external-popup-close

คุณกำลังจะออกจากเว็บไซต์
ttbbank.com ไปยังเว็บไซต์อื่น

ตกลง

Customer Privacy Policy

TMBThanachart Bank Public Company Limited (the “Bank”) realizes about the importance of the security of your personal data as (1) you are a person who has used the Bank’s products and services whether you are existing customer, former customer or to-be customer (“prospect customer”) or (2) a person apart from the definition including in (1) but not limited to employees, candidates, staff, officer, legal representative, contact persons, service providers, visitors, guest, representative, shareholders, directors, or authorized persons acting on behalf of their organization. Therefore, the Bank provides advanced personal data security measures and strict operating procedures to ensure that the security of your personal data is in place to prevent unauthorized access, misuse, unlawful process with dishonest intent that may cause damage, change or loss of personal data in accordance with the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act"), relevant laws and regulations.

Customer Privacy Policy

“Personal data” under applicable law means any data of an individual person which can identify yourself whether directly or indirectly (except for the deceased) that the Bank has received it from you directly or obtained from any reliable sources, such as Department of Business Development (DBD) under Ministry of Commerce, Department of Provincial Administration under Ministry of Interior, Department of Consular Affairs under Ministry of Foreign Affairs, Legal Execution Department under Ministry of Justice, National Credit Bureau, including but not limited to financial institutions and companies in ttb financial group, business partners and financial advisors, etc.

In the event that you have provided the Bank the personal data of another person in connection with the Bank's transactions or in any other circumstance, you are liable to inform such person of the details of data collection, use and disclosure including his/her right in accordance with this privacy policy.

Data Subject Definition

  1. Major means a person aged 20 years and over, or a person who has been married from 17 years or older, or a person who has been married before the age of 17 years which was allowed marriage with judicial approval
  2. Minor means a person who is under 20 years of age and is not married according to clause 1. In this regard, consent must be obtained from the parental authority of the minor.
  3. A quasi-incompetent person means a person who is physically handicapped or has a mental disorder (but not a person of unsound mind) or regularly behave uneconomical or addicted to drugs or for other similar reasons making it impossible to arrange the work by themselves or arrange business in a way that may damage their own or family's assets and the court ordered to be a quasi-incompetent person. In giving consent, the consent of the kindergartener who has the power to act on behalf of the quasi-incompetent person must be obtained.
  4. Incompetent person means a person who is incompetent because insanity until unable to manage his own business. and the court ordered to be incompetent. In giving consent must be consented by the kindergartener who has the power to act on behalf of the incompetent

There are two kinds of personal data that the Bank collects, uses and discloses customer’s data; general personal data and sensitive data hereinafter referred to “data” with the following details:

General personal data

  • Identification Information such as first name, last name, identification card number, passport number, birth date, address, email address, telephone number etc.
  • Transactional Information with the Bank such as account number for deposits/investment fund, credit card number, debit card number, statement of credit/debit account etc.
  • Financial Information such as income, expense, deposit amount in your account opened with the Bank, credit history or repayment records, or information from the Legal Execution Department’s database, etc.
  • Marital Status such as single, or married etc.
  • Asset information such as title deed or car registration etc.
  • Online Behavior Information from surfing internet, such as website browsing to search for the Bank’s products, Cookies, or any connection to search engines, etc.
  • Audio and Visual Information when the customer contacts the Bank or conduct transaction via video call or via ttb contact center at 1428 or +66 2241 1428 for customers in abroad.

Sensitive personal data

Sensitive Data means any personal data that considered as a private information that may cause unfair treatment such as race, religion, politic opinion, criminal record, labor union, disability record, genetic information, health record, credit information, biometric information used for verification purpose i.e. fingerprint, facial recognition, iris scan, or voice recognition etc.

The Bank may collect your personal data including but not limited to the personal data as follows:


Slide for more information.

Identifiable information or status Contact information Products information and others
  • First name, last name in Thai
  • First name, last name in English
  • National ID number/Passport number/ driving license number (as the case maybe)
  • Date of birth
  • Occupation
  • Gender
  • Marital status
  • Number of children
  • Education
  • Employer name
  • Salary
  • Registered address
  • Contact address
  • Company address
  • Personal email
  • Company email
  • Mobile phone
  • Home phone number
  • Company phone number
  • Products and services with the Bank
  • Pictures or animation pictures recorded by CCTV or by camera at the Bank areas in accordance with risk prevention measures

Lawful basis and data processing purposes

The Bank processes your personal data for the following purposes:
  1. Contractual basis between the Customer and the Bank
    • To use products and/or services of the Bank by the Customer such as opening accounts, loan application, using various service via mobile application or internet banking, etc.
    • To comply with the Bank’s internal processes when the Customer would like to open an account or have transactions with the Bank, the Bank shall verify whether the Customer is the real account owner or not as well as the address and/or telephone number the Bank use to contact the Customer.
    • To delivery products and/or services to the Customer including any operations of the Bank which, if not performed, will affect the Bank's services or will not be able to provide the customer with fair and continuous service.
    • To have collateral insurance or life insurance or personal accident insurance or motor insurance or property insurance of the Customer whereby the Bank is identified as the beneficiary or debtor’s portfolio insurance such as requesting for a guarantor from the Thai Credit Guarantee Corporation for Small-Medium Entrepreneur (SME) customers, or applying default risk insurance with EXIM Bank etc.
    • To sell loan portfolio to a third party such as transferring non-performing loan to an asset management company etc.
    • To send or receive documents between the Customer and the Bank.
    • To perform collection process as per defined in a credit facilities agreement with the Bank.
  2. Legal obligation
    • To prevent and detect any irregular transactions which lead to unlawful activity such as money laundering, terrorisms, fraud, reporting the customer’s information to the Revenue Department etc.
    • To report personal data to government authorities such as the Anti-Money Laundering Office (AML) or the Revenue Department (RD) or when receiving summons, precept of attachment warrants or execution warrants from government agencies or courts or competent officials with legal authority, etc.
    • To apply guidelines of the Bank of Thailand (BOT) and related laws regarding core purposes of personal data processing, for instance, the exercise of financial supervision and examination, reserve management, foreign exchange rate arrangement and control, including monetary policy implementation in their capacity as the nation’s central bank by referring to BOT’s Privacy policy at https://www.bot.or.th/English/Privacypolicy/Pages/default.aspx.
    • To apply the Office of Insurance Commission (OIC)’s guidelines and related laws regarding life and non-life Insurance by referring to OIC’s Privacy policy at https://www.oic.or.th.
  3. Legitimate interest of the Bank
    • To prevent, oppose, reduce the risk of fraud, cybersecurity, law violation (such as money laundering, financial support for terrorism and the proliferation of weapons of mass destruction, any offenses that damage property/life/body/freedom/reputation), which includes disclosing personal data in order to lift up the organizational operating standards in the financial group to prevent and mitigate the mentioned risks.
    • To record CCTV of the Customer transaction activities with the Bank’s Head Offices or at the branches for security purpose in the Bank’s property.
    • To manage risks/auditing/internal management including personal data disclosure to subsidiaries in the same financial group but not cover cross-border data transfer to other countries outside Thailand.
    • To monitor email traffic or surfing internet of the Bank’s employee with you to prevent the disclosure of confidential bank information to third parties.
    • To verify the Customer’s identity when applying for the service and doing transactions with the Bank and use it as the Customer’s electronic signature when transacting via digital channels at the Bank's branches or via internet banking including mobile application.
    • To propose the similar products matching with the Customer’s needs and/or conduct marketing research for product development or maintain the Customer relationship like complaint handling, etc.
    • To collection, use and/or disclosure of personal data of authorized person who act on behalf of a juristic customer
  4. Consent

    In the event that the Bank cannot use contractual basis for collecting personal data or apply legal obligation or legitimate interest for such activity, the Bank may request your consent for the collection, use or disclosure of your personal data in order to provide you with the best benefit that fits with your need. The bank is obliged to clearly state the purpose of collecting your personal data.

    However, giving consent will not affect any benefits that you will receive under the contract. The benefit that you will receive from giving consent is that the Bank can offer products or services that truly meets your needs. However, if you do not give consent to the Bank, the Bank may not be able to offer products or services that meet your needs. In other hands, it might cause losing opportunities of receiving full benefits you deserve.

    The Bank will collect, use and disclose your personal data by taking into account the accuracy and completeness of your personal data.

Personal data Disclosure

The Bank will not disclose your personal data to anyone except to the ttb financial group or to anybody that you gave the permission to the Bank via your consent or that processing activities are prescribed in Term and Condition of agreement (T&C), in compliance with the applicable laws or the order of regulatory authorities, governmental sections or any related regulatory authorities or the Bank’s legitimate interest. However, the Bank will disclose your personal data to the following persons:


Slide for more information.

Type of business of the recipient of personal data from the bank Details
ttb financial group The Bank may disclose your personal data to subsidiaries within the financial group for the specified purposes or according to your consent under this policy (refer to Business Group Structure at https://www.ttbbank.com/en/about-us/corporate-group-structure)
Third parties or service providers/contractors The Bank may hire third parties such as other companies, business partners, subcontractors or service providers to act on behalf of the bank to serve you. For this event, the Bank may disclose your personal data to these parties, for example:
  • IT system development companies,
  • Marketing agencies,
  • Researchers,
  • Cloud services provider,
  • Collection companies,
  • Domestic and international financial transaction service providers
  • Other financial institutions in Thailand and abroad, etc.
Asset management In the event that the Bank has conducted reorganization, debt restructuring, merger, right transfer, liquidation or any other event of the same nature, the Bank may have to disclose your personal data to
  • Business Partner or
  • Interested parties or
  • Asset management companies, etc.
Government sectors and regulators In order to comply with laws and regulations, the Bank is obligated to disclose your personal data to
  • Bank of Thailand (BOT),
  • Anti-Money Laundering Office (AML),
  • Revenue Department,
  • Office of Insurance Commission (OIC),
  • Office Securities and Exchange Commission (SEC),
  • Courts,
  • Police,
  • Legal Execution Department, etc.
Consultant or professional advisors The Bank may disclose your personal data to below parties for banking operations purposes:
  • Auditor
  • External auditors
  • Credit Rating Company
  • Credit Information Company
  • Juristic persons or any person that signed contracts with the Bank including executives, employees, contractors, agents, and consultants that receive personal from the Bank.
Business Partners For your best interest in receiving the best products and services, the Bank may disclose your personal data to
  • Insurance company for non-life and life insurance such as Thanachart Insurance Public Company Limited, Prudential Life Assurance (Thailand) Public Company Limited, Cigna Insurance Public Company Limited.
  • Asset Management companies such as Eastspring Asset Management (Thailand) Company Limited
  • Dealer, tent in the car hire purchase business.
  • Biller, etc.

We use cookies on our website to ensure good website performance, recognize your device, and remember your setting preferences to enhance your website browsing experience.

When you visit our website, cookies with different purposes will be applied based on the categories listed below.

  1. Strictly Necessary Cookies: These cookies are essential for the website to ensure website performance, security and enable website features. Our website or some functions cannot properly operate without these cookies. And the necessary cookies cannot be disabled.
  2. Functional Cookies: These cookies help our website to remember information and your setting preferences to provide more personalized features and facilitate your next visits. Without these cookies, our website may cannot provide smooth experiences and efficient function.
  3. Performance and Analytics Cookies: These cookies collect information about how you use our website such as number of visitors and website browsing behaviors. All information these cookies collect is aggregated and therefore anonymous. We use this type of cookie to understand how you use our website to improve website performance and enhance our services.

In addition, the Bank also would like to use Targeting & Advertising Cookies to gather information about your browsing statistic in order to provide you with the advertisements that may interest you and to offer you the most relevant benefits. You can voluntarily choose to allow our website to collect these cookies by clicking the 'allow us' button. Declining these cookies will not impact your surfing activity on ttb’s website. However, by doing so, you may find the online advertisements you encounter may be less relevant to you.

Employee Privacy Policy

The bank has announced the privacy policy of employees which explains the principle of collection storage, use, disclosure, including the rights of the data subject as follows https://www.ttbbank.com/en/policy/candidate

Data protection measures

The Bank has set policies, guidelines and minimum standards for your personal data management covering administrative safeguard, technical safeguard and physical safeguard to implement proper measures for personal data processing activities and data breach prevention, for instance, IT Security Standard or Data Protection Operating Procedures, etc.

The Bank has updated the policies, operating procedures and minimum standards on a regular basis in line with relevant laws. Besides, the Bank requires the Bank’s employees, outsources and service providers to maintain the confidentiality of your personal data in accordance with the agreements signed with the Bank.

Cross-border personal data transfers

In the event that the Bank has to send or transfer your personal data outside Thailand as part of the banking operations process, for example, sending or transferring personal data to be stored on the platform or on Cloud or servers located in foreign countries, sending or transferring international money transfer transactions (SWIFT) information to other financial institutions located abroad through service providers that act as intermediaries for handling international money transfers, etc. and the Bank realizes that the destination country has a lower data protection standard than the Bank, the Bank will take necessary and appropriate measures to protect personal data in line with confidentiality and security standard including signing agreements with those countries to ensure that your personal data will be protected under personal data protection standards that equivalent to Thailand’s.

Rights of data subject

As you are the owner of your personal data, you have the right to request the Bank to act based upon your request on your personal data that you have provided directly to the Bank or from any other sources you have appointed them to act on your behalf. Please note that your right will not cover any information the Bank has produced for internal use within the financial group as required by laws as well as risk preventive action toward the Bank’s asset, personnel and the Bank’s reputation, etc.

In the event that you are not over 20 years of age or are limited in the ability to do legal acts, you can request to exercise your right by your parents or the authorized persons to act on your behalf.

  • Right to withdraw consent

    You have the right to withdraw your consent for collecting, using and disclosing your personal data at any time unless there is a legal limitation or it states in the agreement that benefits you. The consent withdrawal will not affect the use of the products or services you have or any of your benefits as prescribed in the agreement.

  • Right to access

    You have the right to know and obtain a copy of your consent for the collection, use and disclosure of personal data (PDPA consent) and the latest version of Market Conduct Consent for marketing purposes provided to the Bank including but not limited to the personal data the Bank obtained from other sources.

  • Right to data portability

    You have the right to obtain information about you from the Bank in PDF (standard) format, which will be delivered to you directly via the defined channel you have provided to the Bank.

  • Right to object

    You have the right to object to the collection, use and disclosure of personal data for direct marketing through specific channel such as email, SMS or letter for marketing purpose covering both products and services of the whole financial group and the Bank’s business partners.

  • Right to be forgotten or erasure

    You have the right to ask the Bank to delete or destroy or make personal data to be non-identifiable information in the event that your personal data is no longer necessary, its retention period ends prescribed by related laws or regulations, or when personal data has been unlawfully collected, used and disclosed.

  • Right to restriction of data processing

    You have the right to request the Bank to suspend the use of personal data in the event that the Bank is in the process of reviewing your request or you change your mind to ask the Bank to suspend the use of personal data instead of deleting it from the Bank's storage after data retention period is expired for the establishment of legal rights, exercise of statutory claims or litigation of statutory claims.

  • Right to rectification

    You have the right to ask the Bank to rectify the information so that the data is accurate, up-to-date, complete and does not cause misunderstanding.

  • Right to complain

    You have the right to file a complaint to the committee specialists in the event of the Bank or data processors including employees or contractors of the Bank violate or not comply with the Personal Data Protection Act including but not limited to the secondary laws, ministerial regulations or any regulation issued under such laws.

    Nevertheless, the Bank has the right to refuse your request if such request is contrary to law or court order, or it affects the rights and liberties of other people, or it is a request that does not specify a valid reason, or the Bank has technical limitations that cannot process your request. The Bank is obliged to notify you in writing with the reason for the refusal.

Data retention period

The Bank will store your personal data as required by law only. It has been documented as a policy and operating procedures regarding data archrival and data destruction and strictly comply with data security measures.

Your personal data the Bank has collected before PDPA full enforcement

The Bank has the right to collect, use and disclose your personal data that the Bank has collected prior to the date of the Personal Data Protection Act shall full enforcement on 1 June 2022 according to the original purpose that you have given consent to the Bank.

If you do not want the Bank to collect, use and disclose your personal data anymore and that request is not against any law and not infringe on the privacy rights of others, you can request the Bank to withdraw your consent via the Bank’s provided channels at any time.

Data Subject Rights Exercise’s channels

As a data subject, you can contact the Bank to exercise your rights prescribed in PDPA via the following channels:

Slide for more information.

Data Subject Rights Channels
Branch Contact Center ttb website DPO email
1. Right to withdraw consent - -
2. Right to object - -
3. Right to complain - -
4. Right to rectification - -
5. Right to access and get copy (fill-in request form) * -
6. Right to data portability (fill-in request form) * -
7. Right to be forgotten when data retention is expired as required by law (fill-in request form) * -
8. Right to restriction of data processing (fill-in request form) * -

Remark: To exercise data subject rights under item 5-8, please fill-in the request form and submit to DPO for consideration. via email to dpo@ttbbank.com or via post to Data Protection Officer (DPO), TMBThanachart Bank Public Company Limited, 3000, Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900

For any complaint that are not related to your personal data, such as reporting problems about ttb applications, unpleasant manners of the Bank staff, interest rates inquiry, or asking for loan application status, you can contact ttb contact center at 1428 or +66 2241 1428 for customers in abroad, ttb branches nationwide at your convenient location or email ttbcontactcenter@ttbbank.com and ttbcustomercare@ttbbank.com.

Contact DPOs in ttb financial group

  • ttb
    • Address: 28th floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
    • email: dpo@ttbbank.com
  • ttb broker
    • Address: 999/3, 999/4 The Nine Building Rama 9 Road, Phatthanakan, Suan Luang, Bangkok
    • email: dpo_broker@ttbbroker.com
  • PAMCO
    • Address: 22nd floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
    • email: dpo@pamco.co.th
  • ttb consumer
    • Address: 17th floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
    • email: dpo_consumer@ttbconsumer.com

In this regard, the Bank may review or update this policy from time to time to comply with the Personal Data Protection Act or secondary laws, regulations, new announcements of government agencies and will publish it on the bank's website (https://www.ttbbank.com/en/policy/privacy) as soon as possible

Version [July 2022]