Privacy
Policy for Customers
Asia
Plus Group Holdings Public Company Limited and its Subsidiaries
Asia
Plus Group Holdings Public Company Limited and its group companies (altogether
referred to as the "Company,"
"we,"
"us,"
or "our")
recognizes the importance of the protection of your Personal Data (as defined
below). The Company therefore prepared this privacy policy (Privacy Policy) to
protect the Personal Data of (defined below in section 1) of:
(1) our prospective, current, and former
individual customers, and
(2) employees, personnel, officers,
representatives, shareholders, authorized persons, directors, contact persons,
agents, and other natural persons in connection with corporate customer.
This
Privacy Policy will be applied with the prospective, current
and former customers of Asia
Plus Group Holdings Public Company Limited and its group companies which
including the following entities:
·
Asia Plus Securities Company Limited;
·
Asia Plus Advisory Company Limited;
·
Asset Plus Fund Management
Company Limited.
In
this Privacy Policy, natural/individual persons, together as "you" or "your"
and the individual client and the corporate client, together as the "Client".
This
Privacy Policy describes the process on how we collect, use, disclose your personal
data (these are called Process) and inform you of the purpose of the personal
data processing, the personal data retention period
and your rights as the Data Subject.
For your complete understanding on the implications of the Personal Data
Protection Laws, please read the provisions of this Privacy Policy.
This
Privacy Policy applies to our business, websites, mobile applications, call centers, events and exhibitions, online communication
channels, other locations and any means where we process
your Personal Data.
1. Personal
data we collect
"Personal Data"
means any identified or identifiable information about you as listed below. In order to offer the Client our services, we might collect
your information in a variety of ways. We may collect your Personal Data
directly from you (e.g. through our relationship manager, salesperson, or call center) or indirectly from other sources (e.g. social
media, third partys online platforms, and other publicly available sources)
and through our affiliates, service providers, business partners, official
authorities, or third parties (e.g. third-party custodians, sub-custodians, and
brokers). Which specific types of data collected depends on the Client's
relationship with us, and which services or products the Client requires from
us.
"Sensitive Personal Data"
means Personal Data classified by law as Sensitive Personal Data. We will only
collect, use, disclose and/or cross-border transfer Sensitive Personal Data if
we have received your explicit consent or as permitted by law.
1.1 Individual
Client
We
will process the following categories and types of your Personal Data,
including but not limited to:
·
Personal details, such
as your title, name, gender, age, occupation, job title, salary, work place, work position, education, nationality, date of
birth, marital status, information on government-issued cards (e.g. national
identification number, passport number, tax identification number, driver's
license details), signature, voice recording, phone records, picture, CCTV
records, house registration, and other identification information;
·
Contact details, such
as your address, telephone number, mobile number, fax number, email address,
and other electronic communication ID;
·
Account and
financial details, such as your credit card
and debit card information, account number and account type, prompt pay
details, current assets, income and expenses, as well as payment details,
service and product application details;
·
Transaction details, such
as the type of products (e.g. securities, derivatives), price and quantity,
order number, broker number, conditions (if any), trading history and balance,
payment and transaction records relating to your assets, financial statements,
liabilities, taxes, revenues, earnings and investments, source of wealth and
funds, representation, trade information, default record, margin balance, and
margin loan record;
·
Technical details, such
as your Internet Protocol (IP) address, web beacon, log, device ID and type,
network, connection details, access details, single sign-on (SSO) details,
login log, access times, time spent on our page, cookies, login data, search
history, browsing details, browser type and version, time zone setting and
location, browser plug-in types and versions, operating system and platform,
and other technology on devices you use to access the platform;
·
Profile details, such
as your account identifiers, username and password, PIN ID code for trading,
interests and preferences, activities, investment objectives, investment
knowledge and experience, and risk tolerance;
·
Usage details, such
as information on how you use the websites, platform, products
and services; and
1.2 Corporate Client
We
will process the following categories and types of your Personal Data,
including but not limited to the
followings:
·
Identity Data,
such as, first name, last name, title, age, gender, photos, information on CV,
education, work-related information (e.g., position, function, occupation, job
title, company you work for, employed at or holds shares of), information on
government-issued cards (e.g., national identification number, passport
number), percentage of shares, signatures, and other identifiers;
·
Contact Details,
such as, telephone numbers, address, country, e-mail, and other similar information;
·
Personal data generated in
connection with the Client's relationship with us,
for example account opening, administration, operation, payment, settlement, processing and reporting, on behalf of the Client. Such
Personal Data may include signatures, and your correspondence with us;
·
Other information,
collected, used or disclosed in connection with the
relationship with us, such as, information you give us in contracts, forms or
surveys or data collected when you participate in our business functions,
seminars, social events; and
1.3.
Collection of Sensitive Personal Data
We
will process the following Sensitive Personal Data about you:
·
biometric data (which is facial recognition,
fingerprint);
·
health data, such as medical information;
·
criminal records;
·
Sensitive Personal Data as shown
in the identification document (e.g. race and religion).
2. The
Purpose of collection, use or disclosure of your Personal Data
We
may process your Personal Data for the following purposes.
2.1 Purpose for
which consent is required
We
rely on your consent to:
·
provide marketing communications,
special offers, promotional materials about the products and services of the
Company, our affiliates and subsidiaries and the third parties which we cannot
rely on other legal grounds;
·
process your Sensitive Personal
Data for the following purposes:
o
biometric data (which is facial
recognition, fingerprint) for the access to premises/application and
authentication and verification;
o
health data, such as medical
information for facilitation
o
criminal and other breaches
records for background check;
Nevertheless,
for the identification documents issued by government authorities that we need
to use for the purpose of authentication and verification and such documents
contain Sensitive Personal Data which we will not use or disclose such
information, we may collect such information without your consent.
·
cross-border transfer your
Personal Data to a country which may not have an adequate level of data
protection, for which consent is required by law.
Where
legal basis is consent and you have already provided such consent, you have the
right to withdraw your consent at any time. This can be done so, by contacting
us pursuant to the details provided in Cluse 10. The withdrawal of consent will
not affect the lawfulness of the collection, use, and disclosure of your
Personal Data and Sensitive Personal Data based on your consent before it was
withdrawn.
2.2 Purpose for
which we may rely on other legal grounds for processing your Personal Data
We
may process your Personal Data by relying on the following legal grounds: (1) a
contractual basis, for our initiation or fulfillment of a contract with you;
(2) a legal obligation; (3) the legitimate interest of ourselves and third
parties, to be balanced with your own interest and fundamental rights and
freedoms in relation to the protection of your Personal Data; (4) vital
interest, for preventing or suppressing a danger to a persons life, body or
health; and (5) public interest, for the performance of a task carried out in
the public interest or for the exercise of official actions.
We
rely on the legal grounds in (1) to (5) above for the following purposes of process of your Personal Data:
2.2.1 Individual Client
· contacting
you prior to your entering into a contract with us;
· processing
applications for account opening, account maintenance, and operations relating
to your accounts, including without limitation, processing your applications or
requests for services or products, processing your transactions, generating
your account statement, and operating and closing your accounts;
· providing
services to you which including both services currently available and services
that may available to you in future;
· providing
investment products, offering choices to you (including investment products of
third parties) from time to time and dealing with all matters relating to the
investment products;
· managing
your relationship with us and administration of your account with us;
· preventing
customers with certain limitations (e.g. elderly person) from engaging in
certain types of transactions by themselves for the purpose of damage control;
· carrying
out your instructions or responding to your inquiries or feedback, and
resolving your complaints;
· conducting
identity verification and credit checks, know-your-customer (KYC) and customer
due diligence (CDD) processes, other checks and screenings, including
screening against publicly available database of regulatory authorities and/or
official sanctions lists, and ongoing activities that may be required under any
applicable law;
· preventing,
detecting and investigating fraud, misconduct, or any unlawful activities,
whether or not requested by any governmental or regulatory authority, and analyzing and managing risks;
· complying
with all applicable laws, regulations, rules, directives, orders, instructions
and requests from any governmental, tax, law enforcement or other authorities
or regulators (whether local or foreign), such as the Stock Exchange of
Thailand, Thailand Futures Exchange, Thailand Securities Depository, Thailand
Clearing House, Office of the Securities and Exchange Commission of Thailand,
Bank of Thailand, Anti-Money Laundering Office, and Thai Revenue Department;
· managing
our infrastructure, internal control, internal audit and business operations
and complying with our policies and procedures that may be required by
applicable laws and regulations including those relating to risk control,
security, audit, finance and accounting, systems and business continuity;
· addressing
or investigating any complaints, claims or disputes;
· provide
marketing communications, information, special offers, promotional materials
about the products and services of the Company, our affiliates and subsidiaries
and the third parties;
· developing
new services and products and updating you on our services and products from
time to time;
· carrying
out research, planning and statistical analysis, for example, on your
investment limit and investment behavior, for the
purpose of developing our services and products;
· organizing
our promotional campaign or events, conferences, seminars, and company visits;
· enforcing
our legal or contractual rights including, but not limited to, recovering any
and all amounts owed to us;
· facilitating
financial audits to be performed by an auditor, or receiving legal advisory
services from legal counsel appointed by you or us;
· performing
our obligations under any agreements to which we are a party, e.g. agreements
with our business partners, vendors, or other asset management companies, or
under which we are acting as an agent;
If the Personal Data we collect
from you is required to meet our legal obligations or enter into an agreement
with you, we may not be able to provide (or continue to provide) our products
and services to you if we cannot collect your Personal Data when requested.
2.2.2 Corporate Client
· Business
communication, such as, communicating with the
Client about our products or services, e.g., by responding to inquiries or requests;
· The
Client selection, such as, verifying your
identity and the Client status, conducting due diligence or any other form of
background checks or risk identification on you and the Client (including
screening against publicly available government law enforcement agency and/or
official sanctions lists as required if law), evaluating suitability and
qualifications of you and the Client, issuance of request for quotation and
bidding, execution of contract with you or the Client;
· The
Client data management, such as, maintaining and
updating lists/directories of the Clients (including your Personal Data),
keeping contracts and associated documents in which you may be referred to;
· Relationship
management, such as, planning, performing, and managing
the (contractual) relationship with the Client, e.g., by performing
transactions and orders of products or services, processing payments,
performing accounting, auditing, billing and collection activities, arranging
shipments and deliveries, providing support services;
· Business
analysis and improvement, such as, conducting research,
data analytics, assessments, surveys and reports on our products, services and your or the Client's performance, development and
improvement of marketing strategies and products and services;
· IT
systems and support, such as providing IT and
helpdesk supports, creating and maintaining code and profile for you, managing
your access to any systems to which we have granted you access, removing
inactive accounts, implementing business controls to enable our business to
operate, and to enable us to identify and resolve issues in our IT systems, and
to keep our systems secure, performing IT systems development, implementation,
operation and maintenance;
· Security
and system monitoring, such as authentication and
access controls and logs where applicable, monitoring of system, devices and
internet, ensuring IT security, prevention and solving crimes, as well as risk
management and fraud prevention;
· Dispute
handling, such as solving disputes, enforcing our
contracts, establishing, exercising or defense of
legal claims;
· Internal
investigation, any investigation, complaints
and/or crime or fraud prevention;
· Internal
compliance, such as compliance with internal policies
and applicable laws, regulations, directives and regulatory guidelines;
· Compliance
with laws and government authorities, such as
liaising and interacting with and responding to government authorities or courts;
· Marketing
purposes, such as informing you of our news and
publications which may be of interest, events, offering new services,
conducting surveys;
· Complying
with reasonable business requirements, such
as management, training, auditing, reporting, control
or risk management, statistical, trend analysis and planning or other related
or similar activities.
3. How
we disclose your Personal Data
We may disclose your Personal Data to the following third
parties who process Personal Data in accordance with the purposes under this
Privacy Policy.
and requirements by laws to persons and agencies as follows:
3.1 Group
Company of Asia Plus Group Holdings Public Company Limited
As Asia Plus Securities Co., Ltd.
is part of a Asia Plus Group Holdings Public Company
Limited, we may need to transfer your Personal Data to, or otherwise allow
access to such Personal Data by, other companies within the Group for the
purposes set out above. Please see list of companies and scope of activities
within the Group at https://www.asiaplusgroup.co.th/.
3.2 Our service
providers
We may use other companies, agents or contractors to perform services on our behalf or
to assist with the provision of products and services to you. We may share your
Personal Data to these service providers, including but not limited to: (a) IT
service providers; (b) research agencies; (c) analytics service providers; (d)
survey agencies; (e) marketing, advertising media and communications agencies;
(f) payment service providers; and (g) administrative and operational service
providers.
In the
course of providing these services, the service
providers may have access to your Personal Data. However, we will only provide
our service providers with the Personal Data that is necessary for them to
perform the services, and we ask them not to use your Personal Data for any
other purposes. We will ensure that all the service providers we work with will
keep your Personal Data secure.
3.3 Our business
partners
We may transfer your Personal
Data to persons acting on your behalf or otherwise involved in the provision of
the type of product or service you receive from us, including payment
recipients, beneficiaries, account nominees, intermediaries (such as third-party
securities companies, or asset management companies), custodians,
correspondents, agents, vendors, co-brand business partners, market
counterparties, issuers of products, or global trade repositories to whom we
disclose Personal Data in the course of providing products and services to you
and whom you authorize us to disclose your Personal Data to, provided that
these data recipients agree to treat your Personal Data in a manner consistent
with this Privacy Policy.
3.4 Third
parties permitted by law
In certain circumstances, we may
be required to disclose or share your Personal Data to a third party in order to comply with legal or regulatory obligations.
This includes any law enforcement agency, court, regulator, government
authority or other third party for which we believe disclosure or transfer is
necessary to comply with a legal or regulatory obligation, or otherwise to
protect our rights, the rights of any third party's or individuals personal
safety, or to detect, prevent, or otherwise address fraud, security
or safety issues.
3.5 Professional advisors
We may disclose or transfer your
Personal Data to our professional advisors relating to audit, legal,
accounting, and tax services who assist in running our business and defending
or bringing any legal claims.
3.6 Third
parties as assignees, transferees, or novatees
We may assign, transfer, or
novate our rights or obligations to a third party, to the extent permitted
under the terms and conditions of any contract between you and us. We may
disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that these data recipients agree to
treat your Personal Data in a manner consistent with this Privacy Policy.
3.7 Third
parties connected with business transfer
We may disclose or transfer your
Personal Data to our business partners, investors, significant shareholders,
assignees, prospective assignees, transferees, or prospective transferees in
the event of any reorganization, restructuring, merger, acquisition, sale,
purchase, joint venture, assignment, dissolution or
any similar event involving the transfer or other disposal of all or any
portion of our business, assets, or stock. If any of the above events occur,
the data recipient will comply with this Privacy Policy to respect your
Personal Data.
When
we disclose your Personal Data to a third party it will be made in accordance
with the purpose of this Privacy Policy or where permitted
by the laws. In case the laws
require your specific consent, we will first seek such consent from you.
4. International
transfers of your Personal Data
We
may disclose or transfer your Personal Data to third parties or servers located
overseas, and the destination countries may or may not have the same data
protection standards as Thailand. We have taken steps and measures to ensure
that your Personal Data is securely transferred, that the data recipients have
suitable data protection standards in place, and that the transfer is lawful by
relying on the derogations as permitted under the law. In case
the laws require consent for International
disclosure or transfer, we will first seek such consent from you.
5. How
long do we keep your Personal Data
We
retain your Personal Data for as long as is reasonably necessary to fulfill the
purposes for which we have obtained it as set out in this Privacy Policy, and
to comply with our legal and regulatory obligations. However, we may have to
retain your Personal Data for longer duration, if required by applicable law or such
retention is necessary for establishment of legal claims of the Company. Upon
expiry of such period, we shall destroy, delete, de-identify or anonymize your
personal data.
6. Other
important information about your Personal Data
6.1 Cookies and
how they are used
If
you visit our websites, we will gather certain information automatically from
you by using Cookies. Cookies are tracking technologies that are used in analyzing trends, administering our websites, tracking
users movements around the websites, and remembering users settings.
Most Internet browsers allow you to control whether
or not to accept Cookies. If you reject Cookies, your ability to use
some or all of the features or areas of our websites
may be limited.
6.2. Personal Data used by
minors, quasi-incompetent
persons, and incompetent persons
Our
activities are not generally aimed at minors and we do
not intentionally collect Personal Data from customers who are minors (those
who have not reach the legal age (20 years of age or by marriage)) without
their parental consent when it is required, or from quasi-incompetent persons
and incompetent persons without their legal guardian's consent.
If
you are a minor, quasi-incompetent or incompetent person and wish to engage in
a contractual relationship with us, you must obtain the consent from your
parent or legal guardian prior to contacting us or providing us with your Personal
Data. If we learn that we have unintentionally collected Personal Data from any
minor without parental consent when it is required, or from quasi-incompetent
person or incompetent person without their legal guardians' consent, we will
delete it immediately or continue to process such Personal Data if we can rely
on other legal bases apart from consent.
6.3 Personal
Data related to third parties
If
you provide the Personal Data of any third party (such as your spouse and
children, shareholders, directors, beneficiary, emergency contact, referral,
and references) to us, e.g. their name, family name, email address, and telephone
number, you should ensure that you have the authority to do so and to permit us
to use the Personal Data in accordance with this Privacy Policy. You are also
responsible for notifying the third party of this Privacy Policy and, if
required, obtaining consent from the third party or rely on other
legal basis.
7. Your
rights with regard to your Personal Data
Subject
to the applicable laws and exceptions thereto, you may have the following
rights regarding your Personal Data:
·
Access:
you may have the right to access or request a copy of the Personal Data we are
processing about you;
·
Data Portability:
you may have the right to obtain Personal Data hold about you, in a structured,
electronic format , and to transmit this data to
another data controller ;
·
Objection:
in some circumstances, you may have the right to object to how we process your
Personal Data in certain activities which specified in this Policy;
·
Deletion:
you may have the right to request that we delete, destroy, or de-identify your
Personal Data that we process about you, e.g. if the data is no longer
necessary for the purposes of processing;
·
Restriction:
you may have the right to restrict our processing of your Personal Data if you
believe such data to be inaccurate, that our processing is unlawful, or that we
no longer need to process this data for a particular purpose;
·
Rectification:
you may have the right to have Personal Data that is incomplete, inaccurate,
misleading, or out-of-date rectified;
·
Consent withdrawal:
you may have the right to withdraw consent that was given to us for the
processing of your Personal Data, unless there are restrictions on the right to
withdraw consent as required by the law, or a contract that benefits you; and
·
Lodge a complaint:
you may have the right to lodge a complaint to the competent authority if you
believe our processing of your Personal Data is unlawful or non-compliance with
applicable data protection law.
8. Effective
of Law
We
will comply with this Privacy Policy once the applicable law has come into
effect.
9. Changes
to this Privacy Policy
From
time to time, we may change or update this Privacy Policy. We encourage you to
read this Privacy Policy carefully and periodically revisit https://www.asiaplusgroup.co.th to
review any changes that may occur in accordance with the terms of this Privacy
Policy. We will notify you or obtain your consent again if there are material
changes to this Privacy Policy, or if we are required to do so by law.
(a)
Asia Plus Group Holdings Group
Asia Plus Group Holdings
Company Limited
175 Sathorn City Tower Building, 3/1
Floor, South Sathorn Road, Tung Mahamek, Sathorn,
Bangkok 10120 Telephone :
0-2680-1111
e-mail : support@asiaplus.co.th
Asia Plus
Securities Company Limited
175 Sathorn City Tower Building, 3/1
Floor, South Sathorn Road, Tung Mahamek, Sathorn,
Bangkok 10120 Telephone :
0-2680-1000
e-mail : support@asiaplus.co.th
Asia Plus
Advisory Company Limited
175 Sathorn City Tower Building, 11
Floor, South Sathorn Road, Tung Mahamek, Sathorn,
Bangkok 10120 Telephone : 0-2680-4002-3
e-mail :ib@asiaplus.co.th
Asset Plus
Fund Management Company Limited
175 Sathorn City Tower Building, 17
Floor, South Sathorn Road, Tung Mahamek, Sathorn,
Bangkok 10120 Telephone : 0-2672-1111
e-mail : customercare@assetfund.co.th
(b)
Data Protection Officer
Data Privacy
Office
175 Sathorn City Tower Building, 3/1 Floor, South Sathorn Road, Tung Mahamek, Sathorn, Bangkok 10120 Telephone : 0-2680-1567
e-mail : dpo@asiaplus.co.th