เว็บเบราว์เซอร์ที่คุณใช้ไม่สนับสนุนการใช้งาน
YOUR BROWSER IS NOT SUPPORTED.
เว็บเบราว์เซอร์ที่แนะนำ
Please use the following web browsers:
Krungthai Xspring Securities Co., Ltd. (“Company”) acknowledges the importance of the
protection of your Personal Data (as defined below).
This Client Privacy Policy (“Client Privacy Policy”) shall apply to Personal Data
(as defined in Article 1 below) of (1) The Company’s individual customers, including prospective,
current or former customers (2) employees, personnel, officers, agents, shareholders, authorized
persons, directors, contact persons, representatives and any other individuals related to the
Company’s corporate customers, including any prospective, current or former customers.
Such individuals shall be collectively referred to as"you" or "your".
Individual and corporate customers shall be collectively referred to as the "Client".
This Client Privacy Policy explains the methods in which the Company collects, uses, discloses,
and transfers your Personal Data domestically and internationally. The Client Privacy Policy shall
apply to businesses, websites, mobile application, call center, activities and exhibitions,
online contact channels, other locations, and any other methods which the Company collects,
uses, discloses, and transfers your Personal Data domestically and internationally.
1.Personal Data collected by the Company
"Personal Data" means any information relating to you that identifies you or enables your identification as specified below. To allow the Company to provide services to its Client. The Company may collect your information by various methods and may collect your Personal Data from you directly (such as via investment advisors, employees, or call center of the Company) or indirectly from other sources (such as social media, third party online platform or any other public information) or through its affiliates, service providers, business partners, governmental organizations or any third party (such as third-party custodian, sub-custodian and securities broker). The type of information collected by the Company depends on its relationship with the Client and the services or products required by the Client.
Individual Client
Your Personal Data, which will be collected, used, disclosed and/or transferred domestically and internationally, shall include, but not limited to, the following types of Personal Data:
(a) Personal informationsuch as title, name, gender, age, occupation, salary, employer, position, education, nationality, birthdate, marital status, information on government-issued card (such as national identification number, passport number, tax identification number, driver’s license information, etc.), signature, voice record, telephone call record, photo, CCTV record, household registration and any other personal information;
(b) Contact informationsuch as address, telephone number, mobile phone number, facsimile number, email address and personal identification number for other electronic communications;
(c) Accounting and financial information such as credit and debit card information, account number and type, PromptPay information, current assets, revenues and expenses, including information on payments and applications for services and products;
(d) Transaction information such as type of products (such as securities, derivatives, price and volume, order number, securities broker number, conditions (if any), order history and balance, payment history and transactions relating to your assets, financial statements, liabilities, taxes, revenues, profits and investment, source of wealth and fund, agency, trade history, default history, margin balance and margin loan;
(e) Technical informationsuch as IP address, web beacon, log, device ID, device model and type, network, connection, access, single sign-on (SSO), Login log, login time, duration of use on Company’s page, Cookies, login data, search history, retrieval data, type and version of browser, time zone setting and location, type and version of plug-in browser, operating system and platform and other technology on the device you use to access the platform;
(f) Personal details such as account identifiers, username and password, PIN ID code for trading, interest and preferences, activities, investment objectives, investment knowledge and experience and risk tolerance;
(g) Usage details such as information on how you use the websites, platform, products, and services.
Corporate Client
Your Personal Data, which will be collected, used, disclosed and/or transferred domestically and internationally, shall include, but not limited to, the following types of Personal Data:
(a) Personal identification details such us name, surname, title, gender, photograph, information in personal background, education, information relating to job (such as status, duty, occupation, position, company which you work for or in which you hold shares), information on government-issued card (such as national identification number, passport), shareholding ratio, signature and any other of your personal information;
(b) Contact details such as telephone number, address, country, email address and other similar information;
(c) Personal information about your relationship with us such as account opening, management, operation, payment, liquidation, assessment and report on behalf of the Customer, which may include signature and correspondences with the Company;
(d) Other information which was collected, used, disclosed in relation to the relationship with the Company, such as information provided by you to the Company in any agreement, form or survey, or information collected upon your participation in the Company’s business, seminar, or social activity, securities trading value, securities broker’s commission and maximum transaction limit.
Your Sensitive Data which will be collected, used, disclosed and/or transferred domestically and internationally by the Company are:
(a) Biometric data (i.e. facial recognition, fingerprint)
(b) Health data such as medical history
(c) Criminal record
(d) Other Sensitive Data displayed on personal document (such as race and religion)
2. Purposes for the Company’s collection, use or disclosure of your Personal Data
The Company may collect, use, disclose and/or transfer your Sensitive Data domestically and internationally for the following purposes:
2.1 Purposes which require your consent
The Company relies on your consent for
(a) Marketing communication, special offer, promotional documents relating to the Company’s products and services, affiliates or subsidiaries of the Company and third party which the Company cannot rely on other rules or lawful basis.
(b) The collection, use and/or disclosure of your Sensitive Data shall be for the following purposes:
(1) Biometric data (i.e. facial recognition, fingerprint) - for location access/application to use services and personal verification;(c) The transfer of your Personal Data domestically or internationally shall be in accordance with the laws.
(2) Health data such as medical history - for facilitation purpose
(3) Criminal record – for background check
(4) Religion – for facilitation purpose
(5) Other Sensitive Data displayed on personal document (such as race and religion) – for personal verification
In case the rules or lawful basis require consent, you are entitled to withdraw your consent at any time by contacting the Data Privacy Officer to withdraw your consent. Such withdrawal shall not affect the legality of the collection, use, and disclosure of Personal Data that the you have already given consent prior to such withdrawal.
2.2 Purposes which the Company may rely on other lawful basis to process your Personal Data
The Company may rely on other lawful basis to collect, use, disclose and/or transfer your Personal Data domestically and internationally, i.e. (1) when it is necessary to comply with the agreement for the execution or the performance of the agreement with you (2) when it is for the performance of its legal obligations (2) when it is necessary for the legitimate interest of the Company and third party to balance the interests and basic rights and freedom relating to the protection of your Personal Data (4) when it is for the protection or suppression of danger to life, body or health and (5) when it is for public interest for carrying out the activities in relation to public interest or the exercise of government authority.
The Company shall rely on lawful basis in the foregoing (1) to (5) to collect, use, disclose and/or transfer your Personal Data domestically or internationally for the following purposes:
Individual Client
(a) Contacting you prior to entering into an agreement with the Company;
(b) Processing applications for account opening, account maintenance, any operations regarding your account, including but not limited to the processing of the application or request for services or products, the processing of your transactions, the issuance of account statement and the operation and closing of your account;
(c) Providing services to you such as financial planner/advisor [securities brokerage service, securities trading, underwriting, mutual fund management, private fund management, investment advisory, securities borrowing and lending, derivatives trading, derivatives brokerage, derivatives advisory, derivatives fund management] from time to time, and any and all dealings relating to such services;
(d) Providing investment products, offering choices to you (including third-party investment products) from time to time, and any and all dealings relating to such investment products;
(e) Managing relationship between the Company and you, and your existing account with the Company;
(f) Protecting Client from certain restrictions (such as preventing elderly customers from certain engaging in certain transactions for the purpose of damage control);
(g) Carrying out your instructions or responding to your questions or feedback and resolving your complaints;
(h) Conducting identity verification and credit check, performing (know-your-customer (KYC) and customer due diligence (CDD), other inspection and validation and continued verification as required by laws;
(i) Preventing, detecting and investigating fraud, unlawful behaviors or illegal activities, whether requested by official or regulatory authority, and risk analysis and management;
(j) Complying with the laws, rules, criteria, guideline, order, suggestions and request from government authority, tax authority, law enforcement or other authority or regulatory authority (either local or foreign) such as the Stock Exchange of Thailand, Thailand Futures Exchange, Thailand Securities Depository Co., Ltd., Thailand Clearing House Co., Ltd., the Office of Securities and Exchange Commission, Anti-Money Laundering Office and the Revenue Department;
(k) Managing the Company’s infrastructure, internal control, [internal] inspection and business operations, and complying with policies and procedures required by laws or applicable rules, including those relating to risk control, security control, audit, finance and accounting, systems and business continuity;
(l) Addressing or investigating complaints, requests or disputes;
(m) Providing marketing communications, information, special offer, promotional documents relating to the Company’s products and services of the Company, its affiliates and subsidiaries and third party;
(n) Developing new services and products and updating you on the Company’s services and products from time to time;
(o) Conducting research, planning and statistical analysis, for example, on your investment limit and investment behavior, for the purpose of developing the Company’s services and products;
(p) Organizing projects or promotional events, meeting, seminar and company’s visit;
(q) Enforcing the Company’s legal or contractual rights, including but not limited to recovering any payment owed to the Company;
(r) Facilitating financial audit carried out by an auditor, or seeking legal services from a legal counsel appointed by you or the Company;
(s) Complying with the Company’s responsibilities under any agreement to which the Company is a part, such as agreements with the Company’s business partners, vendors, or other asset management companies or under the agreement of which the Company is a representative and
if your Personal Data which the Company collected from your is required for the compliance with any legal responsibility of the Company, or the entering into any agreement with you, the Company may not be able to provide its products or services to you (or no longer be able to provide products or services to you) unless the Company can collect your Personal Data upon request.
Corporate Client
(a) Business communication such as communication with the Client regarding the Company’s products or services, e.g., responding to inquiries or requests;
(b) Client selection such as performing identity verification and KYC process of Client, status or background check in other formats or risk identification relating to you and the Client (including screening with sanction lists of regulatory authority and/or official list which are publicly available, as required by laws), your suitability and qualification test, issuance of offer and bidding invitation, entering into the agreement with you or the Client;
(c) Client’s data management such as maintaining and updating list/directories of Client (including your Personal Data), keeping contracts and associated documents in which you may be referred to;
(d) Relationship management such as planning, performing and managing (contractual) relationship with the Client, e.g., by entering into transactions or executing orders for products or services, processing payments, carrying out accounting activities, auditing, billing and collection activities, arranging shipments and deliveries, providing support services;
(e) Business analysis and improvement such as research, data analysis, assessment, survey and report relating to the Company’s products and services and your or Client’s performance, development and improvement of marketing strategies and products and services;
(f) IT system and supports such as providing IT and helpdesk supports, creating and maintenance of code and profile, managing your access to any system which the Company granted to you, removing inactive accounts and business controls to enable the Company’s business to continue and allow the Company to identify and resolve problems in the Company’s information technology systems and to ensure that the Company’s systems are secured, development, use, operation and maintenance of information technology systems;
(g) Security and system monitoring such as authentication, access control and logs, tracking of system, device and internet system, inspection of information technology security, prevention and correction of crime, including risk management and fraud prevention;
(h) Dispute management such as dispute resolution, enforcement of the Company’s agreements, determination, use or defense of legal claims;
(i) Internal investigation such as investigation, prevention of complaint and/or crime or fraud;
(j) Compliance with internal rules such as compliance with internal policies, applicable laws, rules, orders and guidelines of regulatory authority;
(k) Compliance with the laws and government authoritysuch as coordination, interaction and responses to government authority or court;
(l) Marketing purposes such as news or public relations of the Company which may be of interest to you, various activities, presentation of new services, surveys;
(m) Compliance with reasonable business requirements such as management, training, auditing, reporting, control or management of risk, statistics, trend analysis and planning or any other related or similar activities.
3. Methods which the Company may disclose or transfer your Personal Data
The Company may disclose or transfer your Personal Data to any third party (including the personal or agents of such third party) located in or outside Thailand, which the Personal Data shall be processed for the purposes under this Privacy Policy. You can visit their privacy policy to learn more about the methods in which such third party processes your Personal Data.
Individual Client
3.1 Financial conglomerate of Krungthai Bank Public Company Limited and XSpring Capital Public Company Limited
Since the Company is a part of a financial conglomerate of Krungthai Bank Public Company Limited (“Krungthai Bank”), which is a major shareholder of the Company together with XSpring Capital Public Company Limited (“XSpring Capital”), the Company may need to transfer your Personal Data to other companies within the financial conglomerate, Krungthai Bank and XSpring Capital Public Company Limited, or permit other companies within the financial conglomerate of Krungthai Bank to access your Personal Data for the aforementioned purposes. You can view the list of the companies and the scope of activities within the financial conglomerate of Krungthai Bank as announced by the Company.
3.2 Service providers of the Company
The Company may use other company, agent, or contractor to provider services on behalf of the Company or assist in the provision of products and services to you. The Company may share your Personal Data to these service providers, including but not limited to (a) IT service providers (b) research agencies (c) analytics service providers (d) survey agencies (e) marketing, advertising, and communication agencies (f) payment service providers and (g) administrative and operational service providers.
In the course of providing these services, the service providers may access your Personal Data, which the Company shall only provide the data necessary for them to perform such services, and the Company shall ask them not to use your Personal Data for any other purposes. The Company will ensure that all of its service providers securely retain your Personal Data.
3.3 Business partners of the Company
The Company may transfer your Personal Data to any person acting on your behalf or related to the provision of products or services you receive by the Company, including payment recipients, beneficiaries, account nominees, intermediaries (such as third party securities company or asset management company), custodians, banking agents, selling agents, co-brand partners, market counterparties, issuers of products, or global trade repositories, which the Company must disclose your Personal Data in order to provide products or services to you, and which you permit the Company to disclose your Personal Data, provided that they must agree to treat your Personal Data in accordance with this Privacy Policy.
3.4 Third parties permitted by law
In certain circumstances, the Company may be required to disclose or share your Personal Data with a third party in order to comply with its obligations under the laws or rules, including compliance with law enforcement, regulatory authority, government authority or any other third party, in case the Company trusts that such disclosure or transfer is necessary to comply with the laws or rules, or to protect the rights of the Company or other person, or for the security of any person or third party, or to inspect, prevent or manage issues relating to fraud, security or safety.
3.5 Professional advisors
The Company may disclose or transfer your Personal Data to the Company’s auditing, legal, accounting or tax professional advisors, which assist it in its operation and defense, or management of legal claims.
3.6 Third parties such as assignees, transferees, or novatees
The Company may deliver, transfer or novate its rights or obligations to a third party to the extent permitted by the terms and conditions of any agreement between you and the Company. The Company may disclose or transfer your Personal Data to its assignee, transferee, novatees, including any prospective assignee, transferee, novate, provided that they agree to treat your Personal Data in the manner consistent with this Privacy Policy.
3.7 Third parties relating to business transfer
The Company may disclose or transfer your Personal Data to its co-branded business partners, investors, major shareholders, assignees, prospective assignees, transferees or prospective transferees in the event of business reorganization, merger, acquisition, sale, purchase, joint venture, transfer, dissolution or any similar events relating to the transfer or disposal of business, assets or shares of the Company, in whole or in part. In case of any of the foregoing events occurs, the recipient shall comply with this Privacy Policy concerning your Personal Data.
Corporate Client
The Company may share your Personal Data with any other person for the purposes described n Article 3, other co-branded business partners, third party contractors employed by the Company in certain circumstances. The Company may share your Personal Data with government authority, law enforcement, court, regulatory authority, or any other third party if the Company trusts that it is necessary for the compliance with its obligations under the laws or rules, or to protect the rights of the Company or other person, or for the security of any person or third party, or to inspect, prevent or manage issues relating to fraud, security or safety.
Upon transfer of Personal Data to a third party, the Company shall ensure the protection of your Personal Data, such as non-disclosure agreement or any other appropriate security measures as required by laws.
4. International transfer of your Personal Data
The Company may disclose or transfer your Personal Data to any third party or server located overseas, hich the destination country may or may not have the same standard of data privacy protection as in Thailand. The Company has taken steps and measures to ensure that the transfer of your Personal Data is secured and the recipient has appropriate data privacy measures in place, and such transfer is lawful by relying on the derogations as permitted under the law.5. Period for which your Personal Data shall be retained
The Company shall retain your Personal Data for a reasonably necessary period to fulfill the purposes in which the Company obtained such Personal Data as specified in this Privacy Policy, and to comply with its obligations under the laws and regulations. However, the Company may extend the retention period if required by applicable laws.6. Other important information relating to your Personal Data
6.1 Cookies and use of cookies
If you visit the Company’s website, the Company will automatically collect certain data from you using cookies. Cookies are tracking technologies used for analysis of trend, website management, tracking the uses of Company’s website or saving user’s settings.
Most internet browsers allow you to control whether to accept the cookies. If you reject cookies, your ability to use some or all of the features or areas of the Company’s websites may be limited.
6.2 Personal data used by minors
The Company’s activities are not generally aimed at minors and the Company shall not knowingly collect Personal Data from customers who are minors (persons who have not reached legal age (20 years old of age or by marriage) without consent from their parental guardians when it is required, or from quasi-incompetent persons or from incompetent persons without consent from their legal guardian. If you are a minor, a quasi-incompetent person or an incompetent person who wishes to establish a relationship with the Company, you must obtain consent from your parental or legal guardian before contacting the Company or providing your Personal Data to the Company. If the Company becomes aware that it unintentionally collects Personal Data of a minor without consent of his/her parental guardian when it is required, or from a quasi-incompetent person or an incompetent person without consent from his/her legal guardian, the Company shall immediately erase such Personal Data, or continue to process such Personal Data if the Company can rely on other lawful basis apart from consent requirement.
6.3 Personal data relating third party
If you provide Personal Data of any third party such as your spouse or children, shareholder, director, beneficiary, emergency contact details, transfer in case of urgent care, such as name, surname, email address and telephone number of such person, you should ensure that you are authorized to provide such Personal Data, and permit the Company to use the Personal Data of such person under the Privacy Policy, and obtain necessary consent form such third party, if required, or relying on other lawful basis.
7. Rights to your Personal Data
Subject to the applicable laws and legal exceptions, you may be entitled to the following rights relating to your Personal Data:(a) Access : You may be entitled to request access or copy of your Personal Data processed by the Company concerning you.
(b) Data transfer : You may be entitled to request your Personal Data stored by the Company in an organized and electronically readable format and for the transmission or transfer to other personal data controller.
(c) Objection : In some cases, you may be entitled to object the methods employed by the Company to process your Personal Data in certain activities specified n this Privacy Policy.
(d) Deletion or destruction of data : You may be entitled to request the Company to delete or destroy or anonymize Personal Data to no longer be identifiable, for example, if such data is no longer necessary for the purpose of processing.
(e) Restriction : You may be entitled to restrict the processing of your Personal Data if you believe that such data is incorrect or the Company’s processing is unlawful, or it is no longer necessary for the Company to process such data for any purpose.
(f) Correction : You may be entitled to request the correction of your Personal Data which is incomplete, incorrect, misleading or not up-to-date.
(g) Consent withdrawal : You may be entitled to withdraw your consent which you granted to the Company to process your Personal Data, unless there is a restriction of the withdrawal of consent by law, or the contract which gives benefits to you.
(h) Complaint submission : You may be entitled to complain to the competent authority if you believe that the Company illegally or unlawfully processed your Personal Data under the applicable laws.
8. Amendment to the Privacy Policy
The Company may amend or update this Privacy Policy from time to time. The Company advises you to carefully read this Privacy Policy and review any amendment which may be announced under this Privacy Policy from time to time. The Company will notify you or request your consent if there is any material change to the Privacy Policy or if the Company is required by law to materially change the Privacy Policy.9. Contact details
If you wish to exercise your rights relating to your Personal Data, or if you have any question or complaint relating to your Personal Data under this Privacy Policy, please contact the Company of its Data Protection Officer at:Krungthai Xspring Securities Co., Ltd
Address : No. 287 Liberty Square, 16th floor, Silom Road, Sliom, Bangrak, Bangkok 10500
Contact number : (02) 695 5000 , (02) 695 5555
Data Protection Officer :
Address : No. 287 Liberty Square, 16th floor, Silom Road, Sliom, Bangrak, Bangkok 10550
Email : dpo.official@krungthaixspring.com
KTX Contact Center: (+66) 02-695-5555
For website and technical support. Please contact
Digital Channel Management
Contact number : (+66) 02-695-5559
Email : Digital@krungthaixspring.com
Technical Support Center
Contact number : (+66) 02-695-5556
Email : technicalsupport@krungthaixspring.com
This announcement shall be effective from 1 June 2022 onwards.
