Privacy Notice for Customers
BBL Asset Management Company Limited (“the Company”) is committed to provide the best services to its important persons which the Company has been entrusted by you as the customer of the Company (“you”), The Company recognizes the importance of Personal Data Protection thus has a system to safeguard your information and stringent work processes as well as measures to protect your information in order to prevent unauthorized access, disclosure, use or alteration of such information. Therefore, the Company has formulated this Privacy Notice to clarify the details relating to the collection, use or disclosure of Personal Data, time period for storing the Data, deletion of the Data and rights of the Data Owner which are in accordance with the Personal Data Protection Act B.E. 2562 which the you can study the details of Personal Data Protection as follows:
Data that the Company Collects, Uses or Discloses:
- Identity Data refers to the data of an individual person that can identify you, whether directly or indirectly, such as name/surname, Identification Card number, Passport number, date of birth as well as Sensitive Data such as Biometrics (fingerprint, facial recognition) or personal health data.
- Contact Data such as addresses, e-mails and phone numbers.
- Financial and Transaction Data such as deposit/investment account numbers, credit card numbers, income information and investment records with the Company.
- Technical and Usage Data such as website browsing history via cookies or history of connections to other websites that you have searched or visited.
- Communication Data such as recordings in case you contact the Company through the Contact Center which could be voice or video recording and whether you have given the information or the information appears at the Company or the Company has received or accessed from other reliable sources such as government authorities, companies within the financial group of the Company and/or business alliances or advisors of the Company.
Objective for Collecting, Using or Disclosing your Personal Data
The Company collects information for your benefit in conducting transactions and/or use the service of the Company in order to comply with the relevant laws and regulations and/or for any other benefit that you have given consent to the Company which the Company shall safeguard your information in accordance with the safety standard of the Company. The Company will not process your Sensitive Data, however, if the Company does process your Sensitive Data, a consent has to be obtain from you and it will depend on the discretion of the Data Protection Officer which shall be the final decision. The details are as follows:
- Comply with the agreement between you and the Company such as the use of the various products and services by you, compliance with the internal processes of the Company and the sending and receiving of documents between you and the Company.
- Comply with the relevant laws such as the prevention and detection of unusual transactions that could lead to violation of law, reporting of your data to the Revenue Department, reporting of Personal Data to government authorities such as the Office of the Securities and Exchange Commission, the Anti-Money Laundering Office or the Revenue Department or when receiving court subpoena or seizure order from government authorities or court.
- Rightful interests of the Company such as:
- The prevention, handling, mitigation of risk that may arise from various violations of law that are criminal offenses including the sharing of Personal Data in order to improve the work standard of companies in the same business so as to prevent, handle and mitigate the abovementioned risk.
- Video recording of the people who contact and conduct transactions via CCTV.
- Risk management/ compliance/ internal management including the sending of information to group companies for such reasons.
- Checking of the sending/receiving of e-mails or the use of internet of employees with you in order to prevent the disclosure of confidential information of the Company to external parties.
- Analysis of information to offer the same type of products that you have with the Company and other products of the Company to you which suit your needs and/or for conducting marketing survey for the development of the Company’s products.
- Maintaining relationships with you such as handling of complaints and offering of special benefits to you which is not for marketing purposes.
If you do not give your Personal Data to the Company, it may result in you not receiving the products/services, convenience or receiving treatments as specified in the agreement and the you may incur a damage/ loss of opportunity and may affect the compliance with any law which you or Company is required to comply and may be subject to applicable punishments.
Disclosure of Personal Data
The Company shall disclose information to external parties for the following cases:
- It is a disclosure of Personal Data to companies within the financial group of the Company: Bangkok Bank PLC, Bangkok Life Assurance PLC, Bualuang Securities PLC and business alliances of the Company.
- Disclose information to external parties in accordance with your consents.
- Disclose information in order to conduct transactions and/or use service as per your wish.
- Disclose to the outsource service providers that are counterparties of the Company, both local and overseas, such as Cloud Computing, registrars, outsource marketing companies, outsource analysts and outsource IT companies.
- Disclose the information on the Beneficial Owner to the offshore management company in order to comply with the law of the overseas’ country.
- Disclose to government authorities or regulators in order to comply with the law or as instructed by the government authorities such as the Office of the Securities and Exchange Commission, the Anti-Money Laundering Office, the Revenue Department, the Office of the Insurance Commission, the court and the auditors.
Rights of Customers relating to Personal Data
The Company recognizes your rights which your rights referred to herein are the legal rights to Personal Data Protection that Customers should know as follows:
- Right to Withdraw Consent
You have the right to withdraw consents given to the Company to collect, use or disclose your Personal Data whenever you wish to, if the Company has no other legitimate right to collect, use or disclose such data, it shall erase/delete the Personal Data.
- Right to Access
You have the right to know and request for copies of your Personal Data which are under the responsibility of the Company or request the Company to disclose the source of information that you have not given consent.
- Right to Rectification
You have the right to request the Company to amend the information to be up-to-date, complete and not misleading.
- Right to Data Portability
You have the right to request for the information relating to yourself from the Company in case the Company has prepared such information in the format that can be read or used generally by using office tools or devices automatically and can be used or disclosed automatically as well as:
- Having the right to request the Company to send or transfer data in such formats to other Data Controllers when it can be done automatically; or
- Requesting to receive the data that the Company has sent or transferred in such formats to other Data Controllers directly unless it is not possible due to technical limitation.
- Right to Erasure or Right to be Forgotten
You have the right to request the Company to erase/delete or destroy or make the Personal Data be a Data that cannot be identified as you, for the following cases:
- Such Personal Data is no longer necessary for the purpose of collecting or data processing of Personal Data.
- The Personal Data Owner has withdrawn the consent for the processing of Personal Data and the Company has no legal right to process such data.
- The Personal Data Owner objects to the processing of Personal Data for direct marketing purposes.
- The processing of Personal Data is illegal.
- The Personal Data Owner objects to data processing (other than relating to the processing of Personal Data for direct marketing purposes) and the Company cannot claim that such data processing is rightful.
- Right to Restriction of Processing
You have the right to restrict the processing of your Personal Data under the following conditions:
- The data processing is no longer necessary but the keeping of Personal Data is still required for legal claims.
- The processing of Personal Data is illegal but the Personal Data Owners wish to restrict the data processing instead of erasing or destroying their Personal Data.
- When it is during the process of checking the accuracy of Personal Data as requested by you.
- When the Company is in the process of proving that its legitimate interest is more important.
- Right to Object
You have the right object the collection, use or disclosure their information for the following cases:
- In case it is a collection, use or disclosure of Personal Data for direct marketing purposes.
- In case it is a collection, use or disclosure of Personal Data for the purpose of scientific, historical or statistic research except it is necessary for accomplishing public interest tasks of the Company.
- In case it is a collection of information due to necessity for public interest of the Company or necessity for legitimate interest of the Company except if the Company can show more importance of legitimate interest or it is for establishing legal claim, complying with or using legal claim or raising of legal rights under applicable laws.
- Right to Lodge a Complaint
You have the right to file complaints to the relevant government authorities in case the Company, employees or contractors of the Company have violated or have not complied with the Personal Data Protection Act.
- Right to Withdraw Consent
Period for keeping Personal Data
In the case you have ended a business relationship with the Company, the Company shall keep your Personal Data in accordance with the requirement of law and the different policies/ handbooks for keeping, destroying various documents of the Company. For example, the Anti-Money Laundering Act stipulates that such documents shall be kept for at least 10 years from the date the relationship has ended and when the time is due, the Company shall destroy such Personal Data.
Amendments to the Privacy Notice
The Company reserves the right to amend the Privacy Notice without prior notice which it shall announce on its website www.bblam.co.th.
Contacting the Company
Should you wish to contact or has inquiry or need additional information on the collection, use or disclosure of Personal Date, please contact the Company through the following channels:
- Contact Center at tel. 02-674-6488 press 388
- Data Protection Officer at e-mail: DPO@bblam.co.th
- The Company’s website:www.bblam.co.th
- In case you wish to you exercise your rights in accordance with the Personal Data Protection Act B.E. 2562 you can contact through the Company’s website: www.bblam.co.th
Updated 31 May 2022