We, InnovestX Securities Company Limited, care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual (“you”) in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.
This privacy notice applies to:
(1) Our customers
- Individual customers : Our past and present customers who are individual.
- Corporate customers : Directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. investors; anyone who makes a payment to or receives a payment from our customers; anyone that visits our website or our applications, branches or offices; guarantors or security providers; ultimate beneficial owner; directors or legal representatives of a company that uses our services; debtors of our customers; professional advisors, including our directors, investors, shareholders and their legal representatives, and anyone involved in other transactions with us or our customers).
Please note that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and other lawful basis. Reasons for collecting, using or disclosing are provided below:
1.1. Our legal obligation
We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:
a) Compliance with the PDPA and any amendment thereof;
b) Compliance with laws (e.g. Financial Institution Business Law, Securities and Exchange Laws, Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other laws to which we are subject both in Thailand and in other countries), including conducting identity verification, background checks and credit checks, Know Your Customer (KYC) process,/Customer Due Diligence (CDD) process, other checks and screenings (including screening against publicly available government law enforcement agency and/or official sanctions lists), and ongoing monitoring that may be required under any applicable law; and/or
c) Compliance with regulatory obligations and/or orders of authorized persons (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).
1.2. Contract made by you with us
We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:
a) process your request prior to entering into an agreement, consider for approval and provide products and/or services, and deliver products and/or services to you, provide advice and deal with all matters relating to products and/or services (including cash deposit pending investment, cash withdrawal, stock deposit, stock withdrawal, and collateral call) including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;
b) authenticate when entering into, doing or executing any transactions;
c) carry out your instructions (e.g. to submit your orders, fulfil a request for utilization of loan and other credit facilities, respond to your enquiries or feedback, or to resolve your complaints);
d) provide online investment, mobile applications and other online product platforms;
e) track or record your transactions, rights and benefits;
f) produce reports (e.g. transaction reports requested by you or our internal reports);
g) notify you with transaction alerts;
h) recover the money which you owe (e.g. when you have not paid for your loan debt and/or outstanding fees);
i) provide underwriting services including the role as greenshoe option agency (e.g. take subscription forms and disclose your personal data to the relevant person, such as registrars, issuers, regulators, and other underwriters);
j) carry out account maintenance and operations relating to your accounts, including without limitation, processing your applications or requests for services or products, processing your transactions, generating your receipt, pre-confirmation, confirmation and account statement, and operating and closing your accounts;
k) carry out or make transactions and/or payments, such as processing payments or transactions, fulfilling transactions, conducting settlement, billing, processing and clearing activities, managing your relationship with us and administration of your account with us;
l) enforce our legal or contractual rights;
m) provide IT and helpdesk supports, create and maintain code and profile for you, manage your access to any systems to which we have granted you access, remove inactive accounts; and/or
n) provide investment products to you (including investment products of third parties that you may be interested) from time to time and deal with all matters relating to the investment products.
1.3. Our legitimate interests
We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:
a) conduct our business operation and the business group of companies in SCBX Group (e.g. to conduct compliance audit, to conduct risk managements, to conduct finance and accounting managements, to conduct financial audits, to conduct internal operation management, to monitor, prevent, and investigate fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons related to our corporate customer, which may not be required by any governmental or regulatory authorities, and authenticating your identity to prevent such crimes);
b) conduct our relationship managements (e.g. to serve customers, to conduct customer survey, to handle complaints);
c) ensure security (e.g. to maintain CCTV records, to register, exchange card and/or take photo of visitors before entering into our premises including our head office / head office area and all of our branches area);
d) develop and improve our products, services and systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs, including to offer products, services and benefits suitable to you by considering the fundamental rights in your personal data. If you do not wish to receive the offering of products, services and benefits from us, you can cancel your consent via Easy Invest Application.
e) record images and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities;
f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons or attorneys;
g) ensure business continuity;
h) handle claims and disputes, file lawsuits and process the relevant legal proceedings;
i) contact you prior to your entering into a contract with us;
j) evaluate suitability and qualifications, issuance of request for quotation and bidding, and execution of contract with you;
k) protect against security risks (e.g. monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity);
l) comply with applicable foreign laws;
m) manage our infrastructure (including data storage), internal control, and business operations and comply with our policies and procedures including those relating to risk control, security, audit, finance and accounting, systems and business continuity;
n) carry out research, planning and statistical analysis (e.g. on your investment limit and investment behavior, data analytics, assessments, surveys and reports on our products, services and your performance, to carry out our campaigns or our business opportunities);
o) organize our promotional campaign or events, conferences, seminars, and company visits;
p) facilitate financial audits to be performed by an auditor;
q) receive advisory services from legal counsels, financial advisors, and/or other advisors appointed by you or us;
r) in the event of sale, transfer, merger, reorganization, or similar event, disclose and transfer your personal data to one or more third parties as part of that transaction;
s) maintain and update lists or directories of the customers (including your personal data), and keep contracts and associated documents in which you may be referred to; and/or
t) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning, revenue sharing calculation and customer segmentation or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems to keep our systems secured, performing our IT systems development, implementation, operation and maintenance).
1.4. Your consent
In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to provide services to fulfil your needs for the following purposes, which include but not limited to:
a) collect, use or disclose your sensitive personal data as necessary (e.g. to use your identification card photo (which contains your sensitive personal data, namely religion and/or blood type) and criminal record for verification of your identity before continuing the transaction, and Know Your Customer (KYC) process);
b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;
c) send or transfer your personal data and sensitive personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may rely on other legal basis or may proceed without obtaining consent)
d) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent);
e) disclose your personal data and any other data to companies in SCBX Group as shown on https://www.scbx.com/en/affiliates-financial-business-group.html and our trusted business partners for the following purposes: (1) researching, conducting statistical data, developing, analyzing products, services, and benefits to fulfil your needs; and (2) contacting you for offering or providing products, services and benefits suitable to you; and/or
f) other activities which we may require your consent.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and/or
c) necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide your personal data when requested.
2. What personal data we collect, use or disclose
The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies on the scope of products and/or services that you may have used or had an interest in. The type of personal data shall include but not limited to:
|Category||Examples of personal data|
Identification and authentication details
Financial details and information about your relationship with us
Market research and marketing
Geographic data and data relating to your device and your software, and technical details
User login, subscription data, and profile details
Information concerning security
Sensitive personal data
3. Sources of your personal data
Normally, we will collect your personal data directly from you, but sometimes we may get it from other sources, in such case we will ensure the compliance with the PDPA.
Personal data we collect from other publicly available sources) and through may include but not limited to:
a) Data obtained by us from companies in SCBX Group, business partners, and/or any other persons who we have relationship with;
b) Data obtained by us from persons related to you (e.g. your family, friends, referees);
c) Data obtained by us from corporate customers as you are director, authorised person, attorney, representative or contact person;
d) Data obtained by us from service providers, official authorities, or third parties (e.g. your representative, employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you, third-party custodians, sub-custodians, and brokers).
In case you have given any personal data of any other person to us for executing transactions with us or any purposes, you shall notify such person of the details relating to the collection, use and disclosure of personal data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or relied on another legal basis to provide personal data to us.