Twelve Victory Exchange

Privacy Policy

Policy of Personal Data Protection Act,B.E. 2562 (2019)

Twelve Victory Exchange Co., Ltd.

Effective from 1 June, 2022.

By ensuring all of your personal data is safe, Twelve Victory Exchange Co., Ltd., hereby referred to as the "Company," understands the importance and responsibilities under the Personal Data Protection Act,B.E. 2562 (2019).

The Company has formed this policy to notify customers and users of the systems that deliver the Company's services about the acquisition of personal data in accordance with legitimate and acceptable measures under awareness or consent according to the following details:

1. Policy's scope of coverage.

This policy applies to personal data received or to be received by the Company from individual customers, juristic persons accessing currency exchange services, and system users for whom the Company provides services through branches, websites, telephones, electronic channels, and various social media applications, as well as any person who is connected to the Company's services, such as a reference or emergency contact, business partners, professional consultants, and so on.

2. Personal data collected, used, and/or disclosed by the Company.

2.1 Personal Data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular;

2.2 Definition of Data collecting.

2.1.1 Personal information: name, surname, gender, date of birth, age, marital status, nationality, ID card number, passport number, and signature.

2.1.2 Contact information: address, phone number, email address, Line ID, and others.

2.1.3 Information of ownership: Company certificates, shareholder lists, and so on.

2.1.4 Financial and transaction information: bank account numbers, credit card numbers, source of funds, transaction history, and foreign currency transaction information.

2.1.5 Other information: cookie ID, photos, and videos captured by surveillance cameras during service point transactions, and others.

2.3 Sensitive Personal Data means the data which specifically requires by law, such as race, religion, criminal history, health information, disability, labor union information, genetic information, biometric information, or any other similar information required by law for the purpose of verifying the user's identity, is referred to as sensitive personal information. Still and moving recordings received from surveillance cameras at the Company's service points or branches, must be handled with extreme caution. Only with your consent or if required by law, will the Company collect, use, and/or disclose sensitive personal data.

3. Personal Data source.

3.1 The Company will collect data from you when you use the Company's foreign exchange trading services or conduct any online transactions of any kind, as well as information about your participation in activities on the Company's online media or information obtained from your contact with the Company or its employees.

3.2 When you provide the Company with personal data for third parties, you certify that you have informed and got permission from the information's owner for the collection, use, and disclosure of such personal data for the Company's purposes.

4. Purpose of collecting personal data.

The following are the purposes for which the Company collects, uses, or discloses your personal data in accordance with the data processing guidelines.

1. To consider and comply with the Bank of Thailand's requirements on identity verification between you and the Company, this includes essential procedures such as contacting you to get credentials and data from you for transactions.

2. To abide by the laws and regulations of the authorities that govern the Company, such as the Anti-Money Laundering Law, the Law on Financial Support for Terrorism and the Proliferation of Weapons of Mass Destruction, and the Tax Law, which the Company is required to follow both domestically and internationally.
3. To develop a database and use the data to offer various benefits or for the purpose of analysis and/or service offers, any products of the Company to develop and improve marketing, products, and services to meet the demands of customers.
4. To process as per your request, in which you file a request to the company.
5. To deliver receipts, letters, and/or other associated documents including electronically media as SMS and Email
6. To safeguard the Company's legitimate interests, including but not limited to the exercise of legal claims, the security of premises and assets, information analysis, service quality assurance, internal and external auditor inspections, information technology and network security, and risks.
7. To resolve any issues, you may have with the Company.
8. In the case that it is required by law, or if the Company has no reason to use the aforementioned guidelines to process personal data which received from you, the Company will seek for your consent based on necessity and the legitimate interests of the Company or other people or juristic persons that will not infringe on your fundamental rights or freedoms.

Disclosure of your personal data.

The Company is solely required to reveal your personal data to the third parties, whether legal entities or natural persons, to the extent needed for the marketing purpose or the provision of services.

1. Business partners who may be legal entities or natural persons to perform the services provided to you.
2. A legal Company or natural person that the Company finds suitable to provide services to you is referred to as a Service Provider. The Company uses service providers such as foreign exchange operators as franchisees, including the Company's branches, document storage, document publication, and document delivery services, among others.
3. Any agency or other person obliged by law to disclose information, such as the Bank of Thailand, the Anti-Money Laundering Office, National Credit Bureau Co.,Ltd., police station, court, legal execution department, and other agencies.

Sending or transferring personal data to foreign countries.

As part of the Company's business operations, the Company may need to send or transfer your personal data to affiliated companies located abroad, send or transfer data to other recipients, such as sending or transferring personal data for storage on the Server, or Cloud abroad, where the Company will consider whether the destination country has adequate personal data protection standards as required by law.

Retention and retention period of your personal data.

The Company will store your personal information for as long as you are a customer or have a relationship with the Company as necessary to accomplish the expectation set forth in this Company Policy while adhering to legal and regulatory requirements. For example, the Anti-Money Laundering law requires the Company to keep your data for ten years from the day you terminate your contract with the Company unless the Company is pursuing a legal claim or is in the middle of a judicial proceeding until the matter is concluded. If the Company no longer requires personal data, it will remove it from the system and/or process it so that it is no longer identifiable. As a result of data retention obligations imposed by applicable legislation, you can no longer be identified from such information.

How does the business safeguard your personal data.

To ensure proper security in the personal data and to avoid personal data breaches, the Company will keep your personal data in compliance with the technical measures and organizational measures. The Company has implemented personal data protection policies, rules, and laws, including safeguards to prevent receivers of Company information from using or disclosing information for purposes other than those intended, without authorization, or in an unauthorized manner. The Company has made required and appropriate revisions to its policies, rules, and regulations on a regular basis. Furthermore, executives, employees, beneficiaries, representatives, consultants, and recipients of data from the Company are required to keep personal data confidential in accordance with the Company's confidentiality policies.

Rights of personal data owners.

personal data owners' rights relate to the legal rights you have in connection to your personal data, which you can exercise with the Company under the criteria set forth by law and the Company's rights management framework, which are as follows:

1. Right to withdraw your consent: if you have given the Company your approval for the collection, use, and disclosure of your personal data, you have the right to withdraw your consent at any time, unless you are bound by a legal obligation or a contract that provides you with benefits. Withdrawing your consent may prevent you from utilizing products and/or services, such as not receiving new advantages, promotions, or offers, not receiving better and more consistent products or services tailored to your needs, or not receiving data, which is helpful to you, among other things. Before withdrawing your consent, you should study and inquire about the impact.

2. Right of access to personal data: you have the right to seek access to personal data, as well as a copy of such data from the Company, as well as a disclosure of the Company's acquisition of private data.

3. Right to transfer of personal data: if the Company has supplied your personal data in a format that can be read or generally used by automated tools or devices, and that such personal data can be disclosed by automated tools or devices, you have the right to acquire it. You also have the right to request that the Company transmit or transfer your personal data in an automated format to other personal data administrators, and to receive personal data that the Company sends or transfers in an automated format to other personal data administrators directly unless it's impossible to operate owing to technological difficulties.

Your personal data must, however, be personal information that you have granted the Company permission to collect, use, and/or disclose. Or it's personal information that the Company needs to collect, use, and/or disclose in order for you to use the Company's services according to your wishes, or for use in the processing of your request prior to using the Company's services, or as other personal information as required by law enforcement.

4. Right to object to personal data processing: if the collection, use, and/or disclosure of your personal data is done for the Company's legitimate interests, and not to the extent that you can reasonably expect, you have the right to object to the processing of your personal data unless the Company can show that there are legal grounds that are more essential than your fundamental rights, such as to confirm legal compliance or defend legal action, as the case may be.

5. Right to request erasure or destruction of personal data: if you consider your personal data has been improperly obtained, used, or disclosed, you have the right to request that the Company delete or destroy it, or make it non-personally identifiable. Or the Company determines that it is no longer necessary to keep it for the purposes of this policy, or when you have exercised your right to withdraw your permission or object to information processing as described above.

6. Right to request suspension of use of personal data: in the case that the Company is examining your request to exercise the right to correct personal data or object to the processing of your personal data, you have the right to request that the Company temporarily halt the use of your personal data. Alternatively, if the Company is no longer required and is required by law to delete or destroy your personal data, but you prefer that the Company cease its usage instead.

7. Right to rectification of personal data: you have the right to request that the Company amend your personal data so that it is accurate, current, and complete, and that it does not cause confusion. According to the Company's procedures, you can amend your personal data.

8. Right to complaint: if you consider that the collection, use, or disclosure of your personal data is in violation of or fails to comply with the legislation, you have the right to file a complaint with a legal authority.

Your ability to exercise the above rights may be limited by relevant legislation, and the Company may decline or fail to comply with your request to exercise the aforementioned rights in certain circumstances. For example, the Company may be obligated to comply with the law or a court order, or the exercise of such right may infringe on other people's rights or liberties, or the Company may be required to make claims under applicable laws to maintain such data. The reason for the refusal will be communicated to you by the Company.

If you want to exercise any of the foregoing rights, you can do so by contacting the Company and requesting a request for the exercise of the personal data subject's rights.

Changes to personal data Protection Policy.

The Personal Data Protection Policy will be reviewed on a regular basis by the Company to ensure compliance with current practices and laws. If the Company's Personal Data Protection Policy changes, the Company will notify you by posting the new information on its website.

Channels to contact the Company and the Personal Data Protection officers.

You can contact the Company if you have any suggestions or would like more information about the policy: contact information.

Company ……………………………….

Corporate Communications Business Development Department

No. ...............................................

Tel. ........................................

E-Mail: ...............................................

Personal Data Protection Officer

No. ...............................................

Tel. ........................................

E-Mail: ...............................................

(..........................................)

Director