Personal Data Protection Policy Notice of
KASIKORN GLOBAL PAYMENT COMPANY LIMITED

Last updated: April 2026

Kasikorn Global Payment Company Limited (collectively “KGP”, “the Company” or “our”) operates a payment service business and is committed to conducting its business with integrity while respecting your privacy rights. KGP therefore places importance on protecting personal data and maintaining its security. This Personal Data Protection Policy (the “Policy”) explains the purposes and details of the collection, use, and/or disclosure of personal data, as well as your rights under applicable law.

1. To whom will this Policy apply and what are channels for Personal Data collection

1.1 To whom will this Policy apply
This Policy shall apply to you if you are classified as one or several types of the following persons.

Type of person under the Policy	Details and Examples
Individual customers of KGP ("Individual Customers")	KGP’s individual customer such as Person who uses or has used KGP’s products and/or services, including merchants and payers using KGP’s services Person who contacts KGP to inquire about products and/or services Person who receives information about products and/or services through any channels, and individuals who are offered, promoted, or invited by KGP to use or receive products and/or services
Individuals having involvement with a juristic person which is a customer of, or conducts transactions with, KGP ("Personnel of Juristic Persons")	Individuals having involvement with a juristic person which is a customer of, or conducts transactions with, KGP such as Shareholders Directors Authorized signatories or representatives Partners, agents Employees, officers, and/or assigned persons
Individuals related to transactions of KGP or KGP’s customers	Individuals who having involvement with transactions of KGP or KGP’s customers such as Contact person Employees, staff, officers, personnel Family members, friends, neighbors Individuals referred or recommended by KGP’s customers Investors, shareholders, proxies, beneficial owners, controlling persons Business counterparties such as business partners, suppliers, sponsors, distributors, vendors, contractors, service providers, purchasers, etc. Creditors, debtors, lessors, lessees Individuals who make payments to or receive payments from KGP’s customers Any other individuals from whom KGP may obtain Personal Data in connection with customer transactions Individuals who visit KGP’s website or social media accounts, or access services through KGP’s agents or channels Professional advisors Other similar individuals
General individuals	General individuals such as Individuals with whom KGP has any relationship, interaction, or contact, who provide Personal Data to KGP, or from whom KGP obtains Personal Data directly or indirectly through any channels

1.2 Channels for the Collection of Personal Data

KGP may collect your Personal Data through the following channels:

Personal Data that you provide directly to KGP, provide through KGP, or that is already in KGP’s possession, whether arising from your use of products and/or services, communications, visits, participation in activities, searches, access through service channels, and/or other communication channels of KGP, such as KGP’s offices, website, social media accounts, email, contact center, telephone, facsimile, postal mail, short message service (SMS), questionnaires, business cards, meetings, training sessions, seminars, events, recreational activities, marketing promotion activities, appointments, or any other channels.
Personal Data that KGP receives or is able to access from other sources, such as government agencies; KBank Financial Conglomerate; other banks or financial institutions; KGP’s financial service providers and other service providers; business partners and service providers of business partners; companies jointly issuing products and/or services with KGP; data service providers; individual or juristic customers conducting transactions with KGP (where you are a natural person related to such transactions as described above); social media; third-party online platforms; public data sources (such as the Government Gazette); persons having authority or legal rights; and any other persons or entities with whom KGP has a legal relationship.

2. Which Personal Data does KGP Collect, Use, and/or Disclose?

2.1 Personal Data is the data that can directly or indirectly identify you, means that

2.1.1 Individual means Individual Customer, an individual involved in transactions of KGP or KGP’s customers and general individual.

Type of data	Examples of data that KGP collects, uses and/or discloses
Personal Information	Title, first name, middle name, last name, alias (if any) Age, gender, occupation, date of birth, job position, relationship information (e.g., relationship between you and a beneficiary) Nationality, country of residence Signature and information contained in government-issued documents (e.g., national ID card, passport, visa, alien certificate, work permit, government/state enterprise ID card, house registration, name change certificate, death certificate, driver’s license, or similar identification documents) Other KYC and CDD information
Contact Information	Address as shown in official documents, current residential address, address in country of nationality, workplace address Telephone number, mobile phone number, facsimile number, email address, electronic communication or social media accounts (e.g., Facebook account, Facebook ID (Meta ID), LINE ID, or other online merchant platform accounts) Proof of residence in Thailand (for foreign individuals)
Employment / Business Information	Occupation and field of occupation Job position and length of current employment Job details, type of business, shareholding proportion, and/or business verification documents (e.g., business premises lease agreement) Products and/or services offered Estimated income Business category information, including merchant-related business information
Financial and Transaction Data	Information relating to applications, channels, and use of products and/or services, account type, card type, transaction details, merchant information, purposes of transactions, payment details and history, transaction reference numbers, transaction channels, passwords Supporting information for the use of products and/or services, such as product application details, types of goods and/or services sold, KYC information, and other information required by law (e.g., relationship with politically exposed person) Income information and sources of income and expenses Information in income documents and bank statements Bank account numbers used for receiving and making payments Electronic wallet numbers used for payments Credit/debit card information Commercial registration certificate Tax identification number and individual tax information Other information related to the use of products/services (e.g., merchant ID/shop ID, currencies involved, commercial information, purchase orders, and/or other contracts)
Technical, Device, or Tool Information	Device identifiers such as IP address or MAC address Cookies (Cookie ID) Pixel tags or Software Development Kits (SDKs) Access data, single sign-on (SSO) login information Log files Login information, access duration, website usage duration, and browsing data Other technical data derived from platforms, devices, and operating systems
Other Data	Records of communications or interactions between you and the Company Customer evaluation scores, behavioral data, opinions, and preferences on social media Service issue reports and complaints Requests from government authorities, fraud-related behavioral information Opinions expressed and requests for exercising legal rights Survey and feedback results Audio recordings, photographs, videos, voice clips, and CCTV footage Chat-bot and system log records Information in court orders or the Government Gazette Any other data deemed Personal Data under applicable Personal Data Protection Laws

2.1.2 Personnel of Juristic Person means individual having involvement with a juristic person which is a customer of, or conducts transactions with, KGP

Type of data	Examples of data that KGP collects, uses and/or discloses
Personal Information	Title, first name, middle name, last name, alias (if any) Age, gender, occupation, date of birth, job position, relationship information (e.g. relationship between a juristic person and beneficial owner) Nationality, country of residence Signature; information appearing on documents issued by government authorities (e.g. copy of ID card, passport, visa, alien certificate, work permit, government/state enterprise officer ID card, household registration, name change certificate, death certificate, driver’s license, or similar identification documents), including other KYC and CDD information
Contact Information	Address as shown in official documents, current residential address, address in country of nationality, workplace address Telephone number, mobile phone number, fax number, email address, or other electronic communication or social media contact accounts Proof of residence in Thailand (for foreign nationals)
Work Information	Occupation and professional field Job position and length of current employment Job details, type of business, shareholding proportion, and/or other documents confirming relationship with a juristic person (e.g. documents showing control over a juristic person)
Information in documents supporting transaction	Company affidavit List of shareholders Power of attorney / Proxy Commercial registration certificate
Other information	Information collected, used, and/or disclosed in connection with the relationship with the Company, such as information provided by a juristic person under agreements, complaint details or opinions, survey or assessment results, and information related to registration for participation in Company activities

2.2 Sensitive Personal Data

“Sensitive Personal Data” means Personal Data which is specifically determined by law. KGP has no intention to collect Sensitive Personal Data from you.
In certain cases, however, KGP may need to collect Sensitive Personal Data from you for providing services or products to you, for example, religion (displayed on a copy of national ID card) or race (displayed on a copy of passport of some countries), biometric data (such as facial recognition data) and data on criminal record, etc. KGP shall collect, use and/or disclose the Sensitive Personal Data provided that KGP has obtained your explicit consent or permitted by law. This shall be undertaken on a case-by-case basis when KGP is required to collect Sensitive Personal Data from you.
(Unless specifically stated otherwise, Personal Data and Sensitive Personal Data as earlier mentioned shall hereinafter be collectively referred to as “Personal Data”.)

2.3 Personal Data of Minors and Incompetent or quasi-Incompetent Persons

KGP has no intention to collect, use and/or disclose Personal Data of minors, the incompetent or quasi-incompetent persons, unless KGP obtains consent from the guardian, the appointed guardian, the appointed curator or any act which minors may give consent by themselves pursuant to law (as the case may be) and/or has any lawful basis. If KGP discovers that the collection, use and/or disclosure of Personal Data of minors, the incompetent or quasi-incompetent persons is undertaken without (i) consent from the guardian, the appointed guardian, the appointed curator or minors who may give consent by itself pursuant to law (as the case may be) and (ii) any lawful basis, KGP shall delete or destroy such Personal Data.

2.4 Personal Data of Any Other Third Party

If you provide Personal Data of any other third party who is a Personnel of Juristic Person and/or who has involvement with you to KGP such as shareholders, directors, authorized persons, family members, reference persons, beneficiaries, administrator of an estate, emergency contact persons and/or any other person per document of your transaction, etc., please inform those persons of the details under this Policy and request their consent, if necessary, or apply other lawful bases to ensure that KGP can collect, use and/or disclose Personal Data of the aforementioned third party.

3. What Are the Objectives of the Collection, Use, and/or Disclosure of your Personal Data

KGP will collect, use and/or disclose your Personal Data only as necessary for KGP’s legitimate objectives which include the collection, use and/or disclosure of Personal Data for compliance with the contract in which you are a contract party, for performance of duties as required by law, for legitimate interests, for operations according to your consent and/or for operations under other lawful bases. Objectives for collection, use and/or disclosure of Personal Data under this Policy are as follows.

Some of the following objectives may or may not apply to you. Please consider the objectives in accordance with your relationship with KGP on a case-by-case basis.

3.1 Objectives requiring consent

KGP shall collect, use and/or disclose your Personal Data based on consent for the following objectives.

3.1.1 KGP will collect, use, and/or disclose Sensitive Personal Data for which it cannot rely on any legal basis other than consent. The purposes include the following:

(1) Religious beliefs and racial data (such data may be obtained from copies of national identification cards or passports of certain countries, which the Company is required to collect solely for identity verification and authentication purposes). The Company will not use such data for any other purposes.
(2) Biometric data used for identity verification and authentication under the Company’s electronic Know Your Customer (e-KYC) process.
(3) Criminal record data, which the Company will collect, use, or disclose only when necessary for the provision of the Company’s products or services, including for the purpose of fraud risk management.
(4) Data analytics and research, including analysis, research, statistics compilation, development, and improvement of products and/or services of KGP, other companies within our business group, KBank Financial Conglomerate, business partners, and/or other juristic persons, in order to provide products and/or services that require your consent as prescribed by law.
(5) Marketing activities, including the communication of product and/or service offerings, privileges for participation in Company-organized activities, as well as news, useful information, carefully selected promotions, and the development of marketing strategies that require your consent under applicable law.

KGP may obtain your consent directly from you or through other companies within our business group, KBank Financial Conglomerate, business partners, and/or other juristic persons, on a case-by-case basis.

Where consent is the applicable legal basis, you have the right to withdraw your consent at any time through the channels specified by KGP. The withdrawal of consent will not affect the lawfulness of any collection, use, or disclosure of Personal Data and Sensitive Personal Data that you have already consented to prior to the withdrawal.

3.2 Objectives requiring other lawful bases other than consent

KGP will collect, use and/or disclose your Personal Data based on other lawful bases as necessary under KGP’s legitimate objectives, such as, for compliance with the contract in which you are a contract party or your request, for performance of duties as required by law , for the legitimate interest and/or for operations under other lawful bases for the following objectives:

3.2.1 Operations before entering into a contract with KGP such as giving consultation, advice, and/or other information relating to products and/or services; analyzing and assessing customer needs; conducting eligibility checks; verifying the accuracy of information or documents; identity verification and authentication, including the Know Your Customer (KYC) and Customer Due Diligence (CDD) processes; screening against sanctions lists and high-risk person lists issued by law enforcement agencies and/or government authorities as publicly disclosed in accordance with applicable laws; checking for asset protection status or bankruptcy status; customer risk grading and classification; pre-filling customers’ Personal Data and/or contact information to facilitate applications for KGP’s products and/or services; screening and maintaining Black Lists, White Lists, Initial Lists, and Approved Lists; customer segmentation; and data analysis and studies of customer needs.

3.2.2 Any operation related to consideration of products and/or service provision such as communication; receiving payments for goods and/or services through the website, application, or other channels provided by KGP; and other related services, such as communication, delivery and receipt of documents or parcels; processing requests and carrying out approval review processes; determining payment limits for goods and/or services; entering into contracts, agreements, and/or other related juristic acts; and registration for the use of products and/or services in order to participate in KGP’s activities.

3.2.3 Delivery of products and/or services under the contract you have entered into with KGP such as

Any actions related to the provision and use of products and/or services, such as merchant application for services, changes to information, changes to credit or transaction limits, preparation of transaction reports, and preparation of customer information or documents to support customer transactions (e.g. document certification)
Amendment of contracts
Carrying out actions to provide benefits in accordance with customers’ entitlements
Customer relationship management, service provision, administration, post-sales transaction processing, and customer facilitation
Providing consultation or guidance on customer risk management, complaint handling, problem resolution, and execution of customer requests
Receiving payments or any assets
Monitoring compliance with the terms and conditions for the use of products and/or services, including service termination
Reviewing, verifying, and updating transaction records, processing chargebacks, and providing refunds
Debt collection and follow-up

3.2.4 Marketing operation which does not require your consent under the law such as

Presenting products, services, and/or privileges requested by you, or notifying you of your entitled benefits
Providing offers of products and/or services, as well as privileges for participation in activities, events, or meetings organized by KGP, including facilitation of participation (e.g. event registration)
Presenting products and/or services of the same or similar type to those you currently have with KGP, other companies within our business group, or KBank Financial Conglomerate
Receiving requests for products, services, and/or privileges requested by you, including news, useful recommendations, and appropriately selected promotions
Conducting promotional activities (e.g. providing privileges or rewards)
Contacting you in cases where you have cancelled or discontinued the application for products and/or services (drop-off) in order to offer additional products and/or services that may be of interest to you, to facilitate re-application for the same type of products and/or services with KGP, or to offer other products and/or services that may be of interest to you
Administration, performance measurement, data review, assignment of relationship managers, and improvement of product or service quality within our business group and/or KBank Financial Conglomerate

3.2.5 Analysis, research and/or conducting statistical data which does not require your consent under the law for development, improvement of products and/or services within KGP such as

Analysis, research, marketing research, preparation of statistical data, and analysis of your financial data
Preparation of reports for internal use within KGP
Analysis of financial transactions and processing of refund request

3.2.6 Other operations of KGP such as

Management, risk management, and internal governance and supervision within KGP
Protection of legitimate interests
Establishment of customer databases, or recording and storing data in systems or databases; studying and analyzing such data
Notifications for debt payment or renewal of products and/or services, including event notifications such as fraud alerts
Debt collection and follow-up
Surveys and assessments of customer satisfaction after the use of products and/or services
Document management
Evaluation, marketing research, analysis, modeling, and development or improvement of products and/or services
Preparation of reports
Image and audio recording in connection with meetings, training sessions, recreational activities, or exhibition booths
Legal proceedings or related legal processes
Sending letters or gifts to customers, shareholders, government authorities, and others on special occasions, including coordination and communication to build business relationships; monitoring compliance with the Company’s internal policies and regulations
Collaboration, coordination, and/or delegation of tasks to third parties to act on behalf of or jointly with the Company (e.g. product or service design, customer service experience design, process design, or support for the delivery of products and/or services)
Transfer of rights and/or obligations, and corporate management
Operational planning, preparation, and/or internal administration of KGP
Use of closed-circuit television (CCTV) and control of access to KGP’s premises
Handling of complaints or management of unlawful acts or suspicious activities (e.g. fraud, money laundering, terrorism and proliferation of weapons of mass destruction, criminal activities, intellectual property infringement), including planning, investigation, monitoring, evidence collection, reporting, and/or detection measures
Monitoring and management of merchant risks and fraud risks
Enterprise risk management, governance, auditing, and recording of assets and business-risk databases relating to KGP
Internal organizational management, including preparation, management, monitoring, maintenance, and improvement of the Company’s platforms and/or payment service channels
Risk management within KBank Financial Conglomerate
Information technology operations, communications system management, and prevention, response, and mitigation of information technology risks and cybersecurity threats

3.2.7 Compliance with the order of competent authorities and/or compliance with laws such as

Compliance with the order of court, the government agencies, banking supervisory agencies, competent officers under the personal data protection law, payment system law, taxation law, anti - money laundering law, counter - terrorism and proliferation of weapons of mass destruction financing law, prevention and suppression of technological crimes law and computer crime law, bankruptcy law and other laws with which KGP is required to comply, either in Thailand or other countries, including regulations and rules issued under these laws, which are now being enforced, to be amended or to be enforced in the future.

3.2.8 Prevention or cessation of danger to a person’s life, body or health

3.2.9 Conducting historical documents or annals for public benefit or related to study, research or statistics

3.2.10 KGP’s operation of public benefit or performance of duties in using the government’s authority granted to KGP

The collection, use, and/or disclosure of your Personal Data for the aforementioned purposes may involve the use of existing technologies that KGP currently has or will acquire in the future, including but not limited to artificial intelligence (AI), generative AI (such as ChatGPT and Microsoft Copilot), AI chatbot technology, cloud computing, etc.

If KGP needs to collect, use and/or disclose your Personal Data for execution of or compliance with a contract that you have entered into with KGP and/or for KGP’s performance of duties under the law and you, if you do not provide such necessary Personal Data to KGP, KGP may not be able to approve or deliver/provide products and/or services, either partly or wholly, for you and it may impact on KGP’s performance of duties under the law or your relationship with KGP.

4. To whom will your Personal Data be disclosed?

Under your consent or criteria permitted by law, KGP may disclose your Personal Data to a third party. Persons or agencies receiving such Personal Data will collect, use and/or disclose your Personal Data within the scope for which you have given consent, or within the scope related to this Policy. In certain cases, you may be under the personal data protection policy of such recipient of your Personal Data. The recipient of your Personal Data may be in Thailand or other countries.

KGP may disclose your Personal Data to persons or agencies based on your relationship and transaction as follows:

Type of Personal Data

Details

Kasikornbank’s Financial Conglomerate (“KBank Financial Conglomerate”)

KGP may disclose your Personal Data to KBank Financial Conglomerate, including but not limited to Kasikornbank PCL and other companies within Kasikornbank’s financial conglomerate (for more details specified in https://www.kasikornbank.com/en/about/pages/financial-conglomerate.aspx) for purposes permitted by law or based on your consent under this Policy. KBank Financial Conglomerate can rely on the consent that KGP obtains.

List of data recipients within KBank Financial Conglomerate:

List of data recipients within KBank Financial Conglomerate:
At present, KGP has not yet disclosed Personal Data that requires your consent to the data recipients in this category.

KGP’s service providers

KGP may use another company, trade partner, KGP’s agent, sub - contractor or external service provider in Thailand and other countries to conduct business operation on behalf of KGP or to support the provision of KGP’s products and/or services to you. Therefore, KGP may disclose your Personal Data to KGP’s service provider, including but not limited to:

Customer identification and verification service providers
National Interbank Transaction Management and Exchange (NITMX)
Telecommunications and SMS providers
Technical support and cybersecurity providers
Cloud computing providers
Marketing service providers
Document storage providers
Social media service providers
Payment network providers
Debt collection providers
Printing and publishing provider
Document and parcel delivery providers
Other service providers supported KGP’s services

KGP’s business partners

KGP may disclose your Personal Data to

Merchants or platforms that you use and their IT providers
Business partners jointly providing products and/or services; co‑branded or co‑campaign partners
Payment or fund transfer service providers
Credit card service providers and issuing or acquiring banks
Other partners supporting payment services

In cases where your Personal Data is disclosed to business partners for their marketing purposes such as for sales promotion, public relations or offering of products and/or services by business partners to you, KGP will notify you of the names of business partners for supporting your decision in giving consent. Business partners can rely on the consent that KGP obtains.

Persons determined by law

In some cases, KGP may be required to disclose your Personal Data for compliance with the order of person(s) having legal authority or legal rights and/or for compliance with law. The recipients of your Personal Data include:

law enforcement agencies
regulatory or supervisory authorities
government agencies
technology crime suppression centers
courts
other persons or entities as required by law or necessary to comply with legal or regulatory obligations or to protect the rights of KGP or third parties.

Advisors/experts

For the benefit of KGP’s business operation, KGP may disclose your Personal Data to

auditors
external examiners
legal advisors
tax advisors
other advisors or experts, as necessary for KGP’s business operations.

Prospective assignee and/or assignee of rights in any transaction or merger of KGP

In cases where KGP engages in organizational restructuring, debt restructuring, merger, business acquisition, transfer of rights, business dissolution, or any other incidents of the same nature, KGP may need to disclose your Personal Data to

trade partners, interested parties
asset management companies and/or those assignees of rights

Any other third parties

KGP may disclose your Personal Data to any other third parties for the objectives as specified in this Policy. Any other third parties receiving your Personal Data may include but are not limited to

the persons with whom you have contractual relationships
technology and system developers
banks and financial service providers
international fund transfer organizations (e.g. SWIFT)
card networks (e.g. VISA, Mastercard, JCB, UPI)
educational institutions
social media providers
public or ordinary people

Where KGP discloses your Personal Data to other persons or entities for the recipients’ marketing purposes, such as for promotions, public relations, or the offering of products and/or services by the recipients to you, KGP will inform you of the list of such recipients, as abovementioned, to support your decision in providing consent.

5. Will KGP send or transfer your Personal Data to other countries?

KGP may need to send or transfer your Personal Data to other companies within our business group located in other countries, or to other recipients of data, as part of KGP’s normal business operations. For instance, sending or transferring Personal Data for storage on cloud platforms or servers located in other countries, business partners including those jointly providing products and/or services and Co-branding/Co-campaign business partners, Global Payment Networks, online social media service providers, government agencies in other countries and/or a person connected with your transaction in other countries, etc.

If the destination country has insufficient standards of Personal Data protection, KGP shall ensure that Personal Data will be sent or transferred in accordance with the law and shall set standards of Personal Data protection as deemed necessary, and appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your Personal Data will be protected under the Personal Data protection standards equivalent to those applicable in Thailand. If the data recipients are other companies within KBank Financial Conglomerate, KGP may decide to rely on KBank’s binding corporate rules verified and certified by relevant competent authorities and will send or transfer Personal Data to other companies within KBank Financial Conglomerate located in other countries in accordance with said binding corporate rules.

6. Use of Cookies and/or technologies with similar nature

KGP may collect and use cookies and/or any other technologies of similar nature when you use KGP’s website including conducting transactions, using products and/or services of KGP via digital channels and internet network. The collection of cookies and/or use of any other technologies of similar nature will help KGP to remember your usage and preferences, including analysis of your interest for improvement and development of efficiency of KGP’s website in order to respond to your demand and use so that you can have positive experiences in using KGP’s website. You can learn more details from the “Cookies Policy” of KGP at https://www.kasikornglobalpayment.com/en/cookies-policy

Moreover, KGP may disclose the data that cannot identify you to data analysis service providers such as Google, both in Thailand and other countries. Google will use technologies and tools for data analysis such as cookies and/or the Software Development Kit (SDK) to monitor and conduct reports of data analysis related to your use of KGP’s website. You can learn details of Google’s data analysis under the heading “How Google uses data when you use your partner’s sites or apps” at www.google.com/policies/privacy/partners or other URL as determined by Google.

7. How long does KGP keep your Personal Data?

KGP will keep your Personal Data during the period in which you are KGP’s customer or have a relationship with KGP, or throughout the period required in order to achieve the related objectives of this Policy. Once your relationship with KGP ends, KGP will further keep your Personal Data for a period as necessary according to the statute of limitations or for a period as required or permitted by law, for instance:

Personal Data shall be kept in accordance with the anti-money laundering law for 5 - 10 years after the end of the relationship, as the case may be.
Personal Data shall be kept in accordance with financial institution business law, accounting law, and taxation law, for 10 years after the end of the relationship.

KGP will undertake operations through appropriate steps to delete or destroy the Personal Data or make it anonymous when it is no longer necessary or said period ends.

8. How does KGP protect your Personal Data?

KGP shall apply technical, administrative and physical safeguard measures for safekeeping of your Personal Data in order to maintain confidentiality, accuracy, completeness, and availability of Personal Data to prevent unauthorized or illegitimate access, collection, revision, rectification, use and/or disclosure of Personal Data in accordance with legal requirements.

KGP has put in place appropriate measures to prevent the breach of Personal Data. KGP has therefore established policies, procedures and criteria for personal data protection such as measures to control access to Personal Data and use of secure and proper devices for storing and processing Personal Data, restriction of access to Personal Data, determination of users’ right to access Personal Data, right to permit assigned employees to access Personal Data and users’ responsibilities in order to prevent unauthorized access to Personal Data, unauthorized disclosure, unauthorized knowledge or unauthorized copy of Personal Data, or theft of devices used for storing or processing Personal Data. Measures have thus been put in place for tracking back of access to, change in, deletion or transfer of Personal Data, which are consistent with and appropriate for the methods and tools for collection, use or disclosure of Personal Data, including examination for assessing the effectiveness of compliance with policies, procedures and criteria for Personal Data protection.

KGP’s executives, employees, personnel, contractors, representatives, advisors, and recipients of data from KGP shall maintain the confidentiality of Personal Data in accordance with the confidentiality measures determined by KGP.

9. What are your rights in connection with your Personal Data?

Your rights under this item are legal rights that you should be aware of. You can exercise your rights as stipulated by law and this Policy currently available or to be amended in the future, including criteria determined by KGP. If you are less than 20 years old or have limited capacity to perform juristic acts under the law, you may request your father and/or mother, appointed guardian or authorized person to express the intention to exercise these rights on your behalf.

Right to withdraw consent (opt - out) : You are entitled to withdraw the consent that you have previously given to KGP to collect, use and disclose your Personal Data (whether such consent has been given prior to or after the personal data protection law is enforced), at any time during which your Personal Data is held by KGP, unless there is right restriction by law or there is a contract which is beneficial to you which remains valid. The collection, use and/or disclosure of your Personal Data which was undertaken before the withdrawal of your consent shall not be affected.

However, the withdrawal of your consent related to and required for the service request may prevent KGP from complying with the contract or providing services to you, or may cause the transaction or any other related activities to be suspended or temporarily discontinued, or may affect your knowledge of products and/or services, for instance, you may not receive the offer of products and/or services, benefits, promotions or other new offers, or may not receive alternative products or services which are more in line with your needs, or may not receive news and recommendations that are beneficial to you, etc. For your own benefit, you should determine and inquire about the potential impacts before deciding to withdraw your consent.
Right to access: You are entitled to have access to your Personal Data under KGP’s responsibility as Personal Data Controller and to request KGP to provide you with a duplication of your Personal Data and inform you of how your Personal Data has been obtained.
Right to data portability: You are entitled to request your Personal Data which has been processed by KGP to be in a format that can be read or used in general with an automated device or equipment, and can be used or disclosed via automated methods. You are also entitled to request KGP to send or transfer your Personal Data of said format to other data controllers if it can be processed via automated method, and to request Personal Data of said format which is directly sent or transferred by KGP to other data controllers, unless it cannot be processed due to technical difficulties.

Your aforementioned Personal Data must be Personal Data that you have granted consent to KGP to collect, use and/or disclose or must be Personal Data that KGP needs to collect, use and/or disclose for your use of KGP’s products and/or services in accordance with your intention wherein you are a contract party with KGP or for undertaking operations per your request before using KGP’s products and/or services or must be other Personal Data as determined by competent authorities.
Right to object : You are entitled to lodge an objection to the collection, use or disclosure of your Personal Data at any time. If the collection, use or disclosure of your Personal Data, to which you lodge an objection, is undertaken under legitimate interest of KGP or any person or any juristic person, or for public benefit, KGP shall continue to collect, use and/or disclose your Personal Data only if KGP can provide legal reasons that the collection, use and/or disclosure of your Personal Data is sufficiently important, or is undertaken for the establishment, defense, use of, or compliance with, the rights to claim in accordance with applicable law, as the case may be.

In addition, you are entitled to lodge an objection to the collection, use and/or disclosure of your Personal Data which is undertaken for objectives related to direct marketing or for the purpose of scientific, historical or statistical studies and research.
Right to deletion or destruction : You are entitled to request KGP to delete or destroy your Personal Data or make it anonymous if you believe that your Personal Data has been collected, used and/or disclosed illegitimately, which is not in compliance with applicable laws or if you deem that it is no longer necessary for KGP to keep your Personal Data under the objectives of this Policy or when you exercise your right to withdraw consent or your right to object as mentioned earlier.
Right to restriction of processing : You are entitled to request KGP to suspend the use of Personal Data if KGP is conducting an investigation per your request to exercise your right to rectification or right to object, or for any other case wherein it is no longer necessary for KGP to keep your Personal Data and KGP must delete or destroy your Personal Data in accordance with applicable laws, but you have sought to request KGP to suspend the use of your Personal Data instead.
Right to rectification : You are entitled to rectify your Personal Data to keep it accurate, up - to - date, complete and not misleading.
Right to lodge a complaint : You are entitled to lodge a complaint to relevant competent authorities if you believe that the collection, use and disclosure of your Personal Data violates or does not comply with applicable laws. You may contact KGP to submit a complaint through the channels specified in Clause 11, and KGP will consider and address your complaint as promptly as possible.

However, submitting a complaint to KGP will not affect your right to lodge a complaint with government authorities or the Office of Personal Data Protection Committee.

Exercising the aforementioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause KGP to deny your request or may prevent KGP from complying with your request such as for in compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If KGP denies aforementioned request, KGP shall give you the reason(s) for such denial.

You can submit your request to exercise your rights via the following channels:

KGP Partner Support: e-mail at partnersupport@kasikornglobalpayment.com
KBank’s branches as designated by KGP: (applicable to Meta Pay products only)

KGP may be required to request certain information from you for the purpose of verifying your identity. This is a security measure to ensure that your Personal Data is not disclosed to unauthorized persons. In this regard, the Company may contact you to request additional information relating to your request in order to enable KGP to respond more efficiently.

KGP will process requests within 30 days (and within 90 days for requests to erase or destroy Personal Data), calculated from the date on which KGP has received your complete request and supporting documents. In certain cases, KGP may require more than 30 days where your request is complex or where you submit more than one request. In such cases, KGP will notify you accordingly and keep you informed of the status of your request on an ongoing basis.

10. Will KGP rectify or revise this Policy

KGP may consider amending or revising this Policy from time to time, as deemed appropriate and permitted by law. In case of rectification or revision of, or change in this Policy, KGP will announce the current policy on KGP’s website at www.kasikornglobalpayment.com/en/privacy-policy

11. How can you contact KGP and the Data Protection Officer

Kasikorn Global Payment Company Limited (KGP)

KGP Partner Support: partnersupport@kasikornglobalpayment.com
KGP Contact Center: +66 2‑008‑8820
KGP Data Protection Officer: dpo@kasikornglobalpayment.com

Personal Data Protection Policy Notice of KASIKORN GLOBAL PAYMENT COMPANY LIMITED