Privacy Notice

Privacy Notice

 

Updated June 1, 2022

 

We, 33 Remittance Company Limited (“The Company” or “ SMARTSWIFT”), has been always aware of the importance of personal data protection of thepersonal data subject (“you”), we therefore issue this Privacy Notice (“Notice”) to inform you of the details of personal data collection, use, exposure and transfer (“Data Processing”).

For the purpose of this Notice “Personal Data” means any information relating to an individual that may identify, or may be identified, or that enables an individual to be identified, directly or indirectly.

The Company gives great importance to and emphasizes on the protection of Personal Data, by realizing that the Data Processing in the Company must be carried out under the following principles:

 

  • Lawfulness, fairness and transparency: The Company will only process the data on the basis of which the Company has a legitimate base and the Company will clearly determine the methods of collecting and using personal data.
  • Purpose limitation: The Company will only process the data for the purposes specified and notified at the time the Company receives the personal data unless it is processed for a related purpose or for a performance of duty following a clear law.
  • Data minimization: The Company will collect and use Personal Data only to the extent necessary to achieve the purposes of data processing.
  • Accuracy: The Company will take reasonable steps to ensure that the collected Personal Data is accurate, complete, and up-to-date, and taking into account the purposes of the processing.
  • Storage limitation: The Company will keep the data as necessary unless the Company is required to keep it in order to meet the standards of document retention or government regulations.
  • Integrity and confidentiality: The Company will implement appropriate technical and organizational measures to ensure that the Personal Data collected by the Company is maintained at an appropriate level of security.
  • Accountability: The Company will take appropriate action to demonstrate that the Company has complied with the abovementioned principles.

 

This Notice applies to

This Notice covers the Data Processing of your Personal Data which you may have a status as follows:

1) A customer, both directly making transactions with the Company and/or persons involved in the Company's transactions ("Products and Services"), either as a remittance sender or receiver in the relevant destination country or who has contacted a partner to transact with the Company.

2) An individual or person who contacts the Company through various channels arranged by the Company for service, whether contacting at the Company's office, by phone, via the website or social media, etc.

3) A company personnel, employee, staff, director of juristic persons, shareholder.

4) Any other person with whom the Company collects personal data (such as a job applicant, a reference or a person adjacent to a job applicant's, a person authorized to sign on behalf of the partner company, a contractor or service provider with the company, a respondent to the survey or a person showing interest in using the company's services).

 

Direct data collection from the data subject.

The Company gives great importance to the collection of Personal Data directly from you. We are also aware of obtaining your consent as the subject of the Personal Data, which is the right to give consent to the Company's Data Processing as requested by the Company. You only need to acknowledge that providing incomplete personal data as requested by the company; or not giving consent to the collection, use, and disclosure of such Personal Data may restrict your rights to use certain services.

However, the Company may not require your consent, if the Data Processing is supported by another legitimate purpose (such as the need to perform a contract or the need to follow the law). In this case, if the Company is unable to process Personal Data, it may result in the Company being unable to provide services to you.

In some cases, the Company may access data about your interests and/or preferences, and/or data about the use of various websites by using cookies on the Company website and applications. The cookies located on the website and the Company's application will record your data, and the Company will have access to such data. This is to allow the Company to offer services that meet your needs as much as possible.

In all communications between you and the Company, whether by phone, email, company application, applications used for communication, customer service center, or contact by any other means, the Company may record such communication for several purposes, such as, to use as evidence, to develop and improve the service, to track your satisfaction, to train personnel, to evaluate personnel performance, to analyze data, and to develop the company's system as well.

 

Data collection from other sources

In some cases, the Company may collect your data from other sources or obtain data disclosed by other parties, such as employees or customers. Data collected from other sources includes names, surnames, and phone numbers of emergency contacts, for example. In such case, the person who discloses your information to the Company certifies to the Company that you are aware of such disclosure and provide details of the Company relating to the Data Processing of such information according to this Notice.

Apart from the data collection from other sources in the aforementioned cases, the Company may collect publicly available information such as public information or information disclosed by a government agency. In this case, the Company processes with due regard to the conditions and procedures stipulated in the law and this Notice.

 

Collected Personal Data

The company collects your data as necessary and according to its processing purposes. The information collected includes various types of data such as:

Identity Data such as name, surname, nickname, middle name, gender, age, nationality, identifiable information on government-issued documents (such as ID card, driver's license, passport, and other documents of the same nature, etc.), a photograph of the person's face or moving image, travel details, etc., including occupation, status, or position; child family status; employment and/or personnel assessment data; educational data.

Contact Details such as address, postal code, place of residence, place of work, contact information on government documents (such as address on ID card, or copy of house registration), telephone number, fax number, online communication channels (e.g. E-mail, LINE, Facebook, and other social media accounts) as well as contact information on other channels that can be used to contact you.

Financial details including transaction details such as bank account, details and payment history, details of the sending and receiving of money, transaction history whether done through offline or online channels (e.g. date, branch where the service was used, recipient country, transaction frequency, transaction amount, transaction order, transaction cancellation request), financial reliability and credit, financial risk, ability to pay debts and any other financial details including but not limited to transaction details on the Company's products/or services, such as the status of the insured as well as the beneficiary, the status of the provident fund holder, etc.

Membership details such as member account information, member number, membership status, membership history, subscription (information according to the application document and member information modification documents) and other information related to the status or usage of the member.

Device or tool information such as device specify coordination and device access date (Log), Device number (MAC Address) IP Address, Unique Device Identifier (UDID), Device ID (e.g. International Mobile Equipment Identity (IMEI) ) Electronic Serial Number (ESN), Mobile Equipment Identifier (MEID) and Serial Number (SN)), usage information/activity tracking (Clickstream /online website tracking), operating system and platform information, your interests and preferences and/or website access information through the use of cookies on the website and company applications (Cookies), as well as other technical data from the use of the Company's system or platform.

Information about preferences or behaviors such as your desire to receive marketing information from the Company, showing interest in using the Company's products and services and the preferred form of communication; and/or

Sensitive Personal Data such as race, religion, biometrics, health information, and criminal records.

 

Cookies

The Company’s website uses cookies, which are small text files that keep the Company's website working properly and improve your experience while exploring the website. Cookies are divided into necessary cookies and non-necessary cookies. In the case of necessary cookies, the Company does not need the consent of the website user. On the other hand, the Company will only use non-necessary cookies if you have given your opt-in consent to be able to use them. The Company will expressly require your consent before the Company installs non-necessary cookies on the device in the case you gave consent to the Company's installation and use of non-necessary cookies. You can change your cookie settings at any time.

 

Purpose of Personal Data Processing

To collect your Personal Data, the Company may collect, use or disclose your information for the following purposes:

 

  • Providing the Company's services to you.
  • Creating legal relations under the contract, including the exercise of rights under the contract, or the legitimate rights of the Company and you.
  • Tracking, analyzing and processing your data for improvement and modification of products and/or services, or development and presentation of new products and/or services to suit your needs, whether offered by the Company or business partners of the Company.
  • Conducting or promoting marketing and sales promotion activities, including various product and service publicity, whether for the company, affiliated companies, or another person.
  • General management of the Company including the management of various related risks, or the prevention and investigation of potentially fraudulent behavior.
  • Compliance with laws and regulations as well as guidelines or requirements of the departments that supervise the Company's operations.
  • Compliance with the Company or affiliated companies' internal operation policy.
  • Monitoring, auditing and evaluating the Company's services and managing the relationship between the Company and you.

 

Data processing base as stated by the law

 

Purposes of Data Processing 

Description

Legal bases 

Company's products/or services usage

The Company's products/or services usage involves multiple Data Processing activities. Starting from the registration process to make the transaction, the submission of documents or requests through various channels for the use of the Company's products or services, such as money exchange, cash sending, or international money transfer.

·    Necessary for the performance of a contract, such as a subscription, submission of a service request to use the Company's products/or services.

·    Necessary for the compliance with the law, such as providing a customer acquaintance, sending transaction reports to various departments including regulatory agencies such as the Bank of Thailand, agencies under the Anti-Money Laundering Law.

Performing for Marketing Purposes

To develop the Company's products or services to be in accordance with and reach the users. The Company conducts marketing activities such as providing channels for receiving information about the Company's products, direct marketing, and use of data for analysis for marketing purposes.

·    Consent, in the case of responding to forms of interest in using the Company's products/or services, including marketing where it directly affects the privacy rights of the Personal Data subject, such as direct marketing.

·    Necessary for the Company's legitimate interests such as, the study of the customer's use of the products or services of the Company for analysis in order to plan or analyze the marketing.

Coordinating with contacts through various channels

The Company provides direct communication channels via telephone and online channels such as e-mail, LINE, and Facebook. When you have contacted the Companythrough such channels, the company will know the channel of contact to comply with your request. In the case of a telephone call, the Company may record audio conversations as evidence of further action or for further improvement of the service.

·    Necessary for the compliance with the law on financial business governance.

·    Necessary for the legitimate interests of the Company, for example, as evidence of responding to requests or taking action following the contact, or developing the service quality.

·    Consent in the case of requesting opinions.

Coordination with partners or business allies and procurement

In contacting or coordinating with partners or business alliances, the Company may collect contact information of juristic directors, attorneys, and authorized persons, including the use of services from external service providers such as hiring of specialists or consultants, which is necessary to conduct the Processing of Personal Data in a similar way.

·    Necessary for the performance of the contract, in considering agreeing to enter into a contract as a partner or business partners.

·    Necessary for the legitimate interests of the Company, such as, the use of personal contact information as specified by the business partner (such as the use of business card details) as well as keeping the records after the end of the employment contract or after the end of the record-keeping period as required by law. The records will be used as evidence in litigation or legal proceedings when a dispute arises.

·    Necessary for the compliance with the law, for example, providing knowledge of partners or business partners, or sending transaction reports to various agencies, including regulatory agencies such as the Bank of Thailand or agencies under the Anti-Money Laundering Law.

Compliance with laws and regulations related to the Company

Many activities are related to this purpose; the compliance with laws, regulations, or rules applicable to the Company may be relevant to the operations of the management of the organization, human resources management, the supervision of financial business operations, the prevention and suppression of money laundering, etc., including compliance with legal procedures and responding to requests from the public sector and government agencies, national security or other law enforcement pertaining to the Company.

·    Necessary for the compliance with laws, such as the law on company partnership registration, Labor Protection Law, Anti-Money Laundering Law, and the law governing financial and fiscal supervision.

Security Management

The Company has security measures in office areas such as CCTV systems.

·    Necessary for the Company's legitimate interests to deter crimes, including the security of the life and property of the person.

Human resource management

Human resource management involves activities starting from job application, applicant selection, payroll, assessment or work history, and welfare rights management, etc.

·    Necessary for the performance of a contract, such as submitting a job application, applicant selection, access to welfare rights under the employment contract, and payroll.

·    Necessary for the compliance with laws such as social security, income taxes, and all laws related to labor protection.

·    Consent, such as consent to being offered another position suitable for your qualifications in addition to the job advertised.

·    Necessary for the legitimate interests of the Company, such as statistical research studies for the benefit of personnel management, maintenance of employee records after the end of the employment contract or after the end of the record-keeping period as required by law. The records will be used as evidence in litigation or legal proceedings when a dispute arises.

Collection of records, documents or evidence.

The Company may be required to collect the records, documents or evidence that may arise in connection from various actions, whether it is about the organization management or human resources management as well as collecting records related to transactions or use of the Company's products/or services.

·    Necessary for the compliance with the law. In some cases, the law may require the maintenance of transaction evidence documents.

·    Necessary for the legitimate interest of the Company. The maintenance of transactions records after the performance of the contract, or after the end of the record-keeping period as required by law, the records will be used as evidence in litigation or legal proceedings when a dispute arises.

Website usage

The Company's website uses cookies, which are small text files that allow the Company's website to function normally and improve the experience of using the website.

·    Consent in case of the installation of Non-Necessary cookies.

·    Necessary for the legitimate interests of the Company and the visitors of the website in case of the installation of Necessary cookies for the complete use of the website.

 

Processing period of your data

The Company will maintain your Personal Data only as necessary for Data Processing purposes and/or according to the minimum period specified by relevant law, as the case may be. Currently, the Company has a guideline for determining a period of not more than 10 years after the Company terminates the relationship with you as its customer. However, the Company may continue to maintain your Personal Data after the expiration of such period if the Company considers that it is still necessary for the Company to maintain your information for other purposes as necessary on a case-by-case basis. For example, the enforcement of legal rights or contracts of the company, etc.

 

Persons to which the Company may disclose your Personal Data

The Company may disclose your information to third parties, a disclosure of information to persons in Thailand and/or including disclosure to foreign countries. In the case of sending information abroad, the Company will do its utmost in selecting service providers, systems, as well as considering methods and procedures for disclosing information that are no less than the standards required by law relating to personal data protection of Thailand, including but not limited to the case where the Company has obtained your consent to disclose the data for the confidence and security of your privacy rights in your Personal Data.

To achieve the various purposes of Data Processing in accordance with this Notice, regarding the disclosure of Personal Data, the Company may disclose your data to the following parties:

1) Service providers who provide services to the Company. The Company may need to disclose your Personal Data to service providers who provide services for the Company, including government agencies that the Company requests for services, the service providers are listed below. The service provider will use your Personal Data to the extent that the Company allows it and must be consistent with this policy. The disclosure of such data will be only on a need-to-know basis.

 

  • Professional advisors such as financial advisors, legal advisors, auditors, etc.
  • Infrastructure and Information Technology service providers.
  • Storage providers, including cloud providers.
  • Marketing service providers, including the data and statistics preparation service providers.
  • Advertising, public relations, and communication service providers.
  • Several service providers involved in payment systems and networks.
  • Cash management service providers or various paying agents.
  • Service providers in the preparation and storage of documents and printed matter.
  • Financial institutions and other third parties that the Company uses to provide services for You.
  • Data verification service providers such as Netbay, Department of Provincial Administration (DOPA), or Legal Execution Department (LED), etc.

 

2) The Company’s partners: The Company may disclose your personal information to other parties who have partnership agreements with the Company, such as financial institutions, trading partners, sales representatives, and outsource contractors in business operations, etc.

3) Any other person required by law: If there are related laws, rules, regulations, orders of government agencies, or orders of judicial authorities requiring the Company to disclose your Personal Data, the Company is required to disclose such Personal Data.

4) Assignee of rights and/or duties from the Company: In the event that the Company wishes to transfer the rights and duties of the Company including partial or full business transfers, mergers, and the restructuring of the company's shareholding, the Company is obliged to disclose your Personal Data to the assignee (including prospective assignees). The assignee’s rights and duties in relation to your Personal Data will also be in accordance with the policy in this Notice.

 

Protecting your data

The Company uses modern and highly secure technology for storing and maintaining Personal Data. The Company assigns the right to access Personal Data only to the Company’s officers or persons with related duties. Furthermore, the Company has in place a system to strictly monitor the access and use of personal data, as well as to arrange for the regular improvement and development of the personal data storage and maintenance system in order for the system to store personal data accurately and reliably, to prevent personal data leakage or rectification by unauthorized persons or misuse of personal data.

The Company has guidelines and security measures, the details are according to the Information Security Policy

 

Data subject rights

1) Right of access and right of data portability: You have the right to request access to and obtain a copy of your Personal Data held by the Company, as well as to request that the Company disclose the acquisition of your Personal Data if you did not give consent to the collection of such data. You may also have the Company transmit your Personal Data to you or to other Personal Data Controllers in a widely used and computer-readable data format if such data is in a format that can be done so. 

2) Right to object processing: You have the right to object to the collection, use, and disclosure of Personal Data about you if such data is collected by the Company without your consent or is collected, used, or disclosed for direct marketing or for research studies.

3) Right to erasure and right to restrict processing: You have the right to request that the Company delete, destroy, or restrict the use of your Personal Data retained by the Company in any method that the Company deems appropriate so that such data can no longer be used to identify the owner of the data.

4) Right to rectification: You have the right to request the Company to rectify your Personal Data held by the Company to be accurate, up to date, complete, and not cause misunderstanding.

5) Right to withdraw consent: You have the right to withdraw your consent to the collection, use, and disclosure of your Personal Data. However, withdrawing your consent will not affect the collection, use, or disclosure of Personal Data that you have previously given consent to. Withdrawing such consent may prevent the Company from continuing to provide services to you.

6) Right to complain or petition to the competent supervisory authority: In the event that you believe that the Company's Data Processing is done in a way that is unlawful or inconsistent with the applicable provisions of the law on Personal Data protection.

In exercising your rights, you acknowledge that your rights as the subject of Personal Data as stated above are the rights that are restricted by related law. The Company may deny the exercise of your rights if the Company has legitimate grounds for refusing to exercise such rights.

 

Change to the Privacy Notice

In order to make this Notice consistent with the law or guidelines that may change in the future, the Company may update, amend, add or change the details in this Notice.

In the event that the Company changes the subject matter of this Notice, whether it is about the personal data that will be collected, the purpose of the collection for use or disclosure, types of persons or agencies with which the Company may disclose the data, rights of Personal Data subject, and the duration of data storage, the Company will notify you of any changes to this Notice in accordance with the provisions of the law on Personal Data protection.

 

The law and language of this Notice

This Notice is made in Thai language under the terms and conditions of Thai law. The translation of this Notice in any language is made for the convenience of the users only and does not have any intention to modify the details of the Privacy Notice. In the event of a conflict between the Thai language and other languages other than the Thai language, the Thai language shall prevail.

 

Contact Details

In case you have any questions regarding the protection of Personal Data in accordance with this Notice or wishing to exercise your rights in accordance with the provisions of the law relating to Personal Data Protection, You can contact the Company from the details as follows:

 

33 Remittance Company Limited

Sindhorn Building Tower 1, G Floor, Room no.3,

130-132 Wireless Rd., Lumpini, Pathumwan,

Bangkok 10330, THAILAND

Call Center (02) 114-8282

 

The Personal Data Protection Officer. (DPO)

compliance@smartswift33.com