User’s Personal Data will not be collected, disclosed, published, or used for any other purposes other than the purposes that the Company has informed the Users, unless the Company receives a consent from the User or otherwise required by law.
Types of Personal Data Collected by the Company
The Company will collect information or data (collectively referred to as “Personal Data”) as follows:
- A. Information on ID card or passport or any other documents issued by the government, such as name, surname, title, identification number, passport number, etc.;
- B. Personal identifications, such as marital status, Biometrics information;
- C. Registered address and current address, including User’s current location;
- D. Information regarding education or work;
- E. Necessary information required for contacting User, such as current addresses, phone numbers, emails, etc.;
- F. Financial information, such as records of transactions via ModernPay and ChillPay, or any other services provided by the Company, credit card information, bank account information, any other information of the banks or financial institutions that the User currently retains;
- G. Information regarding products or services of which the User has transactions with the Company;
- H. User’s specimen of signature;
- I. Information regarding the devices used for obtaining the Company’s services, such as computers, mobile phones, Point of Sales machines, including Unique Device Identifier numbers, IP addresses, information regarding devices’ operating systems, mobile network operators, locations, cookies.
- J. Any other information specified in the Service Agreement or necessary information required for inspection and operations.
In the event of obtaining additional information beyond the Company’s basic services, or in the case of collecting, using, or disclosing sensitive personal data other than the abovementioned, the Company shall proceed with fundamental procedures required by laws. The Company shall inform the User of such purposes and types of personal data which will be collected, used, or disclosed before or during such actions.
Purposes of Collecting Personal Data
The Company shall collect, use, or disclose User’s personal data according to the law and for the following purposes:
A. For the implementation of User’s requests before entering into an agreement, including the necessity of an execution of the agreement of which the User is a contracting party, including but not limited to:
- Consideration of registration requests for the use of products and services provided by the Company, such as ModernPay, ChillPay, or any other products that will be available in the future;
- Customer supports, information supports, accept of requests, receive of information, or inquiries regarding services;
- Development, improvement of services, enhancement of service efficiency, and facilitation for Users; and
- Data processing in order to provide services or any other actions necessary to provide the best services from the Company.
- B. For the compliance of laws, rules, regulations, practices, or guidelines issued by the relevant regulatory authorities, such as the Bank of Thailand and the Anti-Money Laundering Act. The Company may submit your personal data to internal and/or external audits, government agencies, or any relevant juristic persons according to the Procedures of Know Your Client (KYC) or Client Due Diligence (CDD) under the Anti-Money Laundering Act.
- C. For the purposes of receiving news, information, or marketing and promotions, or special offers regarding benefits, products, and services. Or for the purposes of collecting and using such information for statistical studies, researches, evaluation, or for management of Company’s business purposes, Company’s business partners, and Company’s affiliates. Including any other purposes that the Company deems to be beneficial to the Users. The Users agree and allow the Company to verify, and/or exchange information, and/or disclose such information to any persons and/or juristic persons, including affiliate companies and/or any other persons who have entered into a Data Protection Agreement with the Company. In doing so, Users shall not be able to claim or request any compensation from the Company.
- D. For prevention of crimes and frauds, including system and network security according to international standards.
In the event that there is a collection, usage, or disclosure of personal data for any other purposes beyond the above mentioned, the Company shall later inform the Users.
Methods of Data Collection
The Company shall collect personal data during the process of registration for services or during the usage of Company’s services.
Period of Data Collection
The Company shall retain such data throughout User’s service period or until the services are terminated. The Company shall retain the data thereafter if it is required by law, such as Anti-Money Laundering Act. Or for the purpose of verifying and examining in the event that any disputes may arise, within the statute of limitation but not exceeding 10 years.
Disclosure of Personal Data
The Company shall not disclose any personal data to the third parties, or allow the third parties to do so, unless:
- It is to comply with the provisions of law or court order, or when the Company has been notified to investigate fraudulent transactions from the persons related to such services or the customers.
- It is a disclosure of such data to the staff, employees, directors, or advisors who are related to such services.
- The Company receives a consent from the owner of personal data or the owner of such data requests to disclose the information.
- It is a disclosure to the auditors, Company’s external audits, government agencies, assignees, and persons or juristic persons whom the Company is required to provide personal data for the purpose of legal compliance.
- It is a disclosure to the juristic persons which have the power over the Company or under the control of the Company, including the companies that are under the same governance of the Company, or any other persons who are Company’s business partners or have any legal relations to the Company, including any other service providers who have the authorities to process personal data of their service users, domestically and internationally. Such as external service providers, financial institutions, or any other business partners of the Company.
- It is the assignee of the Company in the event of a merger or acquisition, transfer of ownership of assets and/or business, in whole or in part.
Security of Your Data
However, in the event that User’s personal information has been compromised by any means, such as cyber espionage by hacking, stealing, copying, destroying the database, deleting passwords, stealing of documentation, or any other means that do not performed by the Company, or loss of information due to force majeure or any other actions that do not performed by the Company, the Company has the right to deny any responsibilities resulting from such actions.
User’s Rights Regarding Personal Data Management