This Privacy Notice relates to the treatment of personal data, including sensitive personal data, by any member companies of TISCO Financial Group (hereinafter collectively called “TISCO”) when the data subject (hereinafter referred to as “data subject”, “you” or “your”) enters into legal relationship, makes contact with TISCO or acquires TISCO’s services and/or products through TISCO’s designated channels in accordance with the Personal Data Protection Act B.E. 2562 (hereinafter referred to as “PDPA”), relevant laws and regulations.
Respecting your privacy rights is important to TISCO. Therefore, TISCO uses the high standard and strict process for data protection of your personal data. This Privacy Notice is to inform you of the purposes for which TISCO process your personal data, who it may be shared with, data retention period, data destruction and rights of the data subject. You can examine information on personal data protection as follows:
Personal data that is collected, used and/or disclosed by TISCO is the data relating to a natural person, in particular as listed below, which directly or indirectly enables the identification of such person, but not including the data of deceased persons. TISCO might collect your personal data in a variety of ways either directly from you or indirectly from other sources e.g. any member companies of TISCO Financial Group, Department of Business Development Ministry of Commerce, Department of Provincial Administration Ministry of Interior, Department of Consular Affairs Ministry of Foreign Affairs, Legal Execution Department Ministry of Justice, any government agencies, international organizations, TISCO’s consultants, business partners and contracting parties, including any person appointed by the data subject or other available public sources.
1. Identification information relating to the data subject, such as first name/last name, national identification number, passport number, date of birth, marital status, workplace, work position, education information, portrait, picture, signature including sensitive personal data e.g. biometric data (fingerprint recognition data, facial recognition data), criminal records, health data, religious beliefs or race.
2. Contact information of the data subject, such as address, email address, telephone number, and other similar contact information;
3. Financial information of the data subject or transaction records which the data subject engages with TISCO, such as account number, order number, credit card and ATM/debit card number, payment and transaction records relating to your accounts or assets, balance, income and expenses statements, financial history or background;
4. User behavior of the data subject through internet search engine (Online Behavior Information) such as cookies, Website Browsing or connection to other website of the data subject;
5. Any information relevant to the data subject’s interaction with TISCO, such as information collected by automatic recordings through the use of TISCO Contact Center which may include still or moving pictures and voices.
6. Personal information obtained by TISCO from corporate customer, when such corporate customer is a counterparty of TISCO or has a legal relationship with TISCO and discloses personal information of their related person such as employee, personnel, officers, representatives, shareholders, authorized persons, members of the board of directors, contact persons, agents, and other natural persons in connection with such corporate customer. The corporate customer shall ensure that it has the authority to disclose and to permit TISCO to use the personal data in accordance with this Privacy Notice.
TISCO may collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with TISCO, legitimate interests of TISCO or other individual or juristic person and performance under your consent. Reasons for collecting, using or disclosing are provided below:
1. To enable TISCO to fulfil the contract between data subject and TISCO for the products or services the data subject has requested or acquired, for instance
2. To comply with applicable laws and regulations, for instance,
3. To perform actions under consent obtained from data subject, such as marketing or promotional communication and offers of TISCO’s or any third party’s products and/or services provided that such actions cannot be conducted by relying on any other lawful basis.
4. To take necessary steps for legitimate interests of TISCO or other individual or juristic person, for instance,
If the personal data TISCO collects from you is required to meet our legal obligations or enter into an agreement with you, TISCO may not be able to provide (or continue to provide) the products and/or services to you if TISCO cannot collect your personal data when requested.
For any of the purposes specified above, TISCO may send, transfer and/or disclose personal data to third party which may be located in or outside Thailand, provided, however, that the destination country that receives personal data might not have adequate data protection standard.
TISCO including our officers, employees, agents and advisers, may disclose your personal data to any of the following parties:
Any member companies of TISCO Financial Group which consists of TISCO Financial Group Public Company Limited, TISCO Bank Public Company Limited, TISCO Securities Company Limited, TISCO Asset Management Company Limited, TISCO Insurance Solution Company Limited, TISCO Information Technology Company Limited, Hi-Way Company Limited and All-Ways Company Limited;
TISCO’s business partners (see list of the business partner companies on TISCO website);
National Credit Bureau and credit information company including its members under the Credit Information Business law;
Any third party upon your consent;
Your parent, guardian, curator, heir, administrator of an estate or your legal representative for the purpose of allowing him/her to organise your assets and accounts when you are classified as a minor, incompetent, quasi-incompetent or deceased (as the case maybe);
TISCO’s outsource service providers whether located in or outside Thailand such as cloud service/computing provider, software developers, marketing events service providers, data research service provider, card association;
Government authorities and/or regulators such as the Bank of Thailand, Anti-Money Laundering Office, the Revenue Department, Office of Insurance Commission, Securities and Exchange Commission, courts, police or auditor;
Debt portfolio purchasers such as an asset management company, etc.;
Any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of TISCO’s entities including their officer, employee, agent or director; and/or,
Other persons having legal relationship or contract with TISCO and TISCO considers necessary to disclose personal data in order to provide products and/or services.
TISCO has implemented policies, guidelines and minimum standards to manage data subject’s personal data, such as information technology safety standard, to protect your personal data from unauthorized access or personal data breaches. TISCO has improved such policies, guidelines and minimum standards from time to time in accordance with requirements under applicable laws.
In addition, officers, employees, agents and contractors of TISCO have duties to protect personal data of data subject in accordance with confidentiality agreement signed with TISCO.
If TISCO needs to send or transfer personal data of data subject to other country that has less standard of personal data protection, TISCO will take actions as we deem necessary at least equal to the standard of confidentiality of that country such as having confidential agreement with a counterparty in that country.
In the event that the data subject is no longer the customer of TISCO or has ended relationship with TISCO, TISCO will consider retaining the personal data of data subject for a certain period required by relevant laws, TISCO’s policies and guidelines in connection with retention period of personal data. For example, retention period under Anti-Money Laundering Act of B.E. 2542 is at least 10 years after the relationship between customer and TISCO has ended. TISCO will erase or destroy your personal data when it is no longer necessary or when the retention period lapses.
We may change or update this privacy notice from time to time and we will inform the updated Privacy Notice at TISCO website.
If you have any questions or would like more details about the collection, use and/or disclosure of your personal data or would like to exercise your rights or file compliant, please contact TISCO through any of the provided service contact channels.