​​​​​​​​​​​​​Privacy ​Policy


Last updated May, 2020 

 

KASIKORN ASSET MANAGEMENT COMPANY LIMITED (“Company”) adheres to ethical business conducts and compliance with applicable legal framework.  The Company is aware of your trust in the Company’s products and services and recognizes your need for security in transaction and the handling of your personal data. 

For prioritizing your privacy and safeguarding your personal data, the Company, therefore, has set out policies, regulations and rules for the Company’s business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to Company will be processed to meet your needs and in accordance with the laws.

1. What is the purpose of this Policy? 

This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data.


2. Which personal data that  the Company collects, uses, and/or discloses?

2.1 Personal Data is data that can directly or indirectly identify you, i.e.
2.1.1 Personal data that you give directly to or through the Company, or available to the Company by your use of products and/or services, contact, visit, search via digital channels, branches, website, call center, assigned persons or other means.; 
2.1.2 Personal data received or accessed by the Company from other sources not directly from you. For example, government entities, companies in KASIKORN Financial Conglomerate, financial institutions, financial service providers, business partners, the National Credit Bureau, and information service provider, etc.  The Company will collect data from other sources only when your consent is given as consistent with laws unless where necessary for the Company as permissible under laws.  
Your personal data that the Company collects, uses and/or disclose are such as 
Personal information such as name, surname, age, date of birth, marital status, national identification number, passport number;
Contact information such as home address, workplace, contact address (where different from your home address), telephone number, E-mail, LINE account ID; 
Financial information such as portfolio value, source of wealth, fund account numbers, bank account numbers, credit card numbers and/or debit card numbers related to fund transactions, dividend history, profit and benefit from investment, list of assets, amount of money to be invested and/or an estimate of monthly expenses for planning and/or setting investment policies;

Transaction information such as portfolios, purchase and/or redeem and/or switching including the acquisition or disposal of securities, payment for securities purchase including receiving money from securities disposal, buying on margin, securities lending;
Data related to devices or machines such as IP address, MAC address, Cookie ID; and   
Other information such as website-visiting data, voice, still picture, moving picture, and other information deemed personal data under the Personal Data Protection Laws

2.2 Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by the Company only when the Company has obtained explicit consent from you or where necessary for the Company as permissible under law. The Company may collect, use and/or disclose biometric identifiers (Biometrics), e.g., facial recognition, fingerprint recognition, retina recognition, voice recognition for the purpose of verifying and confirming identity of applicants for services and/or transaction via digital channels, branches, website, call center or other channels, etc.
(Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “Personal Data”)


3. What are the Company’s purposes of collecting, using and/or disclosing your Personal data?

The Company will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to Company or you; and for any purposes provided in this Policy, as follows; 

3.1 For your benefits in using the Company’s products and/or services that meet your own purposes and for other purposes necessary under laws 

3.1.1 To allow you to use the Company’s products and/or services that meet your purposes under your contract with the Company or to take steps at your request prior to using the Company’s products and/or services (Contractual Basis), for instance,
(1) to Approve the using of any products and/or services, e.g. funds account opening, management and administration of assets, including other services relevant to investment management;  
(2) to take any steps in relation to the providing of any products and/or services, e.g. processing, contact, notification, outsource, right and/or duty assignment, notification of fund purchase payment and/or delivery of benefits from investment including other notification of any information relevant or due to investment or assignment to assets management. 
3.1.2 To comply with relevant or applicable law (Legal Obligation), for instance,
(1) to comply with an order from a competent authority; and/or  
(2) to comply with Financial Institution Law, Securities and Exchange Law, Life Insurance Law, Non-life Insurance Law, Tax Law, Anti-money Laundering Law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Law, Computer Law, Bankruptcy Law, and other laws to which the Company is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws. 
3.1.3 To take necessary steps for the Company’s legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance, 
(1)  to record voice conversation with call center or images from CCTV, to exchange ID cards before entering buildings; 
(2) to maintain relationship with customers, e.g. complaint handling, satisfaction survey, customer service by the Company’s staff, notification or offer on any products and/or services of the same types you are using for your benefits;
(3) to manage risks, monitor, manage within organization including to refer such tasks to affiliated companies in the conglomerate under the Personal Data related policy of the conglomerate (Binding Corporate Rules);
(4) to anonymize your Personal Data (Anonymous Data);
(5) to prevent, respond, and minimize potential risks arising from corruption, cyber threat, debt default or contractual breach (e.g. bankruptcy related data), law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks;
(6)   to collect, use and/or disclose the Personal Data of directors, representatives, agents of customers that are juristic person;
(7) to contact, voice or image recording during meetings, trainings, seminars or booth activities;
(8) to collect, use, and/or disclose the Personal Data of person under court’s receivership order; and
(9) to receive - dispatch parcels. 


3.2 To enable you to receive benefits from using products and/or services according to your given consent, for instance,  

(1) For you to receive products and/or services that are better and suitable for your need;
(2) For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities; 
regardless of being products and/or services, privileges, promotions, information or special activities of the Company, business partners or a third party associated with the Company, depending on your given consent.​

4. To whom may the Company disclose your Personal Data? 

The Company may disclose your Personal Data to other person or entities to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy.
The Company will disclose your Personal Data to other persons or entities under your consent or other legal basis for the purposes specified in this Policy. For example, Personal Data Processors, business partners, external service providers, the Company’s agents, sub-contractors, financial institutions, auditors, external auditors, credit rating companies, asset management companies, the National Credit Bureau, competent authority, prospective assignees and/or assignees in any transaction or business merger of the Company, any corporations or individuals  under relationship or contract with the Company;  including executives, staffs, employees, contractors, agents, the Company’s advisor and of those person or entity who receive the data, etc. 


5. Can the Company send or transfer your Personal Data to other countries?

When it is necessary, the Company may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of the Company’s business, e.g. sending or transferring the Personal Data to be stored on server/cloud in other countries. 
If the receiving countries do not maintain adequate standard levels, the Company will ensure that the sending and the transferring are in compliance with legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements. 


6. How long does the Company retain your Personal Data?

The Company will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with the Company, or for as long as necessary in connection with the purposes set out in this Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc.   
The Company may erase destroy, or anonymize the Personal Data when it is no longer necessary or when the period lapses. 


7. How does the Company protect your Personal Data?

For retention of your Personal Data, the Company implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. The Company has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. The Company has amended the policy, rule and regulation as frequently as necessary and appropriate.  
Moreover, the Company’s executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by the Company. 


8. What are your rights related to Personal Data? 

Your rights described here are legal rights that you should be informed. You may exercise any of these rights within legal requirements and policies at the present or as amended in the future as well as regulation set out by the Company. In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf.  
8.1 Withdrawal of consent: If you have given consent to the Company to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the period your Personal Data available to the Company, unless it is restricted by laws or you are still under beneficial contract.
Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent.  
8.2 Data Access: You have the right to access your Personal Data that is under the Company’s responsibility; to request the Company to make a copy of such data for you; and to request the Company to reveal as to how to the Company obtain your Personal Data. 
8.3 Data Portability: You have the right to obtain your Personal Data if the Company organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request the Company to send or transfer the Personal Data in such format directly to other data controllers if doable by automatic means; and to request to obtain the Personal Data in such format sent or transferred by the Company directly to other data controller unless not technically feasible.
Your Personal Data above must be under your consent given to the Company to collect, use, and/or disclose; or those the Company deems necessary to collect, use and/or disclose to allow you to use products and/or services that meet your need under your contract with the Company; or to take steps at your requests before using products and/or services; or as legally required by competent authority.  
8.4 Objection: You have the right to object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of the Company, corporation or individual which is within your reasonable expectation; or for carrying out public tasks. If you request to object, the Company will continue collecting, using and/or disclosing your Personal Data only when the Company can establish a legal basis that doing so is more important than your fundamental rights; or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis. 
In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to marketing, scientific, historical or statistical research. 
8.5 Data Erasure or Destruction: You have the right to request the Company to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; or retention of the data by the Company is no longer necessary in connection with related purposes under this Policy; or when you request to withdraw your consent or to object to the processing as earlier described. 
8.6 Processing Suspension: You have the right to request the Company to suspend processing your Personal Data during the period where the Company examines your rectification or objection request; or when it is no longer necessary and the Company must erase or destroy your Personal Data pursuant to relevant laws but you instead request the Company to suspend the processing. 
8.7 Data Rectification: You have the right to rectify your Personal Data to be updated, complete and not misleading. 
8.8 Complaint Lodging: You have right to complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws.
8.9 The exercise of rights above may be restricted under relevant laws and it may be necessary for the Company to deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If the Company denies the request, the Company will inform you of the reason. 

You may request to exercise your rights via the following channels:​

​​Rights
​​
Channels​
​​
Processing Time *
(Business Day)

K-Contact Center
KAsset
K-Cyber Invest
K-My Funds
Consent Withdrawal

​​
This channel  is currently unavailable
This channel  is currently unavailable
7 days
Data Access
​√

​​​

30​  days
​​​Data Portability
​​

Objection​
​​


Data Erasure or Destruction
​​

Processing Suspension
​​

Data Rectification
​​√​​

7 days​
 ​*From the day the Company has verified and confirmed your identity. In the case that the Company requires you to submit and / or deliver documents for verification and identification, the Processing Time will begin on the day that the Company has received all relevant documents and evidences.​

9. How can you contact the Company and the Data Protection Officer?

If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the Company and/or the Data Protection Officer via the following channel on Business Day (from 8:30 a.m. to 5 p.m.); 
  • K-Contact Center : Tel 02-673 3888
    Address:  400/22 KASIKORNBANK Building, 6th and 12th  floor, Phahon Yothin Avenue, Samsen Nai, Phaya Thai, Bangkok 10400,
  • ​Data Protection Officer: E-mail KA_DPO@kasikornasset.com
    Address:  400/22 KASIKORNBANK Building, 6th and 12th  floor, Phahon Yothin Avenue, Samsen Nai, Phaya Thai, Bangkok 10400,