Privacy Notice for Customer and Third Parties

Muangthai Capital Public Company Limited and the subsidiaries (the “Company”) are well aware of your privacy rights and responsibilities regarding collecting, using, disclosing (“processing”) personal data of the person concerned. The Company adheres to the value that the trust and confidence you place in both customers and third parties (“you”) is one of the most important things. The Company is therefore committed to providing accurate and appropriate processing of personal information according to The Personal Data Protection Act B.E.2562 (2019) (“Personal Data Protection Act”). The Company has prepared this Personal Data Protection Notification to explain how the Company treats personal data such as collecting, compiling, storing, using, disclosing, including your various rights so that you are aware of the Company’s personal data protection approaches.

1. Personal Data Collected by the Company

   The Company processes personal data (including sensitive data as specified in Section 26 of the Personal Data Protection Act) as determined by the Personal Data Protection Committee (“Committee”). The types of data specified below are only the Company’s general framework for collecting personal information as follows:

General Personal Data	This includes identifying information such as title, name, surname, middle name, nickname, handwriting, nationality, etc. obtained from official documents or user-provided information.
Characteristics Data	Details about the user, such as date of birth, gender, height, age, marital status, photographs, loan application information, information of bankrupt, etc.
Contact Information	Information for communication purposes, such as home phone number, mobile phone number, fax number, email address, postal address, social media usernames (e.g., Line ID, Facebook, WhatsApp), accommodation location on maps, etc.
Employment History and Data	Type of employment, occupation, rank, position, duration of employment, personal reference information, salary, company name, duration of employment, department details, job description, work address, etc.
Personal Property Data	Information about the user’s property, such as vehicle registration, motorcycle registration, vehicle manual book, boat registration, land title deed, condominium ownership certificate, usufruct certificate (Nor Sor 3), etc.
Financial Information	Income, source of income, salary, bank account number, deposit amount, financial history, deposit account transaction details, loan information, investment details, transaction information, utility payment records, asset lists, user’s ability to obtain and manage credit, etc.
Details about products and/or services previously purchased from the Company	Credit customer history, payment history, insurance brokerage service usage history, etc.
Verification Data	Information related to identity verification processes, such as Know Your Customer (KYC) data, Customer Due Diligence (CDD) data, verification data, risk-leveling data for anti-money laundering, and combating the financing of terrorism, etc.

If you provide personal information about another person, such as information about your spouse, information about family members, information about children, guardians, and dependents, information about the guarantor, information about beneficiaries or you request the Company to disclose personal information of another person to a third party, you are responsible for informing the details according to this Notification to such persons as well as asking for consent from that person.

The Company will not collect sensitive personal information of the data subject including genetic characteristics, sexual behavior, or information possibly harmful, discredit or may cause feelings of unfair discrimination or inequality to any person unless the Company has received your express consent or store such information under the personal data processing base prescribed by law.

2. How to obtain and store your personal information

The Company will collect your personal information as necessary and on the basis required by law as follows:

1. When you express your intention to enter into or make a loan contract including products and services related to finance and investment of the Company or when you access or use the website or application and/or services online, on your mobile device or by phone or other services of the Company.
2. When you submit documents and a set of loan contracts in order to enter into a loan contract with the Company or when you provide information while considering entering into a loan contract for various products or services of the Company.
3. When you communicate by letter or speech through websites, applications, online social media, telephone, email, direct encounters, interviews, SMS, fax, mail, or any other means with personnel, customer service representatives, contractors, suppliers, service providers, delegates, representatives, or other individuals or entities related to the company (“Company Personnel and Suppliers”).
4. When you give consent to provide personal data to the Company to participate in marketing activities, contests, raffles, events, or presentations of products by the Company, suppliers, or affiliated companies.
5. When the Company receives personal data from sources apart from yourself, including but not limited to obtaining information from public sources, private data sources, or commercial data sources, websites, online social media, data providers, associations, or business associations related to products you have contracted or used, complaints about products and services of the Company.
6. When the Company receives personal data from sources apart from yourself for the purpose of complying with the law and for other supervisory purposes, as well as for other purposes permitted by law, such as the Company may receive personal data of data subjects from the Bank of Thailand or the Office of the Consumer Protection Board.

3. Purposes and Legal Basis for Processing Personal Data

The Company collects and processes personal data in a lawful and fair manner for the benefit of using your services and for any other purposes as specified in this Notification. The purposes outlined below are merely general frameworks for the Company’s use of personal data.

Contractual Rights and Obligations	– Consideration and approval of various products and/or services such as loan applications, insurance policies, payments, or any other assets. – Execution of tasks related to the provision of various products and/or services such as processing, contacting, notifying, handling complaints, outsourcing to external service providers, transferring rights and/or duties, debt notification, or renewal of products and/or services. – Verification and authentication of your identity. – Implementation of Company’s procedures to achieve the objectives of the contract. – Pre-contract and ongoing background checks, with possible checks during the contract period for establishment, use, dispute, or enforcement of the Company’s rights. – Communication and conduct of the Company’s business throughout the duration of the Company’s legal relationship.
Compliance with Law	– Compliance with legal orders from authorities with legal authority. – Compliance with laws under the supervision of the Bank of Thailand, securities laws, insurance laws, tax laws, anti-money laundering laws, laws on preventing and combating the financing of terrorism and proliferation of weapons of mass destruction, bankruptcy laws, and other laws that the Company is required to comply with, both domestically and internationally, including regulations issued pursuant to those laws.
Legal Benefits	– Maintaining relationships with you, such as handling complaints, assessing satisfaction, taking care of you by the Company’s employees, notifying or presenting products and/or services similar to those you have with the Company which are beneficial to you. – Preventing, addressing, and reducing the risk of fraudulent activities, defaults on debts or contracts, and various legal violations, including disclosing personal information to elevate the Company’s operational standards within the same business group or related businesses to prevent, address, and reduce risks. – Risk management, regulatory compliance, and internal organizational management.
Consent	– To ensure that you receive products and/or services that meet your needs and are of high quality. – To provide you with special offers, benefits, recommendations, and various information, including the right to participate in special activities.

In the event that the Company needs to collect personal information, if you refuse to provide personal information or object to the processing of personal data for the aforementioned purposes, it may result in the Company being unable to fully or partially carry out the services requested by you.

4. Disclosure of Your Personal Data

Affiliated Companies	The Company may need to disclose your personal data to affiliated companies to optimize service delivery, including various benefits to you.
Business Partners	The Company may disclose your personal data to individuals or legal entities that participate in presenting or developing products and/or services to customers or potential future customers, such as insurance companies, payment service providers, analytics providers, research agencies, marketing and advertising agencies, and sales promotion service providers.
Service Providers	The Company may engage other companies as service providers or business support providers, such as outsourcing companies, contractors, or subcontractors, which may require the Company to disclose your personal data to these service providers or business support providers for various business purposes, including providing services to customers such as service providers for creating websites, applications, Cloud service providers, software providers, various networks, etc.
Professional Consultants	The Company may disclose your information to professional consultants, such as IT consultants, auditors, legal advisors, and tax service providers, to support the Company’s business operation.
Government agencies and other agencies that must disclose personal information for legal or essential purposes	The Company may disclose your personal data to government agencies with legal authority and regulatory responsibilities, such as tax authorities, labor and social security authorities, and other relevant laws and regulations, both domestically and internationally, including regulations issued pursuant to such laws.
Third parties who are the assignee, transferee, or transferee under the new debt conversion agreement	The Company may transfer rights, transfer, or enter into novation agreements to transfer rights and obligations of the Company to third parties. In accordance with the terms and conditions of the agreements between you and the Company, the Company may disclose or transfer your personal information to the assignee, transferee, or transferee under the new debt conversion agreement.

5.Transmission or Transfer of Personal Data Abroad (if applicable)

    The Company may need to transmit or transfer personal data to affiliated companies or businesses in other countries or to other data recipients as part of normal business operations. For example, sending or transferring personal data to be stored on servers or cloud in various countries. The Company will ensure that the transmission or transfer of personal data complies with applicable laws and will implement necessary and appropriate data protection measures in accordance with standards.

6. Duration of Personal Data Retention

    The Company will retain personal data for as long as necessary and reasonable to achieve the purposes stated in this Notification. We will retain your personal data for no more than 10 years from the end of the relationship or last contact with us. If legal proceedings or other necessities arise, personal data may be retained until the conclusion of such proceedings. This includes the possible timeframes for filing appeals and/or legislation. Afterward, the Company will have procedures in place to delete, destroy, or anonymize your personal data in accordance with applicable law.

7. Personal Data Security Measures

    As the Company recognizes the importance of maintaining the security of your personal data, we implement appropriate security measures to safeguard the confidentiality of personal data to prevent loss, unauthorized access, destruction, use, alteration, or disclosure of personal data without legal authorization or consent.

8. Your rights are as follows

1. Right to Withdraw Consent: You have the right to withdraw consent that you have previously given for the processing of your personal data. However, withdrawing consent does not affect the legality of any processing performed before the withdrawal.
2. Right to Object to Data Processing: You have the right to object to data processing by relying on legal grounds other than consent.
3. Right to Notification: You have the right to be notified about the processing of your personal data, including disclosures related to data processing. The Company will provide you with copies of such information upon request.
4. Right to Rectify Information: You have the right to confirm the accuracy of your personal data and request corrections to ensure its accuracy and currency. You also have the right to suspend the processing of your personal data.
5. Right to Suspend Data Processing: In such cases, the Company will not process your data beyond storage.
6. Right to Request Deletion or Destruction of Personal Data: You have the right to request the deletion of your personal data from the Company’s records.
7. Right to Receive and Transfer Data: You have the right to receive your personal data in a readable or usable format and request the Company to send or transfer such data to other data controllers. This right can be exercised if your personal data has been processed automatically based on consent, contract, or pre-contractual measures.
8. Right to Lodge a Complaint: You have the right to lodge a complaint with relevant authority if you believe that the collection, use, or disclosure of your personal data violates applicable laws.
9. Right to Access, Copy, or Disclose Data: You have the right to access, request copies, or disclose your personal data, including requesting disclosure of the sources of your personal data.

The Company will adhere to your rights when requested through appropriate channels such as branches, websites, email, and telephone. However, we reserve the right to not act upon your request if it is deemed appropriate and in accordance with the regulations. The Company may also charge reasonable fees for processing such requests.

9. Changes to the Personal Data Protection Notification

     The Company reserves the right to amend, supplement, modify, update, or change this Notification as permitted by law to comply with legal requirements, changes in service provision, company operations, and feedback or suggestions from data subjects. The Company will announce any changes to this Notification if the modifications are material before implementing them. Direct notification will be provided to data subjects through any appropriate means.

10.Contact for Inquiries or Exercising Rights

If you have any suggestions or inquiries regarding the details of data collection, usage, disclosure, or if you wish to exercise your rights under this Notification, you can contact the Company and/or the Data Protection Officer through the following channels:

1. Contact the customer service center: 02-483-8888
2. Contact the Data Protection Office (DPO) via email: [email protected]
3. Contact the Head Office: Muangthai Capital Public Company Limited
   No.332/1 Jaransanitwong Road, Bangplad Sub-district,
   Bangplad District, Bangkok 10700