Privacy Policy

TMBThanachart Bank Public Company Limited (the “Bank”) realizes about the importance of the security of your personal data as (1) you are a person who has used the Bank’s products and services whether you are existing customer, former customer or to-be customer (“prospect customer”) or (2) a person apart from the definition including in (1) but not limited to employees, candidates, staff, officer, legal representative, contact persons, service providers, visitors, guest, representative, shareholders, directors, or authorized persons acting on behalf of their organization. Therefore, the Bank provides advanced personal data security measures and strict operating procedures to ensure that the security of your personal data is in place to prevent unauthorized access, misuse, unlawful process with dishonest intent that may cause damage, change or loss of personal data in accordance with the Personal Data Protection Act B.E. 2562 ("Personal Data Protection Act"), relevant laws and regulations.

Personal data that the Bank collects, uses and discloses

“Personal data” under applicable law means any data of an individual person which can identify yourself whether directly or indirectly (except for the deceased) that the Bank has received it from you directly or obtained from any reliable sources, such as Department of Business Development (DBD) under Ministry of Commerce, Department of Provincial Administration under Ministry of Interior, Department of Consular Affairs under Ministry of Foreign Affairs, Legal Execution Department under Ministry of Justice, National Credit Bureau, including but not limited to financial institutions and companies in ttb financial group, business partners and financial advisors, etc.

In the event that you have provided the Bank the personal data of another person in connection with the Bank's transactions or in any other circumstance, you are liable to inform such person of the details of data collection, use and disclosure including his/her right in accordance with this privacy policy, and obtaining their consent if necessary, or establishing other legal bases to ensure that the Bank can collect, use and/or disclose their personal data of such individual persons.

Data Subject Definition

1. Major means a person aged 20 years and over, or a person who has been married from 17 years or older, or a person who has been married before the age of 17 years which was allowed marriage with judicial approval
2. Minor means a person who is under 20 years of age and is not married according to clause 1. In this regard, consent must be obtained from the parental authority of the minor.
3. A quasi-incompetent person means a person who is physically handicapped or has a mental disorder (but not a person of unsound mind) or regularly behave uneconomical or addicted to drugs or for other similar reasons making it impossible to arrange the work by themselves or arrange business in a way that may damage their own or family's assets and the court ordered to be a quasi-incompetent person. In giving consent, the consent of the kindergartener who has the power to act on behalf of the quasi-incompetent person must be obtained.
4. Incompetent person means a person who is incompetent because insanity until unable to manage his own business and the court ordered to be incompetent. In giving consent must be consented by the kindergartener who has the power to act on behalf of the incompetent.

There are two kinds of personal data that the Bank collects, uses and discloses customer’s data; general personal data and sensitive data hereinafter referred to “data” with the following details:

General personal data

• Identification Information such as first name, last name, identification card number, passport number, birth date, address, email address, telephone number etc.
• Transactional Information with the Bank such as account number for deposits/investment fund, credit card number, debit card number, statement of credit/debit account, transaction history etc.
• Financial Information such as income, expense, deposit amount in your account opened with the Bank, credit history or repayment records, or information from the Legal Execution Department’s database, Investment proportion etc.
• Marital Status such as single, or married etc.
• Personal history such as work experiences history and education history, etc.
• Asset information such as title deed or car registration etc.
• Online Behavior Information from surfing internet, such as website browsing to search for the Bank’s products, Cookies, or any connection to search engines, etc.
• Technical data such as IP address, Device ID, Application usage data, application Log, Web beacon, Mobile phone details and technology installed in your device, Access data, and other technical data which uses on the platform and operating system, etc.
• Audio and Visual Information including VDO and CCTV when the customer contacts the Bank or conduct transaction via video call or via phone, chat messages in email or social media or chat bot, etc.
• Identification information of authorized representative of juristic persons, for example, first name – last name, identification number, passport number, date of birth, address, email, telephone number, etc.

Sensitive personal data

Sensitive Data means any personal data that considered as a private information that may cause unfair treatment such as race, religion, politic opinion, criminal record, labor union, disability record, genetic information, health record, credit information, biometric information used for verification purpose i.e. fingerprint, facial recognition, iris scan, or voice recognition etc.

The Bank may collect your personal data including but not limited to the personal data as follows:

Source of personal data received by the Bank

The Bank may receive personal data from:

1. Data subject – an applicant who fills in his/her information through the product or service application request form or job application form, or when he/she wishes the Bank to approach him/her, including accessing through various channels provided by the Bank, such as website, applications, social media, etc.
2. Other sources apart from directly received from the data subject which is trusted legal sources, the sources the data subject permitted to collect, use or disclose his/her personal data to the Bank, public sources, inquiring from other persons who are in connection with the data subject, receiving personal data from companies in ttb financial group, business partner to serve specific purposes defined in this Privacy Policy. However, the Bank will notify the data subject within 30 days from the date that the Bank collects his/her information from such sources and will obtain his/her consent unless it falls into exemptional cases.

Lawful basis and data processing purposes

The Bank processes your personal data for the following purposes:

1. Contractual basis between the Customer and the Bank including pre-contract actions.
   • To use products and/or services of the Bank by the Customer such as opening accounts, credit drawing, using various service via mobile application or internet banking, etc.
   • To comply with the Bank’s internal processes for customer identification or it involves products and services application consideration such as electronic signature verification via digital channels at Bank’s branches, internet networks or mobile phones as well as the address and/or telephone number the Bank uses to contact the Customer.
   • To deliver products and/or services to the Customer including the Bank’s operational activities which, if not performed, will affect the Bank's services or will not be able to provide the Customer with fair and continuous services.
   • To have collateral insurance, life insurance, personal accident insurance, motor insurance or property insurance of the Customer whereby the Bank is identified as the beneficiary or debtor’s portfolio insurance such as requesting for a guarantor from the Thai Credit Guarantee Corporation for Small-Medium Entrepreneur (SME) customers, or applying default risk insurance with EXIM Bank etc.
   • To sell loan portfolio to a third party such as transferring non-performing loan to an asset management company etc.
   • To send or receive information and/or any asset between the Customer and the Bank.
   • To perform collection process as per defined in a credit facilities agreement with the Bank.
   • To automatic pre- fill your personal data to facilitate the application process for the Bank's products or services.
2. Legal obligation
   • To prevent and detect any irregular transactions which lead to unlawful activity such as money laundering, terrorisms, fraud, reporting the customer’s information to the Revenue Department etc.
   • To report personal data to government authorities such as the Anti-Money Laundering Office (AML) or the Revenue Department (RD) or when receiving summons, precept of attachment warrants or execution warrants from government agencies or courts or The Office of the Attorney-General or the Provincial Public Prosecution Office or competent officials with legal authority, etc.
   • To apply guidelines of the Bank of Thailand (BOT) and related laws regarding core purposes of personal data processing, for instance, the exercise of financial supervision and examination, reserve management, foreign exchange rate arrangement and control, including monetary policy implementation in their capacity as the nation’s central bank by referring to BOT’s Privacy policy at https://www.bot.or.th/English/Privacypolicy/Pages/default.aspx.
   • To apply the Office of Insurance Commission (OIC)’s guidelines and related laws regarding life and non-life Insurance by referring to OIC’s Privacy policy at https://www.oic.or.th.
3. Legitimate interest of the Bank
   • To prevent, oppose, reduce the risk of fraud, cybersecurity, law violation (such as money laundering, financial support for terrorism and the proliferation of weapons of mass destruction, any offenses that damage property/life/body/freedom/reputation), which includes disclosing personal data in order to lift up the organizational operating standards in the financial group to prevent and mitigate the mentioned risks.
   • To record CCTV of the Customer transaction activities with the Bank’s Head Offices or at the branches for security purpose in the Bank’s property.
   • To manage risks/auditing/internal management including personal data disclosure to subsidiaries in the same financial group but not cover cross-border data transfer to other countries outside Thailand.
   • To monitor email traffic or surfing internet of the Bank’s employee with you to prevent the disclosure of confidential bank information to third parties.
   • To propose the same products and/or services or they are in the same family the customer has with the Bank or with the ttb financial group including contacting you in the event that you have failed to apply for products and/or services (drop-off) to complete final stage.
   • To research for products development or maintain relationship with the Customer like complaint handling, etc.
   • To collect, use and/or disclose of personal data of authorized person who acts on behalf of a juristic customer
4. Consent

   In the event that the Bank cannot use contractual basis for collecting personal data or apply legal obligation or legitimate interest for such activity, the Bank may request your consent for the collection, use or disclosure of your personal data in order to provide you with the best benefit that fits with your need. The bank is obliged to clearly state the purpose of collecting your personal sensitive data, latitude and longitude etc.

   However, to consider giving consent in this item will not affect any benefits that you will receive from holding products and services under the contract. The benefit that you will receive from giving consent is that the Bank can offer products or services that truly meets your needs. However, if you do not give consent to the Bank, the Bank may not be able to offer products or services that meet your needs. In other hands, it might cause losing opportunities of receiving full benefits you deserve.

   The Bank will collect, use and disclose your personal data by taking into account the accuracy and completeness of your personal data.

Personal data Disclosure

The Bank will not disclose your personal data to anyone except (a) you gave the permission to the Bank via your consent or (b) that processing activities are prescribed in Term and Condition of Agreement (T&C) or according to your purpose before signing a contract with the Bank or (c) in compliance with the applicable laws or the order of regulatory authorities, governmental sections or any related regulatory authorities or (d) the Bank’s legitimate interest or (e) other applicable lawful basis

Regarding the abovementioned rights to disclose your personal data to other parties, the Bank will disclose your personal data to the following persons:

Cookie Policy

We use cookies on our website to ensure good website performance, recognize your device, and remember your setting preferences to enhance your website browsing experience.

When you visit our website, cookies with different purposes will be applied based on the categories listed below.

1. Strictly Necessary Cookies: These cookies are essential for the website to ensure website performance, security and enable website features. Our website or some functions cannot properly operate without these cookies. And the necessary cookies cannot be disabled.
2. Functional Cookies: These cookies help our website to remember information and your setting preferences to provide more personalized features and facilitate your next visits. Without these cookies, our website may cannot provide smooth experiences and efficient function.
3. Performance and Analytics Cookies: These cookies collect information about how you use our website such as number of visitors and website browsing behaviors. All information these cookies collect is aggregated and therefore anonymous. We use this type of cookie to understand how you use our website to improve website performance and enhance our services.

In addition, the Bank also would like to use Targeting & Advertising Cookies to gather information about your browsing statistic in order to provide you with the advertisements that may interest you and to offer you the most relevant benefits. You can voluntarily choose to allow our website to collect these cookies by clicking the 'allow us' button. Declining these cookies will not impact your surfing activity on ttb’s website. However, by doing so, you may find the online advertisements you encounter may be less relevant to you.

If you would like to delete the Targeting & Advertising Cookies on ttbbank.com, please click here.

Employee, Former Employee and Candidate Privacy Policy

The bank has announced the privacy policy of employee, former employee and candidate which explains the principle of collection storage, use, disclosure, including the rights of the data subject as follows https://www.ttbbank.com/en/policy/candidate

Data protection measures

The Bank has set policies, guidelines and minimum standards for your personal data management covering administrative safeguard, technical safeguard and physical safeguard to implement proper measures for personal data processing activities and data breach prevention, for instance, IT Security Standard or Data Protection Operating Procedures, etc.

The Bank has updated the policies, operating procedures and minimum standards on a regular basis in line with relevant laws. Besides, the Bank requires the Bank’s employees, outsources and service providers to maintain the confidentiality of your personal data in accordance with the agreements signed with the Bank.

Cross-border personal data transfers

In the event that the Bank has to send or transfer your personal data outside Thailand as part of the banking operations process, for example, sending or transferring personal data to be stored on the platform or on Cloud or servers located in foreign countries, sending or transferring international money transfer transactions (SWIFT) information to other financial institutions located abroad through service providers that act as intermediaries for handling international money transfers, etc. and the Bank realizes that the destination country has a lower data protection standard than the Bank, the Bank will take necessary and appropriate measures to protect personal data in line with confidentiality and security standard including signing agreements with those countries to ensure that your personal data will be protected under personal data protection standards that equivalent to Thailand’s.

Rights of data subject

As you are the owner of your personal data in accordance with the Personal Data Protection Act, you can exercise your rights as follows:

• Right to withdraw consent

  You have the right to withdraw your consent for collecting, using and disclosing your personal data at any time unless there is a legal limitation or it states in the agreement that benefits you. The consent withdrawal will not affect the use of the products or services you have or any of your benefits as prescribed in the agreement.

• Right to access

  You have the right to know and obtain a copy of your consent for the collection, use and disclosure of personal data (PDPA consent) and the latest version of Market Conduct Consent for marketing purposes provided to the Bank including but not limited to the personal data the Bank obtained from other sources.

• Right to data portability

  You have the right to obtain information about you from the Bank in PDF (standard) format, which will be delivered to you directly via the defined channel you have provided to the Bank.

  In the case that you request the Bank to transfer your personal Data to another data controller, the Bank will only process the information you directly gave to the Bank or from the agent who can legally act on your behalf, but it does not cover the information the Bank generates for internal use as well as for operating activities within the ttb financial group in accordance with the law and as a hedge against potential risks to assets, ttb staff and reputation of the Bank, etc.

• Right to object for direct marketing

  You have the right to object to the collection, use and disclosure of personal data for direct marketing through specific channel such as email, SMS or letter for marketing purpose covering both products and services of the whole financial group and the Bank’s business partners.

• Right to be forgotten or erasure

  You have the right to ask the Bank to delete or destroy or make personal data to be non-identifiable information in the event that your personal data is no longer necessary, its retention period ends prescribed by related laws or regulations, or when personal data has been unlawfully collected, used and disclosed.

• Right to restriction of data processing

  You have the right to request the Bank to suspend the use of personal data in the event that the Bank is in the process of reviewing your request or you change your mind to ask the Bank to suspend the use of personal data instead of deleting it from the Bank's storage after data retention period is expired for the establishment of legal rights, exercise of statutory claims or litigation of statutory claims.

• Right to rectification

  You have the right to ask the Bank to rectify the information so that the data is accurate, up-to-date, complete and does not cause misunderstanding.

• Right to complain

  You have the right to file a complaint to the Bank and its data processor in the case of data privacy infringement and data breach.

  In the event that you are not over 20 years of age or are limited in the ability to do legal acts, you can request to exercise your right by your parents or the authorized persons to act on your behalf.

  In addition, you have the right to file a complaint to the committee specialists in the event of the Bank or data processors including employees or contractors of the Bank violate or not comply with the Personal Data Protection Act including but not limited to the secondary laws, ministerial regulations or any regulation issued under such laws.

  Nevertheless, the Bank has the right to refuse your request if such request is contrary to law or court order, or it affects the rights and liberties of other people, or it is a request that does not specify a valid reason, or the Bank has technical limitations that cannot process your request. The Bank is obliged to notify you in writing with the reason for the refusal.

Data retention period

The Bank will store your personal data for the period necessary to achieve the purposes applicable to this Privacy Policy, or as required by law only. It has been documented as a policy and operating procedures regarding data archrival and data destruction and strictly comply with data security measures.

Your personal data the Bank has collected before PDPA full enforcement

The Bank has the right to collect, use and disclose your personal data that the Bank has collected prior to the date of the Personal Data Protection Act shall full enforcement on 1 June 2022 according to the original purpose that you have given consent to the Bank.

If you do not want the Bank to collect, use and disclose your personal data anymore and that request is not against any law and not infringe on the privacy rights of others, you can request the Bank to withdraw your consent via the Bank’s provided channels at any time.

Data Subject Rights Exercise’s channels

As a data subject, you can contact the Bank to exercise your rights prescribed in PDPA via the following channels:

Remark: To exercise data subject rights under item 6-9, please fill-in the request form and submit to DPO for consideration via email to dpo@ttbbank.com or via post to Data Protection Officer (DPO), TMBThanachart Bank Public Company Limited, 3000, Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900

For any complaint that are not related to your personal data, such as reporting problems about ttb applications, unpleasant manners of the Bank staff, interest rates inquiry, or asking for loan application status, you can contact ttb contact center at 1428 or +66 2241 1428 for customers in abroad, ttb branches nationwide at your convenient location or email ttbcontactcenter@ttbbank.com and ttbcustomercare@ttbbank.com

Contact DPOs in ttb financial group

• ttb
  • Address: 28th floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
  • email: dpo@ttbbank.com
• ttb broker
  • Address: 999/3, 999/4 The Nine Building Rama 9 Road, Phatthanakan, Suan Luang, Bangkok
  • email: dpo_broker@ttbbroker.com
• PAMCO
  • Address: 22nd floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
  • email: dpo@pamco.co.th
• ttb consumer
  • Address: 17th floor., 3000 Phaholyothin Road, Chomphon Sub-district, Chatuchak District, Bangkok 10900
  • email: dpo_consumer@ttbconsumer.com

In this regard, the Bank may review or update this policy from time to time to comply with the Personal Data Protection Act or secondary laws, regulations, new announcements of government agencies and will publish it on the bank's website (https://www.ttbbank.com/en/policy/privacy) as soon as possible

Version [February 2023]