This Privacy Notice relates to the treatment of personal data, including sensitive personal data, by each company under TISCO Financial Group (hereinafter individually and collectively referred to as “TISCO” or “we”) when the data subject (hereinafter referred to as “data subject”, “you” or “your”) enters into legal relationship, makes contact with TISCO or acquires TISCO’s services and/or products through TISCO’s designated channels in accordance with the Personal Data Protection Act B.E. 2562 (hereinafter referred to as “PDPA”), relevant laws and regulations. This Privacy Notice applies to the personal data of (1) TISCO’ customers (2) data subject who have no product or service holding with TISCO, but TISCO may need to collect, use or disclose your personal data, e.g., directors, investors or shareholders of TISCO; anyone that visits TISCO’s website or TISCO’s mobile applications; guarantors or security providers; debtors or tenants of TISCO’ customers; contact person; employee, directors or legal representatives of a corporate customer that uses TISCO’ services or has legal relationship with TISCO including their legal representatives, and anyone involved in other transactions with TISCO or TISCO’ customers.
This Privacy Notice is made in Thai and English translation. In the event of any inconsistency, the Thai Privacy Notice shall prevail.
Respecting your privacy rights is important to TISCO. Therefore, TISCO uses the high standard and strict process for data protection of your personal data. This Privacy Notice is to inform you of the purposes for which TISCO process your personal data, who it may be shared with, data retention period and rights of the data subject. You can examine information on personal data protection as follows:
Personal data that is collected, used and/or disclosed by TISCO is the data relating to a natural person, in particular as listed below, which directly or indirectly enables the identification of such person, but not including the data of deceased persons. TISCO might collect your personal data in a variety of ways either directly from you or indirectly from other sources e.g., any companies under TISCO Financial Group, Department of Business Development Ministry of Commerce, Department of Provincial Administration Ministry of Interior, Department of Consular Affairs Ministry of Foreign Affairs, Legal Execution Department Ministry of Justice, any government agencies, international organizations, TISCO’s consultants, business partners and contracting parties, including any person appointed by the data subject or other available public sources.
1. Identification information relating to the data subject, such as first name/last name, national identification number, passport number, date of birth, marital status, workplace, work position, education information, identification card photo, portrait, picture, signature including sensitive personal data e.g., biometric data (fingerprint recognition data, facial recognition data), criminal records, health data, religious beliefs or race;
2. Contact information of the data subject, such as address, email address, telephone number, and other similar contact information;
3. Financial information of the data subject or transaction records which the data subject engages with TISCO, such as account number, order number, shareholder's register number, credit card and ATM/debit card number, payment and transaction records relating to your accounts or assets, balance, income and expenses statements, financial history or background;
4. User behavior of the data subject through internet search engine (Online Behavior Information) such as cookies, website browsing or connection to other website of the data subject, information about your device and your software e.g., IP address, intelligent device information, identity verification or location;
5. Images, voices and/or videos of the data subject, such as information collected by automatic recordings through the use of TISCO Contact Center which may include still or moving pictures and voices or video recordings;
6. Personal information of any other third party or personal information of a related person of a juristic person obtained by TISCO from you, such as family members, reference persons, beneficiaries, administrator of an estate, emergency contact persons, guarantors, mortgagers, providers of collateral, employee, personnel, officers, representatives, shareholders, authorized persons, members of the board of directors, contact persons, agents, and other person in connection with your transaction. You shall notify such person of the details of this Privacy Notice and having their consent prior disclose such person’s personal data to TISCO, if necessary, or applying other lawful basis to ensure that TISCO can collect, use and/or disclose such person’s personal data; and/or
7. Personal information of a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that TISCO may proceed without obtaining consent).
TISCO may collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with TISCO, legitimate interests of TISCO or other individual or juristic person, performance under your consent and/or other lawful basis. Reasons for collecting, using or disclosing are provided below:
1. To enable TISCO to fulfil the contract between data subject and TISCO for the products or services the data subject has requested or acquired, for instance,
2. To comply with applicable laws and regulations, for instance,
3. To perform actions under consent obtained from data subject, for instance,
4. To take necessary steps for legitimate interests of TISCO or other individual or juristic person, for instance,
5. To prepare of the historical documents or the archives for public interest, or for purposes relating to research or statistics.
6. To prevent or suppress a danger to a person’s life, body, or health.
7. To perform of a task carried out in the public interest or perform of duties in using the government’s authority granted to TISCO.
If the personal data TISCO collects from you is required to meet our legal obligations or enter into an agreement with you, TISCO may not be able to provide (or continue to provide) the products and/or services to you if TISCO cannot collect your personal data when requested.
For any of the purposes specified above, TISCO may send, transfer or disclose personal data to third party which may be located in or outside Thailand. TISCO including our officers, employees and agents may disclose your personal data to any of the following parties:
Any companies under TISCO Financial Group which consists of TISCO Financial Group Public Company Limited, TISCO Bank Public Company Limited, TISCO Securities Company Limited, TISCO Asset Management Company Limited, TISCO Insurance Solution Company Limited, TISCO Information Technology Company Limited, Hi-Way Company Limited, All-Ways Company Limited, TISCO Tokyo Leasing Company Limited and HTC Leasing Company Limited;
TISCO’s business partners (see list of the business partner companies on TISCO website);
National Credit Bureau and credit information company including its members under the Credit Information Business law;
Any third party upon your consent;
Your parent, guardian, curator, heir, administrator of an estate or your legal representative for the purpose of allowing him/her to organise your assets or accounts when you are classified as a minor, incompetent, quasi-incompetent or deceased (as the case maybe);
Your attorney, sub-attorney or authorized persons who have lawfully authorized power;
TISCO’s outsource service providers whether located in or outside Thailand such as cloud service/computing provider, software developers, marketing events service providers, data research service provider, card association, National Digital ID Company Limited;
Financial institutions and payment service providers, such as other banks providing payment services for your transactions;
Government authorities and/or regulators such as the Bank of Thailand, Anti-Money Laundering Office, the Revenue Department, Office of Insurance Commission, Securities and Exchange Commission, courts, police or auditor;
Debt portfolio purchasers such as an asset management company, etc.;
Any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of TISCO’s entities including their officer, employee, agent or director;
TISCO’s advisors such as legal advisor, technical consultant and auditor;
Other persons having legal relationship or contract with TISCO and TISCO considers necessary to disclose personal data in order to provide products and/or services; and/or,
Other persons whom you have entered into contract with or have a relationship relating to the transaction.
Subject to applicable law, regulations and/or banking industry guidelines, data subject may have the following rights:
1. Right to withdraw consent
You have the right to withdraw consent that has been given to TISCO for collection, use and/or disclose of your personal data at any time pursuant to the methods and means prescribed by TISCO, unless it is restricted by applicable laws or you are still under beneficial contract.
The withdrawal of consent will not affect the lawfulness of the collection, use, or disclosure of your personal data based on your consent before it was withdrawn but it may affect your use of products and/or services after you have withdrawn your consent. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.
2. Right to access and obtain copy
You have the right to request access to and obtain copy of your personal data holding by us and to request the disclosure of the acquisition of your personal data obtained without your consent.
3. Right to rectification
You have the right to instruct TISCO to rectify your personal data to be updated, complete and not misleading.
4. Right to data portability
You have the right to receive your personal data in case TISCO can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request TISCO to send or transfer your personal data in the aforementioned format to third party, or to request to directly obtain your personal data in such format which TISCO sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or TISCO is entitled to legally reject your request.
Your personal data mentioned above must be under your consent given to TISCO to collect, use, and/or disclose; or those TISCO deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with TISCO; or to take steps at your requests before using products and/or services; or as legally required by competent authority.
5. Right to erasure
You have the right to request TISCO to delete, destroy or anonymise your personal data if you believe that the collection, use and/or disclosure of your personal data is against relevant laws; or retention of your personal data by TISCO is no longer necessary in connection with related purposes for which it was collected under this Privacy Notice; or when you exercise your consent withdrawal right or object to the processing of your personal data.
6. Right to restrict
You have the right to request TISCO to temporarily restrict the use of your personal data when examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data is pending.
In addition, you have the right to request TISCO to restrict the use of your personal data instead of the deletion or destruction of personal data in case the collection, use and/or disclosure of your personal data is unlawful or when the processing of personal data is no longer necessary but the collection remains necessary for you for establishment, compliance, exercise or defense of legal claims.
7. Right to object
You have the right to object the collection, use and/or disclosure of your personal data in the following cases:
the collection of your personal data is based on legitimate interest basis or for the purposes of performance of public interest tasks or performance of duties in using the government’s authority granted to TISCO;
the collection, use and/or disclosure of your personal data is for the purpose of direct marketing;
the collection, use and/or disclosure of your personal data is for the purpose of scientific, historical or statistic research unless it is necessary to perform of a task carried out for reasons of public interest by TISCO.
8. Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that you believe that the collection, use or disclosure of your personal data is violating or not in compliance with any applicable laws or PDPA.
The exercise of data subject rights mentioned above may be restricted under relevant laws and it may be necessary for TISCO to deny or not be able to carry out your requests for some reasons, e.g., to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons.
TISCO has implemented policies, guidelines and minimum standards to manage data subject’s personal data, such as information technology safety standard, to protect your personal data from unauthorized access or personal data breaches. TISCO has improved such policies, guidelines and minimum standards from time to time in accordance with requirements under applicable laws.
In addition, officers, employees, agents and contractors of TISCO have duties to protect personal data of data subject in accordance with confidentiality agreement signed with TISCO.
When it is necessary, TISCO may send or transfer your personal data to other receivers located in other countries e.g., sending or transferring the personal data to be stored on server/cloud in other countries. If TISCO needs to send or transfer personal data of data subject to other country that has less standard of personal data protection, TISCO will take steps and measures to ensure that your personal data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is in accordance with PDPA.
TISCO will keep your personal data while you are our customer or having a relationship with TISCO, or throughout the period required in order to achieve the related objectives of this Privacy Notice. In the event that the data subject is no longer the customer of TISCO or has ended relationship with TISCO, TISCO will consider retaining the personal data of data subject for a certain period according to a period of prescription or for a period required or permitted by relevant laws and TISCO’s policies and guidelines in connection with retention period of personal data. For example, retention period under Anti-Money Laundering Act of B.E. 2542 is at least 10 years after the relationship between customer and TISCO has ended. TISCO will erase or destroy your personal data when it is no longer necessary or when the retention period lapses.
TISCO is entitled to continue collecting and using data subject’s personal data, which has previously been collected by TISCO before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If data subject does not wish TISCO to continue collecting and using your personal data, you may notify TISCO to withdraw your consent at any time.
TISCO may change or update this Privacy Notice from time to time and we will inform the updated Privacy Notice at TISCO website.
If you have any questions or would like more details about this Privacy Notice, please contact our data protection officer by writing to E-mail: DPO_office@tisco.co.th.
If you would like to exercise your rights under PDPA or file compliant, please contact us by writing to Email: Webmaster@tisco.co.th or TISCO Contact Center at tel. 02-0806000 or 02-6336000.