Privacy Policy

              In order to act in a transparent manner in relation to the activities of collection, use, disclosure and/ or overseas transfer of personal data in
compliance with PDPA, Krung Thai Bank Public Company Limited (the “Bank” or “we” or “us” or “our”) has provided the privacy policy to the customers as follows:

Categories of the data subject under this privacy policy are as follows;

This Privacy Policy will apply to the collection, use, disclosure and/or overseas transfer of your personal data. The Bank may collect such personal data through various channels, for example, branches, websites, internet banking (e.g., https://www.krungthai.com, https://www.ktbnetbank.com, https://www.moneyconnect.krungthai.com, Krungthai Corporate Online), mobile applications (e.g., Krungthai NEXT, Krungthai Connext, Paotang), online social networks (e.g., LINE, Facebook, and Twitter), telephone, fax, online communication channels (e.g., email), ATMs, Krungthai Contact Center, one-to-one communication, letters, questionnaires, business cards, postcards, meetings, events, customer visits, or from other sources (e.g., online platforms or other public sources), or through affiliated companies, subsidiaries, selected business alliances, government agencies, third parties, and other places and/or other communication channels whereby the Bank collects your personal data. Please read this Privacy Policy along with the terms and conditions of the services you use, which may have separate terms regarding the collection, use, disclosure, and/or overseas transfer of your personal data.

1. The Bank’s procedures for the collection of personal data

1.1 Personal data collected by the Bank

1) Personal data means any information related to you which can directly or indirectly identify you (excluding the deceased’s information) as specified in Clause

2) Sensitive personal data means personal data which is classified as sensitive personal data according to the law. The Bank may, only in case where strictly necessary and inevitable, collect sensitive personal data, including the followings:

1) Biometric data (e.g., fingerprints, biometrics, face recognition data)

2) Sensitive personal data as appeared on identification documents or supporting documents for transaction and/or juristic acts, contracts, or supporting documents for the use of products and/or services (e.g., religion, race, disability)

3) Information related to health and/or disability

4) Criminal records information In this respect, the Bank will collect, use, disclose and/or transfer your sensitive personal data overseas only when the Bank receives an express consent or when it is legally permissible.


1.2 Categories of customers and personal data which are collected by the Bank

The Bank may collect your personal data. The types of personal data collected by the Bank depend on the relationship between the Bank and you, the types of products or services that you want to receive from the Bank, and the types of your personal data. The details are as follows:

1) Individual customers, Lessors of the property leased to the Bank, Buyers or persons who wish to purchase the Bank’s NPA property, Persons having relationship with the Bank.

1) Personal information, e.g., title, first name, last name, gender, date of birth, age, weight, height, blood group, nationality, country of birth, signature, family status, marital status, number of children, information relating to documents issued by government agencies (e.g., ID card, passport, government employee ID card, taxpayer identification number, details of driver’s license, etc.), information on a change of name certificate or related documents, documents relating to foreigners, work permit, certificate of residence, land title deed, photograph, recordings of telephone conversation, recordings and data produced by the closed-circuit television cameras, political status, documents relating to visa, and other legal documents.

2) Educational information, e.g., educational background, education degree.

3) Work information, e.g., occupation, position, job description, type of business, type of organization, years of service, workplace, social security information, personal information appearing on other related documents, such as business documents, commercial registration, certificate of value added tax registration (Por.Por.20), company certificate, and corporate income tax payment certificate.

4) Contact information, e.g., postal address as appeared on ID card or house registration certificate, present postal address, present office postal address, delivery details, telephone number, fax number, map, location information, email address, LINE ID, and Facebook account, and your other IDs on online social network websites.

5) Financial information, such as income level, source of income and investment and the country of origin, salary certificate, bank statement, salary payment slip, financial status information, bank account’s name and account number, ATM card number, ATM/debit PIN, credit information, reserves, collaterals, liabilities, credit card number as well as its expiry date, rewards points, credit lines, credit card balance, type of credit card, credit summary, deposit information, funds, stocks, unencumbered assets, expenses, daily withdrawal or spending limit, credit information, bankruptcy status information, receipts, cash bills, invoices, bank statements, details of financial agreements, details of cheques, tax amount, balance amount, financial statements, and other financial information

6. Information related to services provided to you, e.g., types of products or services you selected, details as specified in the application form for using products or services of the Bank, information required for the consideration of credit limits, information required in the credit facilities application, information required for money transfer services, collaterals information, data created for the Bank’s internal use, information related with insurance document, details of insurance premiums, insurance claim history from the insurance company, insurance claim history from other insurance companies, information about the need to take insurance in daily life, account ownership ratio, debt classification information, debt restructuring information, debt and interest payment history, account opening information, purpose of investment, number of funds, fund name, unitholder number, withholding tax, relationships with the company’s employees or with other companies, details in the application form and information relating to KYC and CDD, information about relationships with politicians or people with political status, investment experience, your acceptable level of investment risk profile, suitability test results, data access permission , and information in power of attorney, state welfare card number, any other information required in the application form for using products or services of the Bank. 

7. Transaction data, e.g., details of your incoming and outgoing transactions, date and/or time of fund transfer or payment due date, methods of payments and receipt of payments, transaction amount, net amount received, money transfer information, cheque number, transaction reasons, transaction information of products and services of the Bank, information and details of agreements, expiry date of agreements, date of contact, serial number of electronic machine, supporting transaction documents (e.g., house registration certificate, land title deed, photograph and image of the place), details about request for payment refund, receipt, the signature of the transaction’s recipient, transaction history, location, transaction status, request and claim, evidence of security deposit for purchase of property, fee, opportunity cost (in case of requesting an extension to the property purchasing period), details in the agreement of sale and purchase of property, date and place of the property purchase, information you provide in the application form, buying behavior, and other details of the purchased property (e.g., type of property, type of document of title, purchase price, location, area, map and/or other information relating to the Bank’s NPA property), deposit slip, payment card, and purchasing time.

8. Technical information, e.g., internet protocol address and information relating to the communication devices you use to conduct a transaction with the Bank.

9. Your FATCA information, e.g., information about your status in the United States of America, including nationality, place of birth, permanent residence, and information you provide in the FATCA self-certification form.

10. Details of behavior, e.g., details of your behavior, ways of living, attitude, information relating to other interactions, and facts about your actions with products or services, your feedback and opinion towards the types of products or services you receive, details of your claims and complaints.

11. Details of marketing and communication, e.g., your preferences for receiving marketing information from the Bank, affiliated companies, subsidiary companies, third parties, selected business alliances, and communication preference.


2. Persons related to the Bank’s corporate customers and Person contacting the Bank in other 

1) Personal information, e.g., title, first name, last name, date of birth, age, nationality, signature, marital status, information about documents issued by government agencies (e.g., ID card, passport, etc.), details in the application form and information related to KYC and CDD, information related to relationships with politicians or people with political status, recordings and data produced by the closed-circuit television cameras.

2) Work information, such as occupation, position, job description, type of business, type of organization, years of service, workplace, data access permission level, personal information appearing on other related documents, such as list of shareholders, power of attorney, certificate of the corporate’s authorized persons

3) Contact information, e.g., postal address on ID card or house registration certificate, present postal address, present office postal address, telephone number, fax number, and email address


3. Personal data of third party

If you provide the Bank with personal data, such as first name, last name, address, telephone number of emergency contact and debt collection, and income of a family member, of third parties, such as guarantors, executives, authorities, authorized persons, directors, shareholders, staff members, employees, settlors and trustees, representatives, persons in the control line or ownership, co-owners, and other persons who are not customers of the Bank, and any other persons that you have relationship with respect to your relationship with the Bank, please inform them of this Privacy Policy for acknowledgement and request consent if necessary or as required by law for disclosure of personal data of third parties to the Bank.


4. Personal data of minors, quasi-incompetent persons and incompetent persons

The Bank collects personal data relating to a minor, a quasi-incompetent person and an incompetent person only when the Bank receives consent from a guardian or a curator. The Bank has no intention of collecting personal data of a person aged under 20 years old without consent from a legal guardian, or of a quasi-incompetent and incompetent person without consent from the curator. If it is found that the Bank has intentionally collect personal information of such persons without consent, the Bank will immediately delete such personal data or will collect, use, disclose, and/or transfer the personal data overseas only on other lawful basis other than a consent or to extent permitted by law.


2. The purpose of collection, use, disclosure and/or overseas transfer of your personal data
We may collect, use, disclose and/or transfer your personal data and sensitive personal data overseas for the following purposes:

2.1 The purposes for which your consent is obtained
We will collect, use, disclose, and/or transfer your personal data overseas by relying on the consent which you have given us via our service channels, e.g., branches, mobile applications (e.g., Krungthai NEXT, Paotang), in case where we could not rely on any other lawful bases listed in Clause 2.2, for the following purposes

(1) Offering of products and services: We may collect, use, disclose, and/or transfer your personal data (e.g., first name, last name, telephone number, and/or other data as necessary) overseas, so that you do not miss any benefits, news, product and service promotions, as well as marketing and communication activities, analytics for personalized marketing, marketing advertisement, sales, special offers, news, press releases, promotions and presentations of the products and services of the Bank, our financial business group, and our selected business alliances only in case where we legally requires your consent. Please see more details on marketing communications in Clause 4.

(2) Statistical analysis, data analytics, research and development, and product or service improvement: We may collect, use, disclose, and/or transfer your personal data (e.g., first name, last name, telephone number, and/or other data) overseas only as necessary for our data analytics, research and development, product or service improvement, profiling, risk management and assessment, only in case where we legally requires your consent. Please see more details on data analytics in Clause 4.

(3) Sensitive personal data: In certain cases where it is necessary and inevitable, we may use your sensitive personal data for the following purposes:

1) Biometric data (e.g., fingerprints, biometrics, face recognition data) are used for KYC and CDD identity verification, identity proofing, and providing our services to you.

2) Sensitive personal data as appeared on identification documents (e.g., religion, race, disability) are used only for the purpose of identity verification and proofing only. We have no purposes nor policy to collect, use, disclose, or transfer such sensitive personal data other than the purpose identity verification and proofing.

3) Sensitive personal data as appeared on transaction documents and/or juristic acts, contracts or supporting documents for the use of products and/or services (e.g., religion, race, disabilities)

In this respect, we may, without notifying you, cross out or mask your sensitive personal data (e.g., religion, race) which appear on identification documents or supporting transaction documents and/or juristic acts, contracts, or supporting documents for the use of products and/or services, or we may ask you to cross out or mask such sensitive personal data yourself.

In case where we must obtain your consent for other activities relating to the collection, use, disclose, and/or transfer of personal data, we will request your consent for such activities on a case-by-case basis.

If the lawful basis we rely on is consent, you have the right to withdraw your consent any time by contacting us via Krungthai Contact Center Telephone number 02 111 1111 , all Krungthai branches nationwide and via mobile application (Krungthai NEXT and Paotang) for Krungthai NEXT, go to Settings then select Data Privacy Management, for Paotang, go to Profile then select Consent Management. The withdrawal of consent will not affect the collection, use, disclosure, and/or overseas transfer of your personal data and sensitive personal data that you had given your consent prior to such withdrawal.

2.2 Other purpose and other lawful bases for collection, use, disclosure and/or overseas transfer of your personal data

When collecting, using, disclosing, and/or transferring your personal data overseas for the purposes listed below, the Bank will rely on lawful bases of legitimate interest, entering into and performing the contract, legal obligations, or other lawful bases permissible by PDPA, as the case may be, depending on the relationship between you and the Bank and the Bank’s services you use.

(1) For registration and personal identity verification, e.g., to register you for a product or service; to proof, identify, and verify the identity of you, your authorized person, or your representative; and to proof or verify your identity via a digital channel

(2) For the provision of products and services and customer relations management, e.g., for entering into any agreement or contract in connection with products or services and managing relationship related to you; for considering your qualifications (e.g., for bankruptcy status check, for analyzing the business status of you and other relevant persons, etc.); for supporting transactional operations and other activities in connection with products and services provided to you, such as the services of deposit, withdrawal or payment; for approving the provision of products or services; for delivering the details of agreements or contracts, products or services, financial transactions, and services with respect to payment, which also includes verification, confirmation, and cancellation of transactions; for receiving or sending letters, parcels and important documents to you; for conducting reports informing the customers about information relating to products or services; for delivering updated news regarding products or services; for reporting the status of debt, debt collection, and classification of debtors; for verifying documents and collaterals, credit limit, interest and requested payment period; for processing payments of accounting activities, accounting and balance sheets and auditing; for evaluating conflicts of interest; for providing or operating after sales services; for managing and cancelling inactive activities (such as cancellation of services or your account)

(3) For creating a good impression with after sales services, e.g., for communicating with you in respect of products and services provided to you by the Bank, companies within the Bank’s group, affiliates, subsidiaries, or the Bank’s selected business alliances; for processing and updating your information as the Bank’s customer, for providing advice, suggestions and facilitating your products and services use; for dealing with inquiries related to customer service; for dealing with your complaints, requests, comments, and insurance claims; for dealing with technical problems; for notifying and proceeding with the solutions to your problems, for conducting Customer relationship management activities

(4) For conducting activities related to space lease agreements, e.g., for surveying and analyzing the area, including surveying other automated teller machines nearby and analyzing the trends of electronic machine usage in the area; for contract negotiation and contract preparation; for the installation of electronic machines; and for other activities necessary for entering into the contract

(5) For conducting activities related to the purchase and sales transaction of the Bank’s NPA property and other related operations, e.g., for entering into a contract and carrying out the obligations of the contract; for conducting purchase and sales transactions; for the transfer of ownership; for the payment of earnest money; fir the internal process required for approving the extension of purchasing period; facilitation of credit facility application; delivery of work to other persons as outsourcing; and assignment of claims

(6) For communication, e.g., any communication in connection with entering into the space lease agreement, such as request for additional information or documents, contact for payment, notice of expiration of agreement, arrangement for the lessor to sign the agreement, and delivery of the agreements; communication related to transactions; giving additional information of the properties you are interested in; debt payment reminder; understanding your needs and interests

(7) For identity proofing and verification, e.g., providing services to support electronic know your customer (E-KYC) and digital identification

(8) For marketing, sales promotion, and communication purposes, e.g., for carrying out marketing and communication activities, research and data analytics for personalized marketing, marketing advertisement, sales, special offers, news, press releases, promotion and presentation of the Bank’s products and services, and those of financial business group, the Bank’s affiliates, selected business alliances, and other legal entities as specified by you or the services that you have used, as well as information of products and services that are directly and indirectly close to your interest and history, for enabling you to participate in the sales offering, offers and privileges, campaigns, events, seminars, contests, sweepstakes, lucky draws, booths, and events with branches in order to meet with you, including other sales promotions and all relevant advertising services facilitating you to participate in the Bank’s activities in cases where the Bank is not required to rely on your consent. For example, if you are a customer who uses the Bank’s financial products, you may receive the Bank’s marketing communications offering the same products and services, or other products and services of the Bank, the Bank’s financial business group, and selected business alliances. (For instance, if you have a bank account, you may receive notifications on special offers, news, public relations, relating to other savings products provided by the Bank. If you are a customer who uses the Bank’s savings accounts or credit cards, the Bank may offer lending, funds, debentures, or insurance products, which benefits you. If you use Paotang, you may receive marketing communications, notifications, or advertisements on Paotang (banner) relating to the products of the Bank, financial business group, and selected business alliances). When you request any services or inquire the details of any services, we will send such details to you as per your request, for instance, when you request the details of loans or the Bank’s other products via the Bank’s website for the bank to contact you. You may receive communication via branches, websites, internet banking, social media, or any other channels specified by the Bank. Please see more details on marketing communications in Clause 4.

(9) For products and services search and recommendation, e.g., for recommending products and services that you might find interesting, for learning about your need and adjusting products and services so that that they are suitable for you

(10) For improving business operations, products and services, e.g., for the evaluation, marketing research, analysis, statistical analysis, profiling, model simulation; for the development of services, products, distribution, systems, geographic structure, conducting business for you and the Bank’s customers, the Bank, the Bank’s financial business group, and the Bank's selected business alliances; for designing and developing products and services, launching strategies and campaigns of the products of the Bank, the Bank’s financial business group, and the Bank's selected business alliances, to meet the needs of the customers; for setting the efficiency of sales promotional campaigns of the Bank, for making overview reports, for conducting staffs training programs, for improving the efficiency of business and adjusting the content of the Bank, the Bank’s financial business group, and the Bank's selected business alliances, to reach the higher level of the customer satisfaction; for learning about and solving problems concerning existing products and services; and for assessing and managing risks within your expectation. The Bank may connect your data on various platforms owned or related to the Bank (for instance, connecting Paotang with the Bank’s banking database) in order to provide services to you continuously and seamlessly. However, this is limited to the cases where the Bank is not required to rely on your consent. For example, the Bank may use your service usage data to analyze the risk of approving your loan application, the Bank may analyze your service usage data and the feedback you provide after using the Bank’s various platforms for the purpose of developing and designing new products or services or improving existing products and services of the Bank, the Bank’s financial business group, and the Bank's selected business alliances to meet the market’s conditions and consumer’s needs, and the Bank may analyze the data for the purpose of forecasting market trends, etc. Please see more details on data analytics in Clause 4.

(11) For learning about and responding to customer needs to improve customer satisfaction, e.g., for learning more information regarding the products and services you receive, as well as other products or services that you might find interesting; for processing your personal data, e.g., considering types of products and services you receive from the Bank, your preferred method of contact, etc.; for getting the results of customer satisfaction survey for the Bank’s services and customer credit assessment

(12) For managing websites, mobile applications, and platforms, e.g., for the administration, operation, monitoring, examination, maintenance, and management of websites, applications and the Bank’s platforms to ensure that they are properly functional, efficient, and secure; for enhancing usability of the Bank’s websites and platforms; for improving the layout and content of the Bank’s websites and platform in order to provide the service to you

(13) For management of information technology, e.g., for the purpose of business operations of the Bank, information technology operations, communication system management, information technology security, and information technology security monitoring, business management in compliance with internal regulations policies and procedures

(14) For compliance with laws, e.g., to comply with laws, legal procedures or orders of government agencies, including government agencies outside Thailand, and/or cooperating with courts, authorities, government authorities, and law enforcement agencies when the Bank has a reason to believe that the laws enforce the Bank and/or related agencies to do so; when it is necessary to disclose your personal data to comply with laws, procedures or government orders; to conduct VAT collection and refund services, to issue tax invoices or file taxes; to record and monitor communications, to deal with police tickets and road taxes; to report suspicious transactions to money laundering prevention and suppression agency; to disclose information to tax authorities, law enforcement agencies involved in financial services and other government agencies and law enforcement agencies; to conduct crime investigation or crime prevention

(15) For protection of legitimate interests of the Bank, e.g., for security and the integrity of the Bank’s business or that of the Bank’s affiliates; for exercising the Bank’s right and protecting the interest of the Bank’s or the Bank’s affiliates when it is necessary and lawful, for instance, for investigation, protection, and response to complaints, intellectual property infringement complaints, or violation of laws; for managing and preventing the loss of assets; for ensuring the compliance with terms and conditions of the Bank; for investigation and prevention of wrongdoing occurred at the Bank’s premises, including operating the closed- circuit television (CCTV) to monitor situations in order to prevent and report criminal incidents or imminent crimes; for management, preparation of reports, internal policies according to the Bank’s scope of operations

(16) For verification and prevention of the Bank business risks, e.g., for verifying your identity; for monitoring the compliance with the law and other regulations (such as regulations regarding anti-money laundering, anti-corruption, cyber treats, debt default/breach of contract, violation of law (such as money laundering, financing of terrorism and proliferation of weapon of mass destruction, wrongdoings to property, life, body, liberty, and reputation), including conducting the monitor and internal record, property management, the Bank’s business risk database, systems and controls of other businesses, and disclosure of personal data to enhance the Bank’s operations or legal entities in the same business group with the Bank in preventing, dealing with, reducing, or performing other similar activities in order to eliminate such risks

(17) For risks management, e.g., to manage risks, monitor efficiency, and evaluate risks in order to set risk index, making summary report for risks management in order to evaluate, predict, and find solutions to handle potential risks, to evaluate product risks and provide recommendations if changes are required or finds solutions to manage the risks

(18) For the benefits of operations regarding organizational transactions, e.g., for the purpose of business sale, transfer, merger and acquisition, reorganization, or other similar cases, the Bank may transfer your personal data to third parties as part of such operations.

(19) For prevention or stop of dangers to lives, bodies or health of persons

(20) For conducting other duties of the Bank in relation to your personal data, depending on the relationship between the Bank and you, for example, you as the Bank’s shareholder who the Bank will organize the shareholders’ meeting for, you as a member of the Board of Directors, an executive, or an advisor appointed by the Bank, you as a holder of securities or properties which are operated by the Bank as a securities registrar or a custodian of private funds, and you as any status that the Bank shall proceed with the obligations of the relevant agreements

(21) For other purposes which the Bank will notify you when requesting your consent In this respect, not providing your personal data to the Bank may have impact on you, for example, the Bank may not proceed with your requests; you may experience some inconvenience or your agreements may not be fulfilled; and you may receive damage or lose opportunities. In addition, your refusal to provide personal data may affect the Bank’s or your compliance with the laws and may result in penalties.

2.3 Management of sensitive personal data collected by the Bank prior to the effective date of the PDPA

If you are an existing customer of the Bank prior to the effective date of the PDPA, the Bank might have collected your sensitive personal data, such as (1) religion, (2) race, (3) disability, (4) sensitive personal data for transactions and/or legal transactions, (5) sensitive personal data for using the products and/or other services, and (6) sensitive personal data for insurance products (such as health, disability, religion, race, criminal records). This is for the collection of documentary evidence only; the Bank will not use such sensitive personal data for other purposes.

3. Who does the Bank disclose or transfer your personal data to?

The Bank recognizes the importance of your personal data’s security and intentions; therefore, the Bank has measures in place to prevent other parties from misusing your personal data. Nevertheless, in the Bank’s operation, it may be necessary for the Bank to disclose your personal data to other parties under the name or instructions of other parties, or in the Bank’s own name. The Bank may disclose or transfer your personal data to the third parties listed below. The collection, use or disclosure and/or overseas transfer of personal data are for the purposes under this Privacy Policy. These third parties may be located in Thailand or abroad. You can read the privacy policies of such third parties in order to understand the details regarding how they collect, use, disclosure, and/or transfer your personal data overseas, since you are also their data subject under their privacy policies.

3.1 Affiliates and financial business group The Bank may have to disclose your personal data for the purposes specified in Clause 2 herein, to the Bank’s financial business group and the Bank’s affiliates. The disclosure of your personal data to such financial business group and affiliates will allow them to rely on your consent obtained by the Bank.

3.2 The Bank’s Service providers The Bank may outsource the Bank’s services to companies, representatives, or contractors or have them assist the Bank in operating the business, providing you with products and services, and performing any activities for your benefits. The Bank may share your personal data to third-party service providers, service provider representatives, business facilitators, subcontractors, and service providers or suppliers that support the bank’s services, including but not limited to

(1) internet service providers, software developers, website developers, digital media, information technology service providers and service providers of digital products, such as developers and operators of digital platforms and other technological services (Platform as a Service), applications, any other work systems, and identity proof and authentication services for the Bank,(2) logistics and transportation service providers,(3) payment and payment system service providers,(4) research service providers,(5) analytics service providers,(6) survey service providers, (7) auditors, (8) customer contact centers, (9) marketing, advertising, design, creative and communication service providers, (10) event, campaign, marketing event, and customer relationship management service providers, (11) telecommunications service providers, (12) administrative service providers, (13) cloud storage service providers, (14) printing service providers, (15) lawyers, legal counsels for the Bank’s benefits, including exercising legal claims and defending against legal claims, auditors and/or other professionals assisting in the Bank’s business operations, (16) document storage and/or disposal service providers and (17) debt collection service providers.

During the provision of such services, the service providers may have the right to access your personal data, however the Bank will only provide to the service providers the personal data necessary for them to provide the services. The Bank will also ensure that the service providers protect the security of your personal data in compliance with the law. 


3.3 The Bank’s selected business alliances and other agencies The Bank may transfer your personal data to the Bank’s selected business alliances for the purposes of conducting business and providing services to the Bank’s customers and potential customers. Such business alliances and agencies may include but not limited to card issuers, data entry companies, credit card companies, payment service providers, data analytics service providers, market analysis service providers, financial transaction service providers, real estate developers, business alliances with whom the Bank launch products (such as co-branding alliances), co-developer or co-service provider for any part of any platform, business alliances who allow the Bank to connect to their databases and systems, and provide assistance to the platform’s users, and other supporters. If you are interested in privileges and offers of products or services provided by the Bank’s selected business alliances via the Bank’s channels, such as Paotang, it is necessary for the Bank to use and disclose your personal data on a need-to-know basis to the Bank’s selected business alliances so that you can receive such offers or privileges. If required by any relevant laws, the Bank will request your consent, and you may withdraw the consent you have given at any time by following the steps stated in this Privacy Policy.

3.4 Third parties as specified by laws In the cases where the Bank believes it is necessary to comply with the laws or to protect the Bank’s rights, the rights of third parties or for the security of persons or for inspection, prevention or corruption problem solving, security, safety, including any other risks, the Bank may have to disclose your personal data in order to comply with the laws as well as orders issued by laws and law enforcement agencies, courts, Legal Execution Department, authorities, government agencies, or other third parties. In this regard, the Bank may have to disclose your personal data to the Office of Insurance Commission for the purpose of supervision and promotion of insurance business under the law of the Insurance Commission and the law governing life insurance and non-life insurance according to the Privacy Policy of the Office at https://www.oic.or.th

3.5 Associations and clubs In some cases, the Bank may have to disclose your personal data to relevant institutions, associations or clubs, such as Anti-Fraud Association and Thai Bankers’ Association, to protect the Bank’s rights, the rights of third parties, and the safety of persons, or to investigate, prevent, solve issues related to corruption, security, safety, and any other risks.

3.6 Assignees In case of a business reorganization, merger and acquisition, business transfer, whether in entirety or in part, sale, purchase, joint venture, grant, or transfer part or all of business, assets, shares, or other similar transactions, the Bank will have to disclose your personal data to third parties who have been assigned or wish to be assignees of the Bank. In this respect, the Bank will ensure that such third parties will comply with this Privacy Policy at all times when there is a collection, use or disclosure and/or overseas transfer of your personal data.

3.7 Third parties The Bank may have to disclose your personal data under the lawful basis according to the purposes specified in this Privacy Policy to other third parties, such as representative banks, partner banks, other banks, other customers, other persons who make a transaction with you or are related to your transactions, other persons as legally referred to, members of digital identity verification system, and service providers of digital identity verification system, as the case may be.

4. Marketing communications and data analytics

4.1 Marketing communications
The Bank may collect your personal data such as first name, last name, telephone number, and/or other data only as necessary, which may be obtained directly from you or from other sources (such as via affiliates, selected business alliances, government agencies, or third parties), to offer the products and services of the Bank, the Bank’s financial business group, and the Bank's selected business alliances (for details the Bank’s financial business group and the Bank's selected business alliances, please refer to [https://krungthai.com/th/content/privacy-policy]) via various channels such as branches, websites, internet banking, social media, etc.

Generally, the Bank conducts activities relating to marketing and communication, marketing advertisement, sales, special offers, news, press releases, promotions and presentations of products and services of the Bank, the Bank’s financial business group, and selected business alliances, and other legal persons by mainly relying on the lawful basis of legitimate interests and/or entering into and performing the contract. Please note that the Bank will recognize your privacy and benefits as priority. The Bank will select marketing activities which is appropriate for you and your interests, so that you may receive benefits from the Bank, in the event that you have made your interests in any products or services known, or you have previously purchased products or receive services from the Bank, the Bank’s financial business group, the Bank’s affiliates, and the Bank's selected business alliances. For example, if you are a customer who uses the Bank’s financial products, you may receive the Bank’s marketing communications offering the same products and services, or other products and services of the Bank, the Bank’s financial business group, and selected business alliances. (For instance, if you have a bank account, you may receive notifications on special offers, news, public relations, relating to other savings products provided by the Bank. If you are a customer who uses the Bank’s savings accounts or credit cards, the Bank may offer lending, funds, debentures, or insurance products, which benefits you. If you use Paotang, you may receive marketing communications, notifications, or advertisements on Paotang (banner) relating to the products of the Bank, financial business group, and selected business alliances). When you request any services or inquire the details of any services, we will send such details to you as per your request, for instance, when you request the details of loans or the Bank’s other products via the Bank’s website for the bank to contact you. You may receive communication via branches, websites, internet banking, social media, or any other channels specified by the Bank. Please see the details of the usage and the purposes of the collection, use, disclosure, and/or overseas transfer of your personal data under the legal bases of performance of contract and/or legitimate interests under personal data protection laws in Clause 2.2 (8).

In certain cases, the Bank will request your consent prior to sending certain marketing communications and marketing materials where the Bank could not rely on other lawful bases, such as for the marketing of products and services of third parties, which may be beyond your expectation. Please see the details of the usage and the purposes of the collection, use, and/or disclosure, of your personal data under the lawful basis of consent in Clause 2.1 (1).

Therefore, the Bank may rely on the lawful bases of contract, legitimate interests, and/or consent for the Bank’s marketing activities, depending on each case. Nevertheless, you have the rights to object or withdraw your consent if you do not wish to receive marketing communications from the Bank by following the steps stated in this Privacy Policy.

4.2 Data analytics
The Bank may collect your personal data such as first name, last name, telephone number, and/or other data only as necessary, which may be obtained directly from you or from other sources (such as via affiliates, selected business alliances, government agencies, or third parties), for statistical analysis, data analytics, research and development, and improving the Bank’s products or services.

Generally, the Bank conducts activities relating to marketing research, analysis, statistical analysis, profiling, model simulation and a development of services, products, distribution, systems, geographic structure, and conducting business by mainly relying on the lawful basis of your legitimate interests. The Bank will be designing and developing products and services, launching strategies and campaigns of the products of the Bank to meet your needs, improving the efficiency of business and adjusting the content of the Bank to better match your preferences. The Bank will also assess and manage risks within your expectation. The Bank may connect your data on various platforms owned or related to the Bank (for instance, connecting Paotang with the Bank’s banking database) in order to provide services to you continuously and seamlessly. For example, the Bank may use your service usage data to analyze the risk of approving your loan application, the Bank may analyze your service usage data and the feedback you provide after using the Bank’s various platforms for the purpose of developing and designing new products or services or improving existing products and services of the Bank to better meet the market’s conditions and consumer’s needs, and the Bank may analyze the data for the purpose of forecasting market trends, etc. Please see the details of the usage and the purposes of the collection, use, disclosure, and/or overseas transfer of your personal data under the legal bases of contract and/or legitimate interests under personal data protection laws in Clause 2.2 (10).

In certain cases, the Bank will request your consent prior to conducting certain data analytics where the Bank could not rely on other lawful bases, such as the analytics for developing credit models or the analytics for developing and designing the Bank’s new products or services, by collecting data from other sources which is beyond your expectation. Please see the details of the usage and the purposes of the collection, use, and/or disclosure of your personal data under the lawful basis of consent in Clause 2.1 (2). Therefore, the Bank may rely on the lawful bases of legitimate interests and/or consent for statistical analysis, data analytics, research and development, and improving the Bank’s products or services, depending on each case. Nevertheless, you have the rights to object or withdraw your consent if you do not want the Bank to conduct data analytics on your personal data by following the steps stated in this Privacy Policy.

5. Overseas transfer of your personal data

The Bank may transfer your personal data from Thailand to other countries which may have a different standard of personal data protection than that of Thailand, for example, when the Bank stores your personal data on cloud platforms or servers outside Thailand for information technology support or when the Bank must send information of international money transfer transactions to overseas banks through an intermediary of international money transfer, as the case may be.

When it is necessary for the Bank to transfer your personal data to other countries which have a lower standard of personal data protection than that of Thailand, the Bank will ensure that the personal data transferred will be sufficiently protected, that relevant personal data protection laws allow such personal data transfers, and that the transfers of your personal data to other countries comply with conditions and criteria set out by the personal data protection laws. For example, the Bank may have to obtain a confirmation according to the contract from third parties who have access to such personal data that your personal data will be protected under the personal data protection standard equivalent to that of Thailand.

6. Duration of personal data storage period

The Bank will retain your personal data for the duration necessary for the purposes which the Bank has obtained the data for. For instance, the Bank will retain your personal data for the period where the Bank must perform its obligations under a contract with you. However, in order to comply with the law, in some cases, the Bank may have to retain your personal data for a longer period of time as required by law, for example, the law may require the data the be retained for a specific duration (such as prescription period or period set out by the Civil and Commercial Code, Revenue Code, Anti-Money Laundering Law, etc.)

7. Your rights as the Data Subject

The rights stated in this section mean legal rights relating to your personal data. You may submit a request to exercise these rights to the persons specified by law, as long as it is within the conditions stipulated by law and the Bank’s rights management process. Such rights include the following rights:

(1) Right of access: You may have the right to access or request a copy of the personal data related to you that the Bank collected, used, disclosed and/or transferred overseas. For your privacy and security, the Bank may request you to verify your identity before providing you with the personal data you have requested.

(2) Right to rectification: You may have the right to rectify your personal data that the Bank collected, used, disclosed and/or transferred overseas if such personal data is incomplete, incorrect, misleading, or not up-to-date.

(3) Right to data portability: You may request the Bank to provide you with the structured personal data related to you in an electronic format. You may request the Bank to transfer such personal data to other data controllers providing that (a) the data is your personal data that you have provided to the Bank, (b) the Bank collected, used, disclosed and/or transferred the personal data overseas with your consent or in order to perform the contract between the Bank and you.

(4) Right to object: You may have the right to object to some types of collection, use, disclosure and/or overseas transfer of your personal data, for example, you may object to the use of your personal data for direct marketing purpose.

(5) Right to restriction: You may have the right to restrict the use of your personal data in some cases.

(6) Right to withdraw consent: You may have the right to withdraw your consent for the purposes that you gave your consent to the Bank to collect, use, disclose and/ or transfer your personal data overseas at any time.

(7) Right to erasure: you may have the right to request the Bank to erase or anonymize your personal data. However, there is an exemption for the Bank not to take such actions if the Bank must retain such personal data in order to comply with the laws, to lawfully establish legal claims, to lawfully exercise legal claims, or to lawfully defend against legal claims.

(8) Right to lodge a complaint, you may have the right to lodge a complaint with the relevant authorities if you believe that the collection, use, disclosure, and/or overseas transfer of your personal data is unlawful or violates personal data protection laws.

If you want to exercise any right specified in this section, you can do so by contacting the Bank through the following channels:

A request for the exercise of any of the abovementioned rights may be restricted by the relevant laws. In some cases, the Bank can appropriately and rightfully reject your request, for example, when the Bank must comply with the laws or court orders.

You can exercise the right to withdraw consent under (6) (or make changes to the consent you have previously given) through the Bank's branches nationwide, Krungthai Contact Center (Tel: 02-111-1111), the mobile applications, or other channels as specified by the Bank. In the event that the Bank has received your request, the Bank will consider your request in accordance with the obligations and conditions prescribed by laws. The processing period is 30 (thirty) days upon the day the Bank received your request along with the complete supporting documents which are sufficient for the Bank to consider the request of the data subject.

If you believe that the collection, use, disclosure and/or overseas transfer of your personal data by the Bank violates personal data protection laws, you have the right to lodge a complaint with the personal data protection authorities. However, you may first inform the Bank of your concern so that the Bank can consider solving your concern by contacting the Bank through the Krungthai Complaint Center by letter at P.O. 44 Sorfor. Hualumphong Post Office, Bangkok, 10331, Thailand or contacting the bank via Krungthai Contact Center Telephone number: 02 111 1111

8. Actions to be taken regarding to corporate customers

If you, as the Bank’s corporate customers, disclose personal data of Persons related to corporate customers, you have a duty to take the following actions to enable the Bank to provide services or products to you:

(a) You have verified the accuracy and completeness of other persons’ personal data which are disclosed to the Bank and will notify the Bank of there is any change in such data (if any)/

(b) You have obtained consent, or you can rely on other lawful bases to collect, use, disclose and/or transfer the personal data of such persons in accordance with the applicable laws.

(c) You have informed such persons of this Privacy Policy.

(d) You will proceed to enable the Bank to collect, use, disclose and/or transfer personal data for the purposes specified in this Privacy Policy and for the purpose of completing the relevant transactions. The Bank has the right to report the results of the transactions conducted by retail customers of the corporate customer as well as other relevant information to corporate customers.

9. Security Measures

The Bank has in place the appropriate security measures for personal data protection. They include management, technical, and physical protective measures for access or control of personal data, to preserve the confidentiality, integrity, and availability of personal data; to prevent loss as well as unauthorized and unlawful access, use, changes, alterations, and disclosure of personal data. These measures are in accordance with applicable laws. Moreover, the Bank has in place the control measures for accessing personal data and using personal data storage and processing equipment. The measures are safe and appropriate for the collection, use, disclosure, and/or overseas transfer of your personal data. The Bank also has in place measures to limit access to personal data, and the use of personal data storage and processing equipment by setting user permission for accessing the data and for authorizing designated officers to access the data, prescribing the responsibilities of the users to prevent any unauthorized access to, disclosure, acknowledgement, or copying of personal data, or the theft of personal data storage and processing equipment. In addition, the Bank has in place the measures for audit trails in order to review any access to, alteration, erasure, or transfer of personal data, which are appropriate for the methods and mediums used in the collection, use, disclosure, and/or overseas transfer of your personal data.

10. Changes to Privacy Policy

The Bank may make changes to this Privacy Policy from time to time if there is any change to the Bank's practice guidelines on personal data protection due to various possible reasons, e.g., technological or legal changes. The changes to this Privacy Policy shall be effective when the Bank publishes them on https://www.krungthai.com. However, if the changes significantly affect you as a data subject, the Bank will notify you of such changes in advance before the changes come into effect.

11. Contact the Bank

If you have any inquiries regarding this Privacy Policy, please contact the Bank or the Bank's Data Protection Officer as detailed below: (1) Krung Thai Bank Public Company Limited 35 Sukhumvit Road, Klong Toey Nua Subdistrict, Wattana District Bangkok 10110, ThailandKrungthai Contact Center: Telephone number: 02-111-1111 • https://krungthai.com(2) Data Protection Officer (DPO) Data Protection Department35 Sukhumvit Road, Klong Toey Nua Subdistrict, Wattana District Bangkok 10110, ThailandEmail: dpo.official@krungthai.com



Download
Krungthai Privacy Policy
Krungthai Privacy Policy  
(0.86 MB) PDF
Download
Home