Loading...

Privacy Notice


Kiatnakin Phatra Bank Public Company Limited (“KKP”), Kiatnakin Phatra Securities Public Company Limited (“KKPS”), Kiatnakin Phatra Asset Management Company Limited (“KKPAM”), KKP Capital Public Company Limited and KKP Tower Company Limited (collectively referred to as “Kiatnakin Phatra Financial Group”, “we”, “us” or “our”), including any fund under our management or  establishment, recognize the importance of your personal data and therefore issue this Privacy Notice in order to help you understand our guidelines on protecting your personal data, to describe our grounds for and means of collection, use, disclosure and/or cross-border transfer of your personal data and to explain your rights in connection with such personal data as well as your options to protect such personal data when using our services or products through any channel.

We will collect, use, disclose and/or cross-border transfer your personal data merely to the extent necessary to fulfill any of the following purposes as specified in this Privacy Notice or any other purposes as specified in any document or electronic mean in respect of giving consent for the collection, use, disclosure and/or cross-border transfer of your personal data.

 

This Privacy Notice applies to how we  collect, use, disclose and/or cross-border transfer your personal data in relation to the use of our services or products through channels, including our branches, websites, applications or other service channels, or our business partners’ service channels. This Privacy Notice does not apply to the use of other services or products which do not belong to us or are not under our control. This Privacy Notice applies to the personal data (as set out in Clause 2 below) of (1) our individual customers including prospective customers (potential customers), current customers and former customers and individual persons related to such individual customers; (2) employees, personnel, staffs, representatives, shareholders, authorized persons, directors, contact persons, agents and other individual persons related to our corporate customers and individual customers including prospective customers (potential customers), current customers and former customers; and (3) individual persons related to our former, existing or future outsourcing service providers or vendors. The personal data which we have already processed will be considered as our property.

 

Natural/individual persons, as “you” or “your”, and the individual customers and the corporate customers, collectively referred to as the “Clients”.

 

This Privacy Notice is prepared in Thai and English translation. In the event of any inconsistency, the Thai Privacy Notice shall prevail.

 

If you have any question or suggestion regarding our guidelines on protecting your personal data or if you wish to exercise your rights in accordance with the laws, please contact us through the following channel:

 

Group Data Protection Officer

Kiatnakin Phatra Financial Group,
209 KKP Tower, Sukhumvit 21 (Asoke),
Khlong Toey Nua, Wattana, Bangkok 10110

or DPO@kkpfg.com

 Personal Data” means any identified or identifiable information about you as listed below. We may collect your Personal Data directly from you e.g. through our staffs, call center or other service channels or indirectly from other sources e.g. any company in Kiatnakin Phatra Financial Group, public source, outsourcing service providers, advisors, business partners, agencies, organization, or any person having a contractual relationship with us, such as third-party custodians, sub-custodians and brokers, domestic and international government agencies, your representatives or agents and any authorized person in accordance with the laws, or any person you have given permission or consent for disclosing your Personal Data to us, provided that those data providers have complied with the personal data protection laws. The types of Personal Data we collect depend on the relationship between the Clients or juristic persons and us, as well as services or products the Clients require from us.


"Sensitive Data" means Personal Data classified by law as sensitive data.


In case of individual customers

 

Personal Data includes:

 
a)  identity Data, such as first name, middle name, last name, date of birth, nationality, national identification number, passport number (in case of foreigners), marital status, education, occupational data (e.g. occupation, work place, job title, salary), signature, photo, house registration, including Sensitive Data as specified below;

b)  contact Details, such as address, telephone number, email address;
 
c)  data regarding your family, way of life and social status (Status Data), such as marital status, number of children;
 
d)  financial Data and transaction Data with us, such as account number and type of account, PromptPay, transaction data, financial history, information from database of the Legal Execution Department Information, financial status (e.g. income, wealth, asset and debt, evidence of income or expense, credit information, record of borrowing, record of credit and record of repayment), financial requirements and goals;
 
e)  images and voices obtained when contacting us (Communication data), such as copies of national identification card, copies of passport, images and/or voices from CCTV, telephone call, or our online channels or any other electronic channels;
 
f)  other Personal Data collected, used or disclosed in connection with our relationship, such as information provided to us in agreements, forms, surveys or questionnaires, or information collected when you participate in our business activities, seminars and social events; and
 

g)  online information, the Clients’ preferences of browsing or using data via electronic channels, data and activities on social media, including financial data, member login, IP Address, intelligent device information, identity verification, browsing, location, website access, spending patterns or searches related to our services or products by using Cookies or connecting with other websites you accessed.

 

In case of corporate customers or outsourcing service providers or vendors

 

Personal data includes:


a)  identity Data, such as first name, last name, date of birth, nationality, national identification number, passport number (in case of foreigners), information on personal profile, education, occupational data (e.g. occupation, work place, job title, entitlement or shareholding proportion), signature, photo, house registration, including Sensitive Data as specified below;


b)  contact details, such as address, telephone number, email;


c)  information generated in connection with the relationship between the Clients and us, such as account opening, administration, operation, payment, settlement, processing and reporting on behalf of the Clients which may include signatures and your correspondences with us;


d)  other Personal Data collected, used or disclosed in connection with relationship with us, such as information provided to us in agreements, forms, surveys or questionnaires, or information collected when you participate in our business activities, seminars and social events; and


e)  images and voices obtained when contacting us (Communication data), such as copies of national identification card, copies of passport, images and/or voices from CCTV, telephone call, or our online channels or any other electronic channels.

 

Your Sensitive Data which we will collect, use, disclose or cross-border transfer, such as:


a)  fingerprint, facial recognition or iris recognition for the purposes of proofing and authentication of your identity and transactions through the identity proofing and authentication service;


b)  religion and blood type as only appeared on copies of your national identification card as evidence for establishment, compliance, exercise or defense of legal claims;


c)  criminal records for public interest in relation to protecting, dealing with and minimizing risks which may occur as a result of any illegal activities, such as money laundering, terrorism or public fraud; and


d)  information regarding disability, health or dysfunction in order for us to take care of and render a service to you in compliance with the laws.

We will collect, use, disclose and/or cross-border transfer your Sensitive Data merely to the extent necessary to fulfill any of the following purposes as specified Clause 3 and we will procure appropriate measures in order to protect your fundamental rights and benefits.

We will collect, use, disclose and/or cross-border transfer your Personal Data to the extent necessary to fulfill any of the purposes set out in the table below. The lawful basis shall be vary depending on what services or products or relationship you had, will have or have with us.



Purposes of collection, use, disclosure and/or cross-border transfer of your Personal Data

Lawful basis for doing so

Operating and rendering services or products to you such as account opening, financial planning service, loan application and other services.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)
  • It is in our legitimate interests (Legitimate Interest) to render appropriate services or products to you

Suggesting services or products of each Company in Kiatnakin Phatra Financial Group or our business partners which are similar to the services or products you have with us,  provided that you did not show any intention to prohibit a telephone contact or we are not prohibited by any other applicable laws.

  • It is in our legitimate interests (Legitimate Interest)

Suggesting services or products of each Company in Kiatnakin Phatra Financial Group or our business partners which are not similar to the services or products you have with us.

  • Where the consent has been given to us (Consent)

Disclosing your Personal Data e.g. first name, last name and contact details to any receiver for marketing purposes.

  • Where the consent has been given to us (Consent)

Communication with you e.g. sending an email, letter or any document to you.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)

Facilitating you and for benefit of providing you with a service requesting the information you have with all of our companies, including rendering services in connection with our services or products which your have or will have with us.

  • Where the consent has been given to us (Consent)
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)

Conducting Know Your Customer and/or Customer Due Diligence for accuracy, true and up-to-date.

  • Where the laws requires us (Legal Obligation)

Preventing and detecting unusualness of transaction that could lead to illegal activities, such as money laundering, terrorism or public fraud.

  • Where the laws requires us (Legal Obligation)

Reporting Personal Data to government agencies supervising our business operation or when receiving a summons or suspension from a government agency or court.

  • Where the laws requires us (Legal Obligation)

Preventing, dealing with, mitigating risks which may arise from illegal activities including sharing Personal Data to upgrade our working standards for such purposes.

  • Where the laws requires us (Legal Obligation)
  • It is in our legitimate interests (Legitimate Interest)

Complying with our internal procedures, such as when you open an account or carry out any transaction with us, we have to authenticate and verify if you are an owner of the account, and we may investigate any other facts or circumstances to support your transaction request.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)
  • It is in our legitimate interests (Legitimate Interest)
  • Where the laws requires us for the substantial public interest)

Risk analysis based on your behavior, such as credit scoring.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)
  • Where the consent has been given to us to collect Personal Data through channels, including your electronic devices for such purposes (Consent)

Getting insurance for collateral, getting life insurance by appointing KKP as beneficiary, getting insurance preventing risk of credit customer group, for example, requesting Thai Credit Guarantee Corporation to be a guarantor of the credit debtor group of KKP, purchasing credit default insurance with KKP for import and export.

  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)

Building a relationship with the Clients, outsourcing service providers or vendors who have disclosed  your Personal Data to us, such as entering into a contract with the individual customers or the corporate customers, our business partners, vendors or outsourcing service providers e.g. verification of information for supporting loan applications of the corporate customers which we may need to review documents that may contain your or third party’s Personal Data or in case we enter into a contract with any juristic person that may contain your or third party’s Personal Data, provided that such juristic person has complied with the personal data protection laws and this Privacy Notice.

  • Where necessary to carry out the agreement  between Clients or other juristic persons and us (Contractual Basis)

Maintaining customer relationships, such as managing complaints, satisfaction surveys or proposing non-marketing special benefits to the Clients.

  • It is in our legitimate interests (Legitimate Interest)

Data processing and data statistical analysis where those results will be unidentifiable to you.

  • It is in our legitimate interests (Legitimate Interest)

Data analysis, research and profiling in relation to you which we receive from observing behavior and/or location by using Cookies or any other technology or electronic mean in order to develop and suggest services or products of us and/or of our business partners to suit your specific demand or for enhancing your benefits (Behavioral Advertising).

  • Where necessary to carry out the agreement between you and KKP, KKPS  or KKPAM (Contractual Basis)
  • It is in legitimate interests of KKPS or KKPAM (Legitimate Interest)
  • Where the consent has been given to KKP (Consent)

CCTV recording of whom contacting us in the area of our offices or branches.

  • It is in our legitimate interests of security in the area of our offices or branches (Legitimate Interest)

Voice recording on telephone or any other electronic means for verifying your applications or any order for analysis, improving and developing our products and/or services and training our employees for such purposes.

  • It is in our legitimate interests (Legitimate Interest)

Interviewing for use in preparation of publication and electronic media through channels, such as our websites, social media and internal email to our employees for public relations and advertisement.

  • Where the consent has been given to us (Consent)

Use of your fingerprint, facial recognition or iris recognition for proofing and authentication of your identity and transactions through the identity proofing and authentication service.

  • Where the consent has been given to us (Consent)

Collection and use of your Sensitive Data such as religion or blood type as only appeared on copies of your national identification card.

  • To be evidences to establish legal claims, comply with laws or exercise or defence of legal claims

Collection of information regarding your disability, health and/or dysfunction for risk analysis or in order for our reference to render a service to you with special care.

  • Where the laws requires us (Legal Obligation)
  • Where the consent has been given to us (Consent)

Risk management, supervision, internal management and data transfer amongst the companies in Kiatnakin Phatra Financial Group for such purposes under the agreements mutually agreed by the companies in Kiatnakin Phatra Financial Group. We will have an appropriate safety measure according to the laws.

  • It is in our legitimate interests (Legitimate Interest)
  • Where necessary to carry out our agreement or to take steps to enter into an agreement with you (Contractual Basis)
  • Where the laws requires us (Legal Obligation)

Debt sale to third persons such as sale of non-performing loan (NPL) to an asset management company.

  • It is in our legitimate interests to disclose such personal data to third parties (Legitimate Interest)

Use and disclosure of your Personal Data for the purposes of transfer or disposal of business assets or shares (whether in whole or in part) or the disclosure for conducting due diligence as normal practice of our business. We will have an appropriate safety measure according to the laws

  • It is in our legitimate interests to disclose or receive such personal data from third parties (Legitimate Interest)

Management in relation to shareholders information or member of provident fund.

  • Where the laws requires us (Legal Obligation)

In the event that we have not obtained your consent, you may not be able to use our services or products, have a convenience or obtain a performance of agreement, and you may be damaged or may lose opportunity, and it may affect a performance pursuant to any law which you or we must comply.

 

If you have given consent, or it is necessary for complying with contracts, laws or regulations, or it is in our legitimate interests, we may send, transfer and/or disclose any of your Personal Data to the following third parties, whether located in or outside Thailand. We will act in accordance with the laws and will procure sufficient personal data protection standards.

a)  Companies in the Kiatnakin Phatra Financial Group, such as Kiatnakin Phatra Bank Public Company Limited, Kiatnakin Phatra Securities Public Company Limited, Kiatnakin Phatra Asset Management Company Limited, KKP Capital Public Company Limited and KKP Tower Company Limited;

b)  Our business partners which we may transfer your Personal Data to persons acting on your behalf or otherwise involved in the provision of any type of products or services you receive or will receive from us, such as life insurance companies, non-life insurance companies, beneficiaries, account nominees, intermediaries (such as third-party securities companies, or asset management companies), custodians, correspondents, agents, vendors, co-brand business partners, market counterparties, issuers of products, or global trade repositories to whom we have the right to disclose your personal data in the course of providing products and services to you and/or whom you authorize us to disclose your personal data to, provided that these data recipients agree to treat your personal data in compliance with the personal data protection laws and in a manner consistent with this Privacy Notice;

c)  Our outsourcing service providers, such as IT service providers, marketing, advertising media and communications agencies, research agencies, cloud service providers, debt collectors, consultants, law firms;

d)  Financial institutions and payment service providers, such as other banks providing payment services for your transactions;

e)  Social media, such as Facebook, Line for sending you marketing messages, collecting data for analysis of our product development;

f)  Third parties such as assignees, transferees, or novates which we may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under the terms and conditions of any contract between you and us. We may disclose or transfer your personal data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that these data recipients agree to treat your personal data in compliance of the personal data protection laws and in a manner consistent with this Privacy Notice;

g)  Other third parties connected with business transfer which we may disclose or transfer your personal data to our business partners, investors, significant shareholders, assignees or prospective assignees, transferees or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets or shares. If any of the above events occurs, the data recipients will comply with this Privacy Notice to respect your personal data;

h)  Government agencies regulating the Kiatnakin Phatra Financial Group or agencies regulating registration, such as Bank of Thailand, the Office of the Securities and Exchange Commission, Stock Exchange of Thailand, securities depository, Thailand Clearing House,  Office of Insurance Commission, court, Royal Thai Police, Department of Business Development, police or any other government agencies having a summon, subpoena or precept of attachment requesting us to provide the Clients’ personal data or any asset such as Legal Execution Department, Revenue Department;

i)  Agencies, organization or any other juristic persons entering into a contract with us or whom we are a party to the contract with or whom we have a relationship with such as the company of your interest to invest;

j)  Other persons or agencies to the extent necessary to fulfill any of the purposes specified in Clause 3.

From 1 June 2021 onwards, you may exercise the following rights:

 

5.1 Right to Access


You may have the right to access and request a copy of your personal data which is under our responsibilities or request us to disclose the sources of your personal data which you have not given consent.


5.2 Right to Rectification

You may have the right to request us to rectify your personal data in order for data to be accurate, up-to-date and not misleading. 


5.3 Right to Erasure 


You may have the right to request us to delete or destroy or anonymize your personal data in case of the following events:

    • Such personal data is no longer necessary in relation to the purposes for which collected, used or disclosed;
    • You have withdrawn consent and where we have no legal ground for such collection;
    • You have objected the data processing in some cases and we could not reject such request
    • You have objected the data processing in relation to the direct marketing purposes;
    • It is an unlawful collection, use or disclosure of personal data.

5.4 Right to Restriction of Processing


You may have the right to restrict our processing of your personal data in case of the following events:

    • The processing of personal data is no longer necessary but the collection remains necessary for exercising legal claims;

    • It is an unlawful processing of personal data but you desire to restrict the processing instead of deleting or destroying the personal data;

    • During examination process in accordance with your request;                              
    • During the process of demonstrating the objection of the request.

5.5 Right to Data Portability


You may have the right to receive personal data concerning you from us in case that we have arranged your personal data in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means and (a) have the right to request us to send or transfer your personal data in such formats to other data controllers if it can be done by the automatic means or (b) request to directly obtain your personal data in such formats that we send or transfer to other data controllers, unless it is impossible to do so because of the technical circumstances.


5.6 Right to Object


You may have the right to object the collection, use or disclosure of your personal data in case that

    • the collection, use or disclosure of your personal data is for the purpose of direct marketing;

    • the collection, use or disclosure of your personal data is for the purposes of scientific, historical or statistic research unless it is necessary to performance of a task carried out for reasons of public interest by us;

    • the collection of your personal data based on an essential reason for carrying out our public interest tasks or legitimate interest unless we can demonstrate that there is a more important lawful grounds or it is to establish legal claims, comply with laws or exercise or defence of legal claims.

5.7 Right to Withdraw Consent

You may have the right to withdraw consent given to us for collecting, using or disclosing your personal data at any time unless there is a restriction on the right to withdraw consent as required by law or pursuant to a contract that benefits you, for example, you still use our services or products or you still have a contractual obligation to render to us.

If you wish to exercise the right to withdraw consent, you can do so through the same channels you have given.


Your above-mentioned rights are subject to the relevant factors and we may not be able to process your request if we can rely on the lawful grounds to collect your personal data, for example, you still have a deposit account or a credit account with us or still use other services with us, or we are required to collect your personal data for a period specified by laws even if you have ended the contractual relationship with us

If you wish to exercise your rights, please request for the Data Subject Right Request Form at our branches, KKP Contact Center or www.kkpfg.com/dataprotection, and submit it to our branches or DPO@kkpfg.com or other channels as further specified in each transaction. In addition to this, we will process your request within 30 business days upon our receipt of such request and we could extend such period for not more than 30 business days, unless otherwise required by laws.

We maintain technical, physical, and administrative security measures designed to provide optimal protection of your Personal data from loss, misuse, unauthorized access, disclosure and modification. Such Security measures are firewall, data encryption, physical access control when accessing our data center and data access control. While we maintain our security systems and services, you are responsible for maintaining the security and privacy of your password and information regarding your account and verifying that your personal data we have is accurate and up to date.


We prescribe the policies, manuals and minimum standards for handling the Clients’ Personal Data such as IT security standards and improve such policies, manuals and minimum standards from time to time according to the law.


In addition, our personnel, employees or outsourcing service providers are obliged to keep the Clients’ Personal Data confidential in accordance with the confidentiality agreements signed with the Kiatnakin Phatra Financial Group.

Our website uses cookies technology to secure our websites, to enhance the efficiency of using our websites and online services and to develop our services or products to suit your needs or to expand your benefits. Cookies are very small files that the websites store on your computer's hard drive for recording your personal data or other data that you filled without particularly recording data of any specific person. You can check cookies status or refuse the use of cookies in your browser.

For the purposes as mentioned above in this Privacy Notice, we may disclose or transfer your Personal Data to third parties or servers located overseas which the destination countries may or may not have the same data protection standards as Thailand. In addition, we have taken steps and measures to ensure that your personal data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.

Our activities are not generally aimed at minors, quasi-incompetent or incompetent persons and we do not knowingly collect personal data from such persons without their parental consent, or from quasi-incompetent persons and incompetent persons without their legal guardian's consent. If you are a minor, quasi-incompetent or incompetent person and wish to engage in a contractual relationship with us, you must obtain the consent from your parent or legal guardian prior to contacting us or providing us with your personal data.

We will retain your Personal Data for as long as it is reasonably necessary to fulfill the purposes for which we have obtained your Personal Data as set out in this Privacy Notice, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for longer period, if required by applicable laws.

In order to improve efficiency in operating your Personal Data, we may amend this Privacy Notice as we deem appropriate by publishing its latest version on our websites. We will notify you if such changes materially affect the operation of your Personal Data.

17 August 2020 Click

28 September 2020 Click