Orbix Trade Co., Ltd. (“Company”) has adhered to operating its business with morality and respect for your personal rights. Therefore, the Company emphasizes the significance of personal data protection and personal data security to ensure that your personal data received by the Company will be used according to the objectives and under the laws. The Company has arranged this Privacy Notice for Customer (“Privacy Notice”) to notify you, as a data subject, to acknowledge the objectives and details for collecting, gathering, using and/or disclosing personal data as well as other rights of you according to the laws.
1. A person who would be applied by this Privacy Notice and channel for collecting personal data
1.1 A person who would be applied by this Privacy Notice
This Privacy Notice applies to an individual customer of the Company as follows:
This Privacy Notice applies to an individual customer of the Company as follows:
A person who uses, or has used, the products and/or services.
A person who contacts for information on the products and/or services.
A person who acknowledges information about the products and/or services.
A person who participates in the activities arranged by the Company, i.e., seminars, exhibitions, and others.
A person offered or solicited by the Company to use or receive the products and/or services.
A person who is the ultimate beneficial owner of a juristic person customer.
An individual who is an agent or representative of a juristic person customer, i.e., director, agent, authorized attorney, and shareholder of a juristic person customer. gent or representative of a juristic person customer, i.e., director, agent, authorized attorney, and shareholder of a juristic person customer.
1.2 Channel for collecting personal data
Typically, the Company will collect personal data from you directly. However, in some cases, the Company may collect your personal data from other sources to achieve the data processing objective as provided in this Privacy Notice. The Company may collect your personal data through the following channels:
(1) Your personal data provided directly to the Company or through the Company or with the Company based on the use of the products and/or services, contact, site visit, activity participation, or search through the Company’s servicing channels and/or contract channels, i.e., the Company’s website, application, social media account, email, telephone, facsimile, post mail, seminar, event, marketing support activity, meeting, or other channels.
(2) Personal data that the Company obtains or accesses from other sources, such as from other persons or organizations that you have contacted and given consent to disclose/transfer the data to the Company or from governmental organizations, affiliated companies, business partners, and service providers of the business partners, and counterparties, as well as public sources (i.e. Royal Gazette), authorized or eligible person according to the laws, and other persons or agencies having legal relation with the Company, for personal data processing objectives as provided in this Privacy Notice, for example:
· A collection of data from the Legal Execution Department, Anti-Money Laundering Office (AMLO) and/or from the related service providers for inspection on a list of persons with high levels of anti-money laundering risks and a list of persons specified under the prevention of anti-money laundering laws.
· A collection of data used for verifying an identity derived from NDID service providers and preliminary identity proofing and authentication through electronic channels for the K Plus users to verify facts regarding the customers for KYC and CDD by the principles of the laws.
2. Personal data collected by the Company:
The Company may collect, use, and/or disclose the following personal data:
3. How does the Company collect, use and/or disclose your personal data? And for what objectives?
The Company will collect, use, and/or disclose personal data as necessary for the Company’s legitimate purposes, including collecting, using, and/or disclosing personal data for performing obligations under the contract that you are a counterparty, for legitimate interest, for proceed by your consent given and/or for proceed with other reasons of legal basis. The objectives for collecting, using, and/or disclosing personal data under this Privacy Notice are as follows:
In this regard, the following objectives may apply to the Company’s customers in some groups or persons only. Please consider the characteristics of objectives according to the relationship between you and the Company on a case-by-case basis.
3.1 Purposes of obtaining consent
The Company may ask for your consent in collecting, using, and disclosing your personal data for the following objectives:
(1) Biometrics processing for identity verification
The Company will process your biometric data to verify your identity before opening an account, in compliance with applicable regulatory requirements.
(2) Direct marketing that requires a consent
The Company may collect and use your personal data for a purpose of direct marketing as follows:
a. Sending marketing information regarding products and services
The Company will collect and use your contact data, which includes email and phone number, for contacting you for offering products and services information of the Company through email, telephone contact, and/or social media,
b. Marketing communications regarding products and services of business partner
The Company will use your contact information, including your email address and telephone number, to reach out to you with information about the products business partners, or joint offerings between the Company and its business partners, through email, telephone calls, and/or social media channels.
c. Analysis and prediction of investment behavior and personal preferences for profiling analysis and direct marketing
The Company will use identification data, contact details, transaction behavior, and personal preference, as well as a platform using behaviors to profile your preferences, interests, and/or products appropriate to you, to send product and service information proper to each person to you via email, telephone, and/or social media.
Note: If you do not provide consent, the Company will not use your personal data for general marketing communications or for-in-depth analysis to conduct direct marketing as described in sections a. and b. However, you may still receive information about the Company’s products and services that may be beneficial to you, which the Company may send based on its legitimate interest. You may choose to opt out of receiving such information at any time.
3.2 To abide by laws, rules, or orders of the governmental agencies
(1) Identity verification under the Know Your Customer (KYC) Procedure
a. For individual customers
The Company will use your identification and personal information, employment and educational background, financial and transactional information, photographs, and contact details provided during the account opening process to verify and authenticate your identity in accordance with the Know Your Customer (KYC) procedures, as required by relevant regulatory authorities.
b. For corporate clients
If you are a director, agent, representative, shareholder, or any individual related to a corporate entity that uses or intends to use the Company's services, the Company may need to collect and use your personal data, including identification and personal information (such as copies of your identification card, passport, full name, and signature), employment information (such as your position and workplace), and shareholding details. This information will be used to verify and authenticate your identity for the purpose of evaluating and providing services to the corporate entity you represent, act on behalf of, or hold shares in.
(2) Client Suitability Test
The Company will collect and use data from the Client Suitability Test for offering an investment relevant to a service possessing an associate risk conforming with the customer’s risk acceptance and to be in line with the regulations of the Office of Securities and Exchange Commission (“SEC”)
(3) Customer risk assessment and classification under anti-money laundering and asset seizure regulations
The Company will use your identification data, account information, transaction records, and technical data to assess money laundering risks in compliance with anti-money laundering laws, classify customer risk levels, and take asset seizure actions as required. As part of this assessment, the Company may become aware of your political affiliations and bankruptcy status.
(4) Legal complaint management
The Company will collect the data on identification, personal data, contact details, financial and transaction data, technical data, and details of the complaint to be used in identifying a person's identity and managing the complaint to be in accordance with regulations, orders, or rules of the regulators and/or other related governmental authorities.
(5) Dealing with market manipulation, offense committing, or suspicious events
a. The Company will process your data on identification, personal data, contact details, working data, and transaction data for inspecting suspicious transactions and/or usual transactions (such as corruption, money laundering, terrorism and proliferation of weapons of mass destruction, crime committing, inspection, surveillance, evidence collection, report, and/or detection) and report those transactions to the Anti-Money Laundering Office according to the laws on prevention and suppression of money laundering.
b. The Company will collect and use data on client user ID and transaction data to analyze/inspect the client’s trading behavior and market manipulation and submit a report to the SEC according to the relevant SEC notifications.
(6) To prepare reports in compliance with regulatory requirements
The Company will collect and process personal data and contact details to compile information, analyze data, and generate reports in accordance with the regulations, orders, or directives of the Securities and Exchange Commission (SEC).
(7) Notification of Privacy Notice
In the case that the Company has adjusted the Privacy Notice for Customer, the Company will use your email to notify the updated Privacy Notice for your acknowledgment via email.
(8) Managing a request for exercising rights under the laws on personal data protection
The Company will collect identification data and other personal data as necessary to verify the identity of the right-exercising person, including but not limited to the client’s transaction data. The Company will collect and use the data subject’s right request information to manage your request for exercising rights under personal data protection law.
(9) Log file keeping
The Company will collect the technical data according to a period stipulated by laws to be in accordance with the provisions of the Computer-related Crime Act B.E 2550 (2007).
(10) Accounting and tax report preparation
The Company will use data on identification, a copy of the identification card, data on the amount and type of income, and other data, as necessary for preparing and submitting tax reports to the Revenue Office to achieve objectives in abiding by the laws.
(11) Internal audit for legal compliance
To comply with regulations and/or directives from regulatory bodies, the Company, through its Compliance Unit, may need to access and process identification data, personal data, contact information, employment and education records, transaction data, and any other necessary information to assess and audit the performance of internal personnel.
(12) Other cases for performing duties under the laws
The Company may be required to use and/or disclose your personal data given to the Company to proceed according to orders of governmental authorities or regulators, including but not limited to police officers, court, or other competent officers. The Company will proceed to ensure that such personal data is necessary to use and disclose to achieve objectives in abiding by the laws.
3.3 Performing obligations under the contracts with you
(1) Actions before executing a contract with the Company
The Company will collect and use data on identification, personal data, and contact details to prove and identify a person's identity and inspect the status of the clients, as well as to contact for service provision and for customer service.
(2) Rendering a service of digital assets trading platform
The Company will process your personal data for rendering services to you according to the contract, as follows:
a. Liaison and giving suggestion
The Company will use data on identification, contact details, and transaction data for communicating and supporting you in various aspects relevant to the services, such as liaising, giving suggestions, answering questions regarding products and services, and performing obligations under the contract executed with you.
b. Rendering a service relating to digital assets trading
· The Company will use data on identification, finance and transaction data, and contract details to proceed concerning the digital asset trading platform service, including bank account linking approval, deposit-withdrawal approval, sell order management, fee management, service fee or interest payable to the customer’s account, as well as other supports and actions as relevant to rendering service on digital assets trading for you.
· The Company will use data on technique, transactions, digital asset wallet address, type of blockchain network, and blockchain transaction ID (TXID) to support a deposit-withdrawal service for THB and digital assets.
· If you request to reset the 2-factor authentication code, the Company will use your identification and transaction data for identity proofing of your identity and will proceed to reset the code according to your request.
c. Services announcement via email and SMS
The Company will use contact data to contact you via email and SMS to notify you of the notices for various services of the digital assets trading platform, e.g., a notice of service closing for Orbix Trade system adjustment, a notice of closing/opening the coin deposit-withdrawal system, a notice of closing/opening the THB deposit-withdrawal system, a notice of service closing for NDID system adjustment, a notice for the coin listing, a notice for the coin delisting, a notice for opening new functions or features, or a notice of using service methods.
d. Product and/or service terms of use compliance monitoring
The Company will process data on your transaction to ensure that your use of the products and services complies with the terms and conditions in the Service Agreement as specified by the Company.
e. Providing customer support
In rendering the customer support service or call center, the Company will collect data on identification, contact details, and transaction data to prove your identity. The Company will collect and use data on complaints and questions to manage problems and complaints and answer your questions.
(3) Registration for participation in marketing activities, sale promotional activities, marketing support activities, reward and giveaways
If the Company arranges marketing activities, training, seminars, or other activities, the Company will collect data on name-surname, email, and/or phone number, and other data, as necessary for registration, proof, and identification of a person’s identity for attending activities, for contacting to confirm registration, or for other purposes relevant and essential for managing such activities, including contact and delivery of rewards in case of reward or/and giveaways in the events.
(4) Enforcement of rights according to the laws and contracts that the Company entered into with you
The Company will use data on identification, personal data, finance and transaction data, and other necessary data to enforce the rights under the laws and contracts that the Company may have, i.e., to follow up on the outstanding debts.
(5) Accessing Application
When accessing the Company’s application, the Company will collect and use your email address, password, OTP passcode, and two-factor authentication code, along with other technical data, to verify your identity and grant access to the system.
Note: Please note that if the Company needs to collect, use, and/or disclose personal data to enter into or perform a contract with you, and you do not provide the necessary personal data, the Company may be unable to deliver certain services in whole or in part. This may also affect the Company's ability to fulfill its obligations and/or impact the relationship between you and the Company.
3.4 For the legitimate interest of the Company
(1) Proceeding with marketing promotional activities, marketing activities, and CSR activities that do not require consent.
a. The Company will use your contact details to send marketing messages or news that benefits you as follows:
1. Sending special rights, including a right to participate in activities, events, or meetings arranged by the Company.
2. Offering products, services, and/or special rights requested by you, or notifying benefits that you should receive, including some products or services that enhance your using service to be more effective.
b. The Company may use your photo and/or video derived from your participation in the marketing promotional activities and CSR arranged by the Company or cooperate with the Company’s business partners to promote such activities through online social media or other channels.
c. The Company will use the technical data, including device ID and IP address, to send you push notifications of informative news and marketing statements through the Company’s application.
d. In the event that you are a customer of Kasikornbank and have given consent to the Bank to disclose your information to the company for the purpose of contacting you to introduce the Company’s products and services, if you choose not to use such products or services at the initial instance, the Company will seek your permission to contact you again in the future to offer products and services that best meet your needs.
(2) Analysis and/or arrangement of statistics for developing the Company’s products and services and Revision of digital asset lists for services
a. The Company will use your contact data to send questionnaires or satisfaction assessments via email.
b. The Company will use data on behavior, trading, deposit and withdrawal history, occupations, ages, interests, participation in the Company’s activities, data given through the questionnaire, and satisfaction assessment to analyze and/or arrange statistical data to learn about the customers' needs or interests for analyzing business strategies and developing/enhancing the Company’s products and services.
c. The Company will use data on user ID and transactions to review lists of digital assets, delist them, and consider the impacts on users from the delisting of digital assets.
(3) Account opening and services for corporate clients
If you are a director, representative, authorized person, shareholder, or any individual associated with a legal entity that uses or intends to use the Company's services, the Company may need to collect and use your personal data for the following purposes:
a. The Company will collect and use personal identification and personal data, including full name, contact detail, and employment information such as job title and place of work. This is for the purpose of contacting you to request information or additional documents during the account opening review process with the Company.
b. In cases where you contact the Company for inquiries or to request support in enabling the company you represent to access services or fulfill contractual obligations with the Company, the Company will collect your contact information, personal identification data, or other necessary information required to provide services or respond to your inquiries.
c. The Company may use your contact information to send service-related notifications, contract updates, and other important information relevant to the services or contractual obligations.
(4) Providing support for information technology systems and security
For providing support for information technology systems and security to you, the Company will proceed to ensure that accessing to the account and the Company’s system is proper and secure, whereby the Company will collect and use the technical data, network data, platform use data, and transaction data to prevent and evaluate the security risks, i.e., inspection of the IP address for accessing to the user’s system, monitoring data on using network, identifying security risk events, and inspection on accounting and data access security.
(5) Development and Improvement of Account Opening and Service Systems
The company may use information from ID card images, account opening, or identity verification status, as well as the time taken in the process, to analyze, improve, and enhance the account opening and identity verification systems. This purpose is to enhance accuracy, reduce potential errors, and expedite the account opening process.
(6) Disclosure of investment-related information for portfolio management
If you are a customer of Kasikornbank and have provided consent for the Bank to disclose your information to the Company for the purpose of contacting you regarding its products and services, and you subsequently decide to open an account with the Company, the Company may disclose relevant investment-related information back to Kasikornbank. Such disclosure enables the Bank’s relevant departments to use such information for the effective management of your investment portfolio.
(7) Management of the relationship between the clients and the Company
The Company will use data on identification, voice conversation records, data from satisfaction assessment, complaints, and other similar data to analyze and enhance the relationship between the Company and clients/service users or a person who wishes to use the service/activity participants.
(8) Risk management and internal audit of the Company
The Company will use your data on identification, personal data, account data, and transaction data for internal operations, including risk management and internal control and audit.
(9) Proceeding with the lawsuits and the relevant legal procedures
The Company may be required to use data on identification and relevant personal data, as well as contact details, finance and transaction data, and other relevant data to proceed with the lawsuits and legal procedures.
(10) Installation of CCTV cameras within the office
If you access an area of the Company’s office building, the Company arranges CCTV camera installation that will record video of your picture to help maintain security within and around the office building.
(11) Sending letters or gifts on special occasions
The Company will use data on name-surname, telephone number, email, and address for sending letters or gifts to you on special occasions or to be thankful for the use of the Company’s services.
3.5 Personal data processing requiring other legal basis
In operating business, the Company may be required to collect, use, and disclose your personal data based on other reasons of lawful basis, which include: (1) to prevent or suppress danger against life, body, or health of persons, (2) to study a research or statistic, (3) to proceed a mission for the Company’s public interests, (4) to be necessary for conferring a right of claims under the laws, to perform or exercise a claim under the laws, or to raise a defend against a claim under the laws, (5) to be necessary for abiding by laws for achieving objectives specified by laws or other reasons of lawful basis under the personal data protection laws (as the case may be). However, it depends on which relationship you have with the Company. In such case, the Company will proceed to ensure that you have acknowledged the details of data processing objectives and personal data to be collected, used, and disclosed, except for the case that the notification of new objectives or details hereunder is unable to do so, or will be an obstacle to a use or disclosure of your personal data under the principles stipulated by laws.
4. To whom will the Company disclose your personal data?
The Company may disclose your personal data to other persons within your given consent or as permitted by laws to disclose as such. A person or organization that receives such personal data will collect, use, and/or disclose your personal data within the scope of your given consent or relevant scope as specified in this Privacy Notice, or, in some cases, you may be under a privacy notice of the receivers of those personal data as well.
The Company may disclose your personal data to a person or organizations according to your relationship and transactions as follows:
5. Will the Company send your data to foreign countries?
The Company may be required to send or transfer your personal data to other data receivers, which would be considered a part of the Company's regular business operation.
In this connection, the Company will monitor to ensure that such delivery or transfer of personal data is under the laws and will procure a protective measure for personal data, as deemed required and appropriate, in line with a confidentiality standard, such as to arrange an agreement with a foreign data receiver to confirm that your personal data will be protected under a personal data protective standard equivalent to those provided in Thailand.
6. How long does the Company keep your data?
The Company will keep your personal data throughout a period in which you are a customer or have a relationship with the Company or a period as required for achieving related objectives as provided in this Privacy Notice. And, when you end a relationship with the Company, in some cases, the Company is required to keep your personal data after that for a period of prescription or a period specified or allowed by laws, where by the details of keeping your personal data will be in accordance with the Company’s policies or procedures for personal data keeping. Summaries on a period for keeping your personal data are as follows:
· Service Subscription Form and supportive documents, if unsuccessful or rejected - to be kept for 15 days
· Supportive documents for service subscription - to be kept 10 years from the end of a relationship (as the case may be).
· Documents according to accounting laws, taxation laws, and contractual documents - to be kept for 10 years.
In this regard, the Company will proceed with a suitable procedure to delete or destroy personal data or to anonymize the data when it is no longer required or at the end of a specified period.
7. How does the Company protect your personal data
The Company will well keep your personal data in accordance with the Technical Safeguard, Administrative Safeguard, and Physical Safeguard, to maintain its confidentiality, accuracy, and readiness for use in order to prevent unauthorized or illegal access, collection, adjustment, amendment, use, and/or disclosure of personal data, in accordance with the applicable laws.
The Company has arranged an appropriate measure to prevent a personal data breach, whereby the Company has determined policies, rules, and criteria for protecting personal data, such as a measure for personal data accessing control and use of secure and proper equipment to keep and process personal data, personal data accessing restriction, determination on personal data accessing rights of users, rights to grant the assigned staffs to access the data, and duties and responsibilities of users, for preventing access to personal data, disclosure, cognition, or unauthorized copying personal data, or stealing equipment to keep and process personal data. The Company procures a measure for tracking the history of access, adjustment, deletion, or transfer of personal data that is in line with and suitable for the method and equipment for keeping, using, or disclosing personal data, including an inspection for evaluating the effectiveness of implementing such policies, rules, and criteria for protecting personal data.
8. Your rights regarding personal data
The Company acknowledges and respects your legal rights, whereby you can exercise the rights according to the conditions provided by laws as follows:
1) Rights to request access and receipt of a copy of your personal data, provided that the Company can reject your request according to the laws or subpoena or if your request may cause potential damage to the rights or freedom of other persons.
2) Rights to correct and update your personal data
3) Rights to data portability your personal data automatically. You may have the right to request a receipt of your personal data possessed by the Company in an organized and readable electronic format and request for submit or transfer such personal data to other data controllers, provided that such personal data must be: (a) personal data given to the Company, and (b) the Company has been granted a consent to collect, use, and/or disclose personal data or to perform any contractual obligations the Company may have with you, except for the case that the Company is unable to do so on a technical basis or having a legitimate reason to reject under the laws.
4) Rights to object to the collection, use, or disclosure of your personal data, except that the Company has a legitimate reason to reject your request.
5) Rights to request deletion, destruction, or anonymization of personal data when the data is no longer required or the given consent is revoked, except for the case that the Company has a legitimate reason to reject your request.
6) Rights to request a restriction of personal data usage in some cases.
7) Rights to revoke your given consent for data processing according to steps and methods specified by the Company, except if the revocation cannot be made due to its nature. In this regard, a revocation of your consent shall not affect your consent given previously before a revocation of the consent
8) Complaint rights: You have the right to file a complaint with the Expert Committee of the Office of the Personal Data Protection Committee if you believe that the Company has not complied with the Personal Data Protection Act.
You may also submit a complaint or express any concerns directly to the Company through the following channels:
Channels for exercising your rights under items 1) - 7):
Live chat on the website www.orbixtrade.com.
Company email: support@orbixtrade.com
Customer Service: 02-026-6107
In case that you have provided consent to receive direct marketing communications via the orbix Trade application, you may withdraw your consent at any time through the application by selecting the "Account" menu and navigating to "Consent Management”. The Company will process your consent withdrawal request within seven (7) business days.
Please note that during the processing period of your consent withdrawal, you may still receive certain communications or information from the Company under the scope of your previous consent until such withdrawal become fully effective.
Channels for submitting complaints or raising concerns:
9. Will the Company amend or adjust this Privacy Notice?
The Company may review the content to amend, adjust, or change this Privacy Notice from time to time so that you can acknowledge an updated collection, use, and disclosure of personal data. If there is any amendment, adjustment, or change of this Privacy Notice, the Company will inform you via application email and/or the Company’s website.
10. Notification of Objectives and Details for Personal Data Processing
In the case where notification of new objectives or details as provided in this Privacy Notice is unable to do or would be an obstacle to a use or disclosure of your personal data which the Company has received indirectly from other sources, particularly for achieving a purpose of scientific, historical, statistic research, the Company shall procure an appropriate and standardized measure to protect rights, freedom, and benefits of the data subject as provided in this Privacy Notice.
If you give personal data of other persons (i.e., family members or other contact persons) to the Company (i.e., name, surname, date of birth, age, address, relationship, signature, and contact detail) for an objective specified in this Privacy Notice, in that case, you should proceed with an action to ensure that those people have been informed of personal data disclosure to the Company. You should notify those person of this Privacy Notice and/or ask for consent from those persons (if required) and/or based on other lawful criteria or basis.
11. Contact Channels of the Company and the Data Protection Officer
Should you have any suggestions or inquiries about the details of the collection, use, and/or disclosure of your personal data, you can contact the Company and the Data Protection Office at:
· Orbix Trade Co., Ltd.
o Address: K+ Building No. 188/72 Charat Mueang Road, Wang Mai, Pathum Wan, Bangkok 10330
o Email: support@orbixtrade.com
o Tel: 02-0266107
· Data Protection Officer
o Address: Orbix Holdings Co., Ltd. No. 188/72 Charat Mueang Road, Wang Mai, Pathum Wan, Bangkok 10330
o Email: dpo.orbix@orbixholdings.com
Announced as of 12 November 2025
| Types of Data | Example of Data that the Company collects, uses, and/or discloses |
|---|
| Data used for identification and personal data | - Title, name, middle name, surname - Gender, date of birth, age - Marital status - Relationship information (i.e., the actual beneficial owner) - Nationality, country of residence - Signature - Information presented on the documents issued by governmental agencies (i.e., copy of identification card, civil servant identification card, name change certification, marriage certificate, death certificate, or other similar documents used in identifying and proofing a person's identity) and other KYC and CDD data. - W-8BEN / W-8BEN-E Form for notifying a status of U.S. and non-U.S. person under FATCA - Data on the bankruptcy status of a person - Data on political relationship - Data on spouse - Documents to support the objectives to reside in Thailand Remark: Normally, the Company has no objective in collecting and using sensitive data, such as religion and blood type, as presented on a copy of the documents issued by governmental agencies. To keep your personal data private, the Company recommends you redact the said personal data before sending or disclosing it to the Company; otherwise, the Company may do so for your benefit. |
| Contact details | - Address shown in significant documents, current address, and address in a country of nationality, workplace - Phone number, mobile phone number, email - Name or accessing account for communicating via electronic - Residing evidence in Thailand (for foreigners) |
| Data on employment and education | - Occupations and career field - Position - Business types - Educational qualifications |
| Data on Client Suitability Test | - Age range - Data on financial obligations and expenses - Investment experiences and knowledge - Investment expectation - Risk acceptance capacity |
| Data on business ownership | - Shareholding proportion and/or data presented on any documents for verifying business operation (i.e., the lease agreement of a premise used as a business location) |
| Data on finance and transaction | - Bank account, account name, photocopy of the first page of the book bank - Bank statement - Income, source of income, source of investment - Transaction objectives - Investment-related information, such as data and transaction volumes of digital assets - Transaction history, transaction reference number - Photocopy of payment slip - Cryptocurrency, transaction amount, transaction number, digital asset wallet number - Account Login Credentials: username and password - Other supportive data for using products/services, i.e., User ID |
| Technical data, equipment, and tools | - IP address - Cookies ID - Web beacon, Pixel tag, or Software Development Kit (SDK) - Access data, system usage data - Transaction log - Log-in records, access duration, application and website usage details, search history, and interaction history. - Location data - Other technical data derived from the use of platform, application, and operating system, i.e., type and version of browser, operating system, and platform, as well as other technology on your device used for accessing the platform and series and kind of the device. |
| Other Data | - Communication and interaction record between you and the Company - Photos and video recording - Data on subpoena/royal gazette regarding transactions of the Company’s customers or actions for abiding by laws (i.e., order of receivership, order to appoint administrator, order of incompetent person or quasi-incapable person, subpoena for documents and materials evidence) and other data deemed to be personal data under the personal data protection laws. - Data on risks regarding anti-money laundering and primary offenses under the prevention and suppression of money laundering laws - Data on complaints, opinions, and requests for exercising rights according to the laws - Data on acknowledgement of Privacy Notice and Service Agreement - Other data given by you regarding marketing and development of products and services, including but not limited to registration data for activities participation, data on giving/withdrawing consent, opinion survey results, satisfaction on services and products, survey, competition, behavior data, interest, and requirement - Personal interest, transaction behavior, and platform-using behavior |
| Type of Personal Data Receivers | Details |
|---|
| Kasikornbank and its business partners | 1. If you have a deposit bank account with Kasikornbank, the Company is required to disclose your data to the Bank for identity proofing according to the KYC process. 2. If you are a customer of Kasikornbank and have provided your consent for the Bank to disclose your information to the Company for the purpose of contacting you regarding its products and services, and you subsequently decide to open an account with the Company, the Company may disclose your investment information back to Kasikornbank for the purpose of managing and maintaining your investment portfolio in the manner that is appropriate and in your best interests. |
| Service Providers of the Company | The Company may hire or use the service of a third party, either person or organization, to keep, collect, use, and disclose personal data on behalf of the Company to support the Company in rendering services. For this reason, the Company may disclose or share your personal data with the Company’s service providers, which includes but is not limited to the following: a. Cloud Computing service providers for storing data of the customers who use the Company’s services b. Personal data processing service providers for identifying and proofing your identity before opening an account during the KYC process, whereby the Company will send photos and motion pictures of a face for identifying and proofing the identity process with liveness detection and face recognition technology. c. National Digital ID service providers for keeping, collecting, and using your personal data to identify and prove an identity. d. SMS service providers for sending you messages and news regarding the Company’s services. e. Marketing service providers for sending the marketing information to the customers. f. Document storage service providers. |
| Governmental Agencies and third parties as specified by laws | In some cases, the Company may be required to disclose your personal data according to order, motion, subpoena, or other cases for abiding by the laws, notifications, or orders of the governmental agencies or authorities as follows: 1. Regulators - The SEC Office may order the Company to disclose personal data collected and used by the Company for the following objectives: (1) identifying and proofing identity, (2) inspecting the suspicious transactions, (3) inspecting the market manipulation, (4) testing client suitability, (5) complaint management, (6) inspecting, preventing, or dealing with corruption problem or security issues and seizing of properties, and (7) other related objectives. - The Anti-Money Laundering Office may order the Company to disclose personal data collected and used by the Company for the following objectives: (1) identifying and proofing identity, (2) inspecting the suspicious transactions, (3) inspecting and managing the customer’s risk level in accordance with the laws on prevention and suppression of money laundering, (4) inspecting, preventing, or dealing with corruption problem or security issues and seizing of properties, and (5) other objectives as specified by laws. 2. Other governmental agencies, i.e., courts, the Council of State, Royal Thai Police, Bank of Thailand, Ministry of Finance (including Excise Department, Fiscal Policy Office, Customs Department, and Revenue Department), Ministry of Commerce (including Department of Business Development), as well as the officials in charge of those agencies and other third parties. In the case where the Company has a reasonable ground to believe that it is required by laws or legal regulations to perform its duties or to protect the rights of the Company or of other persons, or for the safety of persons, or for inspecting, preventing, or dealing with corruption problem or security issues. |
| Advisors/Experts | For benefits in operating business of the Company, the Company may disclose your personal data to - Auditors - External audit - Legal advisors - Other advisors or experts, as the case may be. |
| Other Personal Data Receivers | The Company may be required to disclose personal data to other individuals or juristic persons for an objective as provided in this Privacy Notice or for different objectives to be specified in the future, including, but not limited to, addition or adjustment in service format based on actions of a third party or use of information to develop systems apart from the existing system by third parties, either individuals or juristic persons. |