Privacy Notice
Privacy Policy
Krungsri Capital Securities Public Company Limited ( the" Company" ,"we", "us" or "our") recognizes the importance of the protection of your Personal Data (as defined below).
This privacy notice (the "Privacy Notice") applies to the Personal Data of the following persons:
(1) Our clients
• Individual clients: our prospective, current and former individual clients, including natural persons related to such individual clients.
• Corporate clients: employees, personnel, officers, representatives, shareholders, authorized persons, members of the board of directors, contact persons, agents, and other natural persons in connection with our prospective, current and former corporate clients.
(2) Non-clients
• individual persons who are our former, existing, or future external service providers or vendors and individual persons related to our former, existing, or future external service providers or vendors.
• other individual persons who contact us through any channel, including anyone that visits our website, applications, offices, or branches.
Natural/individual persons, together as "you" or "your" and the individual client and the corporate client, together as the "Client".
This Privacy Notice describes how we collect, use, disclose and/or cross-border transfer your Personal Data which such Personal Data may be derived from our business operation, websites, mobile applications, call centers, events and exhibitions, online communication channels, other locations and any means where we collect, use, disclose, and/or cross-border transfer your Personal Data.
1. Personal data we collect, use, disclose, and/or cross-border transfer
"Personal Data"means any identified or identifiable information about you. We might collect your information in a variety of ways. We may collect your Personal Data directly from you (e.g. through our financial advisor, salesperson, marketing team, website, mobile application, or call center) or indirectly from other sources (e.g. social media, third party’s online platforms, and other publicly available sources) and through our affiliates, service providers, business partners, official authorities, or third parties (e.g. third-party custodians, sub-custodians, and brokers). Which specific types of data collected depends on your relationship with us, or the Client's relationship with us, or which services or products the Client requires from us.
"Sensitive Data"means Personal Data classified by law as sensitive data. We will only collect, use, disclose and/or cross-border transfer Sensitive Data if we have received your explicit consent or as permitted by law.
Individual Client
We will collect, use, disclose and/or cross-border transfer the following categories and types of your Personal Data, including but not limited to:
(a) Personal details, such as your title, name, surname, gender, age, occupation, job title, salary, income, source of income, work place, work position, education, nationality, date of birth, marital status, bankruptcy status, information on government-issued cards (e.g. national identification number, passport number, tax identification number, driver's license details), signature, voice recording, phone records, picture, CCTV records, house registration, and other identification information;
(b) Contact details,such as your address, telephone number, mobile number, fax number, email address, and other electronic communication ID;
(c) Account and financial details,such as your credit card and debit card information, account number and account type, prompt pay details, current assets, income and expenses, as well as payment details, service and product application details;
(d) Transaction details, such as the type of products (e.g. securities, derivatives, fixed income, mutual fund), price and quantity, order number, conditions (if any), trading history and balance, payment and transaction records relating to your assets, financial statements, liabilities, taxes, revenues, earnings and investments, source of wealth and funds, representation, trade information, default record, margin balance, and margin loan record;
(e) Technical details, such as your Internet Protocol (IP) address, web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform;
(f) Profile details,such as your account identifiers, username and password, PIN ID code for trading, interests and preferences, activities, investment objectives, investment knowledge and experience, and risk tolerance
(g) Usage details,such as information on how you use the websites, platform, products and services; and
(h) Other information,collected, used or disclose in connection with the relationship with us, such as information you give us in contracts, forms, surveys or questionnaires, or data collected when you participate in our business functions, seminars, or social events.
Corporate Client or Non-Clients
We will collect, use, disclose and/or cross-border transfer the following categories and types of your Personal Data, including but not limited to the followings:
(a) Identity Data,such as, first name, last name, title, age, gender, photos, information on CV, education, work-related information (e.g., position, function, occupation, job title, company you work for, employed at or holds shares of), information on government-issued cards (e.g., national identification number, passport number), percentage of shares, signatures, voice recording, phone records, CCTV records, house registration, and other identifiers;
(b) Contact Details,such as, telephone numbers, address, country, e-mail address, and other similar information;
(c) Personal data generated in connection with the Client's relationship with us,for example account opening, administration, operation, payment, settlement, processing and reporting, on behalf of the Client. Such Personal Data may include signatures, and your correspondence with us; and
(d) Other information, collected, used or disclosed in connection with the relationship with us, such as, information you give us in contracts, forms, surveys or questionnaires, or data collected when you participate in our business functions, seminars, or social events.
We will collect, use, disclose and/or cross-border transfer the following Sensitive Data about you:
(a) biometric data (such as facial recognition, fingerprint, iris) for the purposes of authentication and verification or for any transactions made by you through the service provided via our electronic channel;
(b) health data as necessary to ascertain the limitation of communication, decisions or health impairment for our information to render a service to you in compliance with the laws.
(c) criminal records for public interest in relation to protecting, dealing with and minimizing risks which may occur as a result of any illegal activities, such as money laundering, terrorism or public fraud; and
(d) information about race, religion or blood type as only appeared on your national identification card or identification document as evidence of identification to process transactions with us as required by law, or for establishment, compliance, exercise or defense of legal claims;
We will collect, use, disclose and/or cross-border transfer your Sensitive Data merely to the extent necessary to fulfill the purposes as mentioned above and we will procure appropriate measures in order to protect your fundamental rights and benefits.
2. The Purpose of collection, use, disclosure, and/or cross-border transfer your Personal Data
We may collect, use, disclose and/or cross-border transfer your Personal Datafor the following purposes.
2.1 Purpose for which consent is required
We rely on your consent to:
(a) provide marketing communications, special offers, campaigns, promotional materials about the products and services of the Company, our group companies and the third parties only for the cases that we cannot rely on other legal grounds, such as suggesting services or products which are not similar or not related to the services or products you have with us;
(b) collect, use, and/or disclose your Sensitive Data for the following purposes:
(i) biometric data (e.g. facial recognition, fingerprint, iris) for authentication and verification or for any transactions made by you through the service provided via our electronic channel;
(ii) health data as necessary to ascertain the limitation of communication, decisions, health impairment, or to provide facilitation, only for the cases that we cannot rely on other legal grounds;
(iii) criminal records for background check only for the cases that we cannot rely on other legal grounds;
(iv) sensitive data as shown in the identification document (e.g. race, religion, or blood type) for the purpose of authentication and verification only for the cases that we cannot rely on other legal grounds; and
(c) cross-border transfer your Personal Data to a destination country which may not have an adequate level of Personal Data protection, for which consent is required by law.
(d) collect and use your Personal Data to conduct research, analyze, and profiling in relation to you for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
In the event that we rely on your consent for collection, use, disclose, and/or cross-border transfer your Personal Data, you have the right to withdraw your consent at any time. This can be done so, by contacting us or our Data Protection Officer per the contact details specified in clause 9. The withdrawal of consent will not affect the lawfulness of the collection, use, disclosure, and/or cross-border transfer of your Personal Data based on your consent before it was withdrawn.
2.2 Purpose for which we may rely on other legal grounds for collection, use, disclosure, and/or cross-border transfer your Personal Data
We may collect, use, disclose, and/or cross-border transfer your Personal Data by relying on the following legal grounds: (1) a contractual basis, for our initiation or fulfillment of a contract with you; (2) a legal obligation; (3) the legitimate interest of ourselves and third parties, to be balanced with your own interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health; or (5) public interest, for the performance of a task carried out in the public interest or for the exercise of official actions.
We rely on the legal grounds in (1) to (5) above for the following purposes of collection, use, disclosure, and/or cross-border transfer of your Personal Data:
Individual Client
(a) contacting you prior to your entering into a contract with us;
(b) processing applications for account opening, account maintenance, and operations relating to your accounts, including without limitation, processing your applications or requests for services or products, processing your transactions, generating your account statement, and operating and closing your accounts;
(c) providing services to you, such as financial planner/advisor, securities brokerage, securities dealing, securities underwriting, mutual fund management, investment advisory, securities lending and borrowing, derivatives brokerage, derivatives advisory, and other services which we may hold the license in the future, from time to time and dealing with all matters relating to the services;
(d) administration for the payment or collection of fees or other expenses relating to the services, including tax filing or tax exemption;
(e) providing investment products, offering choices to you (including investment products of third parties) from time to time and dealing with all matters relating to the investment products;
(f) negotiation, communication, or managing your relationship with us and administration of your account with us;
(g) preventing you with certain limitations (e.g. elderly person) from engaging in certain types of transactions for the purpose of damage control;
(h) carrying out your instructions or responding to your inquiries or feedback, and resolving your complaints;
(i) conducting identity verification and credit checks, know-your-customer (KYC) and customer due diligence (CDD) processes, other checks and screenings, and ongoing monitoring that may be required under any applicable law;
(j) preventing, detecting and investigating fraud, misconduct, or any unlawful activities, whether or not requested by any governmental or regulatory authority, and analyzing and managing risks;
(k) complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from court, any governmental, tax, law enforcement or other authorities or regulators (whether local or foreign), such as the Stock Exchange of Thailand, Thailand Futures Exchange, Thailand Securities Depository, Thailand Clearing House, Office of the Securities and Exchange Commission of Thailand, Bank of Thailand, Anti-Money Laundering Office, and Thai Revenue Department;
(l) managing our infrastructure, internal control, internal audit and business operations and complying with our policies and procedures that may be required by applicable laws and regulations including those relating to risk management and control, security, audit, finance and accounting, systems and business continuity;
(m) addressing or investigating any complaints, claims or disputes;
(n) provide marketing communications, information, special offers, campaigns, promotional materials about the products and services of the Company, our affiliates and subsidiaries and the third parties;
(o) developing new services and products and updating you on our services and products from time to time;
(p) carrying out research, planning and statistical analysis, credit and risk analysis, for example, on your investment limit and investment behavior, for the purpose of developing and/or offering our services and products;
(q) organizing our promotional campaign or events, conferences, seminars, and company visits (including the use of photographs taken at our events which may include you);
(r) enforcing our legal or contractual rights including, but not limited to, recovering any and all amounts owed to us;
(s) facilitating financial audits to be performed by an auditor, or receiving legal advisory services from legal counsel appointed by you or us;
(t) performing our obligations under any agreements to which we are a party, e.g. agreements with our business partners, vendors, or other asset management companies, or under which we are acting as an agent;
(u) for administration of access to our premises and/or applicable systems, including the use of your photograph for such purpose;
(v) for contacting next of kin and arranging medical attention in connection with death, illness or injury of personnel which occurs in our premises or areas of our activities (this may include the next of kin’s Personal Data as well as your own);
(w) for legal proceedings (including prospective legal proceedings); and
(x) establishing, exercising or defending legal rights;
If the Personal Data we collect from you is required to meet our legal obligations or enter into an agreement with you, we may not be able to provide (or continue to provide) our products and services to you if we cannot collect your Personal Data when requested.
Corporate Client
(a) Business communication, such as, communicating with the Client about our products or services, e.g., by responding to inquiries or requests;
(b) The Client selection, such as, verifying your identity and the Client status, conducting due diligence or any other form of background checks or risk identification on you and the Client (including screening against publicly available government law enforcement agency and/or official sanctions lists as required by law), evaluating suitability and qualifications of you and the Client, issuance of request for quotation and bidding, execution of contract with you or the Client;
(c) The Client data management, such as, maintaining and updating lists/directories of the Clients (including your Personal Data), keeping contracts and associated documents in which you may be referred to;
(d) Relationship management, such as, planning, performing, and managing the (contractual) relationship with the Client, e.g., by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, providing support services;
(e) Business analysis and improvement, such as, conducting research, data analytics, assessments, surveys and reports on our products, services and the Client's performance, development and improvement of marketing strategies and products and services;
(f) IT systems and support, such as providing IT and helpdesk supports, creating and maintaining code and profile for you, managing your access to any systems to which we have granted you access, removing inactive accounts, implementing business controls to enable our business to operate, and to enable us to identify and resolve issues in our IT systems, and to keep our systems secure, performing IT systems development, implementation, operation and maintenance;
(g) Security and system monitoring, such as authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, prevention and solving crimes, as well as risk management and fraud prevention;
(h) Dispute handling, such as solving disputes, enforcing our contracts, establishing, exercising or defense of legal claims;
(i) Internal investigation, any investigation, complaints and/or crime or fraud prevention;
(j) Internal compliance, such as compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines;
(k) Compliance with laws and government authorities, such as liaising and interacting with and responding to government authorities or courts;
(l) Marketing purposes, such as informing you of our news and publications which may be of interest, events, offering new services, conducting surveys;
(m) Complying with reasonable business requirements, such as management, training, auditing, reporting, control or risk management, statistical, trend analysis and planning or other related or similar activities.
Non-clients
(a) process the request of external service providers or vendors prior to entering into an agreement, or to comply with an agreement which external service providers or vendors enter into with us;
(b) for the benefit to perform the contract between external service providers or vendors, such as procurement, inspection, payment of goods and services, relationship management, evaluate the work according to the agreements specified in the purchase order, contract, or other documents relevant to the procurement process;
(c) for our internal management, administration, development, internal audit, and to conduct our business operations which include administration and development of products and/or services (including websites and applications), research (e.g. surveys or questionnaires, interview, fraud prevention and detection, crime prevention, maintenance of information technology systems);
(d) for the benefit to protect security, such as provision of security measures, including information technology systems, such as access to our premises, log in, or access to websites or applications;
(e) to contact, inform news and privileges via letters, mails, telephone, fax, emails, applications, applications, or social media;
(f) to comply with all applicable laws, regulations, rules, directives, orders, instructions and requests from court, any governmental, tax, law enforcement or other authorities or regulators (whether local or foreign);
(g) dispute handling, such as solving disputes, enforcing our contracts, establishing, exercising or defense of legal claims.
3. How we disclose or transfer your Personal Data
We may disclose or transfer your Personal Data to the following third parties (including their personnel and agents) whether in or outside Thailand for processing Personal Data in accordance with the purposes under this Privacy Notice. You can visit their privacy notice to learn more details on how they process your Personal Data.
3.1 Group of Company
As we are a company in the financial group of Bank of Ayudhya Public Company Limited (“Krungsri Group”), we may need to disclose or transfer your Personal Data to other companies within Krungsri Group, including MUFG Bank Ltd. and its affiliates, as well as Mitsubishi UFJ Financial Group, or otherwise allow access to such Personal Data by, other companies within Krungsri Group for the purposes set out above.
3.2 Our service providers
We may use other companies, agents or contractors to provide services to us, or to perform services on our behalf or to assist with the provision of products and services to Client. We may share your Personal Data to these service providers, including but not limited to: (a) IT service providers; (b) research agencies; (c) analytics service providers; (d) survey agencies; (e) marketing, advertising media and communications agencies; (f) payment service providers; and (g) administrative and operational service providers.
In the course of providing these services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we will ask them not to use your Personal Data for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
3.3 Our business partners
We may transfer your Personal Data to persons acting on your behalf or otherwise involved in the provision of the type of product or service you receive from us, including but not limited to payment recipients, beneficiaries, account nominees, intermediaries (such as third-party securities companies, or asset management companies), custodians, correspondents, agents, vendors, co-brand business partners, market counterparties, issuers of products, or global trade repositories to whom we disclose Personal Data in the course of providing products and services to you or whom you authorize us to disclose your Personal Data to.
3.4 Third parties permitted by law
In certain circumstances, we may be required to disclose or share your Personal Data to a third party in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party for which we believe disclosure or transfer is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party's or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
3.5 Professional advisors
We may disclose or transfer your Personal Data to our professional advisors relating to audit, legal, accounting, and tax services who assist in running our business and defending or bringing any legal claims.
3.6 Third parties as assignees, transferees, or novatees
We may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under the terms and conditions of any contract between you and us, or between Client and us, or between other juristic person with us. We may disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees.
3.7 Third parties connected with business transfer
We may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees, prospective assignees, transferees, or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets, or stock. If any of the above events occur.
When we transfer Personal Data to the third parties, we will take steps to ensure the protection of your Personal Data, such as confidentiality arrangements or other appropriate security measures as required by law.
4. International transfers of your Personal Data
We may disclose or transfer your Personal Data to third parties or servers located overseas, and the destination countries may or may not have the same data protection standards as Thailand. We will take steps and measures to ensure that your Personal Data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.
5. How long do we keep your Personal Data
We retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which we have obtained it as set out in this Privacy Notice, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for longer duration, if required by applicable law.
6. Other important information about your Personal Data
6.1 Cookies and how they are used
If you visit our websites, we will gather certain information automatically from you by using Cookies. Cookies are tracking technologies that are used in analyzing trends, administering our websites, tracking users’ movements around the websites, and remembering users’ settings.
Most Internet browsers allow you to control whether or not to accept Cookies. If you reject Cookies, your ability to use some or all of the features or areas of our websites may be limited.
You can study details of our Cookies Policy at www.krungsricapital.com/en/convention/cookies.aspx
6.2 Personal Data related to minors
Our activities are not generally aimed at minors and we do not knowingly collect Personal Data from customers who are minors (those who have not reach the legal age (20 years of age or by marriage)) without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. If you are a minor, quasi-incompetent or incompetent person and wish to engage in a contractual relationship with us, you must obtain the consent from your parent or legal guardian prior to contacting us or providing us with your Personal Data. If we learn that we have unintentionally collected Personal Data from any minor without parental consent when it is required, or from quasi-incompetent person or incompetent person without their legal guardians' consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent.
6.3 Personal Data related to third parties
If you provide the Personal Data of any third party (such as your spouse, children, family members, shareholders, directors, beneficiary, emergency contact, referral, and references) to us, e.g. their name, family name, email address, and telephone number, you should ensure that you have the authority to do so and to permit us to use the Personal Data in accordance with this Privacy Notice. You are also responsible for notifying the third party of this Privacy Notice and, if required, obtaining consent from the third party or rely on other legal basis.
7. Your rights with regard to your Personal Data
Subject to the applicable laws and exceptions thereto, you may have the following rights regarding your Personal Data:
(a) Access: you may have the right to access or request a copy of the Personal Data we are processing about you;
(b) Data Portability: you may have the right to obtain Personal Data hold about you, in a structured, electronic format, and to transmit this data to another data controller;
(c) Objection: in some circumstances, you may have the right to object to how we process your Personal Data in certain activities which specified in this Privacy Notice;
(d) Deletion or Destruction: you may have the right to request that we delete, destroy, or de-identify your Personal Data that we process about you, e.g. if the data is no longer necessary for the purposes of processing;
(e) Restriction: you may have the right to restrict our processing of your Personal Data if you believe such data to be inaccurate, that our processing is unlawful, or that we no longer need to process this data for a particular purpose;
(f) Rectification: you may have the right to have Personal Data that is incomplete, inaccurate, misleading, or out-of-date rectified;
(g) Consent withdrawal: you may have the right to withdraw consent that was given to us for the processing of your Personal Data, unless there are restrictions on the right to withdraw consent as required by the law, or a contract that benefits you; and
(h) Lodge a complaint: you may have the right to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliance with applicable data protection law.
8. Changes to this Privacy Notice
From time to time, we may change or update this Privacy Notice. We encourage you to read this Privacy Notice carefully and periodically revisit www.krungsricapital.com/en/convention/privacy.aspx to review any changes that may occur in accordance with the terms of this Privacy Notice. We will notify you if there are material changes to this Privacy Notice.
9. Contacting Us
If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries or complaints about your Personal Data under this Privacy Notice, please contact us or our Data Protection Officer via the following avenues:
(a) Krungsri Capital Securities Public Company Limited
25 Bangkok Insurance Building, 15th – 17th floor, South Sathorn Road,
Sathorn, Bangkok 10120, Thailand
Tel. 02 638 5500
(b) Data Protection Officer
Email: dpc@krungsricapital.com
MARCH 2023
Privacy Notice for Shareholders and Debenture Holders
Krungsri Capital Securities Public Company Limited (the "Company," "we," "us," or "our") recognizes the importance of the protection of the Personal Data of shareholders and debenture holders (hereinafter collectively referred to as “you”). We therefore created this Privacy Notice for Shareholders and Debenture Holders ("Privacy Notice") to describe how we collect, use, disclose and/or cross-border transfer your Personal Data as follows:
1. Personal Data we collect, use, disclose and/or cross-border transfer
1.1 Shareholder, debenture holder, attorney, or proxy
We will collect the Personal Data of shareholder, debenture holder, including attorney or proxy when you reserve our shares or debentures or become a shareholder or debenture holder. We will collect the Personal Data directly from you or through a securities broker or registrar. The Personal Data we collect includes name, surname, address, telephone number, email, contact methods, occupation, date of birth, tax ID, identification number, passport number, juristic person registration number, nationality, bank account, number of shares, etc.
1.2 When you participate in any of our activities, we may collect additional Personal Data by requesting your consent if required by related laws on a case-by-case basis.
1.3 We may need to collect special categories of Personal Data as defined by personal data protection law (“Sensitive Data”). We will collect, use, disclose, and/or cross- border transfer your Sensitive Data when we obtain the explicit consent from you or in the case that the laws permit us to do so without obtaining your consent. Your Sensitive Data which we will collect, use, disclose, and/or cross-border transfer are as follows:
(a) biometric data (e.g. facial recognition, fingerprint) for authentication and verification or for executing the transaction via our electronic method or device;
(b) health data as necessary to ascertain your limitation to communicate, make independent decisions or health impairment for the purpose of selection, background or qualification screening, and monitoring;
(c) criminal records for public interest in relation to protecting, dealing with and minimizing risks which may occur as a result of any illegal activities, such as money laundering, terrorism or public fraud; and
(d) race, religion, or blood type as only appeared on copies of your national identification card or other identification document as evidence for establishment, compliance, exercise or defense of legal claims;
We will collect, use, disclose and/or cross-border transfer your Sensitive Data merely to the extent necessary to fulfill any of the purposes as mentioned above and we will procure appropriate measures in order to protect your fundamental rights and benefits.
2. The Purpose of collection, use, disclosure and/or cross-border transfer your Personal Data
We may collect, use, disclose and/or cross-border transfer your Personal Data for the following purposes.
2.1 For compliance with a legal obligation to which we are subject e.g. company management (for example, setting up, capital increase, capital reduction, business restructuring, change of registration items), shareholders meeting, management of rights and duties of shareholders or debenture holders, dividend payment, interest payment of debentures, accounting and legal inspection reports, deliveries of documents or books, including duties under the laws governing a public company limited or security companies, etc.
2.2 For the purposes of the legitimate interests pursued by us or by a third party e.g. to manage companies, to record video or audio in meetings, to internal audit, to protect security, to organize events, to send news or offers for the benefit of shareholder or debenture holder, to establish legal claims, etc.
2.3 To protect vital interests of you or of another person, for instance, make contact in case of emergency and control and prevent disease.
2.4 For the purpose of corporate governance and internal audit according to the standard of parent company, affiliated company, or other entities in Krungsri Capital Group.
Failure to provide certain information when requested, may affect our performance of contractual or legal obligations, which may affect the selection process, the management of rights and duties of shareholders or debenture holders, etc.
In addition, in the case that we rely on your consent for collection, use, disclose, and/or cross border transfer your Personal Data, you have the right to withdraw your consent at any time. This can be done so, by contacting us or our Data Protection Officer per the contact details specified in this Privacy Notice. The withdrawal of consent will not affect the lawfulness of the collection, use, disclosure, and cross-border transfer of your Personal Data based on your consent before it was withdrawn.
3. How we disclose or transfer your Personal Data
We may disclose or transfer your Personal Data to the following third parties (including their personnel and agents) who process Personal Data in accordance with the purposes under this Privacy Notice. These third parties may be located in or outside Thailand. You can visit their privacy policies to learn more details on how they process your Personal Data.
3.1. Group of Company
We may need to transfer your Personal Data to, or otherwise allow access to such Personal Data by, other entities in Nomura Group for the purposes set out above.As we are a company in the financial group of Bank of Ayudhya Public Company Limited (“Krungsri Group”), we may need to disclose or transfer your Personal Data to other companies within Krungsri Group, including MUFG Bank Ltd. and its affiliates, as well as Mitsubishi UFJ Financial Group, or otherwise allow access to such Personal Data by, other companies within Krungsri Group for the purposes set out above.
3.2. Our service providers
We may use other agents or contractors to perform services on our behalf for any operation related to the meeting or other activities attended by you. We may share your Personal Data to these service providers, including but not limited to: (a) IT service providers; (b) analytics service providers; (c) payment service providers; and (d) administrative and operational service providers.
In the course of providing these services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we will ask them not to use your Personal Data for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure.
3.3. Our business partners
We may transfer your Personal Data to persons acting on your behalf, including payment recipients, beneficiaries, account nominees, intermediaries (such as third-party securities companies, or asset management companies), custodians, correspondents, agents, vendors, market counterparties related to the holding of shares or debentures, and whom you authorize us to disclose your Personal Data to, provided that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Notice.
3.4. Third parties permitted by law
In certain circumstances, we may be required to disclose or share your Personal Data to a third party in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority (such as Ministry of Commerce, Office of the Securities and Exchange Commission, the Stock Exchange of Thailand, Thailand Securities Depository Co., Ltd.) or other third party for which we believe disclosure or transfer is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party's or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
3.5. Professional advisors
We may disclose or transfer your Personal Data to our professional advisors relating to audit, legal, accounting, and tax services who assist in running our business and defending or bringing any legal claims.
3.6. Third parties as assignees, transferees, or novatees
We may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under the terms and conditions of any contract between you and us. We may disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Notice.
3.7. Third parties connected with business transfer
We may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees, prospective assignees, transferees, or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets, or stock. If any of the above events occur, the data recipient will comply with this Privacy Notice to respect your Personal Data.
4. Cross-border transfers of your Personal Data
We may disclose or transfer your Personal Data to third parties or servers located overseas, and the destination countries may or may not have the same data protection standards as Thailand. We will take steps and measures to ensure that your Personal Data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.
5. How long do we keep your Personal Data
We retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which we have obtained it as set out in this Privacy Notice, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for longer duration, if required by applicable law.
6. Other important information about your Personal Data
6.1. Cookies and how they are used
If you visit our websites, we will gather certain information automatically from you by using Cookies. Cookies are tracking technologies that are used in analyzing trends, administering our websites, tracking users’ movements around the websites, and remembering users’ settings. Most Internet browsers allow you to control whether or not to accept Cookies. If you reject Cookies, your ability to use some or all of the features or areas of our websites may be limited.
6.2. Personal Data related to third parties
If you provide the Personal Data of any third party (such as your spouse, children, family members, shareholders, directors, beneficiary, emergency contact, referral, and references) to us, e.g. their name, family name, email address, and telephone number, you should ensure that you have the authority to do so and to permit us to use the Personal Data in accordance with this Privacy Notice. You are also responsible for notifying the third party of this Privacy Notice and, if required, obtaining consent from the third party or rely on other legal basis.
7. Your rights with regard to your Personal Data
Subject to the applicable laws and exceptions thereto, you may have the following rights regarding your Personal Data:
(a) Access: you may have the right to access or request a copy of the Personal Data we are processing about you;
(b) Data Portability: you may have the right to obtain Personal Data hold about you, in a structured, electronic format, and to transmit this data to another data controller;
(c) Objection: in some circumstances, you may have the right to object to how we process your Personal Data in certain activities which specified in this Notice;
(d) Deletion or Destruction: you may have the right to request that we delete, destroy, or de-identify your Personal Data that we process about you, e.g. if the data is no longer necessary for the purposes of processing;
(e) Restriction: you may have the right to restrict our processing of your Personal Data if you believe such data to be inaccurate, that our processing is unlawful, or that we no longer need to process this data for a particular purpose;
(f) Rectification: you may have the right to have Personal Data that is incomplete, inaccurate, misleading, or out-of-date rectified;
(g) Consent withdrawal: you may have the right to withdraw consent that was given to us for the processing of your Personal Data, unless there are restrictions on the right to withdraw consent as required by the law, or a contract that benefits you; and
(h) Lodge a complaint: you may have the right to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliance with applicable data protection law.
8. Changes to this Privacy Notice
From time to time, we may change or update this Privacy Notice. We encourage you to read this Privacy Notice carefully and periodically revisit www.krungsricapital.com to review any changes that may occur in accordance with the terms of this Privacy Notice. We will notify you if there are material changes to this Privacy Notice.
9. Contacting Us
If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries or complaints about your Personal Data under this Privacy Notice, please contact us or our Data Protection Officer via the following avenues:
(a) Krungsri Capital Securities Public Company Limited
25 Bangkok Insurance Building, 15th – 17th floor, South Sathorn Road, Sathorn, Bangkok 10120, Thailand Tel. 02 638 5500
(b) Data Protection Officer
Email address: dpc@krungsricapital.com
MARCH 2023
