Privacy Policy
LAST UPDATED: 20/03/2023
Introduction
We, Siam Digital Lending Company Limited, care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual ("you&") in accordance with the Personal Data Protection Act B.E. 2562 ("PDPA"), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
1. Our Customers
Individual Customers:
Our past and present customers who are individual.
Corporate customers:
Directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
2. Non-Customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data, e.g. loan applicatns not approved; anyone who makes a payment to or receives a payment from our customers; anyone that visits our website or our applications, branches or offices; guarantors or security providers; ultimate beneficial owner; directors or legal representatives of a company that uses our services; debtors or tenants of our customers; professional advisors, including our directors, investors, shareholders and their legal representatives, our partners and advisors, and anyone involved in other transactions with us or our customers.
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect and use your personal data where it is necessary or there is a lawful basis for collecting and using it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a.) Compliance with the PDPA;
b.) Compliance with laws (e.g. Financial Institutions Businesses Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Laws, and other laws to which we are subject both in Thailand and in other countries); and/or
c.) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but are not limited to:
a.) Process your request prior to entering into an agreement, consider for approval in relation to the provision of products and/or services, and deliver our products and/or services to you including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b.) Authenticate when entering into, doing or executing any transactions;
c.) Carry out your instructions (e.g. to debit or credit amounts from bank accounts, fulfil a request for utilization of loan and other credit facilities, a request for issuance of guarantee and standby letters of credit, letter of support, credit cards, cashier’s cheques, a payment or debt settlement request, a request for trade financing, make a change to your insurance policy, or respond to your enquiries);
d.) Provide online banking, mobile applications and other online product platforms;
e.) Track or record your transactions;
f.) Produce reports (e.g. transaction reports requested by you or our internal reports);
g.) Notify you with transaction alerts;
h.) Recover the money which you owe (e.g. when you have not paid for your loan debt and/or outstanding fees); and/or
i.) Proceed with any acts relating to insurance policy or claim for compensation (e.g. evaluate your insurance application, provide you with a quotation, deliver insurance policy to you, proceed with or monitor any claim under your insurance policy, claim against third party).
j.) Perform credit scoring and assessments based on your credit history and financial performance and other data
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a.) Conduct our business operation and our financial business group companies’ business operation (e.g. to audit, to conduct risk management, to monitor, prevent, and investigate fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons related to our corporate customer);
b.) Conduct our relationship managements (e.g. to serve customers, to conduct customer survey, to handle complaints);
c.) Ensure security (e.g. to maintain CCTV or phone records, to register, exchange identification card and/or take photo of visitors before entering into our building);
d.) Develop and improve our products and/or services, including systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs;
e.) Record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities; and/or
f.) In case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons or attorneys.
1.4. Your Consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximize your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect and use your sensitive personal data as necessary (e.g. to use face recognition or your identification card photo (which contains your sensitive personal data, namely religion and/or blood type, or a 3D or 2D mapping of your face) for verification of your identity and anti-fraud)
b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
c) send or transfer your personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed without obtaining consent); and/or
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent).
2. What personal data we collect, use and disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use and disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
CategoryExamples of personal data
Personal Details
Given name, middle name, surname, hidden name (if any)
Gender
Date of birth
Age
Educational background
Marital status
Nationality
3D or 2D Facemap
Contact Details
Mailing address
Email address
Phone number
Facsimile Number
Name of representatives or authorised persons/directors acting on behalf of our customers
Social media accounts
Identification and authentication Details
ID card photo
Identification number
Passport information
Driving license
Signatures
Employment details
Occupation
Employer’s details
Position
Salary or income
Remuneration
Financial details and information about your relationship with us
Products and/or services you use
Channels you use and ways you interact with us
Your customer status, your ability to get and manage credit, your payment history, transaction records
Information about your transactions, (e.g. type, number, and other information relating to your transactions)
Market research, marketing and sales information
Customer survey
Information and opinions expressed when participating in market research
Details of services you receive and your preferences
Geographic information and information about your device and your software
Location of our branches you use (if applicable in the future)
Your GPS location
IP address
Technical specifications and uniquely identifying data
Your phone or device type
Investigation data
Due diligence checks (e.g. information related to Know Your Client (KYC) or Customer Due Diligence (CDD))
Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks
Department of Provincial Authority checking/monitoring
User login and subscription data
Login information for using our system, online internet banking, and applications.
Information concerning security
Visual images
Personal appearance
Detection of any suspicious and unusual activity
CCTV images or recordings
Video recordings
Sensitive personal data
Religion
Blood type
Biometric information, (e.g. face recognition, fingerprint, voice recognition and retina recognition)
Criminal records
Other information
Records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications
Information about insurance policy and claim for compensation (e.g. policy coverage, medical records, insurance claims history)
Information that you provide to us through any channels
3. Sources of your personal data
Normally, we will collect your personal data directly from you, but sometimes we may get it from other sources, in such case we will ensure the compliance with the PDPA.
Personal data we collect from other sources may include but not limited to:
a) Information obtained by us from financial business group companies, business partners, and/or any other persons who we have relationship with;
b) Information obtained by us from persons related to you (e.g. your family, friends, referees);
c) Information obtained by us from corporate customers as you are director, authorised person, attorney, representative or contact person;
d) Information obtained by us from governmental authorities, regulatory authorities, financial institutions, credit bureau and/or third-party service providers (e.g. information that is publicly available, or that relates to transactions, credit information); and/or
e) Information obtained by us from insurance companies and/or other persons in relation to insurance policy or claim for compensation.
4. Your rights
The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA upon the effectiveness of the provisions in relation to rights of data subjects, details are as follows:
4.1 Right to access and obtain copy
You have the right to access and obtain copy of your personal data holding by us, unless we are enpd to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.
4.2 Right to rectification
You have the right to rectify your inaccurate personal data and to update your incomplete personal data.
4.3 Right to erasure
You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.
4.4 Right to restrict
You have the right to request us to restrict the use of your personal data under certain circumstances, e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary.
4.5 Right to object
You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request, e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests.
4.6 Right to data portability
You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are enpd to legally reject your request.
4.7 Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal.
4.8 Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.
5. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the PDPA:
a) our financial business group companies, business partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;
b) governmental authorities and/or supervisory or regulatory authorities, (e.g. the Bank of Thailand, the Securities and Exchange Commission, Office of Insurance Commission, Ministry of Digital Economy and Society);
c) suppliers, agents and other entities (e.g. professional associations to which we are member, external auditors, depositories, document warehouses, overseas financial institutions, clearing houses) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures;
d) any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer their rights to; any persons with whom we are required to share data for a proposed sale, reorganisation, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
e) other banks, financial institutions and third parties where required by law to help recover funds that have entered your account due to misdirected payment(s) by such third parties or trace funds where you are a victim of suspected financial crime, or where suspect funds have entered your account as a result of financial crime;
f) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data;
g) third parties providing services to us (e.g. market analysis and benchmarking, including but not limited to correspondent banking, agents and subcontractors acting on our behalf, the companies which print and deliver credit card statements);
h) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use information about your previous online activities to tailor adverts to you;
i) third-party security providers;
j) other persons that provide you with benefits or services associated with your products or services (e.g. insurance company); and/or
k) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.
6. International transfer of personal data
The nature of the modern banking business is global and under certain circumstances it is necessary for us to send or transfer your personal data internationally. When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable business partners, service providers or other recipients by the safest method in order to maintain and protect the security of your personal data, which includes the following circumstances:
a) comply with a legal obligation;
b) perform the agreement made by you with us or your request before entering into an agreement;
c) comply with an agreement between us and other parties for your own interest;
d) prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time; or
e) carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data while you are our customer and once you has ended the relationship with us (e.g. after you closed your account with us, or following a transaction with us, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Financial Institutions Businesses Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Laws, Accounting Laws, Tax Laws, Labour Laws and other laws to which we are subject both in Thailand and in other countries). In addition, we may need to retain records of CCTV surveillance in our head office, our branches or at ATM machines and/or voice records of SCB Call Center to prevent fraud and to ensure security, including investigating suspicious transactions which you or related persons may inform us.
8. Use of Cookies
We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites, internet banking and banking applications.
The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests).
9. Use of personal data for original purposes
We are enpd to continue collecting and using your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.
10. Security
We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. The measures extend from data encryption to firewalls. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
11. How to contact us
If you have any questions or would like more details about our privacy notice or would like to exercise your rights, please contact us at [email protected]
12. Changes to this privacy notice
We may change or update this privacy notice from time to time and we will inform the updated privacy notice at our website www.simdl.co.th