Thunderxpay Payments Inc., the payment gateway, intends to provide you with quality services to meet your expectations. We realize the importance of protecting your data and compliance with relevant laws and regulations. The payment gateway has provided this Privacy Notice to inform you of personal data protection and your rights as the data subject of personal data.
1. Personal data of the data subject to be collected, used, and disclosed by the payment gateway are as follows:
1.1 Data that can identify the data subject whether directly or indirectly
(1) Personal information, namely, name-surname, gender, date of birth, age, the information stated or recorded in documents, such as national identification card, passport, residence certificate, driving license, signature, taxpayer identification number, facial photograph, occupation, status,
(2) Contact information with the payment gateway, namely, the address of house registration, electronic mail address (Email address), home telephone number, mobile phone number,
(3) Financial and transaction information with the payment gateway, namely, deposit account number, investment account number, credit card number, debit card number, type of credit and debit card, information for compliance with Anti-Money Laundering law and Foreign Account Tax Compliance Act (FATCA), any other information related to the use of or request for services and transactions with the payment gateway,
(4) Contact information with the payment gateway, namely, information received by the payment gateway through telephones, electronic or digital channels, social media, on-site services which may be displayed or recorded in written form, recording tape or record of transactions, photos or motion images,
(5) Technical information, namely, Internet Protocol (IP address), Media Access Control (MAC) address, the identification code affixed to the device connected to the network and the network (MAC address), log, device ID, Application Programming Interface (API), cookies, type and version of Plug-in, browser, operating system and platform, internet system or mobile network, geographic location, device setting and other technical data derived from the use of the platform, application and operating system of the payment gateway,
(6) Usage information, namely, username, password, search information, visitation statistics, an active menu, time spent on the website, platform, and application, timestamp of last click, favorite menu, Q&A, log file, communication information with the payment gateway,
(7) Behavioral information, namely, information relating to personal interests or preferences, and characteristic of use or utilization of services;
1.2 Sensitive personal data that the payment gateway must obtain consent from you before collecting the sensitive personal data, namely, biometric data (for example, facial recognition, fingerprint recognition, iris, and voice recognition data), religions, criminal records, or any other data as prescribed by the Personal Data Protection Committee.
2. Purposes of the collection, use, and disclosure of your personal data
The payment gateway will collect, use and disclose your personal data in accordance with the law, which is necessary for (1) the performance of a contract or a request you made to the payment gateway in order to comply with such contract or request, (2) legal obligations to comply with a law to which the payment gateway is subjected, (3) legitimate interest of the payment gateway or other persons or juristic persons, (4) necessity for preventing danger to a person’s life, body or health, (5) necessity for the public interest, a task carried out in the public interest or the exercising of official authorities, or (6) your consent where any legal basis specified in (1) to (5) cannot be relied on, for the following purposes:
2.1 to contact, communicate or provide information related to or in connection with products or services that you use or will use with the payment gateway;
2.2 to process in accordance with the agreement as stated in your request or agreement made to the payment gateway, or in connection with such request or agreement, including compliance with an agreement made between the payment gateway and other people where necessary and related to services provided to you;
2.3 to manage your relationship with the payment gateway and to conduct details or record of your use of services for providing further service to you;
2.4 to manage the information of corporate customers which may contain your personal data;
2.5 to comply with relevant laws and regulations;
2.6 to identify and verify your identity in accordance with the Know Your Customer process of the payment gateway, including checking your information, and monitoring such verification as required by the payment gateway;
2.7 to take any action as required, requested, or recommended by the regulatory bank oversight the business conduct of the payment gateway,
2.8 to manage and administer the payment gateway’s internal processes, such as supervising, improving, and auditing the Payment Gateway’s internal operations;
2.9 to manage or organize the risks, such as
(1) prevention, handling, or mitigation of risks that may arise from illegal actions and may occur to you, the payment gateway’s customers, the payment gateway’s staff, and the payment gateway itself by considering that information for improving the security system related to the use of channels, the operating system and the security system in the information technology operation of the payment gateway;
(2) risk management related to a course of business of financial institutions, such as credit risk, operational risk, legal risk, liquidity risk, and market risk;
2.10 to provide and suggest products, services, and service options to you, as well as including advertising, communicating, notifying, offering, or presenting privileges benefits, rewards, or information about products or services of the payment gateway, or organizing events and promotions;
2.11 to inspect the use of services or transactions according to your instruction;
2.12 to manage services and complaints, such as checking financial service transactions, inaccurate financial transactions, the transmission of information within the payment gateway or between the payment gateway and other parties, accommodating customer complaints, or using the information to improve the work process on such matters;
2.13 to conduct statistical analysis or research related to a course of business of the payment gateway and companies in the payment gateway’s financial group;
2.14 to conduct strategic adjustment, benefits protection, or performance evaluation or service provides an evaluation of the payment gateway;
2.15 to evaluate, develop and improve products or services of the payment gateway, or to exercise the Bank’s rights, and may disclose information from such analysis to you for your financial planning or utilization of other services of the payment gateway, or to companies within the payment gateway’s financial group or business partners;
2.16 to organize campaigns or promotional activities;
2.17 to store data in the cloud storage and in other systems used by the payment gateway;
2.18 to perform the payment gateway’s obligations in accordance with terms and conditions set out in an agreement to which the payment gateway is a party or to enforce legal or contractual rights of the payment gateway; and
2.19 to connect to or facilitate access to the website, applications, and platforms of the payment gateway. The collection, use, or disclosure of your personal data includes sending or transferring your personal data overseas that the payment gateway proceeds in accordance with the aforementioned purposes and legal basis.
3. Persons or entities whom the payment gateway may disclose your personal data to The payment gateway may be required to disclose your personal data to the following persons or entities located in Thailand or overseas in order to achieve the purposes stated in this Privacy Notice, namely:
3.1 The companies within the payment gateway’s financial group as published on the payment gateway’s website.
3.2 The payment gateway’s business partners, such as business partners of the payment gateway relating to financial, payment gateway, service provision, investment, marketing, data analytic, platform provider, or a person whose name or logo appears in the agreement, website or other service channels of the payment gateway.
3.3 Persons involved in service provision of the payment gateway, such as intermediaries in payment gateway transactions, settlement or payment service providers, the payment gateway’s service partners, outsource service providers, operators or sellers of goods or services to the payment gateway or payment gateway agents both domestically and internationally to which the payment gateway is a contracting party, such as infrastructure development service providers, internet network service providers, telecommunication and communication service providers, technical infrastructure providers, electronic system development or information technology providers, logistics and warehousing service providers, cloud service providers, service providers for research and data analytics, communication service providers, survey service providers, event and activities organizers, identity verification system service providers, Dip Chip service providers, identity verification service providers, credit rating institute, courier service providers, card printing and information recording in electronic card service providers, selling agents for the payment gateway’s financial products or services, and security or fraud prevention service providers.
3.4 Persons or competent authorities, the payment gateway may be required to disclose your personal data in order to comply with laws, rules, regulations or orders of government agencies, state enterprises, regulatory authorities, or in any case where the payment gateway believes that such disclosure is necessary to comply with the law, to protect the rights of the payment gateway or other persons, the safety of any person, to prevent, investigate or handle fraud, security or safety in various areas.
3.5 The payment gateway’s advisors, such as financial advisors, legal advisors, technical consultants, and auditors.
3.6 Assignees of the payment gateway’s rights, obligations, and legal claims, including any person involved in corporate restructuring, business transfer, investment, merger and acquisition, purchase or sale of assets, shares, or businesses provided that such person will comply with this Privacy Notice as well.
3.7 Other persons related to you, such as owners of a joint deposit account, trustees, and authorized persons.
3.8 Associations, organizations, clubs, and agencies include the Thai Bankers’ Association, Lawyers Clubs, Bank, and Financial Institutions Internal Auditors Club, and Credit Card Club.
3.9 Websites and social media, such as Google.
4. Retention of your personal data and retention period of your personal data
4.1 Retention of your personal data
The payment gateway has established security measures for personal data both in form of documents and electronic to prevent the unauthorized or unlawful loss, access to, use, alteration, correction, or disclosure of personal data.
4.2 Retention period of your personal data
The payment gateway will collect your personal data for the purposes stated by the payment gateway in this Privacy Notice to the extent necessary as long as required by law, and for a maximum period of 10 years from the cessation date of your relationship with the payment gateway unless the payment gateway is required otherwise by law or such personal data is data that cannot be deleted or destroyed due to technical limitations.
5. Sending your personal data overseas
In the event that the payment gateway has a necessity to send or transfer your personal data to a person overseas, such as your counterparty or the payment gateway’s counterparty, the payment gateway’s representative, the payment gateway’s overseas branches, the payment gateway’s affiliates and subsidiaries, international agency or organization where the recipient country may have inadequate data protection standard as required by law. In such cases, the payment gateway will provide appropriate measures to ensure that your personal data sent to the recipient is secure.
6. The data collected through the payment gateway’s website system
7. Rights of the data subject
You, as the data subject, have the rights as follows:
7.1 Right to request access and obtain a copy of personal data
You have the right to request access to and obtain a copy of personal data related to you which is under the payment gateway’s responsibility or to request the payment gateway to disclose the acquisition of the personal data obtained by the payment gateway without your consent.
7.2 Right to obtain or send or transfer personal data to another data controller
You have the right to receive personal data related to you which you provided to the payment gateway on the basis of your consent, the necessity for the performance of a contract or a request you made to the payment gateway, or a requirement as prescribed by the Personal Data Protection Committee. In the event that the payment gateway has arranged such personal data to be in a format that is readable or commonly used by ways of automatic tools or equipment, and can be used or disclosed by automated means, you are also entitled to (1) request the payment gateway to send or transfer personal data in such formats to other data controller if it can be done by automated means; and (2) request to directly obtain personal data in such formats that the payment gateway sends or transfers to other data controller unless it is impossible to do so because of technical circumstances.
7.3 Right to object
You have the right to object to the payment gateway’s collection, use, or disclosure of your personal data in the event that (1) the payment gateway collects your personal data for the purposes of the necessity for the performance of a task carried out in the public interest by the payment gateway, or the exercising of official authorities, or for the legitimate interest of the payment gateway or other persons or juristic persons, (2) the payment gateway collects, uses or discloses your personal data for the purpose of direct marketing, or (3) the payment gateway collects, uses or discloses your personal data for the scientific, historical or statistical research purposes unless it is necessary to perform a task carried out for public interest by the payment gateway.
7.4 Right to erase or destroy the personal data
You have the right to request the payment gateway to erase, destroy or anonymize your personal data to become the anonymous data which cannot identify your identity where (1) your personal data is no longer necessary for the payment gateway to collect according to the purposes herein, (2) you withdraw your consent and the payment gateway has no other legal basis to collect, use or disclose such personal data, (3) you object to the collection, use, and disclosure of your personal data collected by the payment gateway for the purposes of the necessity for a performance of a task carried out in the public interest by the payment gateway, or the exercising of official authorities, or for the legitimate interest of the payment gateway or other persons or juristic persons and the payment gateway cannot reject such objection, (4) you object the collection, use or disclosure of your personal data for direct marketing purposes, or (5) your personal data has been unlawfully collected, used or disclosed, unless the payment gateway is obliged to collect your personal data for the purpose for compliance with the law, the establishment of legal claims or the exercise or defense of legal claims of the payment gateway.
7.5 Right to restrict the use of personal data
You have the right to request the payment gateway to restrict the use of your personal data where (1) the payment gateway is pending examination process in accordance with a request to rectify your personal data to be accurate and up-to-date, (2) the payment gateway collects, uses or discloses your personal data unlawfully, (3) it is not necessary for the payment gateway to collect, use or disclose your personal data for any purposes, but you request the payment gateway to collect your personal data for your legal interest, or (4) you request the payment gateway to temporarily restrict the use of your personal data because the payment gateway is pending verification or examination with regard to your objection request.
7.6 Right to rectification
You have the right to request the payment gateway to rectify your personal data to be accurate, up-to-date, complete, and not misleading.
7.7 Right to withdraw the consent
You have the right to withdraw your consent given to the payment gateway for the collection, use, and disclosure of your personal data at any time.
7.8 Right to revoke the consent
You are informed that you have the right to revoke your consent for the collection of personal data by the Bank before the Personal Data Protection Act B.E. 2562 comes into effect by submitting a request for revocation of consent to the payment gateway.
7.9 Right to lodge a complaint
You have the right to lodge a complaint to a competent authority or legal authority in the event that the payment gateway or its data processor, including employees or contractors of the payment gateway or such data processor, violates or does not comply with personal data protection law.
If you wish to exercise any rights with regard to Clauses 7.1 to 7.7 set forth above, you can submit a request to the payment gateway or any other channels specified by the payment gateway. Once the payment gateway receives your request, the payment gateway will examine your request in accordance with the conditions prescribed by law, complete your request, and notify you of the result of the examination and completion of the request within 30 days from the date of receipt of all request and supporting documents.
If you exercise the rights of the data subject, you may not be able to receive certain services from the payment gateway while the payment gateway is pending verification or examination of your request.
The payment gateway will not charge a fee for exercising the right unless the payment gateway deems your request excessive or unreasonable and the payment gateway may charge a fee to process your request according to the rate announced by the payment gateway.
Provided that you may request to exercise your rights from the date the Personal Data Protection Act B.E. 2562 comes into effect onwards.
8. Changes to this Privacy Notice
The payment gateway may amend this Privacy Notice from time to time as appropriate. The payment gateway will notify you of such changes through the websites and applications, and the payment gateway would encourage you to read and check the details in Privacy Notice every time when such changes are made.
9. Contact information
If you wish to contact or would like to have more information or an explanation for the collection, use, and disclosure of your personal data, and exercise the rights of the data subject as specified in this Privacy Notice, you can contact the payment gateway.