Customer Privacy Policy

TMBThanachart Bank Public Company Limited (the “Bank”) realizes about the importance of personal data protection of our customers (“the Customer”) as (1) a person who has contacted to the Bank whether you are existing customer, former customer or to-be customer in the future (“prospect customer”) or (2) employees, personnel, officers, lawful representatives, shareholders, directors, contact persons, agents or natural persons related to the juristic person.

Therefore, the Bank provides advanced personal data security measures and strict operating procedures to ensure the security of your personal data from unauthorized access, use, alteration or disclosure or unlawful or with dishonest intent that may cause damage, change or loss of personal data in accordance with the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act"), relevant laws and regulations.

Objectives of privacy policy

This privacy policy is made to inform you, as a data subject, about what personal data the Bank collect, what purposes to process, collect, use and disclose your personal data and whom the Bank discloses your personal data to including but not limited to the transfer of your personal data abroad by showing details of collecting, using and disclosing personal data as well as demonstrating transparently on data subject rights under applicable laws.

The Bank may review, or amend/update this policy from time to time in compliance with applicable laws and/or subordinate legislation, regulations, announcement of any government authority which will be newly issued. If there is any amendment on this privacy policy, the Bank will publish the updated version as soon as possible to be up-to-date and in accordance with the new legislation on the Bank’s website at https://www.ttbbank.com/th/policy/privacy.

Personal data that the Bank collects, uses and discloses

“Personal data” under applicable law means any data of an individual person which can identify yourself whether directly or indirectly (except for the deceased) even though the Bank has received it from you directly or obtained from any reliable sources such as Department of Business Development (DBD) under Ministry of Commerce, Department of Provincial Administration under Ministry of Interior, Department of Consular Affairs under Ministry of Foreign Affairs, National Credit Bureau , Legal Execution Department, including but not limited to financial institutions and companies in the Bank’s financial group, business partners and financial advisors, etc.

In the event that you have provided the Bank the personal data of another person in connection with the Bank's transactions or in any other circumstance, the Bank asks you to inform such person of the details of the collection, use and disclosure including his/her right in accordance with this privacy policy.

Personal data of the Customer that is collected by, used by and/or disclosed by the Bank is general personal data and sensitive data Hereinafter collectively referred to as “Information” with the following details:

General personal data

  • Identification Information such as first name - last name, identification card number, passport number, birth date, address, e-mail address, telephone number etc.
  • Transaction Information with the Bank such as account number for deposits/investment fund, credit card number, debit card number, statement of credit/debit account etc.
  • Financial Information such as income, expense, deposit amount in your account opened with the Bank, history of credit information with the Bank or repayment records, or information from the Legal Execution Department’s database, etc.
  • Marital Status such as single, or married etc.
  • Online Behavior Information from surfing internet, such as website browsing to search for the Bank’s products, Cookies, or any connection to search engines, etc.
  • Audio/Visual Information when the customer contacts the Bank’s office or conduct transaction via video call or via ttb contact center at 1428 or +66 2241 1428 for customers in abroad

Sensitive personal data

Sensitive Data means personal data that is private to you such as race, religion, politic opinion, criminal record, labor union, disability record, genetic information, health record, credit information, biometric information used for verification purpose i.e. fingerprint, facial recognition, iris scan, or voice recognition etc.

The Bank may collect your personal data as follows:


เลื่อนเพื่อดูรายละเอียด

Identifiable information or status Contact information Products information and others
  • First name, last name in Thai
  • First name, last name in English
  • National ID number/Passport number/ driving license number (as the case maybe)
  • Date of birth
  • Occupation
  • Gender
  • Marital status
  • Number of children
  • Education
  • Employer name
  • Salary
  • Registered address
  • Contact address
  • Company address
  • Personal email
  • Company email
  • Mobile phone
  • Home phone number
  • Company phone number
  • Products and services with the Bank
  • Pictures or animation pictures recorded by CCTV or by camera at lobby to exchange access card following risk prevention measures

Purposes and rights that the Bank can collects, uses and discloses personal data

The Bank processes your personal data for the following purposes:
  1. Contractual basis between the Customer and the Bank
    • To use products and/or services of the Bank by the Customer such as opening accounts, loan application, using various service via mobile application or internet banking, etc.
    • To comply with the Bank’s internal processes when the Customer would like to open an account or have transactions with the Bank, the Bank shall verify whether the Customer is the real account owner or not as well as the address and/or telephone number the Bank use to contact the Customer.
    • To delivery products and/or services to the Customer including any operations of the Bank which, if not performed, will affect the Bank's services or will not be able to provide the customer with fair and continuous service.
    • To have collateral insurance or life insurance of the Customer whereby the Bank is identified as the beneficiary or debtor’s portfolio insurance such as requesting for a guarantor from the Thai Credit Guarantee Corporation for Small-Medium Entrepreneur (SME) customers, or applying default risk insurance with EXIM Bank etc.
    • To sell loan portfolio to a third party such as transferring non-performing loan to an asset management company etc.
    • To send or receive documents between the Customer and the Bank.
    • To perform collection process as per defined in a credit facilities agreement with the Bank.
  2. Legal obligation
    • To prevent and detect any irregular transactions which lead to unlawful activity such as money laundering, terrorisms, fraud, reporting the Customer’s information to the Revenue Department etc.
    • To report personal data to government authorities such as the Bank of Thailand (BOT), the Anti-Money Laundering Office (AML) or the Revenue Department (RD) or when receiving summons, precept of attachment warrants or execution warrants from government agencies or courts or competent officials with legal authority, etc.
  3. Legitimate interest of the Bank
    • To prevent, oppose, reduce the risk of fraud, cybersecurity, law violation (such as money laundering, financial support for terrorism and the proliferation of weapons of mass destruction, any offenses that damage property/life/body/freedom/reputation), which includes disclosing personal data in order to lift up the organizational operating standards in the financial group to prevent and mitigate the mentioned risks.
    • To record CCTV of the Customer transaction activities with the Bank’s head offices or at the branches for security purpose in the Bank’s property.
    • To manage risks/auditing/ internal management including personal data disclosure to subsidiaries in the same financial group but not cover cross-border data transfer to other countries outside Thailand.
    • To verify the Customer’s identity when applying for the service and doing transactions with the Bank and use it as the Customer’s electronic signature when transacting via digital channels at the Bank's branches or via internet banking including mobile application.
    • To propose the similar products matching with the Customer’s needs and/or conduct marketing research for product development or maintain the Customer relationship like complaint handling, etc.
    • To collection, use and/or disclosure of personal data of authorized person who act on behalf of a juristic customer

    • However, if the Customer does not provide your personal data to the Bank, it may affect to the Customer and the Bank in the case that both parties must perform any duty according to agreement or legal obligation relating to any transaction. In addition, the Customer may not get an offer for any product and/or service that suitable with your needs. This may also cause some damages, opportunity loss and may subject to penalty under applicable laws.

Disclosure of personal data and reasons

The Bank will not disclose your personal data to anyone except the Bank's financial group or the Bank received your consent or that processing activities are prescribed in term and condition of agreement or in compliance with the applicable law or order of regulatory authorities, governmental authorities or any related regulatory authorities. However, the Bank will disclose your personal data to the following persons:

  • The Bank’s financial group are TMBThanachart Broker Company Limited and Phaholyothin Asset Management Company Limited.
  • Service providers both in Thailand and in foreign country, such as IT system development companies, marketing agencies, researchers, cloud services provider, collection companies, etc.
  • Other financial institutions both in Thailand and in foreign country, such as correspondent banks that provide payment systems for your transactions, etc.
  • Insurance companies and life insurance companies are Thanachart Insurance Public Company Limited, Prudential Life Assurance (Thailand) Public Company Limited and Cigna Insurance Public Company Limited.
  • Asset Management Company: Thanachart Asset Management Company Limited
  • Entity that buys your debt from the Bank, such as an asset management company, etc.
  • Government sectors and regulators as Bank of Thailand (BOT), Anti-Money Laundering Office (AML), Revenue Department, Office of Insurance Commission (OIC), Office Securities and Exchange Commission (SEC), courts, police, or any other government agency that has a summons, attachment or execution warrants for the Bank to submit your personal data or deliver assets such as the Legal Execution Department, etc.
  • Auditor, external auditor credit rating company credit information company including any juristic person or any person who has a relationship with or has a contract with the Bank. This includes executives, employees, contractors, agents, consultants of the Bank and/or the organization receiving such personal data.

Data protection measures of the Bank

The Bank has set policies, guidelines and minimum standards for your personal data management covering administrative safeguard, technical safeguard, and physical safeguard to implement proper measure for personal data processing activities properly and data breach prevention, for instance, IT Security Standard or Data Confidentiality Policy, etc.

The Bank has updated the policies, operating procedures and minimum standards on a regular basis in line with relevant laws. Besides, the Bank also requires the Bank’s employees, outsources and service providers to maintain the confidentiality of your personal data in accordance with the agreements signed with the Bank.

In the event that the Bank need to send or transfer your personal data to any foreign country where the destination country has a lower standard of personal data protection than Thailand, the Bank shall take measures as it deems necessary, at least in accordance with the data protection standards required by the respective country's laws, such as having a data protection agreement with such party..

Rights of data subject

As you are the owner of personal data, you have the right to request the Bank to act based upon your request and realize that you can exercise your rights on your personal data which you have provided directly to the Bank or from any agent or authorized persons you have appointed to legally act on your behalf. However, it does not cover any information the Bank has produced for internal business operations use within the Bank and its financial group as required by laws as well as risk preventive action toward the Bank’s asset, personnel and the Bank’s reputation, etc.

In the event that you are not over 20 years of age or are limited in the ability to do legal acts, you can request to exercise your right by your father and mother or the authorized persons to act on your behalf.

  • Right to withdraw consent

    You have the right to withdraw your consent with the Bank that collects, uses and discloses your personal data at any time unless there is a legal limitation or it states in the agreement that benefits you. The withdrawal of consent will not affect the use of the products or services you have or any of your benefits as prescribed in the agreement.

  • Right to access information

    You have the right to know and obtain a copy of your consent for the collection, use and disclosure of personal data and the latest version of your consent for marketing purposes provided to the Bank including but not limited to the personal data the Bank obtained from other sources.

  • Right to data portability

    You have the right to obtain information about you from the Bank in PDF (standard) format, which will be delivered to you directly by the Bank via the channel you have provided to the Bank.

  • Right to object for direct marketing

    You have the right to object to the collection, use and disclosure of personal data for direct marketing through specific channel such as email, SMS or letter to sell the products and services of the Bank and its financial group including the Bank’s business partners.

  • Right to be forgotten or erasure

    You have the right to ask the Bank to delete or destroy or make personal data to be non-identifiable information. In the event that personal data is no longer necessary for retention in accordance with legal regulations and the Bank's policy or when personal data has been unlawfully collected, used and disclosed.

  • Right to restriction of data processing

    You have the right to request the Bank to suspend the use of personal data. In the event that the Bank is in the process of reviewing your request or you change your mind to ask the Bank to suspend the use of personal data instead of deleting it from the Bank's storage after data retention period is expired for the establishment of legal rights, exercise of statutory claims or litigation of statutory claims.

  • Right to rectification

    You have the right to ask the Bank to rectify the information so that the data is accurate, up-to-date, complete and does not cause misunderstanding.

  • Right to complain

    You have the right to file a complaint to the committee specialists in the event of the Bank or data processors including employees or contractors of the Bank violate or not comply with the data protection law including but not limited to the secondary laws, ministerial regulations or any regulation issued under such laws.

    Nevertheless, the Bank has the right to refuse your request if such request is contrary to law or court order, or affecting the rights and liberties of other people, or it is a request that does not specify a valid reason, or the Bank has technical limitations that cannot process your request. The Bank is obliged to notify you in writing with the reason for the refusal.

Your duties as a data subject

To allow the Bank to provide services to you continually in accordance with the contractual obligations between you and the Bank, legal obligation by the Bank defined by law and regulators to govern the financial institutions’ operations that specifies the responsibilities between you and the Bank, you are responsible for providing the true, complete, accurate and up-to-date information which meets the criteria for checking the facts about you (Customer Due Diligence)

Data retention period

The Bank will store your personal data as required by law only. It has been documented as a policy and operating procedures regarding data archrival and data destruction and strictly comply with data security measures.

Using personal data for its original purpose

The Bank has the right to collect, use and disclose your personal data that the Bank has collected prior to the date of the Personal Data Protection Act shall full enforcement on 1 June 2022 according to the original purpose that you have given consent to the Bank.

If you do not want the Bank to collect, use and disclose your personal data anymore and that request is not against any law and not infringe on the privacy rights of others, you can request the Bank to withdraw your consent via the Bank’s channels at any time.

Contact the Bank

As a data subject, you can contact the Bank to exercise your rights prescribed in PDPA via the following channels:

เลื่อนเพื่อดูรายละเอียด

Data Subject Rights Channels
Branch Contact Center ttb website DPO email
1. Right to withdraw consent - -
2. Right to object direct marketing - -
3. Right to complain - -
4. Right to rectification - -
5. Right to access and get copy (fill-in request form) * -
6. Right to data portability (fill-in request form) * -
7. Right to be forgotten when data retention is expired as required by law (fill-in request form) * -
8. Right to restriction of data processing temporarily (fill-in request form) * -

Remark: To exercise the rights under in item 5-8, you must complete the form and submit to DPO at dpo@ttbbank.com. or send a letter to Personal Data Protection Officer (DPO), TMBThanachart Bank Public Company Limited, 3000, Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900 to consider the exercise of such right.

For any complaint that are not related to Personal Data Protection Act, such as reporting problems about ttb application bugs, unpleasant manners of the Bank staff, interest rates, or asking for loan application status, you can contact ttb contact center 1428 (+66 2241 1428 for customers in abroad) and ttb branches nationwide at your convenient location or email ttbcontactcenter@ttbbank.com and ttbcustomercare@ttbbank.com. (if it is a complaint)

Version [November 2021]