Privacy Notice

ReservePay Company Limited (“The Company”) recognizes the importance of the personal data you have entrusted to us. Accordingly, the Company has prepared this Privacy Notice to inform you of the Company’s policies, methods, and purposes regarding the collection, use, and disclosure of your Personal Data in connection with your transactions or any relationship with the Company.

This operation is in compliance with the Personal Data Protection Act B.E. 2562 (2019) (PDPA) and its relevant laws, as well as the Company's internal policies and regulations concerning personal data security, to protect your rights regarding the collection, use, and disclosure of Personal Data. This is to ensure that the Personal Data received by the Company will be used for necessary, appropriate, and lawful purposes.

Scope of Applicability

This Privacy Notice applies to the following individuals:

(This section can be supplemented later, e.g., customers, service providers, business partners, employees, or other related persons)

1. Customers of the Company: Refers to natural persons who use the Company's products or services, whether through service applications, transactions, or participation in various activities of the Company, including natural persons authorized to act on behalf of a juristic person customer, or those authorized to contact or perform any actions on behalf of the customer.
2. Non-Customers of the Company: Refers to natural persons who do not directly use the Company's products or services, but whose Personal Data the Company may need to collect, use, or disclose. Examples include individuals making payments to the Company's customers, individuals receiving payments from the Company's customers, visitors to the Company's office premises, or other persons involved in transactions with the Company or the Company’s customers.

The Company therefore requests that you read this Notice thoroughly to understand the purposes and methods by which the Company processes your Personal Data lawfully and transparently.

1. Collection of Personal Data

The Company may collect your Personal Data, which may include personal identifiers, contact information, information related to service usage or personal behavior, financial information, and sensitive personal data. The Company may obtain such data from the following sources:

1. 1.1

   Data Collected Directly from You

   This includes information you provide directly to the Company via service application forms, surveys, or contact through the Company's various channels, as well as data obtained from accessing the Company's websites, applications, or platforms...

2. 1.2

   Data Received from Other Sources

   This includes information from sources other than directly from you, such as verifying data from public sources, receiving data from business partners, service providers, third parties, or government agencies. In such cases, the Company will notify you within 30 days of the date the Company received such data.

3. 1.3

   Consent and Legal Exemptions

   In collecting Personal Data from any source, the Company will seek your consent first, unless it is a case where the law permits collection without consent or without prior notification on the data subject.

2. Purposes of Personal Data Collection

The Company will collect, use, and disclose your Personal Data only as necessary to achieve clear and lawful objectives, as follows:

1. 2.1

   Entering into and/or Performing a Contract

   To accurately process your requests, applications, or transactions with the Company, including providing services according to the agreed terms and conditions.

2. 2.2

   Service Provision and Customer Care

   For after-sales services, technical support, answering inquiries, improving user experience, and communicating information about service usage.

3. 2.3

   Customer Relationship Management

   For statistical analysis, preparing business reports, account management, offering suitable products or services, and maintaining the relationship between the Company and the customer.

4. 2.4

   Risk Analysis and Credit/Limit Provision (if applicable)

   To consider the suitability for credit approval, financial background checks, or transaction risk assessment.

5. 2.5

   Business Operations Related to Disputes or Debt Settlement

   Such as debt collection, debt transfer, enforcement of claims, or other necessary legal proceedings.

6. 2.6

   Communication Recording and Verification

   The Company may record communication data such as telephone calls, emails, or other digital channels to confirm data accuracy, improve service quality, and comply with security requirements for electronic transactions.

7. 2.7

   Technical Troubleshooting and System Development

   Where actual data is required to analyze and resolve system usage issues, as well as to test and improve the Company's system performance.

8. 2.8

   Identity Proof and Verification

   To confirm the accuracy of information for customers, service users, partners, service providers, or individuals visiting the Company’s premises, including preventing forgery or unauthorized access.

9. 2.9

   Security of Premises and Assets

   The Company may record static or moving images of individuals entering the office area for security purposes, crime prevention, and investigation in case of accidents or unusual incidents.

10. 2.10

    Compliance with Laws and Regulations

    To comply with requirements of laws, regulatory bodies, or government regulations, such as internal audits, fraud examination, anti-money laundering and counter-terrorist financing, tax reporting, or secure use of international payment networks.

The Company may collect, use, or disclose your Personal Data differently depending on the type of product or service you use. Personal Data may include, but is not limited to, the following:

1. Personal Identifiers: Such as title, name-surname, date of birth, age, gender, nationality, and other related personal information.
2. Contact Information: Such as contact address, telephone number, email, business contact address, business telephone number, details of the customer’s representative or authorized transaction agent, and reference person contact information.
3. Identity and Verification Information: Such as photo, copy of identification card, national identification number, laser code on the ID card, passport, driving license, alien identification card, signature, taxpayer identification number, and house registration.
4. Occupational and Work Information: Such as place of work, business location, management position, or store ownership.
5. Financial Information and Relationship with the Company: Such as merchant account information, Company service channels used, customer status, transaction history, and payment records.

3. Principles of Personal Data Collection

The Company will collect your Personal Data only to the extent necessary for the legitimate purposes outlined. The Company will explicitly seek your consent before or at the time of collecting the data, except in the following cases where the Company is legally permitted to collect Personal Data without consent:

1. 3.1 For the purpose of preparing historical documents, archives, research, or statistics, provided the Company implements appropriate safeguards to protect your rights and freedoms.
2. 3.2 To prevent or suppress a danger to a person's life, body, or health (Vital Interest).
3. 3.3 To fulfill contractual obligations to which you are a party, or to take steps at your request prior to entering into a contract (Contractual Basis).
4. 3.4 For the performance of a task carried out in the public interest, or for the exercise of official authority vested in the Company (Public Interest/Official Authority).
5. 3.5 For the legitimate interests of the Company or other juristic persons, except where such interests are overridden by your fundamental rights over your Personal Data (Legitimate Interest).
6. 3.6 To comply with relevant laws or regulations (Legal Obligation).

The Company is committed to the highest protection of Personal Data for minors, incompetent persons, and quasi-incompetent persons, in accordance with the Company’s criteria and applicable laws.

• Collection of Sensitive Personal Data: The Company must obtain your explicit consent before or at the time of collecting such Sensitive Personal Data, in accordance with the criteria set by the Company and applicable laws.
• Minors aged under 20: If you are under 20 years of age, your legal representative is required to be aware of this Privacy Notice. If you are the legal representative of a minor and have permitted the minor under your guardianship to use our services, you are responsible for all activities undertaken by the minor while using our services.
• Minors aged under 15: We do not intend to process the Personal Data of minors under 15 years of age. If you are under 15, and we have processed your Personal Data, or if you are the legal representative of a minor under 15 whose Personal Data we have processed, please contact us using the contact details specified in Clause 12 (Contact Channels).

4. Use and Disclosure of Personal Data

The Company will use and disclose your Personal Data in accordance with the purposes and principles outlined in Clause 2 and Clause 3. The disclosure of Personal Data will be carried out only to the extent necessary and shall be limited to the minimum scope required. This may include the following persons or entities:

1. 4.1

   Business Facilitators (Processors)

   This covers individuals or juristic persons contracted, assigned, or appointed by the Company to perform all or part of the functions that the Company is required to carry out itself. This includes subcontractors and supporting service providers such as those providing IT services, business consulting, document printing, and delivery services.

2. 4.2

   Business Partners and Alliances

   The Company may disclose Personal Data to business partners and alliances for joint operations or to provide services to you as agreed upon.

3. 4.3

   Government or Regulatory Agencies

   Such as the Anti-Money Laundering Office, anti-corruption agencies, the Bank of Thailand, the Revenue Department, the Legal Execution Department, the Courts, or other agencies as required by law.

5. Collection and Use of Personal Data for Original Purposes

The Company is entitled to collect, use, and disclose your Personal Data that it obtained prior to the effective date of the Personal Data Protection Act B.E. 2562 (2019). Such data may be used for the original purposes for which it was collected.

Notwithstanding the above, you have the right to withdraw your consent for the collection, use, or disclosure of your Personal Data for the original purposes at any time. The withdrawal of consent shall take effect in the future and shall not retroactively affect the processing that was lawfully performed before the withdrawal.

6. Personal Data Retention Period

The Company will retain your Personal Data only for as long as is necessary to fulfill the purposes for which it was collected. This includes the entire duration of your use of services or relationship with the Company, or for as long as it is necessary to achieve purposes related to the Company’s service provision. The Company may continue to retain your data after you terminate the service or relationship with the Company if required by law, such as the Accounting Act B.E. 2543, Anti-Money Laundering Act B.E. 2542, Computer-Related Crime Act B.E. 2550, and the Revenue Code, or for the purpose of verifying and auditing in case of potential disputes within the statute of limitations as prescribed by law, for a period not exceeding 10 years.

Once the data is no longer necessary or the retention period has ended, the Company will proceed to delete, destroy, or anonymize the Personal Data so that it is no longer identifiable to you.

7. Data Subject Rights

Under the Personal Data Protection Act B.E. 2562 (2019), you, as the Data Subject, have the following rights regarding your Personal Data, including the right to receive a copy of your Personal Data and other information, such as the methods by which the Company collects or processes your Personal Data and the legal basis for processing it. In general, your Personal Data will be provided to you in an electronic format.

1. 7.1

   Right to Access

   You have the right to access your Personal Data and to request the Company to disclose the source of Personal Data that you did not provide consent for the Company to collect.

2. 7.2

   Right to Rectification

   You have the right to request the Company to rectify any inaccurate, outdated, misleading, or incomplete Personal Data.

3. 7.3

   Right to Data Portability

   You have the right to obtain your Personal Data from the Company, and to request the Company to send or transfer such Personal Data to another Data Controller, or to directly receive Personal Data that the Company has sent or transferred to another Data Controller.

4. 7.4

   Right to Withdraw Consent

   You have the right to withdraw the consent you have given to the Company for the processing of your Personal Data at any time. However, the withdrawal of consent will not affect the lawfulness of the processing performed based on your prior consent.

5. 7.5

   Right to Object

   You have the right to object to the processing of your Personal Data as prescribed by law.

6. 7.6

   Right to Restriction of Processing

   You have the right to request the restriction of the processing of your Personal Data while the Company is reviewing your request for rectification, or in place of deleting your Personal Data, or while the Company is proving grounds to reject your objection request.

7. 7.7

   Right to Erasure

   You have the right to request the Company to delete or destroy your Personal Data if it is found to be no longer necessary for the purposes of collection, use, or disclosure, or if you withdraw consent and the Company has no legal basis to continue processing it, or if you exercise the right to object and the Company cannot successfully reject the objection, or if the Personal Data was unlawfully processed. However, the Company may reject the practice of these rights based on criteria set by the Company that are not contrary to the law.

Note on Exercising Rights for Minors and Incapacitated Persons:

If the data subject is a minor under 20 years old, or an incompetent person, or a quasi-incompetent person, the exercise of these rights must be consented to by the person exercising parental power, the guardian, or the curator, as the case may be.

The Company will provide a channel for you to contact us to submit requests to exercise the rights. If the Company rejects a request, the Company must inform you of the reasons for the rejection. You have the right to lodge a complaint with the Personal Data Protection Committee when the Company rejects your rights request without reasonable justification or when the Company fails to respond to your request within the specified period.

8. Use of Cookies

The Company's website uses both first-party cookies (set by the Company) and third-party cookies (set by external service providers, such as third-party providers the Company uses to add functionality to the website). The Company may also embed content or videos from social media websites, such as YouTube or Facebook. These websites set their own cookies, over which the Company has no control or responsibility. You should read the relevant third-party cookie policies for more information on their cookie usage.

The Company uses two main types of cookies:

1. Session Cookies: These are temporary cookies that remember you during your visit to the Company's website (e.g., tracking your language settings) and are deleted from your computer or device when you leave the website or close the web browser.
2. Persistent Cookies: These cookies remain for a set period or until you delete them. They help the Company's website remember you and your preferences when you return, which allows for faster and more convenient access to the website.

The cookies the Company uses are categorized by their purpose as follows:

1. Strictly Necessary Cookies: Essential for the Company's website services, allowing you to access various parts of the website and remember information you have previously provided.
2. Analytical/Performance Cookies: Help the Company understand user interaction with the website, identify popular pages or areas, and analyze other data. Used to improve website functionality and understand user behavior. The collected data is non-identifiable and used only for statistical analysis.
3. Functionality Cookies: Help the Company's website remembers your settings and preferences and enable the website to deliver enhanced features and content tailored to your usage (e.g., remembering your username or changes to font size or page settings).
4. Targeting/Advertising Cookies: Store on your device to remember your visits, pages, and links you have visited or followed. The Company uses this information to tailor the website and advertising campaigns to better match your interests.
5. Social Media Cookies: The Company's website may contain links to Facebook, Twitter, or other social media platforms, allowing you to share content from the Company's website with others or create other interactions with those social media sites. These cookies are set by third-party social media providers to track your online activity. The Company cannot control the data collected by these cookies and recommends you review those social media platforms for more information on their cookies and how to manage them.

Managing Cookies

Most browsers are automatically set to accept cookies. However, you can choose to accept or refuse cookies from the Company's website at any time by adjusting the settings on your browser. Please note that disabling cookies may affect your ability to use the websites efficiently.

9. Security of Personal Data

The Company has implemented appropriate security measures for Personal Data to prevent unauthorized or unlawful loss, access, use, alteration, or disclosure. These measures are consistent with the Company's information security policies and guidelines.

In the event the Company assigns an external party or agency to process, collect, use, or disclose Personal Data on its behalf, the Company will require such person or entity to keep the Personal Data confidential, maintain data security, and prevent the Personal Data from being collected, used, or disclosed for other unauthorized or unlawful purposes.

10. International Transfers of Your Personal Data

The Company may need to transfer your Personal Data internationally to affiliated companies, group companies, business partners, or cloud platforms outside of Thailand with whom the Company has legal agreements or relationships. This is done for your benefit, for the benefit of overall business operations, for the purposes stated in this Privacy Notice, and as necessary for the Company's operations.

You agree and consent to the Company transferring your Personal Data outside of Thailand to persons or entities in other countries or under the jurisdiction of other laws, regardless of whether the personal data protection laws in that country meet or do not meet the standards of Thai Personal Data Protection Law. The Company will, however, apply appropriate steps to protect the security of your Personal Data at a level equivalent to Thai Personal Data Protection Law.

Furthermore, the Company may send or transfer Personal Data to companies within the same corporate group or business network located abroad, provided that the Company has established a Personal Data Protection Policy for the sending or transfer of Personal Data to Data Controllers or Data Processors in foreign countries and within the same corporate group or business network for shared business operations.

11. Requesting Consent

In cases where the Company cannot rely on other legal bases, the Company will explicitly seek your express consent for the collection, use, and disclosure of Personal Data for the following purposes:

1. Sensitive Data: For specific purposes where necessary only for certain types of the Company's use or service provision, such as data for individuals with visual or hearing impairment, or for the purpose of verifying and authenticating service users, such as Biometric Personal Data.
2. For analysis, research, statistical purposes, and the development and improvement of products or services of the Company or its partners, which is not an operation for public interest.
3. For marketing activities, delivering product and service offers, news, useful recommendations, developing marketing strategies, and offering special privileges to participate in activities with the Company, business partners, or other legal entities with whom the Company has a legal relationship for selling products or providing services.
4. If the Company is aware that the Data Subject is a minor, the Company must obtain consent from the parents or guardian. The Company will not collect data from the minor until consent is obtained from the authorized person exercising parental power, unless there is a legal basis that allows the Company to proceed without consent.

12. Contact Channels

In case you have any questions or require further details regarding the protection of your Personal Data, the collection, use, or disclosure of your data, the exercise of your rights, or have any complaints, you may contact the Company through the following channels:

ReservePay Company Limited Corporate ID No. 0105560060533