation
- Gender
- Marital status
- Number of children
- Education
- Employer name
- Salary
- Signature
|
- Registered address
- Contact address
- Company address
- Personal email
- Company email
- Mobile phone
- Home phone number
- Company phone number
- Electronic account (e.g. Line ID)
|
- Products and services with the pictures or animation pictures recorded by CCTV or by camera at our areas in accordance with risk prevention measures.
- Latitude and Longitude
|
2. Source of personal data received by the TMBThanachart Financial Group
We may receive personal data from:
- Data subject – an applicant who fills in his/her information through the product or service application request form or job application form, or when he/she wishes us to approach him/her, including accessing through various channels provided by us, such as website, applications, social media, etc.
- Other sources apart from directly received from the data subject, which is trusted legal sources, the sources the data subject permitted to collect, use or disclose his/her personal data to us, public sources, inquiring from other persons who are in connection with the data subject, receiving personal data from companies in ttb financial group, business partner to serve specific purposes defined in this Privacy Policy. However, we will notify the data subject within 30 days from the date that we collect his/her information from such sources and will obtain his/her consent unless it falls into exemptional cases.
3. Lawful basis and data processing purposes
We process your personal data for the following purposes:
- Contractual basis between the Customer and us including pre-contract actions.
- To use our products and/or services by the Customer such as opening accounts, credit drawing, using various service via mobile application or internet banking, etc.
- To comply with our internal processes for customer identification or it involves products and services application consideration such as electronic signature verification via digital channels at our offices, internet networks or mobile phones as well as the address and/or telephone number we use to contact the Customer.
- To deliver our products and/or services to the Customer including operational activities which, if not performed, will affect our services or will not be able to provide the Customer with fair and continuous services.
- To have collateral insurance, life insurance, personal accident insurance, motor insurance or property insurance of the Customer whereby we are identified as the beneficiary or debtor’s portfolio insurance such as requesting for a guarantor from the Thai Credit Guarantee Corporation for Small-Medium Entrepreneur (SME) customers, or applying default risk insurance with EXIM Bank etc. including to proceed with any acts relating to insurance policy e.g. proceeding with or monitoring any claim under your insurance policy, notification of insurance policy renewal.
- To sell loan portfolio to a third party such as transferring non-performing loan to an asset management company etc.
- To make other transactions with us, such as buying and selling real estate etc.
- To send or receive information and/or any asset between you and us.
- To perform collection process as per defined in a credit facilities agreement and/or insurance premiums , outstanding service fees.
- To automatic pre- fill your personal data to facilitate the application process for our products or services.
- Legal obligation
- To prevent and detect any irregular transactions which lead to unlawful activity such as money laundering, terrorisms, fraud, reporting the customer’s information to the Revenue Department etc.
- To report personal data to government authorities such as the Anti-Money Laundering Office (AML) or the Revenue Department (RD) or when receiving summons, precept of attachment warrants or execution warrants from government agencies or courts or The Office of the Attorney-General or the Provincial Public Prosecution Office or competent officials with legal authority, etc.
- To apply guidelines of the Bank of Thailand (BOT) and related laws regarding core purposes of personal data processing, for instance, the exercise of financial supervision and examination, reserve management, foreign exchange rate arrangement and control, including monetary policy implementation in their capacity as the nation’s central bank by referring to BOT’s Privacy policy at https://www.bot.or.th/English/Privacypolicy/Pages/default.aspx.
- To apply the Office of Insurance Commission (OIC)’s guidelines and related laws regarding life and non-life Insurance by referring to OIC’s Privacy policy at https://www.oic.or.th.
- Legitimate interest of the ttb financial group
- To prevent, oppose, reduce the risk of fraud, cybersecurity, law violation (such as money laundering, financial support for terrorism and the proliferation of weapons of mass destruction, any offenses that damage property/life/body/freedom/reputation), which includes disclosing personal data in order to lift up the organizational operating standards in the financial group to prevent and mitigate the mentioned risks.
- To record CCTV of the Customer transaction activities with our buildings or offices for security purpose in our property.
- To manage risks/auditing/internal management including personal data disclosure to any companies in TMBThanachart Financial Group but not cover cross-border data transfer to other countries outside Thailand.
- To monitor email traffic or surfing internet of our employee with you to prevent the disclosure of confidential bank information to third parties.
- To propose the same products and/or services or they are in the same family the customer has with us including contacting you in the event that you have failed to apply for products and/or services (drop-off) to complete final stage.
- To research for products development or maintain relationship with the Customer like complaint handling, etc.
- To collect, use and/or disclose of personal data of authorized person who acts on behalf of a juristic customer.
- Consent
In the event that we cannot use contractual basis for collecting personal data or apply legal obligation or legitimate interest for such activity, we may request your consent for the collection, use or disclosure of your personal data in order to provide you with the best benefit that fits with your need. We are obliged to clearly state the purpose of collecting your personal sensitive data, latitude, and longitude etc. Your consent to us will remain in effect until you change or withdraw your consent.
However, to consider giving consent in this item will not affect any benefits that you will receive from holding products and services under the contract. The benefit that you will receive from giving consent is that we can offer products or services that truly meets your needs. However, if you do not give consent to us, we may not be able to offer products or services that meet your needs. In other hands, it might cause losing opportunities of receiving full benefits you deserve.
We will collect, use, and disclose your personal data by taking into account the accuracy and completeness of your personal data.
4. Personal data Disclosure
We will not disclose your personal data to anyone except (a) you gave the permission to us via your consent or (b) that processing activities are prescribed in Term and Condition of Agreement (T & C) or according to your purpose before signing a contract with us or (c) in compliance with the applicable laws or the order of regulatory authorities, governmental sections or any related regulatory authorities or (d) our legitimate interest or (e) other applicable lawful basis.
Regarding the abovementioned rights, we will disclose your personal data to the following persons:
The recipient of personal data from the ttb financial group |
Details
|
The companies in TMBThanachart Financial Group
|
We may disclose your personal data to the companies in TMBThanachart Financial Group for the specified purposes or according to your consent under this policy.
|
Third parties or service providers/contractors
|
We may hire third parties such as service providers, business partners, subcontractors including but not limited to our representative in abroad to act on behalf of us or support our selling activity to serve you. For this event, we may disclose your personal data to these parties, for example:
- IT system development companies,
- Marketing agencies,
- Researchers,
- Cloud services provider,
- Collection companies,
- Domestic and international financial transaction service providers
- National Digital ID providers,
- National Interbank Transaction Management and Exchange: NITMX providers
- Digital infrastructure service providers and database system providers for the information exchange between financial institutions providers,
- Other financial institutions in Thailand and abroad, etc.
- Securities Depository
- Clearing House
- Property Appraisal Company
|
Interested parties in right transferred and/or transactions right transferred assignees or mergers and acquisitions of the TMBThanachart Financial Group
|
In the event that we have conducted reorganization, debt restructuring, merger, right transfer, liquidation, or any other event of the same nature, we may have to disclose your personal data to
- Business Partner or
- Interested parties or
- Asset management companies, etc.
|
Government sectors and regulators
|
In order to comply with laws and regulations, we are obligated to disclose your personal data to
- Bank of Thailand (BOT),
- Anti-Money Laundering Office (AML),
- Revenue Department,
- Office of Insurance Commission (OIC),
- Office Securities and Exchange Commission (SEC),
- Courts,
- The Office of the Attorney-General or the Provincial Public Prosecution Office,
- Police,
- Legal Execution Department, etc.
|
Consultant or professional advisors
|
We may disclose your personal data to below parties for internal operations purposes:
- Auditor
- External auditors
- External Legal Advisor
- Credit Rating Company
- Credit Information Company
- Juristic persons or any person that signed contracts with the Bank including executives, employees, contractors, agents, and consultants that receive personal from the Bank.
|
Business Partners
|
For your best interest in receiving the best products and services, we may disclose your personal data to
- Insurance company for non-life and life insurance such as Thanachart Insurance Public Company Limited, Prudential Life Assurance (Thailand) Public Company Limited, Chubb Life Assurance Public.
- Asset Management companies such as Eastspring Asset Management (Thailand) Company Limited
- Dealer, tent in the car hire purchase business.
- Biller, etc.
|
5. Cookies Policy
We use cookies on our website to ensure good website performance, recognize your device, and remember your setting preferences to enhance your website browsing experience.
When you visit our website, cookies with different purposes will be applied based on the categories listed below.
- Strictly Necessary Cookies: These cookies are essential for the website to ensure website performance, security and enable website features. Our website or some functions cannot properly operate without these cookies. And the necessary cookies cannot be disabled.
- Functional Cookies: These cookies help our website to remember information and your setting preferences to provide more personalized features and facilitate your next visits. Without these cookies, our website may cannot provide smooth experiences and efficient function.
- Performance and Analytics Cookies: These cookies collect information about how you use our website such as number of visitors and website browsing behaviors. All information these cookies collect is aggregated and therefore anonymous. We use this type of cookie to understand how you use our website to improve website performance and enhance our services.
In addition, we also would like to use Targeting & Advertising Cookies to gather information about your browsing statistic in order to provide you with the advertisements that may interest you and to offer you the most relevant benefits. You can voluntarily choose to allow our website to collect these cookies by clicking the 'allow us' button. Declining these cookies will not impact your surfing activity on our website. However, by doing so, you may find the online advertisements you encounter may be less relevant to you.
If you would like to delete the Targeting & Advertising Cookies on ttbbank.com, please click here.
6. Privacy Policy of Employees, Ex-Employees and Job Applicants
We have announced the privacy policy of employees which explains the principle of collection storage, use, disclosure, including the rights of the data subject as follows https://www.ttbbank.com/en/policy/candidate
7. Data protection measures
We have set policies, guidelines and minimum standards for your personal data management covering administrative safeguard, technical safeguard, and physical safeguard to implement proper measures for personal data processing activities and data breach prevention, for instance, IT Security Standard or Data Protection Operating Procedures, etc. We have updated the policies, operating procedures, and minimum standards on a regular basis in line with relevant laws. Besides, we require our employees, outsources and service providers to maintain the confidentiality of your personal data in accordance with the agreements signed with us.
8. Cross-border personal data transfers
In the event that we have to send or transfer your personal data outside Thailand as part of the banking operations process, for example, sending or transferring personal data to be stored on the platform or servers located in foreign countries, sending or transferring international money transfer transactions (SWIFT) information to other financial institutions located abroad through service providers that act as intermediaries for handling international money transfers, etc. and we realize that the destination country has a lower data protection standard than ours, we will take necessary and appropriate measures to protect personal data in line with confidentiality and security standard including signing agreements with those countries to ensure that your personal data will be protected under personal data protection standards that equivalent to Thailand’s.
9. Rights of data subject
As you are the owner of your personal data in accordance with the Personal Data Protection Act, you can exercise your rights as follows:
- Right to withdraw One consent
You have the right to withdraw your consent for collecting, using, and disclosing your personal data at any time unless there is a legal limitation, or it states in the agreement that benefits you. The consent withdrawal will not affect the use of the products or services you have or any of your benefits as prescribed in the agreement.
- Right to object for direct marketing
You have the right to object to the collection, use and disclosure of personal data for direct marketing through specific channel such as email, SMS or letter for marketing purpose covering both products and services of the whole financial group and our business partners.
- Right to complain
You have the right to file a complaint to us or third parties that we hire or personal data processor including our employees or contractors or personal data processors that violating and not following the Personal Data Protection Act, related laws, and regulations.
- Right to rectification
You have the right to ask us to rectify the information so that the data is accurate, up-to-date, complete and does not cause misunderstanding.
- Right to get copy One Consent
You have the right to request to know and receive a copy of your One Consent given previously provided your most recent marketing and/or non-marketing consent to us.
- Right to access
You have the right to know and obtain a copy of your consent for marketing purposes provided to us, including requesting that we disclose information obtained from other sources.
- Right to data portability
You have the right to obtain information about you from us. If we have made the personal data in a format that is easily readable or usable by an automated tool or device and can use or disclose the personal data by automated means. Including the right to request that we send or transfer personal data in such form to another data controller when this can be done by automatic means and have the right to request personal data that we send or transfer personal data in such form directly to another data controller Unless due to technical conditions this cannot be done. We will only process information that you directly provide to us. or from an agent who can act on behalf of him according to law However, it does not cover internal information that we have prepared for use in conducting business within the TMB Thanachart financial business group in accordance with the law and to prevent risks that may occur to assets. our personnel and reputation, etc.
- Right to be forgotten
You have the right to ask us to delete or destroy or make personal data to be non-identifiable information if your personal data is no longer necessary, its retention period ends prescribed by related laws or regulations, or when personal data has been unlawfully collected, used, and disclosed.
- Right to restriction of data processing
You have the right to request us to suspend the use of personal data in the event that we are in the process of reviewing your request to exercise the right to request correction of personal information or the right to object to the collection, use, and disclosure of your personal information or you change your mind to ask us to suspend the use of personal data instead of deleting it from our storage after data retention period is expired for the establishment of legal rights, exercise of statutory claims or litigation of statutory claims.
If you are not over 20 years of age or are limited in the ability to do legal acts, you can request to exercise your right by your parents or the authorized persons to act on your behalf.
In addition, you have the right to file a complaint to the committee specialists in the event of us or our data processors including employees or contractors of the TMBThanachart Financial Group violate or not comply with the Personal Data Protection Act including but not limited to the secondary laws, ministerial regulations or any regulation issued under such laws.
Nevertheless, we have the right to refuse your request if such request is contrary to law or court order, or it affects the rights and liberties of other people, or it is a request that does not specify a valid reason, or we have technical limitations that cannot process your request. We are obliged to notify you in writing with the reason for the refusal.
10. Data retention period
We will store your personal data for the period necessary to achieve the purposes applicable to this Privacy Policy, or as required by law only. It has been documented as a policy and operating procedures regarding data archrival and data destruction and strictly comply with data security measures.
11. Your personal data which TMBThanachart Financial Group has collected before PDPA full enforcement
We have the right to collect, use and disclose your personal data that we have collected prior to the date of the Personal Data Protection Act shall full enforcement on 1 June 2022 according to the original purpose that you have given consent to us.
If you do not want us to collect, use and disclose your personal data anymore and that request is not against any law and not infringe on the privacy rights of others, you can request us to withdraw your consent via our provided channels at any time.
12. Data Subject Rights Exercise’s channels
As a data subject, you can contact all of us to exercise your rights prescribed in PDPA via the following channels:
Data Subject Rights |
Channels |
ttb’s Branch |
Contact Center 1428 |
ttb website
|
DPO email
|
ttb touch
|
RM
|
1. Right to withdraw consent
|
●
|
●
|
-
|
-
|
●
|
-
|
2. Right to object
|
●
|
●
|
-
|
-
|
-
|
-
|
3. Right to complain
|
●
|
●
|
●
|
-
|
-
|
●
|
4. Right to rectification
|
●
|
●
|
-
|
-
|
-
|
-
|
5. Right to get copy (fill-in request form) * |
●
|
●
|
-
|
-
|
-
|
-
|
6. Right to access (fill-in request form) *
|
●
|
-
|
-
|
●
|
-
|
●
|
7. Right to data portability (fill-in request form) *
|
●
|
-
|
-
|
●
|
-
|
●
|
8. Right to be forgotten when data retention is expired as required by law (fill-in request form) *
|
●
|
-
|
-
|
●
|
-
|
●
|
9. Right to restriction of data processing (fill-in request form) *
|
●
|
-
|
-
|
●
|
-
|
●
|
Remark: To contact DPO or exercise data subject rights under item 6-9, please fill-in the request form and submit to DPO of TMBThanachart Financial Group for consideration via email to dpo@ttbbank.com or via post to Data Protection Officer (DPO)
In this regard, we may review or update this policy from time to time to comply with the Personal Data Protection Act or secondary laws, regulations, new announcements of government agencies and will publish it on our website (https://www.ttbbank.com/en/policy/privacy) as soon as possible.
Version [May 2024]