Privacy Notice for Our Customers and Related Persons SCB Asset Management Company Limited

We, SCB Asset Management Company Limited, care about the privacy of our customers, thus, we provide this privacy notice to inform our customers of our policy in relation to the collection, use and disclosure of personal data of individual (“you”) in accordance with the Personal Data Protection Act B.E. 2562 including but not limited to sub-regulations, official guideline and any amendment thereof (“PDPA”), relevant laws and regulations. This privacy notice informs you of how we collect, use or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.

 
This privacy notice applies to:
 
(1) Our customers
  • Individual customers: Customers who have products or services with us, including former and existing customers who are individual.
  • Corporate customers: Directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of our past and present corporate customers and other individuals authorised to act on their behalf. Our corporate customer shall ensure that the authorised persons and any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may need to collect, use or disclose your personal data (e.g. investors; anyone who makes a payment to or receives a payment from our customers; anyone that visits our website or our applications, or offices; guarantors or security providers; ultimate beneficial owner; beneficiaries under insurance policy; directors or legal representatives of a juristic person that uses our services or entering into agreements with us; debtors of our customers; professional advisors, including our directors, investors, shareholders and their legal representatives, officers of any competent governmental, supervisory or regulatory authorities, and anyone involved in other transactions with us or our customers).
 
Please note that in the event that some of the links on our platform may lead to third party’s platforms, when you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.

1. How we collect, use or disclose your personal data

We only collect, use or disclose your personal data where it is necessary or there is a lawful basis for collecting, using or disclosing it. This includes where we collect, use or disclose your personal data based on the legitimate grounds of legal obligation, performance of contract made by you with us, our legitimate interests, performance under your consent and/or other lawful basis. Reasons for collecting, using or disclosing are provided below:
 

1.1.Our legal obligation

We are regulated by many laws, rules, regulations, and orders of any competent governmental, supervisory or regulatory authorities, and to fulfil our legal and regulatory requirements, it is necessary to collect, use or disclose your personal data for the following purposes, which include but not limited to:

a) Compliance with laws e.g. Financial Institution Business Law, Securities and Exchange Laws, Anti-Money Laundering Laws,  Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other laws to which we are subject both in Thailand and in other countries), including conducting identity verification, background checks and credit checks, Know Your Customer/Customer Due Diligence (KYC/CDD) processes, other checks and screenings (including screening against publicly available government law enforcement agency and/or official sanctions lists), Taxation Laws, and ongoing monitoring that may be required under any applicable law (e.g. investment limits); and/or

b) Compliance with regulatory obligations and/or orders of authorized persons by law (e.g. orders by any court of competent jurisdiction or of governmental, supervisory or regulatory authorities or authorized officers).

1.2. Contract made by you with us

We will collect, use or disclose your personal data in accordance with the request and/or agreement made by you with us, for the following purposes, which include but not limited to:

a) process your request prior to entering into an agreement, consider for approval and provide products and/or services, processing your applications or requests for services or products, deliver our products and/or services to you, provide advice and deal with all matters relating to products and/or services including any activities that if we do not proceed, then our operations or our services may be affected or may not be able to provide you with fair and ongoing services;

b) authenticate when entering into, doing or executing any transactions (e.g. sending your identification card data to the Department of Provincial Administration for verifying the status of your identification card);

c) carry out your instructions (e.g. to submit your orders, processing your applications and/or your transactions, fulfil a request for utilization of products and/or services, responding to your enquiries or feedbacks, or to resolving your complaints), including record images, videos and/or voices and/or any similar actions to enable us to efficiently carry out your instructions and/or to keep record as an evidence for proceeding with your instructions;

d) provide online investment, mobile applications (e.g. SCB PVD Online, SCB MyProvident, PF Online and SCBAM Fund Click) and other online product platforms

e) track or record your transactions, rights and benefits;

f) produce reports (e.g. transaction reports requested by you or our internal reports);

g) notify you with transaction alerts and notify the due date of products and/or services;

h) recover the money which you owe (e.g. when you have not paid for your outstanding fees);

i) carry out account maintenance and operations relating to your accounts, including without limitation, carrying out your request for services or products.  processing your transactions, generating your confirmation letter, investment report, investment confirmation letter and account statement, and operating and closing your accounts;

j) carry out account maintenance and operations relating to your user accounts and/or fund accounts, including but not limited to, processing your applications or requests for services or products, processing your transactions, generating your confirmation letter, investment report, investment confirmation letter and account statement of your user accounts and/or fund accounts, and operating and closing your user accounts and/or fund accounts;

k) enforce our legal or contractual rights;

l) provide IT and helpdesk supports, create and maintain codes and user accounts for you, manage your access to any systems to which we have granted you access, and remove inactive accounts;

m) provide investment products to you (including investment products of third parties that you may be interested) from time to time and deal with all matters relating to the investment products;

n) provide mutual fund management services (e.g. open account with bank custodian, make onshore and/or offshore investment and appoint a beneficiary);

o) provide private fund management services (e.g. fund set up, open deposit account and securities account, increase and decrease investment amount, enter into ISDA for and on behalf of private fund and proceed on related transaction with custodians);

p) open an omnibus account for buy, sell and switch unit-linked insurance products;

q) provide provident fund management services (e.g. fund set up, withholding tax submission to the Revenue Department and other ongoing registrar management); and/or

r) provide fund manager services for property fund, infrastructure fund and digital assets and provide trustee services for REITs; and/or

s) in the event of sale or transfer of claims, assets, debt or business, merger, reorganization, rehabilitation, or similar event, we may disclose and transfer your personal data to one or more third parties who are the transferees of claims, assets, debt, or business, or the parties involved in the merger or reorganizing, or the plan preparers and plan administrators, or those related to such similar event.

1.3. Our legitimate interests

We rely on the basis of legitimate interests by considering our benefits or third party’s benefits with your fundamental rights in personal data which we will collect, use or disclose for the following purposes, which include but not limited to:

a) conduct our business operation, the business operation of companies in SCBX Group as specified in https://www.scbx.com/th/affiliates-financial-business-group.html and the business operation of SCBX Group (e.g. to govern, to audit, to conduct risk management in business operations and internal management, to manage and audit financial and accounting, to manage the provision of services associated with our products or services, to conduct information technology and cybersecurity management, to conduct procurement management, to conducthuman resource management, to define guidelines and strategic planning for business operations, to plan and allocate personnel for operational tasks, to conduct debt restructuring and manage the risks of customers, to monitor, prevent and investigate fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons related to our corporate customer, which may not be required by any governmental or regulatory authorities, and authenticating your identity to prevent such crimes);

b) conduct our relationship managements (e.g. to serve and facilitate you, to conduct survey, to manage customer segmentation, to handle complaints, to calculate remuneration for selling agent) including recording images, videos and/or voices and/or any similar actions to enable us to efficiently conduct our relationship managements and/or to enhance our services;

c) ensure security (e.g. to maintain CCTV records, to register, exchange card and/or take photo of visitors before entering into our premises);

d) develop, and improve our products, services and systems to enhance our services standard and/or for the greatest benefits in fulfilling your needs , including to conduct research, analyse data and offer products, services and benefits suitable to you by considering the fundamental rights in your personal data. If you do not wish to receive the offering of products, services and benefits from us, you can contact us through SCBAM Client Relations Tel. 02-777-7777 during office hours.

e) record images, videos and/or voices relating to the meetings, trainings, seminars, recreations or activities (e.g. marketing activities, corporate social responsibility activities, activities to support customer’s business) and use such recorded images, videos and/or voices for the purpose of making internal and/or external public relations relating to such meetings, trainings, seminars, recreations or activities;

f) in case of our corporate customer, we will collect, use and disclose personal data of directors, authorized persons, attorneys, guarantor, beneficiary, or any other persons, including personal data of such person as an individual customer, to execute transaction, provide services and/or contact corporate customer;

g) in case of our individual customer, we may collect, use and disclose personal data of any other person relating to your transaction or use of services (e.g. spouse, guarantor) to execute transaction and/or provide services to you;

h) ensure our business continuity, the business continuity of companies in SCBX Group and the business continuity of SCBX Group;

i) handle claims and disputes, file lawsuits and process the relevant legal proceedings;

j) contact you prior to your entering into a contract with us;

k) evaluate suitability and qualifications, issuance of request for quotation and bidding, and execution of contract with you;

l) protect against security risks (e.g.  monitoring network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity);

m) comply with applicable foreign laws or cooperate for compliance with applicable foreign laws;

n) analyse, carry out research, plan and conduct statistical analysis (e.g. on your investment limit and investment behavior, data analytics, assessments, surveys and preparations of reports on our products and/or services and your behavior, carry out our campaigns or our business opportunities);

o) carry out our project or events (e.g. promotional campaign, social activities, events for supporting our business and/or our customer’s business), conferences, seminars, and company visits, including to give reward as per promotional campaign or events;

p) facilitate financial audits to be performed by auditors;

q) receive advisory services from legal counsels, financial advisors, and/or other advisors appointed by you or us;

r) prepare a summary report for consideration and/or disclose your personal data to one or more third parties who are interested to be the transferees of claims, assets, debt, or business, or are interested in merger or reorganizing, or those related to such similar event before sale, or transfer of claims, assets, debt or business, merger, reorganization, or similar event;

s) in the event of any contemplated or proposed sale, transfer, merger, reorganization, or similar event, we may disclose and transfer your personal data to one or more third parties as part of that transaction;

t) maintain and update lists and directories of the customers (including your personal data) and keep contracts and associated documents in which you may be referred to;

u) comply with reasonable business requirements (e.g.  management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems, to keep our systems secured, performing our IT systems development, implementation, operation and maintenance);

v) undertake fraud prevention model development, underwriting model development, collection model development, and proxy income model development, and track propensity to approve model performance;

w) facilitate you and a financial institution that grants credit facility to you to receive and/or deliver your information relating to the provident fund’s contributions and credit facility in the case where you are member of the provident fund and apply for provident fund welfare loan with a financial institution approved by us; and/or

x) apply for accidental insurance and/or life insurance for your benefit in the case where you are member of the provident fund which additionally provides accidental insurance policy and/or life insurance policy (as the case may be). 

1.4. Your consent

In certain cases, we may ask for your consent to collect, use or disclose your personal data to maximise your benefits and/or to enable us to execute transactions or provide services to fulfil your needs for the following purposes, which include but not limited to:

a) collect, use or disclose your sensitive personal data for the purpose of offering or providing products, services and benefits suitable to you. To proceed with such activity, we will research, conduct statistical data, analyse or develop such products, services and benefits (in case where consent is required under the PDPA);

b) collect and use your personal data and any other data to conduct research and analyze for the greatest benefits in developing products and services to truly fulfil your needs and/or to contact you for offering products, services and benefits exclusively suitable to you;

c) contact you to provide financial advice and offer our products, services, and benefits which may interest you (in case the consent is required under the PDPA);

d) send or transfer your personal data and sensitive personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed under other lawful basis or without obtaining consent); 

e) when you are classified as a minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining consent);

f) disclose your personal data and any other data to companies in SCBX Group as shown on https://www.scbx.com/th/affiliates-financial-business-group.html and our trusted business partners for the purpose of offering or providing products, services and benefits to you. To proceed with such activity, companies in SCBX Group and our trusted business partners will research, conduct statistical data, analyze or develop products, services and benefits suitable to you;

g) disclose your personal data and any other data to companies in SCBX Group as shown on https://www.scbx.com/th/affiliates-financial-business-group.html and our trusted business partners for purpose of analyzing, carrying out research, and preparing statistical data, which will be beneficial in providing services that are more efficient and suitable for you; and/or 

h) other activities which we may require your consent.

1.5. Other lawful basis

Apart from the lawful basis which we mentioned earlier, we may collect, use or disclose your personal data based on the following lawful basis:

a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;

b) prevent or suppress a danger to a person’s life, body or health; and/or

c) necessary to carry out a public task, or for exercising official authority.

If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to provide (or continue to provide) some or all of our products and services to you if you do not provide such personal data when requested.

In addition, we may utilize technologies currently possessed or to be acquired in the future for the collection, use, or disclosure of your personal data in accordance with the purposes stated in clauses 1.1 – 1.5 above, including but not limited to Artificial Intelligence (“AI”), Generative AI Usage such as AI Chatbot technology, Cloud Computing, etc.

Furthermore, as we may establish the system(s) and/or use the shared system(s) with the companies in SCBX Group, your personal data held by us and by companies in SCBX Group may be collected, used or disclosed through such system(s) to support our operations and business activities and/or operations and business activities within SCBX Group. To proceed with such activity, we will comply with the PDPA.

2. What personal data we collect, use or disclose

The type of personal data, namely personal data and sensitive personal data, which we collect, use or disclose, varies depending on the scope of transactions, products and/or services that you may have used or had an interest in. The type of personal personal data and sensitive personal data shall include but not limited to:

Category

Examples of personal data

Personal details
  • Title
  • Given name, middle name, surname, hidden name (if any)
  • Gender
  • Date of birth
  • Age
  • Educational background
  • Marital status
  • Nationality
  • Beneficiaries information

Contact details
  • Mailing address
  • E-mail address
  • Phone number
  • Mobile number
  • Facsimile Number
  • Name of representatives or authorised persons acting on behalf of our customers
  • Social media accounts, including profile data, photo and other identifier for electronic communication
  • Business address
  • Business phone number
  • Contact details of reference person

Identification and authentication details
  • Photo
  • ID card photo
  • Identification number, laser number (back of identification card) 
  • Passport
  • Certificate/Alien ID
  • Driving licence
  • Signatures
  • Tax identification number
  • House registration

Employment details
  • Occupation
  • Employer’s details and workplace
  • Position
  • Salary or income
  • Remuneration
  • Job title
  • Bonus
  • Work place
  • Employment commencement date

Financial details and information about your relationship with us
  • Data relating to products and/or services you use
  • Channels you use and ways you interact with us
  • Your customer status, your ability to get and manage credit, your payment history, transaction records
  • Information about your transactions
  • Credit card and debit card information
  • Account number and account type (e.g. account for ATS or for receiving dividends)
  • Account name
  • Account history
  • Asset holding
  • Current assets
  • Income and expenses
  • Payment details
  • Source of wealth and funds
  • Broker number
  • Trading history and balance
  • Earnings and investments
  • Representation
  • Trade information
  • Margin balance
  • Margin loan record
  • Private fund information (i.e. portfolio name, outstanding balance and management fee)
  • Provident fund information (i.e. fund name, fund code, member code, department code, investment policy, investment plan, proportion of investment per investment policy, employees’ savings , interest accrued on employees’ savings, employees’ savings units, employer’s contribution, interest accrued on employer’s contribution,  employer’s contribution units, total outstanding amount, total outstanding units, members’ age, date of  membership termination, reason of membership termination, proportion (%) gained from employer, last date of money remittance to the fund, withholding tax amount, request to maintain the whole amount of the benefits entitled to receive within the fund, request to receive installment payments from the fund, method of receiving or transferring fund money, bank and bank account number for receiving or transferring fund money, name of provident fund or retirement mutual fund where the fund money to be transferred,  proportion (%) gained from former employer, new employer name, new employer code, new investment policy  name and investment plan,  new employment commencement date with new employer, type of transfer, method of receiving fund money, continuation or discontinuation of working period, former employer name, former fund name,  method of receiving transfer, date of becoming member with current employer, investment policy and investment proportion being transferred)
  • Daily transaction record
  • Dividends payment receipt
  • Fund unitholding information (e.g. fund holding ratio)
  • Fund unitholding number
  • Fund allotment amount
  • Investment amount
  • Line information (e.g. profile picture, chat log and session)

Market research, marketing and sales information
  • Customer survey
  • Data and opinions expressed when participating in market research (e.g. your responses to questionnaires, surveys, requests for feedbacks, and research activities)
  • Details of services you receive and your preferences
  • Inferences about you based on your interactions with us
  • Communication preferences and details or content of your communications with us

Geographic information, information about your device and your software, and technical details
  • Your GPS location
  • IP address
  • Technical specifications and uniquely identifying data, (e.g.   IMEI (International Mobile Equipment Identity) of mobile phone or other unique device identifier and any details relating to mobile phone, web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access date and times, duration of usage, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, language preferences, browser plug-in types and versions, operating system and platform, and other technology on devices you use.

Investigation data
  • Data for due diligence checks, (e.g. data relating to Know Your Customer (KYC) or Customer Due Diligence (CDD))
  • Data for risk management or Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks

User login, subscription data, and profile details
  • Login information for using our system, online system and applications.
  • Account identifiers
  • Username, password and other verification code
  • Interests, preferences and activities
  • PIN ID code for trading and investment
  • Investment objectives
  • Investment knowledge and experience
  • Risk assessment score, risk profile and risk level

Usage details
  • Data relating to your usage of websites, platform, products and services   (e.g. click and reach)
  • Data relating to your usage and interaction with our advertising (including content viewed, links clicked, and functions used)

Information concerning security
  • Visual images
  • Personal appearance
  • Detection of any suspicious and unusual activity
  • CCTV images or recordings
  • Video recordings
Spouse details
  • Title
  • Given name, middle name, surname, hidden name (if any)
  • Marital status
  • Number of persons in responsible
  • Nationality
  • Identification number
  • Date of birth
  • Income

Sensitive personal data
  • Religion as shown in the identification card
  • Blood type as shown in the identification card
  • Biometric data (e.g. face recognition, fingerprint and voice recognition)
  • Race
  • Health and disability (e.g. physical wellbeing and soundness of mind)
  • Criminal records
Data from mobile phone as per consent given by you
  • Data relating to mobile network
  • GPS location
  • Calendar
  • Contact list data
  • Data relating to files and photos
  • SMS data and message
  • Usage history of mobile phone, application and internet
Other information
  • Records of correspondence and other communications between you and us, in whatever manner and form, including but not limited to phone, email, live chat, instant messages and social media communications
  • Information that you provide to us through any channels

3. Sources of your personal data

Normally, we will collect your personal data directly from you but sometimes we may get it from other sources , in such case we will ensure the compliance with the PDPA.  

Personal data we collect from other sources may include but not limited to:

a) Data obtained by us from companies in SCBX Group and/or any other persons who we have legal relationship with;

b) Data obtained by us from persons related to you (e.g. your family, friends, referees);

c) Data obtained by us from corporate customers as you are director, authorised person, attorney, representative or contact person; 

d) Data obtained by us from  service providers, official authorities, regulatory authorities  (e.g. Department of Business Development, the Ministry of Commerce, Office of the Securities and Exchange Commission of Thailand, and Digital Access Platform Company Limited (FundConnext)) (e.g. data that is publicly available, data that relates to transactions), or third parties (e.g. your representative, employer, sponsor and third parties that have roles in delivering services to you or someone acting on their behalf may provide us with information about you, third-party underwriters, third-party agents, third-party registrar, third-party custodians (e.g. custodian of selling agent in case of unit-linked insurance products), sub-custodians, and brokers).

In case you have given any personal data of any other person to us for executing transactions with us or any purposes, you shall notify such person of the details relating to the collection, use and disclosure of personal data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or relied on another legal basis to provide personal data to us.

4. Your rights

The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA details as specified below , through the channels prescribed by us:  

4.1 Right to access and obtain copy

You have the right to access and obtain copy of your personal data retained by us, unless we are entitled to reject your request under the laws or court orders, or if such request will adversely affect the rights and freedoms of other individuals.

4.2 Right to rectification

You have the right to rectify your inaccurate personal data or to update your incomplete personal data.

4.3 Right to erasure

You have the right to request us to delete, destroy or anonymise your personal data, unless there are certain circumstances where we have the legal grounds to reject your request.

4.4 Right to restrict

You have the right to request us to restrict the use of your personal data under certain circumstances (e.g. when we are pending examination process in accordance with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary as you have necessity to retain it for the purposes of establishment, compliance, exercise or defense of legal claims).

4.5 Right to object

You have the right to object the collection, use or disclosure of your personal data in case we proceed with legitimate interests basis or for the purpose of direct marketing, or for the purpose of scientific, historical or statistic research, unless we have legitimate grounds to reject your request (e.g. we have compelling legitimate ground to collect, use or disclose your personal data, or the collection, use or disclosure of your personal data is carried out for the establishment, compliance, or exercise legal claims, or for the reason of our public interests).

4.6 Right to data portability

You have the right to receive your personal data in case we can arrange such personal data to be in the format which is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means. Also, you have the right to request us to send or transfer your personal data to third party, or to receive your personal data which we sent or transferred to third party, unless it is impossible to do so because of the technical circumstances, or we are entitled to legally reject your request.

4.7 Right to withdraw consent

You have the right to withdraw your consent that has been given to us at any time pursuant to the methods and means prescribed by us, unless the nature of consent does not allow such withdrawal. The withdrawal of consent will not affect the lawfulness of the collection, use or disclosure of your personal data based on your consent before it was withdrawn.

You can review and change your consent to use or disclose your personal data for marketing purposes through channels as specified in No. 11 below or other channel prescribed by us in the future

4.8 Right to lodge a complaint

You have the right to make a complaint with the Personal Data Protection Committee or their office in the event that we do not comply with the PDPA.

5. How we share your personal data

We may disclose your personal data to the following parties under the provisions of the PDPA:

a) Companies in SCBX  Group  and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;

b) payment recipients, beneficiaries, account nominees, intermediaries (such as third-party securities companies, or asset management companies), registrars, underwriters, custodians, correspondents , market counterparties, issuers of products, or global trade repositories and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;

c) governmental authorities and/or supervisory or regulatory authorities (e.g. the Bank of Thailand, Office of the Securities and Exchange Commission, Ministry of Digital Economy and Society, Anti-Money Laundering Office, Thai Revenue Department, the Stock Exchange of Thailand, Thailand Futures Exchange, Thailand Securities Depository, Thailand Clearing House court and Department of Provincial Administration);

d) suppliers, agents, vendors and other entities (e.g. professional associations to which we are member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses) where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures;

e) any relevant persons as a result of activities relating to selling rights of claims and/or assets, restructuring or acquisition of any of our entities, where we may transfer our rights to; any persons with whom we are required to share data for a proposed sale, reorganisation, business transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets used in our business operation;

f) other banks, financial institutions and third parties where required by law to help recover funds that have entered your account due to misdirected payment(s) by such third parties or trace funds where you are a victim of suspected financial crime, or where suspect funds have entered your account as a result of financial crime;

g) debt collection agencies, lawyers, fraud prevention agencies, courts, authorities or any persons whom we are required or permitted by laws, regulations, or orders to share personal data;

h) third parties providing services to us such as IT service providers and /or platform providers, cloud computing providers and /or data storage facility providers, vendors who provide operational system test and development services. document delivery service providers, customer satisfaction survey service providers, printing services, market analysis and benchmarking service providers, including but not limited to correspondent banking, overseas remittance system service providers and switching system service providers, agents or subcontractors acting on our behalf;

i) social media service providers (in a secure format) or other third-party advertisers so they can display relevant messages to you and others on our behalf about our products and/or services. Third-party advertisers may also use data relating toyour previous online activities to tailor adverts to you;

j) our customers, persons involved in making transactions with us and/or persons in relation to the provision of our products or services;

k) third-party security providers;

l) other persons that provide you with benefits or services associated with our products or services, e.g. insurance company (for provident fund services); and/or

m) your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power.

6. International transfer of personal data

The nature of the modern investment business is global and under certain circumstances it is necessary for us to send or transfer your personal data internationally (e.g. transferring data to companies in SCBX Group or to cloud server overseas for the purpose of the provision of services). When sending or transferring your personal data, we will always exercise our best effort to have your personal data transferred to our reliable service providers or other recipients by the safest method in order to maintain and protect the security of your personal data.

In the event that the destination country does not have adequate personal data protection standards, we will ensure that the sending or transfer of personal data complies with the requirements of the PDPA and will implement measures for personal data protection deemed necessary and appropriate to ensure that your personal data is protected under standards equivalent to those in Thailand, such as entering into agreement with the data recipient to stipulate personal data protection with adequate security standard.

7. Retention period of personal data

a) We will maintain and keep your personal data while you are our customer and once you have ended the relationship with us (e.g. after you closed your account with us, or following a transaction with us, or in case of your application to use our services is disapproved, or you terminated the services provided by us), we will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified, but not over than 10 years since your ending of relationship with us.

b) The period we keep your personal data will be linked to the prescription period or the period under the relevant laws and regulations (e.g. Financial Institutions Businesses Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, Accounting Law, Tax Laws, Labour Laws and other laws to which we are subject both in Thailand and in other countries). In addition, we may need to retain records of CCTV surveillance in our head office and/or voice records of SCBAM Client Relations to prevent fraud and to ensure security, including investigating suspicious transactions which you or related persons may inform us.

8. Use of Cookies

We may collect and use cookies and similar technologies when you use our products and/or services. This includes when you use our websites and applications.

The collection of such cookies and similar technologies helps us recognise you, remember your preferences and customise how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests), for details please see Cookie Notice.

9. Use of personal data for original purposes

We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. The measures extend from data encryption to firewalls. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.

10. Security

We endeavour to ensure the security of your personal data through our internal security measures and strict policy enforcement. The measures extend from data encryption to access control restriction. We also require our staff and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.

11. How to contact us

If you have any questions or would like more details about our privacy notice, please contact us through the following channels:

• our head office located at SCB Park Plaza Bldg., Tower 1, 7th-8th Floor, 18 Rutchadapisek Road, Chatuchak, Chatuchak, Bangkok 10900.

• our Data Protection Officer by writing to E-mail: [email protected] or our address as specified above.

If you would like to exercise your rights in accordance with PDPA, please contact us through SCBAM Client Relations Tel. 02-777-7777 during our office hours.

12. Changes to this privacy notice

We may change or update this privacy notice from time to time and we will inform the updated privacy notice at our website https://www.scbam.com/en/privacy-notice/

 

Publish date: May 12, 2026