Privacy Policy (Privacy Notice)

Touch Technologies Company Limited

Touch Technologies Co.,Ltd and its subsidiaries (hereinafter collectively referred to as the “Company” for the rest of this document) are aware of the importance of protecting personal data and place utmost importance on respecting privacy rights. Together with safeguarding personal data of users, employees, general public, business partners, contract parties, customers, visitors, and individuals interested in applying for employment, the Company has instituted this privacy policy statement. For your understanding of the Company’s policy concerning collection, use, and disclosure of your personal data with reliability, the Company strictly implements robust data protection measures to guarantee confidentiality and precise operational execution. Additionally, we have implemented measures to safeguard data security, preventing unauthorized access, disclosure, use, or alteration of information. We adhere strictly to the Personal Data Protection Act 2019, relevant laws, and regulations. Consequently, the Company hereby declares its Privacy Notice as follows:

1. Individuals Covered by This Notice

This Privacy Notice applies to the individuals and legal entities mentioned above, as well as the following individuals:

1.1. Customer of the Company:

Individual Customers: Current and former individual customers of the Company.

Corporate Customers: Directors, shareholders, ultimate beneficiaries, employees, guarantors, security providers, and legal representatives of current and former corporate customers. This also includes other individuals authorized to act on behalf of corporate customers. The Company recommends that its business customers ensure that all authorized representatives or any related individuals are aware of this Privacy Notice.

1.2. Non-Customers of the Company:

Non-Customers of the Company: Individuals who are not customers of the Company, including those who do not have products or services with the Company, but whose personal data may need to be collected, used, or disclosed by the Company. This includes investors, individuals making payments to or receiving payments from the Company's customers, individuals visiting the Company's website or application, or using services at the Company's branches or offices, guarantors or security providers, ultimate beneficiaries, directors or legal representatives of legal entities using the Company's services, debtors of the Company's customers, professional advisors, as well as the Company's directors, investors, shareholders, and their legal representatives, and any individuals involved in transactions with the Company or its customers.

Moreover, please be informed that any visible links appearing on the Company’s platform are able to direct you to external platforms. Once you access an external platform, your personal data will be processed according to their privacy policy. Hence, under these circumstances, the Company highly advises you to read and comprehend the privacy policies of external parties whenever you enter those platforms.

2. Personal Data the Company Collects from You

To access or use the Company’s service, you are required to provide your personal information that identifies you in order to conduct transactions with the Company. This includes information specified in various service request forms and identity documents required for conducting transactions. Furthermore, the Company may process your personal data in multiple embodiments such as documents, images, and/or electronic records, including automatic processes.

The personal data and sources from which your personal data is collected, used, or disclosed by the Company include the followings:

2.1. Identity Data. Data about the general public that is able to identify you either directly or indirectly such as prefix, name/surname, identity number, passport number, date of birth, nationality, gender, photographs, taxpayer identification numbers, investor unit trust numbers, personal provident fund codes, and retirement fund membership numbers.

2.2. Contact Data. Data such as physical address, email address, phone number, IP Address, or the customer's electronic identification number that can identify oneself.

2.3. Data that can be linked to other personal data, such as marital status, information about children, family information, educational background, communication preferences or decision-making limitations, work experience, investment experience, and information from knowledge assessments.

2.4. Information of beneficiaries in products and services of the Company, including individual adults and minors who are family members or designated beneficiaries.

2.5. Sensitive data. Data such as medical and health information necessary to provide services related to the products and services you request, including health history, infectious or serious disease history, health examination results, or medication test results, criminal history, disability or physical impairment information, ethnicity and religion, or blood type.

2.6. Technical and Usage Data. Information about your preferences in searching for data from the internet, such as searching for company products (Website Browsing), including various recorded logs used to track individual activities, such as log files, the use of cookies, or connections to websites and other applications where you search for information.

2.7. Communication Data. Data such as recordings on occasion where you reach the Company through Contact Center, which may include image or audio, computer traffic data, etc. Regardless of whether you provide the information or the Company already has it, or whether the Company receives or accesses it from other reliable sources such as government agencies, financial business group companies, and/or company consultants.

2.8. Other information that you provide during your interactions with the Company or as requested by the Company for the purpose of offering, recommending, or providing services related to the Company's products or services.

2.9. Financial and Transactional Data. Data such as bank account number, transaction history reports, income data, account balances, and financial history with the Company, among others.

2.10. Information related to legal cases in process or sequential processes, customer or investor disclosure required by anti-money laundering laws, securities laws and markets, or other laws under which the Company must comply.

The personal information collected may vary depending on your relationship with the Company, the digital technologies you use, and the types of products or services you have with the Company. For individuals accessing as representatives of businesses or legal entities, the Company may collect information based on your relationship with the Company to align with the service provision objectives.

The Company also gathers data from visitors who are willing to provide email address and other data such as contact data, or register data. Visitors may be asked to give opinions toward the Company’s website via our survey form. Furthermore, visitors may receive periodic communications from the Company regarding new products, services, or upcoming events. If you prefer not to receive emails or other correspondence from the Company, please update your subscription preferences or click the "Unsubscribe" link in any email communication received from the Company.

If you provide personal data of third parties who are not yourself to the Company, such as names, surnames, phone numbers, relationships with you (e.g., parents, siblings, spouse, partner, children, emergency contacts), and references, you certify that you have the legal authority to provide such personal data and authorize the Company to use these personal data as described in this notice. Additionally, you agree to inform these third parties about this notice and/or obtain consent from them as necessary.

3. Objective and Legal Bases or Criteria

The Company collects, uses, and discloses your personal and sensitive personal information to conduct various activities related to the transaction of the Company and to fulfill the Company's obligations in carrying out its business activities for the following purposes:

3.1. Purpose for which the Company requires your consent for sensitive personal data include using your consent to collect, use, and/or disclose your sensitive personal information to develop the Company's products, to conduct background checks for job applicants, and to ensure overall security.

In cases where consent is the criterion or legal basis, you have the right to withdraw your consent at any time. However, this withdrawal does not affect any processing done prior including data being used as a part of product development or as a part of the employment process. Hence, the Company reserves the rights to collect, use, and/or disclose your personal data. Upon termination of employment, the contractual relationship and associated obligations with the Company will legally cease once you are no longer under the Company's employment. In the case of employment termination, the legal relationship and obligations with the company will cease once you have fulfilled all your responsibilities. You may contact the company via email at [email protected] or by phone at 020124545 to inform your intention to withdraw consent. It's important to note that withdrawing consent will not affect any processing that has already occurred lawfully or that is required by law.

3.2. Purpose for which the Company may process your personal data based on criteria or legal bases in collecting, using, and/or disclosing your personal data where the Company may rely on these following criteria and legal bases:

(a) Requests are processed prior to transactions with the Company, evaluations and approvals are conducted, and products and/or services are provided. Delivery of products and/or services, as well as advising and managing them, including all company operations, are undertaken. Failure to process these may impact company operations or its ability to provide fair and continuous service, and is necessary to fulfill agreements for any transaction or contract, or to perform transactions or contracts with you.

(b) Verifying your identity for any transactions or actions you initiate.

(d) The Company is obligated to complete tasks that contribute to the public interest or to perform duties under state authority.

(e) The Company is obligated to perform according to the law.

(f) It is necessary for the legitimate interests of the Company and third parties, ensuring a balance with the benefits, rights, and fundamental freedoms related to the protection of your personal data, and

(g) It is necessary to establish legal claims, comply with or exercise legal claims, or defend against legal claims.

3.3. The Company will place reliance on the stated criteria or legal bases from (a) to (g) to collect, use, and/or disclose your personal data for the following purposes:

(1) Managing Company's Affairs and Affiliates include overseeing audits, risk management, financial and accounting administration, internal organizational management, human resource management, and the surveillance, prevention, and investigation of fraud, money laundering, terrorism, misconduct, or other criminal activities. This includes but is not limited to verifying the credibility of individuals associated with the Company’s corporate clients, even in instances where such actions are not mandated by regulatory or legal authorities. Additionally, this involves identifying you to prevent such criminal activities.

(2) Managing Relationship between Company and Customer (including supporting customer, evaluating customer satisfaction, and conducting compliant management).

(3) Maintaining security measures such as CCTV recording, registration, card exchange, and/or recording of individuals contacting before entering the Company premises, including the main office, surrounding areas of the main office, and all areas around Company branches.

(4) Developing and improving products, services, and related systems of the Company to elevate our service standard and/or to maximize benefits in meeting your needs as well as to offer you appropriate products, services, and benefits by taking into consideration your fundamental rights in your personal data. Nevertheless, if you do not wish to receive any suggestions regarding our products, services, and benefits, you may cancel any time.

(5) In the case of corporate clients, the Company may collect, use, and disclose personal data of the directors, authorized signatories, or representatives.

(6) Ensuring business continuity of the Company.

(7) Handling claims and disputes, filing lawsuits, and conducting legal proceedings related to the matter.

(8) Contacting you prior to entering into a contract with the Company, which includes evaluating suitability and qualifications, presenting proposals for bidding and pricing competitions, and proceeding with contract negotiations.

(9) Mitigating security risks such as monitoring usage of network activity logs, identifying security incidents, conducting data protection audits, and preventing any malicious, fraudulent, deceptive, or unlawful activities.

(10) Complying with international laws.

(11) Managing the Company's structure (including data management), internal controls, business operations, and adherence to Company policies and procedures, which encompass activities related to risk management, security, accounting audits, financial systems, and operations for business continuity.

(12) Conducting research, planning, and performing statistical analysis, such as data analytics, assessment, conducting surveys, and reporting on the Company's products and/or services, as well as your behavior. Organizing projects to identify business opportunities for the Company.

(13) Organizing promotional projects or activities. Meetings, seminars, and company visits, including video and/or audio recordings related to meetings, training, seminars, recreation, or marketing activities.

(14) Facilitating auditors to conduct accounting audits.

(15) Engaging services from legal consultants, financial consultants, and/or any other consultants appointed by you or the Company.

(16) In the event of sale, transfer, merger, business rehabilitation, or similar event, the Company may disclose and transfer your personal data to one or more external parties as a part of that transaction

(17) Maintaining and updating the current list and directory of customers (including your personal data), and organizing contracts and related documents that may reference you in those documents, and/or

(18) Adhering to appropriate business criteria such as management, training, auditing, reporting, risk management, statistical analysis and trend forecasting, revenue calculation and customer segmentation, or similar activities. Establishment of business management allows continuity and identification of conflicts in the IT systems of the Company as well as the security and development, implementation, and maintenance of the Company's IT systems.

3.4. Your Consent

In some cases, the Company may require your consent to collect, use, and disclose your personal data to maximize your benefits and/or to enable the Company to provide utmost customer service including, but not limited to, the following purposes:

(1) It is necessary to collect, use, and disclose sensitive personal data such as using photocopy of your ID card containing information involving your religion, and/or blood type, and criminal records to verify your identity before transaction and customer acquaintance process (Know Your Customer).

(2) Collecting and using personal data or any form of your data for research and analysis purposes to maximize the development of products and services that truly meet your needs, and/or to contact you for offering products, services, and benefits that are suitable for you specifically.

(3) Sending or transferring your personal data to foreign countries, which may have insufficient standards for personal data protection, unless permitted by laws other than the Personal Data Protection Act or without requiring consent.

(4) If you are a minor, incapacitated person, quasi-incapacitated person, or similar, consent must be obtained from your father, mother, guardian, curator, or custodian (as applicable), unless permitted by law other than the Personal Data Protection Act to proceed without consent.

(5) Other relevant actions that the Company should seek your consent.

3.5. Other Legal Bases

In addition to the laws stated above, the Company may collect, use, or disclose your personal data under other legal bases as follows:

(1) Preparing historical documents or memoranda for public benefit, or related to research or statistics.

(2) Protecting or Preventing risk to life, physique, or health of individuals, and/or

(3) Necessary for the performance of duties in carrying out missions for the public interest or exercising the authority of Company employees.

If the personal data collected from you by the Company is necessary for compliance with Company laws or for entering into a contract with you, the Company may not be able to provide or continue to provide certain products or services to you if you do not provide such personal data when requested by the Company.

4. Personal Data the Company Receives from Other Sources

Generally, the Company will collect your personal data directly. However, the Company may sometimes receive your personal data from another source, which the Company will process in accordance with the Personal Data Protection Act. Personal data that the Company collects from other sources may include, but is not limited to, the following information:

4.1. Information that the Company receives from affiliated companies, business partners, and/or any other individuals with whom the Company has legal relationships.

4.2. Information that the Company receives from individuals related to you, such as your family, friends, or acquaintances.

4.3. Information that the Company receives from organizational business customers, where you are a director, authorized person, representative, appointee, or contact person.

4.4. Information that the Company receives from service providers, officials and legal authorities, or third parties, such as your representatives, employers, sponsors, and any other individuals who play a role in providing services to you, or individuals who act on behalf of those individuals themselves, who may provide information about you to the Company.

If you provide personal information of other individuals to the Company in transactions with the Company, or in any other case, you must inform such individuals of the details of the collection, use, and disclosure of personal information and their rights under this privacy policy. Additionally, you must obtain consent from these individuals (if necessary) or rely on other legal bases for providing personal information to the Company.

5. Your Rights Under the Law

The Personal Data Protection Act aims to give you more control over your personal data. You can exercise your rights under the Personal Data Protection Act, which are detailed as follows:

5.1. Right to access and request a copy of your personal data: You have the right to access and receive a copy of your personal data held by the Company, unless the Company has the right to refuse your request under the law or a court order, or if your request may adversely affect the rights and freedoms of others.

5.2. Right to request correction of personal data: You have the right to request the Company to correct or update your inaccurate or incomplete personal data to be accurate and complete.

5.3. Right to request deletion of personal data: You have the right to request the Company to delete or destroy your data, or to make your data unidentifiable, except where the Company has legal grounds to refuse your request.

5.4. Right to request the suspension of personal data use: You have the right to request the Company to suspend the use of your personal data in certain cases, such as when the Company is verifying a request to correct personal data or objecting to the collection, use, or disclosure of your personal data, or when you request the Company to suspend the use of personal data instead of deleting or destroying personal data that is no longer necessary because you need the data to be retained to establish legal claims, comply with or exercise legal claims, or defend against legal claims.

5.5. Right to object to the collection, use, or disclosure of personal data: You have the right to object to the collection, use, or disclosure of your personal data in cases where the Company processes it under legitimate interests or for purposes related to direct marketing, scientific, historical, or statistical research, except where the Company has legal grounds to refuse your request. For example, the Company can demonstrate that the collection, use, or disclosure of your personal data is necessary for overriding legitimate grounds, establishing legal claims, complying with or exercising legal claims, or for the public interest of the Company.

5.6. Right to data portability: You have the right to receive your personal data in a format that is readable or commonly used with automatic tools or devices and to use or disclose personal data by automated means. You also have the right to request the Company to send or transfer your personal data to an external party or to receive your personal data that the Company has sent or transferred to an external party, unless it is technically unfeasible for the Company to comply with or has lawful reasons to reject your request.

5.7. Right to withdraw consent: You have the right to withdraw consent given to the Company at any time by following the provided instruction and procedures, unless it is not feasible to withdraw consent due to the natural situation. Your consent withdrawal will not affect the Company’s method of collecting, using, or disclosing your personal data that you have previously consented. Prior to withdrawing consent, you can review and change your consent for the use or disclosure of personal data for marketing purposes through the Consent Form for the Use of Products of Touch Technology Co., Ltd., available upon request or through channels the Company may specify in the future.

5.8. Right to file a complaint: You have the right to file a complaint with the Personal Data Protection Committee or the Office of the Personal Data Protection Committee if the Company fails to comply with the Personal Data Protection Act.

6. The Company’s Sharing of Personal Data

The Company may disclose your personal data to individuals or companies under specific criteria of Personal Data Protection Committee as followings:

6.1. Affiliated companies, business partners, contractors, and/or any other individuals with whom the Company has legal relationships, including directors, executives, employees, workers, contractors, agents, and advisors of the Company and/or those individuals.

6.2. Payees, beneficiaries, account nominees, intermediaries such as external securities companies, registrars, distributors, custodians, correspondent banks, co-brand partners, market counterparties, product issuers, or global trade repositories, and/or any other individuals with whom the Company has legal relationships, including directors, executives, employees, workers, contractors, agents, and advisors of the Company and/or those individuals.

6.3. Government agencies and/or regulatory authorities overseeing the Company, such as the Bank of Thailand, the Securities and Exchange Commission, the Ministry of Digital Economy and Society, the Anti-Money Laundering Office, the Revenue Department, the Stock Exchange of Thailand, the Thailand Futures Exchange, the Thailand Securities Depository Co., Ltd., the Thailand Clearing House Co., Ltd., and the Department of Provincial Administration.

6.4. Partners, agents, vendors, or other organizations such as professional associations of which the Company is a member, independent auditors, securities depositories, document storage facilities, foreign financial institutions, and clearing houses, where the disclosure of your personal data will have specific purposes under legal bases and appropriate security measures.

6.5. Individuals involved in the sale of claims and/or assets, organizational restructuring, or mergers of the Company, where the Company may need to transfer rights to such entities, including individuals with whom the Company needs to share information for the sale of claims and/or assets, organizational restructuring, business transfer, financial arrangements, asset disposals, or other transactions related to the operations and/or assets used in the Company's operations.

6.6. Banks and other financial institutions, as well as third parties, in cases where disclosure of information is required by law to assist such individuals in recovering funds mistakenly deposited into your account or tracing financial transactions in cases where you are a victim of financial crime, or in cases where suspicious funds are deposited into your account from financial crime.

6.7. Debt collectors, lawyers, credit reporting agencies, anti-corruption agencies, courts, agencies, or any person or entity authorized or required by law, regulations, or orders to disclose personal information of the Company.

6.8. External parties providing various services to the Company, such as IT service providers, market analysis and comparison, including but not limited to correspondent banking agents, or subcontractors acting on behalf of the Company, and printing service providers.

6.9. Online social media service providers in a secure format or external advertising companies to deliver messages to you and other individuals related to the Company's products and/or services. External advertising companies may use your online activity history data to allocate advertisements that you may be interested in.

6.10. External personal guarantors.

6.11. Any other individuals who receive benefits or provide services related to the Company's products or services to you.

6.12. Organizational business customers of the Company, in your capacity as a director, authorized representative, delegated person, or contact person.

6.13. Your attorney-in-fact, power of attorney holder, agent, or duly authorized representative who has legal authority.

7. Sending or Transferring Your Personal Data Internationally

As the Company's operations are global in nature, the Company may need to send or transfer your personal data abroad. In such cases, the Company will use its best efforts to send or transfer your personal data to business partners, service providers, or recipients of the Company's data who are trustworthy, using the most secure methods to maintain the security of your personal data. If the destination country does not have adequate standards for personal data protection, the Company will send or transfer personal data in compliance with the Personal Data Protection Act and implement necessary and appropriate measures to protect personal data.

8. Period of Personal Data Retention

The Company will retain your personal data as long as necessary for our legitimate reasons specified to you or this policy. In In the event that you terminate your relationship or contract with the Company, or no longer use its services or engage in transactions with the Company, the Company will retain your personal data for the specified period thereafter, or as required by law, or for the applicable statute of limitations, or for purposes related to legal claims. When the specified period of data retention concludes, the Company will proceed to delete or destroy personal data or transform the aforementioned personal data to be untraceable to the individual. The duration of personal data retention will adhere to the Company's Data Retention Policy, which may entail retaining personal data longer than prescribed by law if necessary.

9. Cookie Usage

The Company may collect and use cookies and similar technologies when you use its products and/or services, including browsing its website, conducting transactions over the internet, and using the Company's applications.

Collecting cookies and similar technologies in this manner helps the Company remember you, understand your preferences, and improve how it offers products and/or services to you. The Company may use cookies for various purposes, such as enabling essential functions to work, understanding how you use the Company's website or emails, enhancing your online experience or communication with you, and ensuring that online advertisements shown to you are more relevant and of interest to you.

10. The Company’s Use of Personal Data for Original Purposes

The Company has the right to collect and use your personal data that it has collected before the effective date of the Personal Data Protection Act concerning the collection, use, and disclosure of personal data for the original purposes. If you do not wish the Company to continue collecting, using, and utilizing your personal data as stated above, you may notify the Company to withdraw your consent at any time.

11. Data Security Measures

The Company employs internal security measures and strictly enforces policies to ensure the security of your personal data held by the Company. This includes data encryption and measures to prevent unauthorized access. The Company mandates that its staff and external contractors adhere to appropriate standards and privacy policies, ensuring proper care and security measures are in place for the use, transmission, or transfer of your personal data.

12. How You Contact the Company

If you have any questions or concerns regarding the Company’s Privacy Policy, please contact us through the following channels:

● You may contact via our phone number: 065-864-1956

● You may contact via our e-mail address: [email protected]

13. Updates or Changes to the Privacy Policy Statements

This Privacy Policy may be changed or updated occasionally. Hence, the Company will notify the current version of the Privacy Policy Statement on https://www.touchtechnologies.co.th/