Privacy Policy for FinPay

Fin Custodian Company Limited (the “Company”) realizes the importance of the privacy and the personal data protection of the Company’s customers and clients (collectively called “you”). Thus, the Company has established the Privacy Policy to notify you regarding the Company’s guidelines for the collection, use and disclosure of personal data to enable you to confidently use the Company’s application (FinPay). (Collectively called the “Services”). Personal Data

“Personal Data” means the information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased person in particular, such as name-surname, ID card number, address, telephone number, device information, and transaction. Personal data may contain sensitive data and is at risk of being used for unfair discrimination (Sensitive Personal Data). Including but not limited to biological data information about religion. In this regard, such Personal Data includes any information provided by you to the Company and/or being in the Company’s possession and/or lawfully collected by the Company from any other sources or any other persons. In case where necessary for the Company to collect, use or disclose your Personal Data which is out of the scope as specified in this Privacy Policy, the Company will inform you regarding such different characteristics at the time or before the collection, use or disclosure of your Personal Data. By using the Services, it is considered that you have read and understood this Privacy Policy.

Type of Personal Data Collected by FinPay, Used or Disclosed by the Company

While using Our Service, we may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

• name, surname, name prefix
• Necessary contact information such as a contactable address, telephone number, and e-mail
• Information relating to your devices and usage behaviors, including but not limited to unique device identifier, IP address, mobile device operating systems, mobile network service provider, and location.

Information Collected while Using the Application

While using Our Application, to provide features of Our Application, we may collect, with Your prior permission:

• Pictures and other information from your Device's camera and photo library We use this information to provide features of Our Service and to improve and customize Our Service. The information may be uploaded to the Company's servers and/or a Service Provider's server or it may be simply stored on Your device. You can enable or disable access to this information at any time, through Your Device settings.

Basis of the Collection, Use and Disclosure of your Personal Data and the Purposes of such Processing

The Company will collect, use or disclose your Personal Data under Thailand’s Personal Data Protection Act B.E. 2562 (2019): PDPA, or legal basis and for the following purposes:

• For necessity for the performance of the contract to which you are the contractual party, or for the performance by your request before entering into the contract, including but not limited to:
  • Providing support service, contacting and requesting information, accepting requests, receiving news or inquiring about the Services.
  • Any other processing related to the Services and possibly benefiting you.
  • Preventing fraud and ensuring the security of your FinPay account.

• For compliance with the laws, including but not limited to:
  • To Comply with relevant laws to which the Company is subjected, in compliance with laws, regulations, rules, codes of practice or guidelines issued by authorities or regulatory agencies. In this regard, the Company may transfer your Personal Data to internal/external auditors, government agencies or other related juristic persons.

• Consent, including but not limited to:
  • Marketing purposes such as offering privileges and/or any products or services that may interest you, promotional campaigns, public relations, doing surveys in connection with the Services, including doing statistics, analysis, study and research, assessment of the information, or to manage the business needs of the Company, business partners or affiliated companies, through contact channels that you have provided
  • other legitimate purposes for which the Company has obtained consent from time to time such as to facilitate you in using the service of other service providers via the Company’s Website.

• For legitimate interests of the Company or any other companies other than the Company, except that such interests are overridden by the fundamental rights of your Personal Data, including but not limited:
  • Prevention of crime and fraud; and
  • Enabling security systems and networks to meet international standards.
  • Preventing fraud and securing your FinPay account.

• For substantial public interest which the Company has provided suitable measures to protect your fundamental rights and interest, including but not limited to:
  • Identification/verification of the identity to prevent crime and fraud; and
  • Suspicious of financial support for terrorism or money laundering.

Apart from the abovementioned legal basis and purposes, the Company may collect, use or disclose your personal under another legal basis, such as preventing or suppressing a danger to your life, body or health, or for the achievement of the purpose relating to the preparation of the historical documents or the archives for the public interest. Where the collection, use or disclosure falls under other purposes by the mentioned basis, the Company will notify you afterward.

The Disclosure of Your Personal Data to Third Parties and the Collection of Personal Data from Other Sources.

For the processing under the purposes under the abovementioned legal basis. The Company may collect from and/or use, send, transfer, process and/or disclose the Personal Data to the following persons:

• Juristic persons having control over the Company or under the control of the Company including other companies under the same control of the Company, or other juristic persons or persons in which the Company is a contractual party, or having a legal relationship with the Company, including other service providers having power in deciding to take any action related to your Personal Data both within and outside the country such as external service providers, cloud service providers or other business partners of the Company. In this regard, the Company shall ensure that those service providers will process your Personal Data by this Privacy Policy and the applicable laws
• The auditors, external examiners of the Company, government authorities, transferee of the right of claim, and any other persons or juristic persons that the Company is required to transfer the Personal Data as necessary to comply with the laws.
• Business/enterprise transferee in case the Company has merged, transferred, or sold its assets and/or business whether entirely or partially.

Retention Period for Your Personal Data

The company must retain your Personal Data for 3 (Three) years. In this regard, the Company may continually retain such Personal Data by the laws such as the laws regarding Anti-Money Laundering, or for verification and investigation in the event of a dispute within the prescription as specified by law, for the period not exceeding 10 years.

However, the Company will delete or destroy your Personal Data, or make such Personal Data unidentifiable when it is no longer necessary to be retained or such retention period has ended.

Customers’ and Clients’ rights

The Customers and Clients are the data subjects who are protected under the PAPA in Thailand B.E. 2562 (2019). The Customers and Clients who are the data subject has the following rights:

• The right to access and obtain copies of the data
• The right to data portability
• The right to object to processing
• The right to erase the data
• The right to restrict processing
• The right to rectification
• The right to lodge a complaint
• The right to withdraw consent

Security

The Company acknowledges and realizes the importance of your Personal Data. Thus, the Company has improved and developed the security systems for your Personal Data in corresponding with the laws, and up-to-date with safety by the international standard at all times. The Company will proceed at its full effort to comply with this Privacy Policy and will urge the Company’s personnel, including data processors, who are entitled to access the Personal Data or have a legal duty, to keep and respect your Personal Data security.

In case the Company is necessary to transfer any of your Personal Data to a foreign country, the Company will apply the standard as prescribed by the laws on personal data protection. Additionally, the Company will not transfer your Personal Data to the destination country that has no personal data protection standard sufficiently by the criteria as prescribed by the laws, except that you consent the Company to send or transfer your Personal Data to such destination country. However, in case of computer espionage resulting in your Personal Data being stolen, whether by ways of hacking, stealing, copying or destroying database, destroying personal code (password mining) or any other methods, without the Company’s fault, in such circumstance, the Company will have the right to disclaim any liability resulting from such act.

Personal Data of Minors

The minors who are not on completion of twenty years of age, for the doing of FinPay, must obtain consent from his/her legal representative.

Our Service does not address customers under the age of 20 who have not obtained consent from a legal representative. We do not knowingly collect personally identifiable information from anyone under the age of 20. If You are a legal representative and You are aware that Your child who is under parental power has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 20 without verification of legal representative consent, we take steps to remove that information from Our servers.

Language

The translation of this Privacy Policy, whether in any language or whatever is for your convenience only, without any intention to change this Privacy Policy. In case of any discrepancy between the Thai version and any other language version, the Thai version shall prevail.

Contact

Should you have any question, complaint, request to access, or query regarding this Privacy Policy and/or would like to examine any of your Personal Data in possession of the Company. You may find your answers on our website:

Improvement of Policy

Using any Services Company’s Website shall be deemed as the acceptance of this Privacy Policy. The Company may make amend this Privacy Policy at any time, and notify you of such amendment. Using the Company’s Website after the notification of such amendment will be deemed as acceptance of the amendment for each time.