Summary of Privacy Notice for Customer


This summary Privacy Notice (“Summary”) provides you with a brief information of the accompanied, detailed Privacy Notice on collection, use, disclosure and cross-border transfer of personal data by Ayudhya Capital Services Company Limited (AYCAP), Krungsriayudhya Card Co., Ltd. (KCC), General Card Services Ltd. (GCS), Tesco Lotus Money Services Ltd. (TMS), Krungsri General Insurance Broker Limited (KGIB), Krungsri Life Assurance Broker Limited (KLAB), Tesco General Insurance Broker Limited (TGIB), and Tesco Life Assurance Broker Limited (TLAB) (“Krungsri Consumer Group, ” “KSC,” “we,” “us,” or “our”).

What personal data we collect, use, disclose and/or transfer
We collect, use, disclose and/or transfer your personal details, or any other information relating to you or to any individuals, which you have provided to us, via other interactions with you or other sources. For more details, please see section 1. of the Privacy Notice Click for details

Purposes of collection, use, disclosure and/or transfer
We collect, use, disclose and/or transfer your personal data for various purposes, such as for offering our services to you (credit card service, personal loan service and insurance brokerage service), debt collection, debt restructuring, carrying out financial transactions and services related to the payments including transaction check, verification, and cancellation, customer care service, service improvement, managing security, data maintenance, fraud prevention and legal compliance. For more details, please see section 2. of the Privacy Notice Click for details

Legal justifications for the collection, use, disclosure and/or transfer of your personal data
One of the key privacy law requirements is that any collection, use, disclosure and/or transfer of personal data has to have a legal justification. Except in limited instances when we indicate that collection, use, disclosure and/or transfer are based on your consent, we generally use the following legal justifications: (1) a contractual basis, for our initiation or fulfilment of a contract with you; (2) a legal obligation; (3) the legitimate interest of ourselves and third parties, to be balanced with your own interest and fundamental rights and freedoms in relation to the protection of your personal data; and (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health. For more details and the purposes and legal justifications see section 2. of the Privacy Notice Click for details

Data disclosure and cross-border transfers and recipients  
We transfer your personal data to other entities in Krungsri group, government entities and regulatory bodies (e.g., the Bank of Thailand, the Revenue Department, the Anti-Money Laundering Office, the Office of Insurance Commission, Legal Execution Department, etc.), courts, external advisors, and similar third parties, and our service providers. Some of the aforementioned recipients located in jurisdictions outside Thailand. For more details, please see sections 3 and 4. of the Privacy Notice Click for details

Retention periods for and deletion of your personal data
Your personal data will be deleted once they are not any longer needed for the purposes motivating their original collection or as required by applicable law. For more details, please see section 5. of the Privacy Notice Click for details

Your statutory rights
You have a number of rights with regard to the collection, use, disclosure and/or transfer of your personal data, each as per the conditions defined in applicable law, such as the right to have access to your data, to have them corrected, erased or handed over. Please refer any of your questions to DPO.KSConsumer@krungsri.com. For more details, please see section 6. of the Privacy Notice Click for details

Changes of this Summary and Privacy Notice as well as further notices
This Summary and Privacy Notice are subject to change. You will be notified adequately of any such changes. Further, you may be notified adequately through further relevant privacy notices (e.g., for specific purposes) in case such change is not covered by this Summary and the Privacy Notice.

How to contact us
If you wish to exercise your data subject rights or if you have any other questions concerning this Summary and/or Privacy Notice, please address your request to us and/or our data protection officer who can be contacted at DPO.KSConsumer@krungsri.com.
 
 

Customer Privacy Notice for Customer

Version No. 1 last updated as of 27 May 2020
This Customer Privacy Notice (this “Notice”) is issued by Ayudhya Capital Services Company Limited (AYCAP), Krungsriayudhya Card Co., Ltd. (KCC), General Card Services Ltd. (GCS), Tesco Lotus Money Services Ltd. (TMS), Krungsri General Insurance Broker Limited (KGIB), and Krungsri Life Assurance Broker Limited (KLAB), Tesco General Insurance Broker Limited (TGIB), and Tesco Life Assurance Broker Limited (TLAB) (hereinafter collectively referred to as “Krungsri Consumer Group,” “KSC,” “we,” “us,” or “our”).

A. How this Notice applies
This Notice is addressed to individuals outside our organization with whom we interact and whose Personal Data we handle in the course of our businesses or in connection with the products and services we provide including credit card service, personal loan service, insurance brokerage service, (“Services”), including individuals/retail customers (either prospective, existing, or former), board of directors, [contact persons, authorized persons, representatives, persons who were ultimately given power of attorney to establish business relationship or conduct occasional transaction, shareholders, agents, employees, personnel and other persons in similar capacity of corporate customers and their affiliates (“Connected Persons”), other users and recipients of the Services, visitors to our websites, and any other individuals about whom we obtain Personal Data (together, “you”).

B. Changes of this Notice
This Notice may be amended or updated from time to time to reflect changes in our practices or policies with respect to the collection, use, disclosure and/or transfer of Personal Data, or changes in applicable law. You will be notified adequately of any such changes. We also encourage you to read this Notice carefully, and to regularly check this [page] to review any changes we might make in accordance with this Notice.

C. How we collect, use, disclose and/or transfer and protect your Personal Data The purpose of this Notice is to describe how we collect, use, disclose, and/or transfer your Personal Data. This Notice also tells you about your rights and choices with respect to your Personal Data as a data subject, and how you can reach us to get answers to your questions.

 

What Personal Data we collect

1.1. Categories of Personal Data

Personal Data” means any identified or identifiable information about you as listed below. If it is possible to combine any information with your Personal Data, or if other information is used to build a profile of an individual, we will treat such other information and combined information as Personal Data.
We may collect or obtain the following categories of information which may include your Personal Data, depending on the context of your interactions with us, and the Services you need or want from us, and the type of data subject you are to us, as follows:

(1) You as an individual customer
Category of Personal Data Description and examples

Name and initials

Your information you are known, addressed, or referred to such as, title, first name/initial, middle name/initial, last name, maiden name, mother's maiden name, aliases or previous names, signature.

Personal characteristics

Personal details about you such as, age, date of birth, gender, height, weight, marital status, nationality, country of birth, citizenship, citizenship status, military details, leisure and interests, photographs, language skills, number of children, travel details, voice recording.

Personal directory information

Your contact details such as, home postal address, delivery address, home telephone number, home facsimile number, personal electronic mail address, personal cellular, mobile or wireless number, social media profile/handle, business postal address, business telephone number, business facsimile number, business electronic mail address, business cellular, mobile or wireless number, household registration main country of residence, App ID (sales code, timestamp).

Employment information

Your employment details, status and history such as, occupation/title, employer identification number, job code, corporate held credit or debit card numbers, work visa status/employment authorization details, reference and background checks (excluding criminal records), taxpayer identification number, employment records (including payroll, attendance, benefits), recruitment date, work termination, assets in possession of the employee,  position, function, salary, previous workplace, company you work for, employed at or holds shares.

Government issued identification numbers

A number or code given to you by competent authority to identify who you are such as, national identification number, other government-issued identification number, driver's or operation's license number, vehicle registration number, national identifiers for professional licenses, government sponsored health or food plan identifier, passport number, foreigner registration number, social security number.

Financial and transaction related information

Your financial information, status and history such as information relating to background checks, financial institution account number, financial transaction history, credit history, banking details, investments, savings, insurance claim history, income, salary, service fees, other compensation, compulsory employee salary deductions, voluntary employee salary deductions, financial assistance (e.g. benefits, assistance, gifts, subsidies), household income data, source of income, household income data, household size/composition, vehicle or property information, bonus.

Transactional information and history such as your customer purchase history (e.g. products rentals, returns), billing address, billing statement, information contained in invoices, instruction records, transaction details and counterparty details.

Credit card information

Your credit card details such as, number of credit card you hold, credit card/debit card number, cardholder name, expiration data, CVV, CVV2, CID number (code verification value code), pin data, sort code, issuance date, issuing banks.

Insurance policy related information

Your information related to the current and pre-existing insurance and related terms and conditions (e.g., insurer, policy number, policy type such as life insurance, health insurance, automotive insurance, property insurance, travel insurance, and business insurance, coverage(s) and limit(s)), exposure, or claims-related data, information related to insured property, e.g. house, vehicle, etc., driving data, price and quantity, insurance policy number, broker number, conditions (if any), payment and transaction records relating to the client's insurance policy, financial statements, taxes, revenues, and default record.

Behavioral data

Data aggregation results on user behaviors and preferences, such as consumption behavior, products and/or services of interest.

Segmentation attributes

Classification based on individual attribute such as, household age indicator, designated market area code, estimated income identified, number of persons in the household, number of cars owned, college education, dwelling type, number of audience.

Device information

Data in connection with device and usage of device and technical data such as, geo-location, cell tower data, audio / video / photos / camera access, calendar information, call logs, contact / address book, text messages or emails (content), unique device identifier, IP address, clickstream / online website tracking, unstructured data, RFID, login credentials, any required security code, access code, or password, account usernames, account passwords, PIN number, license number, telemetry or metadata, data related to end user activity e.g. browser visits (this applies even if we do not know the identity of the end user), cookies or other similar technologies, device model, device content, MID (e.g., LINE generated ID which is not LINE ID), codes for your survey response submitted via LINE, Rabbit ID, Google account, social media account ID, LINE ID, OTP, Token, SMS messages.

Views, inquiries and opinions

Information about your view, inquiry and opinion such as, your preference about our Services or other information that you choose to send to us (including on or via social media platforms or online surveys), comments, feedbacks, complains, recommendations, survey responses, inquiries and any information you volunteer during marketing or customer service related communications, including your Personal Data which are disclosed on your social media profiles.

Other information you provide to us

Information as part of our prospective or existing relationship with you in the course of you applying for or that we provide you with our Services and otherwise (such as, via filling in our forms or other methods determined by us, and information about your family members, such as their names, age, gender, email-address, your activities associated with them).

Other internal data (e.g., product support program)

Data such as, call notes (open text fields), co-pay/financial assistance, data which is subject to litigation holds or eDiscovery, terminal ID, voice records,  telephone conversation logs between us and you.

(2) You as a Connected Person for our corporate customer

Category of Personal Data

Description and Examples

Identity data

Your personal details such as, first name, middle name, last name, age, employment information, government issued ID numbers (e.g. national ID number, driver's license number, ID for professional licenses, passport number, foreigner registration number, tax identification number, social security number), work-related information (e.g., position, function, occupation, job title, company you work for, employed at or holds shares of), nationality, signature.

Contact data

Your contact information through different channels such as, personal directory information (e.g. phone number, email address, social media account ID, chat ID, home address).

Other information

Information collected, used or disclosed in connection with the relationship between us and our corporate customer you work for, such as, required documents containing your Personal Data attached to contracts with us.


If you do not provide your Personal Data, it may mean that we cannot provide you with the Services you request, we cannot meet all our obligations to you, or we cannot comply with our legal obligations.

We may collect your sensitive data such as health data, biometric data, and religion data, in accordance with the purposes as stated in section 2.3.

Personal Data of third parties
If you give us Personal Data such as, name, family name, age, gender, physical/ email address, telephone number, identification number, passport number, associated activities, financial documents, salary, work-related information (e.g. position, function, occupation, job title, company he/she work for, employed at or holds shares of), relationship with director of, management of and a person having controlling power over KSC, relationship with other corporate entity (e.g. as a director, management and shareholder), relationship with you and political status, financial documents, health data, etc. about other persons such as, your family members, joint account holders, spouse/former spouse, beneficiary, children, next of kin, company's board members/directors/shareholders/representatives/chief managers, other persons who can dictate policies or possess executive power in an organization, authorized person, contact person, insurance premium payer, authorized signatory/withdrawer of deposit account, guarantors, relatives who hold political status, authorized endorsers, reference person, customers, mortgagers/ mortgagees, lessors/lessees, registrars for property being placed by you as collaterals, your debtors, transferee/recipient of the funds, the payee, employer, contact person for debt collection, or you ask us to disclose their Personal Data to other third parties, you are responsible for notifying those third parties of the details of this Notice, including obtaining any required consent from such third parties (where consent is required). You must also ensure that we can lawfully collect, use, or disclose those third parties' Personal Data as set out in this Notice.

Personal Data of minors, incompetent persons and quasi-incompetent persons
We only collect the information of children, quasi-incompetent persons, and incompetent persons where their parents or guardians have given their consent, or where we can rely on other legal basis as permitted by laws. We do not knowingly collect information from individuals under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal curator's or the legal guardian's consent (as the case maybe). In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal curators or legal guardians (as the case maybe), we will delete it immediately or collect, use, disclose and/or transfer only if we can rely on other legal bases apart from consent. 

Cookies
As part of security procedure of our Services and user experience, cookies and such other systems may be used and may be placed on your device. In general, information gathered through usage of a cookie is not linked to any direct personal identifiers (e.g. your name or e-mail address). However, in the case where we may link such Personal Data with cookies or other data that are associated with your use of our Services, we will treat cookies and combined information as Personal Data.

1.2 Collection of your Personal Data
We may collect your Personal Data in various and different ways, including:  

(1) Through the Services: we may collect your Personal Data directly from you (such as via branches, messengers, telephones, websites, social network platforms (e.g. Line and Facebook), and other promotional and marketing channels, including through providing the Services, whether offline or online, at our premises or remotely (such as, via telephone, mobile applications, or platforms).

(2) From Other Sources: We may receive your Personal Data from other sources including public sources and/or through our parent company and affiliates, such as service providers engaged by us to collect Personal Data on our behalf, our business partners (such as co-branded companies, or insurance companies for insurance related purposes), the entities to which we provide the Services (including its websites, social networking profiles), authoritative sources, government agencies holding reliable database of individuals, government authorities (such as the Bank of Thailand, the Revenue Department, the Anti-Money Laundering Office, the Office of Insurance Commission, the Legal Execution Department, the Ministry of Commerce), courts, and from other third parties such as referral persons, your representatives or other parties who persons who were ultimately given power of attorney from you to act on your behalf.
 

2. On what basis and why we collect, use, or disclose your Personal Data

2.1. Legal basis we may rely on
We thrive to determine our legal basis for our activities of collection, use or disclosure of your Personal Data, as best and appropriately as we can. In most cases, the legal bases which we rely on are any of the followings:
Legal basis Description

Fulfilling contracts

To allow us to perform obligations and/or actions that are necessary for entering into contract with you and/or for providing you with the product or service you want under our contracts with you (for example, to allow you to make and receive payments using a credit card issued by us, to lend you the amount of money based on your personal loan contract with us, to assist you with payments relating to insurance policies, etc.), and to perform obligations under contracts.

Our legal obligations

To allow us to meet our legal obligations (for example, getting proof of your identity to meet our obligations under anti-money laundering laws and disclosing to the National Credit Bureau per our obligations under the credit information laws).

Our legitimate interests

To pursue our and other's legitimate interests (for example, to understand how customers use our services, so we can develop new services and improve the Services we currently provide, administrate systems and service for collection and write-off management).

Vital interest

To prevent or suppress a danger to a person’s life, body or health.

Your consent

To collect, use or disclose your Personal Data if your consent is required.

2.2. The purposes for which we collect your Personal Data
We may use, disclose and transfer your Personal Data collected for various purposes, depending on how you interact with us and what Services you obtain from us, nature of our relationship with you and/or any other considerations in each specific context as described below.
Kindly note that all the purposes as listed below set out the general framework of our data usage practices and only the relevant purposes will be applicable to you.

(1 Pre-enrollment and customer onboarding
Purposes Description

Identity verification

To conduct your identity and signatory verification when you apply for the Services either with us or our affiliates/business partners or when concluding agreements and transactions with you, to enable you to apply for and obtain the Services, to verify your login credentials, to verify your location to allow access to your accounts or the ability to conduct online transactions via provided channels, to create your electronic signature, to verify you when you contact us for customer care service via provided channels (such as, our branch, via telephone, email, LINE account, mobile application and website).

Quotation and onboarding

To provide you with insurance premium quotation and process applications for customer on-boarding.

Eligibility assessment, approval and rejection

To conduct a risk assessment and underwriting process based on your profile for products/services, insurance policy or extended warranty, collateral (if any), and information obtained for determination of your eligibility for the Services and to match the most appropriate insurance policy or premium, to carry out credit checks, credit risk analysis, to analyze credit risk, to conduct credit checking/scoring, to create credit assessment models for the purpose of assessing your credit reliability, to check your credit status, to evaluate your application, eligibility and qualifications for the Services (e.g., credit scoring, checking your eligibility for applying of our Services), to approve your application for the Service, to contact you in relation to the Service requested or applied for (e.g., whether your application for the Service is approved or you are rejected for the Service).

Onboarding process

To check your provided data against blacklist databases, to update and maintain our customer database, to carry out the processes and steps of customer identification and other security risk checks (including, “know your customer” (KYC), "customer due diligence" (CDD), anti-money laundering, conflict and other necessary onboarding and ongoing customer checks), to conduct other due diligence and verification requirements,  to comply with sanctions procedures or rules, to carry out tax/regulatory reporting.

Management of our relationship with you and communications with you about the Services

To contact you back to offer you the Services you are interested in or follow up on your interests in applying for the Services or for requesting additional information from you, to perform tasks and steps necessary for the provision of the Services you requested or applied for.

(2) Providing and managing the Services
Purposes Description

Provision of the Services

To perform obligations under our agreements, to contact and communicate with you in relation to the Services (including, notifying you of changes, updates, modifications or other alterations of the Services, follow-up on transaction matters), to issue and deliver new card and welcome pack, or other document related to the Service in any form to you, to offer, and notify  on renewal of insurance products, price comparing, to provide relevant ongoing services to you (such as, card renewal, loan maintenance service, insurance policy), to provide reward redemption service in some situations based on particular card or service type you have subscribed for, to consider increase or decrease temporary or permanent credit line, to upgrade or downgrade credit cards, to issue and announce rewards/prizes via media or online platforms, "customer due diligence" (CDD), to facilitate insurance application or the renewal of existing insurance policy, to process insurance claims, to assist in preparation of documents required for making insurance claim, to close your account or otherwise terminate provision of services to you.

Processing of transactions and/or payments

To process payments, disbursement, remittance or transactions, to check payment transactions, to confirm completion of transactions, to manage and collect fees, charges and interest due on accounts, to fulfill your requests and orders in relation to the Service including recurring payment service, to calculate interests, fee and taxes, to conduct settlement, billing, refund,  processing, clearing, or reconciliation activities, to issue tax invoice and to pay stamp duty, to credit your account, reverse payment, to investigate unknown payment, to provide statement, credit balance, to process your direct debit application for credit card bill payment, to block or unblock account, to reinstate credit cards or suspended accounts, to process a cancellation, confirmation, to collect, receive and process for insurance premium payment, to process and pass on your claims or  application in case you are our affiliate's or business partner's customer or interested in their product (such as, insurance product).

Collection of debts

To notify you of payment due date, outstanding balance, interest, charges, to carry out our debt collection and enforcement services, to recover monies, to collect outstanding payment, to deal with your account in a manner that is most appropriate to your individual circumstances (such as, debt restructuring), to conduct property tracing activity, to contact you for debt collection, to manage/deduct any incentives in relation to your insurance policy.

Data Maintenance

To enter your information, keep and maintain your information on record and keep them up to date, management of your information and carry out other data maintenance related activities.

Customer care service

To conduct welcome calls, to handle your complaints, to respond to and fulfill your inquiries or requests regarding the Services we provide, to accept any comment/complaint,  to investigate the issues you face and provide you with solutions, to administer accounts and manage our relationships with you, to provide customer service in relation to lost, broken, or stolen or non-received cards, to carry out card suspension and cancellation, to make a card replacement, to process and pass on your cases in case you are our affiliate's or business partner's customer or interested in their product (such as, insurance product), to consider your fee waiving request, to send gifts or premium, and other customer service-related activities.

Advertising and marketing, communication of news, announcements and other information on  products and services

To keep you updated on our news, communications, announcements and other forms of information on our existing or new products and services and/or those of our affiliates, financial group, business partners and other entities whom we have relationship with (for the purpose of this clause, "Related Products"), to contact or otherwise inform you about information on the Related Products which we believe may be of interest to you or the entity you work for via appropriate contact channels (such as, mail, email, text message, telephone call), to provide you with privileges and special offers for the Related Products, to create and display online advertisements of the Related Products via various channels (including, on social media platforms, instant messaging applications), to target our customers for our Related Products offers or promotions tailored to our customers' interests, to conduct market analytics and research, to create customer behavior analysis and segmentation, to operate loyalty programs, referral programs, and other similar schemes and campaigns, to announce award and/or lucky draw prize, to evaluate or improve the effectiveness of our marketing efforts and campaigns, to manage customer relationship and engagement, to carry out promotion planning.

(3) Services improvement
Purposes Description

Preparation of report on provision of Service

To prepare and circulate (both internally and externally) reports on the provided Services (including, reports on performance, Service performance, sales, customer contact results, settlements for merchants and card network companies, collateral appraisals), report as required by competent authorities, analytical reports (e.g., for inactive customers for initiating sales campaigns), and other reporting activities for our business purposes.

Improvement of products and services

To improve our existing Services, to develop and test our new Services, to develop new ways of our Services to best suit your needs and to grow our business, to conduct customer satisfaction survey, to conduct survey on our staff's performance, to identify usage trends, to personalize and optimize your experiences with products and services (e.g., our mobile applications, websites), to recognize you across different browsers and devices you use, to conduct the Service performance monitoring and analysis.

Conduct of data analytics

To examine which parts of our online channels (such as, our mobile apps, our websites) you visit and other channels interact with or which aspects of online channels you find most useful, to conduct traffic monitoring of our online Services, to evaluate user interface and experiences, to test features or functionalities.

(4) Managing security, fraud prevention and legal compliance
Purposes Description

Detection and prevention of fraud

To determine, detect and prevent fraud risk, to identify and resolve fraudulent activities, fraudulent transactions and fraudulent applications.

Security

To perform system maintenance tests, to perform penetration testing, to perform debugging and error repair, to analyze the use of our online Services, to carry out other data maintenance related activities, to protect security of life, health, property and other rights of persons, to assist with crime prevention.

Compliance with legal requirements and dispute resolution

To comply with applicable laws (including, any sub-regulations, legal or regulatory guidance, codes of conducts, orders, opinions, interpretations, our and our affiliates' internal policies), to initiate, defend against, participate in or otherwise respond to civil, criminal, or regulatory lawsuits, subpoenas, legal processes, legal execution processes, regulatory requirements, law enforcement requirements, investigations and other forms of in interaction with government authorities, to exercise our rights or defend against legal claims (including, for collections and recoveries on past-due accounts), to perform compliance activities, to resolve disputes.

(5) Managing our business
Purposes Description

Business management

To carry out our business operations, which include but not limited to strategizing our business plan and financial position; adding and testing systems and processes, managing internal administration; traceability and reference (e.g. upon your request), archiving (e.g. backup and archiving in separate databases), alignment with our internal IT policies, corporate  planning, performing our contractual obligations to which we are subject to, e.g. contracts with our business partners, vendors, or other asset management companies, or under which we are acting as a broker or an agent; performing risk control; corporate governance; finance and accounting, systems and business continuity, and audit.

Business development

To organize our promotional campaign or events, conferences, seminars, and company visits.

Protection of security of our systems and Services

To perform system maintenance tests, to perform IT testing and penetration testing, to perform debugging and error repair, to analyze the use of our online Services, and to carry out other data maintenance related activities.

Conduct data maintenance

To carry out other data maintenance related activities, including suppress some of your information.

Corporate transactions

In the event of sales, transfers, mergers, reorganizations, or similar events, to disclose and transfer your Personal Data to one or more third parties as part of that transaction.

2.3 Sensitive data
We will only collect, use, or disclose sensitive data on the basis of your explicit consent, for establishment, defense, compliance or exercise of legal claims, for satisfying legal obligations in relation to substantial public interest or where otherwise as permitted by law. Where consent is required, we will separately ask for your consent via the appropriate methods.
Sensitive categories of Personal Data Purposes

Criminal Records

To collect and use your criminal records for detecting, preventing and prosecuting unlawful acts and fraudulent conducts.

Health data

Your health data we collect about you may come in a form of medical report, which may include medical record number, health plan beneficiary number, device identifiers and serial numbers, medical treatment, medical diagnosis, medical history, information related to medical payment, medical claims data, medical images and metadata, Rx / prescription number, health insurance identification or account number, drugs, therapies, or medical products or equipment used, physical health data, mental health data, genetic test results or information, family health or morbidity history, smoking behavior, either requested by us or provided to us, as proof of your health conditions for our consideration of your debt restructuring request/application.
For insurance products, we also need to collect, use and disclose your health data as part of consideration of your eligibility for providing you with insurance products and for processing your claims.
For certain cases, you may submit to us health data as part of our consideration of debt collection and debt restructuring process.
In some circumstances, we collect your health data to verify your authorization to third parties to contact us on your behalf.

Biometric data

We may need to collect and use your biometric data for customer identity verification, for underwriting process for credit card issuance and/or personal loan approval, for authentication, access and/or otherwise use our Services (such as, accessing or opening via our mobile application).
We also collect your voices for resolving issues which you inform us of, including disclosure of your voice data to speech recognition service provider for tuning and analyzing your voice data.

Religion data

In general, we do not require religion data from you in offering our services. In practice, however, we may receive religion data from you (e.g. by a scanned copy of your national identification card accompanying agreements/service applications.) inevitably in certain circumstances (e.g. for verifying identity of authorized directors of a company). In such a case, we will protect your religion data under the applicable laws based on appropriate legal basis.

 

3. Who we disclose your Personal Data to

We may disclose your Personal Data to the following parties for the purposes as described in section 2 above, depending on the context of your relationship with us and the nature of Services you obtain from us:

Category of recipients Descriptions

Affiliates

We may disclose your Personal Data to our affiliates in Krungsri Consumer Group, as well as other entities in Krungsri group companies including Bank of Ayudhya Public Company Limited and our financial group companies in Krungsri financial group. We may also disclose your Personal Data to centralized storage systems or process it at a central point within Krungsri financial group for the purpose of efficiency.

Service providers

We may engage other companies to provide services for us and to support us in our business operation. We may disclose your Personal Data to these service providers, or they may collect your Personal Data on our behalf, for various business purposes, including customer services.
For example, we engage and outsource some of our business functions to IT and/or software service provider including, data and/or document storage, cloud service, software, network, website development, postal mail, delivery or logistic service providers, destruction service providers, document delivery service providers, administrative and business support service providers, payment service providers, card embossing service providers, printing service providers for billing and/or letters, warehouse, debt collectors, point redemption management service providers, loyalty management service providers, research agencies, analytics service providers, infrastructure providers, marketing agencies; email sending service providers; SMS sending service providers, data entry service providers, credit score service providers; telesales service agents.
We may also disclose and/or transfer your personal data to service providers of insurance companies such as loss surveyors, loss adjustors, hospitals, garages and counterparty's insurance companies.

Professional advisors

We may disclose your Personal Data to professional advisors relating to audit, legal, accounting, and tax services who assist in running our business and defending or bringing any legal claims, initiating and managing auction or otherwise taking legal actions.

Business partners

We may disclose your Personal Data to companies that we have collaborated with to offer or enhance products and services for our customers or prospective customers (e.g. airlines, hotels, fitness, telecommunications service providers, debt management and restructuring company).
For example, merchants from which you purchase goods and services for the purposes such as, processing your purchase orders, preparation and delivery of goods and services you order, co-branded partners, our insurer and reinsurers partners (e.g. automotive insurance, health insurance, property insurance, travel insurance, personal accident insurance, life insurance), agents, vendors.

Financial or credit institutions

We may disclose your Personal Data to other financial sector specialists who assist us with financial services such as: other bank, financial institution, credit bureau;, debt collectors; debt management organizations; payment service providers; service providers for exchanging secure financial transaction messages, payments and credit transactions worldwide, processing electronic transactions worldwide and settling domestic and cross-border security transactions and payment transactions including credit reference agencies, accreditation agencies, anti-fraud services.

Third parties as assignees, transferees, or novatees

We may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under an agreement between you and us. We may disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that we will use our best efforts to ensure that these data recipients agree to treat your Personal Data in a manner consistent with this Notice. 

Third parties who act on your behalf or provide service to you

We may disclose or transfer your personal data to representative, your employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you (e.g. hospitals, garages, etc.).

Third parties connected with corporate transactions

We may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees, prospective assignees, transferees, or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets, or stock. If any of the above events occur, we will use our best efforts to ensure that the data recipient agree to treat your Personal Data in a manner consistent with this Notice.

Government entities and others with whom we disclose Personal Data for legal or necessary purposes

We may disclose your Personal Data to government entities or regulatory bodies (e.g., the Bank of Thailand, the Revenue Department, the Anti-Money Laundering Office, the Office of the Consumer Protection Board, the Department of Provincial Administration, police and courts, the Legal Execution Department) the Office of Insurance Commission, law enforcement agencies, regulators, and others for legal, regulatory and other necessary purposes. This includes responding to requests from regulators or government authorities for purposes of law enforcement, legal orders, audits, or legal processes/claims.

Service providers of insurance company

We may disclose and/or transfer your Personal Data to service providers of insurance companies such as loss surveyors, loss adjustors, hospitals, garages counterparty's insurance companies.

Other categories of data recipients

We may disclose your Personal Data to other categories, including members of National Digital ID (NDID) platform, your insurer, your contact persons and/or family members, your employers, non-profitable organizations/foundations, hospitals or other organizations in connection with our products/services and/or your rewards donations/redemptions.

4. Transfer of your Personal Data to other countries

We need to transfer your Personal Data outside Thailand to other countries (e.g. Japan, Singapore, India and Australia) for achieving our business purposes or for your benefits, such as when we  use systems and services and transfer your Personal Data to our service provider operating outside Thailand for developing credit score as part of our underwriting process or when provide you with remittance service, we may need to forward and transfer your Personal Data to correspondent banks for completing the transactions. In addition, we may need to transfer your Personal Data overseas via our payment networking provider for approving and settling the transactions you request. We may also need to store your Personal Data in servers located outside Thailand. We may also disclose or transfer your Personal Data to our parent company, affiliates, and relevant regulators and government authorities of other countries. Some recipients of your Personal Data are located in another country for which the Personal Data Protection Committee under the Thai Personal Data Protection Act B.E. 2562 has not ruled that this country has adequate data protection standard.

When it is necessary for us to transfer your Personal Data to a country with a level of data protection standards not equivalent to Thailand, we will ensure that an adequate degree of protection is afforded to the transferred Personal Data, or the transfer is otherwise permitted in accordance with the applicable data protection law. We may, for example, obtain contractual assurances from any third party given access to the transferred Personal Data that such data will be protected by data protection standards which are equivalent to those required in Thailand.

5. How long we will store your personal information

We will store your Personal Data for as long as it is necessary for the purposes for which it was collected, as explained in this Notice and in accordance with the applicable data protection law. However, we may retain your Personal Data for a longer period in order to comply with applicable laws and regulations and our internal policy or with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, and responding to legal claims or regulatory request.

6. Your data protection rights

Subject to the applicable data protection law in Thailand, you may have a number of rights regarding the collection, use, disclosure and/or transfer of your Personal Data, including:
  • To access: you can obtain information relating to the collection, use, disclosure and/or transfer of your Personal Data, and a copy of your Personal Data, together with information regarding the nature, of those Personal Data;
  • To rectify: where you consider that your Personal Data are inaccurate, not up-to-date, or incomplete, you can require that such Personal Data be modified accordingly;
  • To erase: you can request the deletion, destruction, or anonymization of your Personal Data to the extent permitted by law;
  • To restrict: you can request the restriction of the use of your Personal Data;
  • To object: you can object to the collection, use, disclosure and/or transfer of your Personal Data, on grounds relating to your particular situation. You have the absolute right to object to the collection, use, disclosure and/or transfer of your Personal Data for direct marketing purposes, which includes profiling related to such direct marketing;
  • To withdraw your consent: where you have given your consent for the collection, use, disclosure and/or transfer of Personal Data, you have the right to withdraw your consent at any time;
  • To data portability: where legally applicable, you have the right to request us to provide your Personal Data in a structure, commonly used and machine-readable format using tools or devices which function automatically and  by which Personal Data can be used and disclosed in automatic mode; and transmit or transfer your Personal Data in such format to another organization; and
  • To lodge complaints: you are also entitled to lodge a complaint with the competent supervisory authority regarding the collection, use, disclosure and/or transfer of your Personal Data by us or on our behalf. We would, however, appreciate the chance to deal with your concerns before you approach the competent authority, so please contact us in the first instance.
To exercise any of these rights in this section, you may contact us at the address in “Contact us” section.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order.

7. Links to Other Third-Party Websites

For website users, our Services may contain links to social networks and other websites that are operated and controlled by third parties. While we try to link only to websites that share our high standards and respect for privacy, we do not take responsibility for the content or the privacy practices employed by other websites. Unless otherwise stated, any Personal Data you provide to any such third party website will be collected by that party and not by us, and will be subject to that party’s privacy notice/policy (if any), rather than this Notice. In such a situation, we will have no control over, and shall not be responsible for, that party’s use of the Personal Data you provide to them.
Contact us

8. Contact us

If you have any questions, comments, or concerns about our privacy practices or, where required by law, if you would like to submit a request based on a right listed in this Notice, please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

Contact our Data Protection Officer:
Email: DPO.KSConsumer@krungsri.com

Contact us:
Ayudhya Capital Services Company Limited
550 Krungsri Ploenchit Tower, Ploenchit Road, Lumphini, Patumwan, Bangkok 10330

 
 
 
What are you looking for?

Subscribe promotions