Muangthai Capital Public Company Limited Personal Data Protection Policy

    Muangthai Capital Public Company Limited together with its affiliates (the “Company”) is aware of the significance of personal data protection. The company, therefore, issues this privacy policy (the “Policy”) to notify the users (“You”) how the company collects, protects, uses, and discloses (“Process”) your personal data and how to exercise your rights in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”).

1. Personal data collected by the company

    1.1. Personal details e.g., name title, name, surname, date of birth, age, identification card number, career, work address, salary, signature, political status, etc.
    1.2. Contact details e.g., home address and location, telephone number, e-mail address, Line ID, title deed number, etc.
    1.3. Transaction and financial d e.g., salary, etc.
    1.4. Other information you provide for the company.
    The company will not collect your sensitive personal data such as genetic data, sexual orientation, or other information that may cause severe effects, defamation, or unfair treatment against you unless the collection is done on a lawful basis.

2. Objectives of the process

    The company will process your personal data under a lawful basis and principle of fairness in order for you to receive benefits from the company's products and services, for the company to comply with laws and regulations, and for achieving the policy’s objectives as stated below.
    2.1. For your benefit in using the company's products and services that meet your own purpose under the contract with the company and to comply with your request prior to using the company's products and services. For example, to approve loan contracts and insurance contracts, contact, and complaints.
    2.2. For the company to comply with the related laws and regulations, and the competent authority’s order; for instance, the Bank of Thailand’s regulations, Anti-money Laundering Law, Counter-terrorism and Proliferation of Weapon of Mass Destruction Financing Law, and other applicable Thai and international laws as well as rules and regulations issuing pursuant to such laws.
    2.3. For the legitimate interest of the company, or other individuals and juristic persons, which are within your reasonable expectations such as call center and CCTV recordings, complaint handling, satisfaction survey, and risk management.
    2.4. For your ultimate benefits in using the company’s products and services according to your prior consent; for instance, for more suitable products and better service.
    2.5. For the company to develop and improve the products and services’ quality.
    2.6. For complying with laws, regulations, orders related to the court proceeding.
    2.7. For conducting historical research for a public interest, and for statistic research and study that assigned to the company.

3. Outsiders whom the company discloses information to

    3.1. Third-party, outsource, and entity e.g., the company's affiliates, data processor, business partner, related third party and outsource as well as the company’s executives, staffs, employers, contractors, agents, consultants, etc.
    3.2. Competent authority e.g., government officials, competent commissions, etc.
    In the event of disclosing your personal data for marketing purposes, the company will provide you with the data receiver's list so that you can decide whether to give consent or not. Note that this marketing consent will not take any effects against you from receiving benefits from the company's products and services.

4. Cross-border transfer

    The company may find it necessary to transfer your personal data to its affiliates or other data receivers located in foreign countries (the “Receiving country”) for the purpose of business continuity like transferring personal data to save in receiving country's server or cloud. In the situation that the receiving country does not have enough standards in protecting personal data, the company will make sure that the transfer complies with the law will issue the protection measure to ensure confidentiality such as entering into a non-disclosure agreement with the receiving country.

5. Data retention

    The company will retain your personal data for as long as necessary in connection with the objective of this policy unless the law requires or permits a longer retention period. The longer retention period includes the period during the court of appeal or supreme court proceedings. After this, your personal data will be erased, destroyed, or anonymized when it is no longer necessary or when the period lapses.

6. Protection of personal data

    6.1. The company will implement reasonable security measures protecting in accordance with the principle of confidentiality to prevent lost, unauthorized or unlawful access, destruction, use, alteration, or disclosure including administrative safeguard and the company's technical safeguard.
    6.2. The company will appoint the data protection officer (“DPO”), whose role is to provide advice, monitor, coordinate, ensure confidential and securing measures when the company processes your personal data.
    6.3. In the event of a data breach, the company will notify the Office of the Personal Data Protection Commission (“PDPC”) within 72 hours after having become aware of it. If the breach contains a high risk of affecting your right and freedom, the company will notify you of such breach and remedies, without undue delay.

7. Your rights as a data subject

    7.1. Withdrawal of consent. You have the right to withdraw your consent given prior to the process unless it is restricted by laws or you are still under a beneficial contract.
    7.2. Objection. You have the right to object to processing your personal data. You can exercise this right by relying on another lawful basis except for a consent basis.
    7.3. Data access. You have the right to access your personal data that is under the company’s responsibility and to request the company makes a copy of such data,
    7.4. Data rectification. You have the right to rectify your personal data to be updated, completed, and not misleading.
    7.5. Processing suspension. You have the right to suspend the company from processing your personal data. In this case, the company will not process your personal data apart from storing it.
    7.6. Data erasure or destruction. You have the right to request the company to erase and destruct your personal data that is under the company’s responsibility.
    7.7. Data portability. You have the right to obtain your personal data if the company organizes your personal data in automatic machine-readable or usable format and can be processed or disclosed by automatic means. As well as the right to request the company to send or transfer your personal data in such format directly to other data controllers if doable by automatic means, based on consent, and contract basis.
    7.8. Complaint lodging. You have the right to complain to the competent authority pursuant to relevant if you believe that the collection, use, or disclose of your personal data is violating or against the relevant laws.

8. Cookies policy

Cookies are text files stored in your computer’s hard drive through your webpage server and cannot be used to launch the program or transfer a virus to your computer. Cookies, moreover, can only be read by the domain's web server installing cookies on your computer. The company may use cookies to collect, store, and track your personal data for the purpose of statistics, develop and improve the company's website and service. In this case, you can choose whether to accept or reject such cookies by making changes via browser settings.

9. Contact information

    - Call center at 02-4838888
Location: Muangthai Capital Public Company Limited Charan-sanitwong Road, Bangplad, Bangplad, Bangkok 10700
    - DPO
E-mail: dpo@muangthaicap.com
Location: Muangthai Capital Public Company Limited Charan-sanitwong Road, Bangplad, Bangplad, Bangkok 10700