The member companies of TISCO Financial Group (hereinafter collectively called “TISCO”), consider the protection of personal data received from data owners through various channels to be of vital importance. TISCO hereby inform you the Privacy Policy (the “Policy”) explaining how TISCO collect, use and disclose personal data including sensitive personal data when the data subject enter into legal relationship, make contact or use the services and/or products from the channels TISCO provided in accordance with the Personal Data Protection Act.
• Information TISCO collects, uses, and/or discloses
TISCO will collect, use and disclose personal data received either directly, indirectly or from other sources including receiving with explicit consent from data subject, and keep only information necessary to accomplish the purposes TISCO have informed the data subject.
Personal data is the data related to a person that enable such person to be identified whether directly or indirectly such as first name, last name, date of birth, national identification number, passport number (foreigner), address, phone number, email, bank account number, transaction and financial records, personal data in online media, as well as information and activity in social media relating to or interacting with TISCO.
TISCO may collect sensitive personal data only with explicit consent from data subject and keep only what is necessary to fulfill the related purposes. For example, TISCO use fingerprint to verify and confirm the identity of applicants of mobile applications, use face recognition or fingerprint as digital signature of customers for account opening, or use their fingerprints and passwords to transact on TISCO mobile applications; all of which are in accordance with identity verification and confirmation procedure of TISCO.
• Purposes of collecting, using and/or disclosing personal data
TISCO need to process personal data for the purpose TISCO informed to the data subject such as
1.To meet the purposes of the contract between data subject and TISCO in order to use the services and/or products of TISCO and to fulfill the request of data subject.
2.To comply with applicable laws and regulations including court order and requirements of regulators or other government authorities such as the Bank of Thailand and the Anti-Money Laundering Office.
3.To take necessary steps for legitimate interests such as risk management and the security of system and network.
4.To perform actions under consent obtained from data subject such as sale promotions, advertisements or products and/or services offers.
• Disclosure to and use of personal data with Third Party
Under the consent from data subject, fulfillment of contract, laws and regulations, or the legitimate interests, TISCO may send, transfer and/or disclose personal data to other persons or companies in Thailand or other countries. The examples of these persons or companies are:
1.The companies in TISCO Financial Group in Thailand and other countries including directors, employees or representatives of those companies
2.Business partners (see list of the business partner companies on TISCO website)
3.Regulators, court, law enforcement, the Stock Exchange of Thailand or other government authorities which may order TISCO to submit personal information or assets of data subject such as the Legal Execution Department and the Revenue Department.
4.The organizations, external service providers, or any entities having legal relationship or contract with TISCO and TISCO need to disclose personal data for the purpose of providing services and/or products of TISCO.
5.National Credit Bureau and lawful members on credit rating companies.
• Marketing
TISCO may use personal data for the purposes of:
1.Analysis and research to develop the products and services
2.Marketing, advertising and other marketing supports.
TISCO will use personal data for above purposes only for the legitimate interest or when TISCO have obtained consent from data subject. Otherwise TISCO will not send marketing material to data subject. Data subject has right to withdraw consent at any time. If the consent is withdrawn, TISCO will stop sending marketing material to data subject. However, TISCO must keep the record of consent withdrawal.
• Cookies
Cookies are small computer files with necessary information that are temporarily placed on data subject's computers. Cookies are used for the purpose of improving the user experience and performance of the website. Cookies do not contain personal details of an individual and will be kept for not longer than 12 months. (Data subject may check or refuse the use of cookies by changing the settings of web browser at TISCO website. )
• Data Protection
TISCO have set out information security policies, data classification guidelines, physical security measures, manuals and minimum standards in protecting personal data, to control usage of data and protect them from unauthorized access. These information security policies and guidelines are enforced on individuals and outside service providers who connect or access to data under the responsibility of TISCO.
Employees, temporary staffs, agents or contractors of TISCO are also under obligation to protect the privacy of personal data of data subject according to the confidentiality agreement they signed with TISCO. In case that TISCO send or transfer personal data to other countries with lower level of personal data protection standard than Thailand, TISCO will take measures as deemed necessary and at least consistent with confidentiality standards specified by the laws of those countries, e.g., confidentiality agreement with counterparties in those countries.
• Personal Data Retention
In the event that the data subject is no longer the customer of TISCO or has ended relationship with TISCO, TISCO will consider retaining the personal data of data subject for a certain period required by relevant laws. For example, retention period in accordance with the Anti-money Laundering Law is at least 10 years after the relationship between customer and TISCO has ended. TISCO will erase or destroy the personal data after the end of data retention period required by laws.
• Contact Channel
If there are any complaints or requests to exercise the right regarding collection, usage and/or disclosure of the personal data, the data subject may contact TISCO through any of the provided service contact channels.
