Effective from 1 June, 2022.
By ensuring all of your personal data is safe, Twelve Victory Exchange Co., Ltd., hereby referred to as the "Company," understands the importance and responsibilities under the Personal Data Protection Act,B.E. 2562 (2019).
The Company has formed this policy to notify customers and users of the systems that deliver the Company's services about the acquisition of personal data in accordance with legitimate and acceptable measures under awareness or consent according to the following details:
1. Policy's scope of coverage.
This policy applies to personal data received or to be received by the Company from individual customers, juristic persons accessing currency exchange services, and system users for whom the Company provides services through branches, websites, telephones, electronic channels, and various social media applications, as well as any person who is connected to the Company's services, such as a reference or emergency contact, business partners, professional consultants, and so on.
2. Personal data collected, used, and/or disclosed by the Company.
2.1 Personal Data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular;
2.2 Definition of Data collecting.
2.1.1 Personal information: name, surname, gender, date of birth, age, marital status, nationality, ID card number, passport number, and signature.
2.1.2 Contact information: address, phone number, email address, Line ID, and others.
2.1.3 Information of ownership: Company certificates, shareholder lists, and so on.
2.1.4 Financial and transaction information: bank account numbers, credit card numbers, source of funds, transaction history, and foreign currency transaction information.
2.1.5 Other information: cookie ID, photos, and videos captured by surveillance cameras during service point transactions, and others.
2.3 Sensitive Personal Data means the data which specifically requires by law, such as race, religion, criminal history, health information, disability, labor union information, genetic information, biometric information, or any other similar information required by law for the purpose of verifying the user's identity, is referred to as sensitive personal information. Still and moving recordings received from surveillance cameras at the Company's service points or branches, must be handled with extreme caution. Only with your consent or if required by law, will the Company collect, use, and/or disclose sensitive personal data.
3. Personal Data source.
3.1 The Company will collect data from you when you use the Company's foreign exchange trading services or conduct any online transactions of any kind, as well as information about your participation in activities on the Company's online media or information obtained from your contact with the Company or its employees.
3.2 When you provide the Company with personal data for third parties, you certify that you have informed and got permission from the information's owner for the collection, use, and disclosure of such personal data for the Company's purposes.
4. Purpose of collecting personal data.
The following are the purposes for which the Company collects, uses, or discloses your personal data in accordance with the data processing guidelines.
1. To consider and comply with the Bank of Thailand's requirements on identity verification between you and the Company, this includes essential procedures such as contacting you to get credentials and data from you for transactions.
Disclosure of your personal data.
The Company is solely required to reveal your personal data to the third parties, whether legal entities or natural persons, to the extent needed for the marketing purpose or the provision of services.
As part of the Company's business operations, the Company may need to send or transfer your personal data to affiliated companies located abroad, send or transfer data to other recipients, such as sending or transferring personal data for storage on the Server, or Cloud abroad, where the Company will consider whether the destination country has adequate personal data protection standards as required by law.
The Company will store your personal information for as long as you are a customer or have a relationship with the Company as necessary to accomplish the expectation set forth in this Company Policy while adhering to legal and regulatory requirements. For example, the Anti-Money Laundering law requires the Company to keep your data for ten years from the day you terminate your contract with the Company unless the Company is pursuing a legal claim or is in the middle of a judicial proceeding until the matter is concluded. If the Company no longer requires personal data, it will remove it from the system and/or process it so that it is no longer identifiable. As a result of data retention obligations imposed by applicable legislation, you can no longer be identified from such information.
To ensure proper security in the personal data and to avoid personal data breaches, the Company will keep your personal data in compliance with the technical measures and organizational measures. The Company has implemented personal data protection policies, rules, and laws, including safeguards to prevent receivers of Company information from using or disclosing information for purposes other than those intended, without authorization, or in an unauthorized manner. The Company has made required and appropriate revisions to its policies, rules, and regulations on a regular basis. Furthermore, executives, employees, beneficiaries, representatives, consultants, and recipients of data from the Company are required to keep personal data confidential in accordance with the Company's confidentiality policies.
personal data owners' rights relate to the legal rights you have in connection to your personal data, which you can exercise with the Company under the criteria set forth by law and the Company's rights management framework, which are as follows:
Your personal data must, however, be personal information that you have granted the Company permission to collect, use, and/or disclose. Or it's personal information that the Company needs to collect, use, and/or disclose in order for you to use the Company's services according to your wishes, or for use in the processing of your request prior to using the Company's services, or as other personal information as required by law enforcement.
Your ability to exercise the above rights may be limited by relevant legislation, and the Company may decline or fail to comply with your request to exercise the aforementioned rights in certain circumstances. For example, the Company may be obligated to comply with the law or a court order, or the exercise of such right may infringe on other people's rights or liberties, or the Company may be required to make claims under applicable laws to maintain such data. The reason for the refusal will be communicated to you by the Company.
If you want to exercise any of the foregoing rights, you can do so by contacting the Company and requesting a request for the exercise of the personal data subject's rights.
The Personal Data Protection Policy will be reviewed on a regular basis by the Company to ensure compliance with current practices and laws. If the Company's Personal Data Protection Policy changes, the Company will notify you by posting the new information on its website.
You can contact the Company if you have any suggestions or would like more information about the policy: contact information.
Company ……………………………….
Corporate Communications Business Development Department
No. ...............................................
Tel. ........................................
E-Mail: ...............................................
Personal Data Protection Officer
No. ...............................................
Tel. ........................................
E-Mail: ...............................................
(..........................................)
Director