The Company shall collect, use, or disclose User’s personal data according to the law and for the following purposes:

• A. For the implementation of User’s requests before entering into an agreement, including the necessity of an execution of the agreement of which the User is a contracting party, including but not limited to:
  • Consideration of registration requests for the use of products and services provided by the Company, such as ModernPay, ChillPay, or any other products that will be available in the future;
  • Customer supports, information supports, accept of requests, receive of information, or inquiries regarding services;
  • Development, improvement of services, enhancement of service efficiency, and facilitation for Users; and
  • Data processing in order to provide services or any other actions necessary to provide the best services from the Company.
• B. For the compliance of laws, rules, regulations, practices, or guidelines issued by the relevant regulatory authorities, such as the Bank of Thailand and the Anti-Money Laundering Act. The Company may submit your personal data to internal and/or external audits, government agencies, or any relevant juristic persons according to the Procedures of Know Your Client (KYC) or Client Due Diligence (CDD) under the Anti-Money Laundering Act.
• C. For the purposes of receiving news, information, marketing and promotions, or special offers regarding benefits, products, and services. Or for the purposes of collecting and using such information for statistical studies, researches, data evaluation, or for management of business purposes of the Company, Company’s business partners, or Company’s affiliates. Including any other purposes that the Company deems to be beneficial to the Users. The Users agree and allow the Company to verify, and/or exchange information, and/or disclose such information to any persons and/or juristic persons, including affiliate companies and/or any other persons who have entered into a Data Protection Agreement with the Company. In doing so, Users shall not be able to claim or request any compensation from the Company.
• D. For prevention of crimes and frauds, including system and network security according to international standards.

In the event that there is a collection, usage, or disclosure of personal data for any other purposes beyond the above mentioned, the Company shall later inform the Users.

The Company shall collect personal data during the process of registration for services or during the usage of Company’s services.

The Company shall retain such data throughout the service period or until the services are terminated. The Company may retain the data thereafter if it is stipulated by law, such as Anti-Money Laundering Act. Or for the purpose of verifying and examining in the event that any disputes may arise, within the statute of limitation but not exceeding 10 years.

The Company shall not disclose any personal data to the third parties, or allow the third parties to do so, unless:

• It is to comply with the provisions of law or court order, or when the Company has been notified to investigate fraudulent transactions from the persons related to such services or the customers.
• It is a disclosure of such data to the staff, employees, directors, or advisors who are related to such services.
• The Company receives a consent from the owner of personal data or the owner of such data requests to disclose the information.
• It is a disclosure to the auditors, Company’s external audits, government agencies, assignees, and persons or juristic persons whom the Company is required to provide personal data for the purpose of legal compliance.
• It is a disclosure to the juristic persons which have the power over the Company or under the control of the Company, including the companies that are under the same governance of the Company, or any other persons who are Company’s business partners or have any legal relations to the Company, including any other service providers who have the authorities to process personal data of their service users, domestically and internationally. Such as external service providers, financial institutions, or any other business partners of the Company.
• It is the assignee of the Company in the event of a merger or acquisition, transfer of ownership of assets and/or business, in whole or in part.

In order to comply with the regulations prescribed by laws, such as the Anti-Money Laundering Act or the policies of the Bank of Thailand, should the User wish to delete or amend his/her own personal data, and such cause of action is against the regulations prescribed by other laws, the Company will not be able to delete such information. As stipulated by relevant laws, the Company, as a data receiver or a Personal Data Processor, is required to detain the personal data for the period of 10 years.

The Company acknowledges and is aware of the importance of User’s personal data. The Company has therefore improved and developed the security system for your personal data to be in accordance with international standards. The Company shall do its best to comply with this Privacy Policy. The Company shall emphasize its staff, including its Personal Data Processors who are authorized to access User’s personal data or have legal liabilities, to maintain the security of User’s personal data.

However, in the event that User’s personal information has been compromised by any means, such as cyber espionage by hacking, stealing, copying, destroying the database, deleting passwords, stealing of documentation, or any other means that do not performed by the Company, or loss of information due to force majeure or any other actions that do not performed by the Company, the Company has the right to deny any responsibilities resulting from such actions.

The translation of this Privacy Policy, whether translated into any languages, is only to facilitate your convenience. The Company has no intentions to change or modify its Personal Information Protection Policy. In the event of a conflict between the Thai edition and any other languages, the Thai edition shall prevail over other editions.

In the event that there is a breach of User’s personal data, the Company, at its best efforts, will inform the Office of the Personal Data Protection Committee immediately within 72 hours after the acknowledgement of such breach. Should the breach be likely to highly affect the rights and freedoms of the Users, the Company shall immediately inform such breach and the remedies to the Users through various channels, such as website, SMS, email, phonecall, or postal letter, etc.

Should the User have any concerns regarding this Privacy Policy, or wish to change or amend any personal data which User has provided to the Company, please contact the Company via email: dpo@chillpay.co, or via phone call: 02-107-7788 during Company’s business hours.