Practical Guidelines Related to Personal Data Protection
for Directors and Related Persons of KASIKORNBANK PCL
Updated December 2021
KASIKORNBANK PCL (“KBank”) attaches importance to the respect of privacy rights of Directors, including related persons, and the maintenance of security of personal data. KBank has established these practical guidelines related to the protection of personal data for Directors (“these Practical Guidelines”) to inform you, as a data subject, of the objectives and details of the collection, use and / or disclosure of your personal data, as well as your legal rights to ensure that KBank shall protect your personal data with stringent measures in order to maintain the security of your personal data, and your personal data will be used in accordance with the purposes you have notified of, and not contrary to the law.
- These Practical Guidelines apply to
The Directors of KBank and persons nominated as the Directors of KBank, including individuals who have a relationship with or are related to said persons such as spouses and / or persons living together as a couple, children, parents and siblings.
- Personal data that KBank collects, uses and / or discloses
2.1 Personal data which you have directly provided to KBank, including those from government and regulatory agencies as well as personal data disclosed to the public, as follows:
-
(1)
Private information such as national ID number or documents issued by government agencies that can be used for identity authentication, educational background, marital status and information of related persons.
-
(2)
Employment information such as occupation, work experience, past training programs or activities, performance results, directorship or positions in other companies or enterprises, attendance at meetings of KBank Board of Directors and Sub-Committees or meetings of shareholders.
-
(3)
Contact information such as address per important documents, home address, office address, telephone number, facsimile number, email address and Line ID.
-
(4)
Financial information such as remuneration, bank account numbers, asset holdings, names of securities companies and credit bureau data.
-
(5)
Information related to criminal records, complaints, charges, and all legal proceedings.
-
(6)
Other information such as voice recordings, still pictures, motion pictures, records of communications or interactions between you and KBank, electronic traffic, signatures, data stipulated under the laws or good corporate governance principles, or other information deemed as private data under the Personal Data Protection Law.
2.2 KBank may be required to collect, use and / or disclose sensitive personal data such as religion, race, criminal history, health records, blood groups, biometric data (such as face, fingerprint, iris, voice and electronic signature recognition) to process the verification and authentication of your identity for attendance or participation in various activities and / or in compliance with the laws or orders of the regulatory agencies. KBank shall seek your explicit consent on a case-by-case basis or where necessary as permitted by law, and KBank shall use its best efforts to provide adequate security measures for the protection of your sensitive personal data.
- Purposes of collection, use and / or disclosure of personal data
KBank shall collect, use and / or disclose your personal data as much as is necessary under lawful purposes and supported by legal rules or bases, whether for performing its duties in compliance with the laws or legal obligations, or the contract that you have entered into with KBank or your request prior to entering into a contractual basis, or necessary operations under the legitimate interests of KBank or other individuals or juristic persons, taking into account the fundamental rights of your personal data and not exceeding the extent of your legitimate interest or for other purposes as you have chosen to give consent, such as:
-
3.1
Recruitment and appointment of Directors, meetings of KBank Board of Directors, remuneration payments for Directors and meetings of shareholders.
-
3.2
Delivery of various documents or letters such as meeting notices, business reports and others (if any).
-
3.3
Contact, communications and delivery of news or any proposals for your own benefit.
-
3.4
Identity verification and authentication for the exercise of various rights such as meeting attendance, participation in activities, and share transfer.
-
3.5
Enquiry management such as handling of your questions and complaints, plus enquiries about the exercise of rights or provision of various opinions.
-
3.6
Satisfaction evaluation on various facility services offered by KBank employees.
-
3.7
Contact, image and voice recordings related to meetings, training sessions and seminars.
-
3.8
Compliance with the orders of competent authorities such as courts, government agencies, financial regulatory agencies and competent government officers.
-
3.9
Taking any necessary actions relating to KBank's rights and / or duties in accordance with the laws and / or with respect to the rights and / or duties of Directors. This includes, but is not limited to, civil and commercial laws, public limited companies law, financial institutions business law, securities and exchange law, life insurance law, non-life insurance law, taxation law, anti-money laundering laws, the law on the prevention and suppression of financing of terrorism and the proliferation of weapons of mass destruction and other laws that KBank is required to comply with both in Thailand and abroad, including announcements and regulations issued in accordance with such laws.
-
3.10
Maintaining security such as CCTV recording, registration, card exchange, and recording of visitors before entering the building.
-
3.11
Business management of KBank and companies within KASIKORNBANK FINANCIAL CONGLOMERATE such as risk management, audit, internal management, as well as referrals to companies within its financial conglomerate for such purposes.
-
3.12
Anonymous data.
-
3.13
Collection, use and / or disclosure of personal data of any other persons, who have a relationship with or are related to you or any other persons with whom KBank has any relationship, interaction, or any other persons who correspond with or provide personal information to KBank via any channels.
-
3.14
Exercising legal claims.
In addition to the above legitimate purposes of KBank, KBank may collect, use and / or disclose your personal data to proceed with certain operations under other legal bases, as follows:
(1) Production of historical documents or archives for public benefit or documents related to research studies or statistics.
(2) Prevention or suppression of any danger to life, body or a person’s health.
(3) Requirement to carry out its duties for public benefit or for the officers to exercise their authority.
However, if KBank is required to collect, use and / or disclose your personal data in order to comply with the agreement that you have entered into with KBank and / or to carry out its duties per the relevant laws, KBank may not be able to perform its duties that it should have done for you as a director if you do not provide such personal data to KBank upon request.
- To whom will your personal data be disclosed?
KBank may disclose your personal data to government agencies, regulatory agencies and individuals or other agencies related to the various purposes per these Practical Guidelines such as the Ministry of Finance, Ministry of Commerce, Bank of Thailand, Office of the Securities and Exchange Commission, Office of the Insurance Commission, Anti-Money Laundering Office, Stock Exchange of Thailand, Securities Depository (Thailand) Co., Ltd., courts, Thai Bankers’ Association, international agencies or organizations, companies in the financial conglomerate, data processors, external service providers (e.g., providers of conference and cloud computing services), securities companies, partners, counterparties, consultants, auditors, external auditors, credit rating companies, authorities or competent authorities, prospective assignees and / or assignees in transactions or mergers of various businesses of KBank, any juristic persons or individuals who have established a relationship or entered into a contract with KBank, including the Board of Directors, executives, employees, contractors, agents, consultants of KBank, individuals or agencies who are the recipients of such information. KBank shall ensure that the individuals or agencies who are the recipients of such information collect, use and / or disclose your personal data to the extent for which you have given your consent or in relation to the purposes for which these Practical Guidelines apply.
- Sending or transferring personal data to other countries
KBank may need to send or transfer your personal data to other companies within KASIKORNBANK FINANCIAL CONGLOMERATE in other countries, or to other data recipients, as part of KBank’s normal business operations. For instance, personal data may be sent or transferred for storage on cloud platforms or servers located in other countries, or to KBank’s business partners, trade partners and / or international agencies or organizations related to operations of KBank.
In case of sending or transferring your personal data to other countries, KBank shall ensure that personal data will be sent or transferred in accordance with legal requirements, while personal data protection measures will be put in place, appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your personal data will be protected under the personal data protection standard equivalent to that in Thailand. If the data recipients are other companies within KASIKORNBANK FINANCIAL CONGLOMERATE abroad, KBank may ensure that binding corporate rules verified and certified by relevant competent authorities are in place, and shall send or transfer personal data to other companies within KASIKORNBANK FINANCIAL CONGLOMERATE abroad in accordance with said binding corporate rules.
- How long does KBank keep your personal data?
KBank will keep your personal data for as long as is reasonably necessary during the period you have a relationship with KBank, or throughout the period required in order to achieve the related objectives of these Practical Guidelines. Once your relationship with KBank ends, KBank may need to further keep your personal data, if required or permitted by law. For instance, personal data shall be kept for a maximum period of 10 years in accordance with the statute of limitations of applicable law.
KBank will undertake operations through appropriate steps to delete or destroy the personal data or make it anonymous when it is no longer necessary or said period ends.
- Personal Data Protection
KBank shall apply appropriate technical and organizational measures for safeguarding your personal data in order to ensure the security in processing personal data and to prevent the infringement of personal data. KBank has therefore established policies, procedures and criteria for personal data protection such as security standards of information technology system, and measures to prevent unauthorized or illegitimate use or disclosure of personal data for any other objectives by the data recipients. In addition, KBank has revised said policies, procedures and criteria from time to time as necessary and appropriate.
KBank’s executives, employees, personnel, contractors, representatives, advisors, and recipients of data from KBank shall maintain the confidentiality of personal data in accordance with the confidentiality measures determined by KBank.
- What are your rights in connection with your personal data ?
You can exercise your rights as stipulated by law and these Practical Guidelines currently available or to be amended in the future, including criteria determined by KBank.
-
8.1
Right to withdraw consent (opt-out): You are entitled to withdraw your consent at any time during which your personal data is held by KBank, unless there is right restriction by law or there is a contract which is beneficial to you which remains valid.
-
8.2
Right to access: You are entitled to have access to your personal data under KBank’s responsibility and to request that KBank provide you duplication of your personal data and inform you of how your personal data has been obtained.
-
8.3
Right to data portability: You are entitled to request your personal data which has been processed by KBank to be in a format that can be read or used in general with an automated device or equipment, and can be used or disclosed via automated methods. You are also entitled to request that KBank send or transfer your personal data of said format to other data controllers if it can be processed via automated method, and to request personal data of said format which is directly sent or transferred by KBank to other data controllers, unless it cannot be processed due to technical difficulties.
Your aforementioned personal data must be personal data that you have granted consent to KBank to collect, use and / or disclose or must be personal data that KBank needs to collect, use and / or disclose for any operation related to the rights and / or duties of the directors, or must be other personal data as determined by competent authorities.
-
8.4
Right to object: You are entitled to lodge an objection to the collection, use or disclosure of your personal data at any time. If the collection, use or disclosure of your personal data, to which you lodge an objection, is undertaken under legitimate interest of KBank or any person or any juristic person, or for public benefit, KBank shall continue to collect, use and / or disclose your personal data only if KBank can provide legal reasons that the collection, use and / or disclosure of your personal data is sufficiently important, or is undertaken for the establishment, defense, use of, or compliance with, the rights to claim in accordance with applicable law, as the case may be.
In addition, you are entitled to lodge an objection to the collection, use and / or disclosure of your personal data which is undertaken for objectives related to direct marketing or for the purpose of scientific, historical or statistical studies and research.
-
8.5
Right to deletion or destruction: You are entitled to request that KBank delete or destroy your personal data or make it anonymous if you believe that your personal data has been collected, used and / or disclosed illegitimately, which is not in compliance with applicable laws, or if you deem that it is no longer necessary for KBank to keep your personal data under the objectives of these Practical Guidelines, or when you exercise your right to withdraw consent or your right to object as mentioned earlier.
-
8.6
Right to suspension: You are entitled to request that KBank suspend the use of your personal data if KBank is conducting an investigation per your request to exercise your right to rectification or right to object, or for any other case wherein it is no longer necessary for KBank to keep your personal data, and KBank must delete or destroy your personal data in accordance with applicable laws, but you have sought to request that KBank suspend the use of your personal data instead.
-
8.7
Right to rectification: You are entitled to rectify your personal data to keep it accurate, up-to-date, complete and not misleading.
-
8.8
Right to lodge complaint: You are entitled to lodge a complaint to relevant competent authorities if you believe that the collection, use and disclosure of your personal data violates or does not comply with applicable laws.
Exercising the aforementioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause KBank to deny your request or may prevent KBank from complying with your request such as for compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If KBank denies the aforementioned request, KBank shall give you the reason(s) for such denial.
- Rectification or revision of these Practical Guidelines
KBank may consider rectifying or revising these Practical Guidelines from time to time, as deemed appropriate and permitted by law. In case of rectification or change in these Practical Guidelines, KBank will announce the current Practical Guidelines through the channels determined by KBank.
- How can you contact KBank and the data protection officer?
If you have any suggestions or would like to inquire about information regarding details of the collection, use and / or disclosure of your personal data, including exercising your rights under these Practical Guidelines,
you can contact the data protection officer
-
Data Protection Officer
e-mail
dataprotectionofficer@kasikornbank.com
-
Contact Address
Office of Corporate Secretary, KASIKORNBANK PCL: 1, Soi Rat Burana 27/1, Rat Burana Road, Rat Burana Sub-district, Rat Burana District, Bangkok 10140.