PRIVACY POLICY
1.
INTRODUCTION
1.1
We, Kredivo (Thailand) Co., Ltd and its affiliates and subsidiaries
(individually and collectively, referred as "Company", "We"
"Our" "Us" or
"Kredivo"), will collect information related to
individuals (“Personal Data”) in providing our financial
products via Kredivo’s website, its mobile application and/or
partners’ application (collectively, referred as the “Services”
or “Platform”). Kredivo takes its responsibilities under
applicable privacy laws and regulations ("Privacy Laws") seriously and is committed to respecting the privacy rights
and concerns of all Users of our Services. Users refers to a user who
registers for an account with us for use of the Services
(“Users”, “You” or “Your”). We will act in compliance with the laws and regulations applicable in
countries and regions where we are conducting business (such laws and
regulations are hereinafter collectively referred to as the “Applicable Laws”) and will make efforts to properly protect Personal Data based on
this Privacy Policy (“Privacy Policy” or “Policy”).
1.2
This Privacy Policy is designed to assist you in understanding how we
collect, use, disclose and/or process the Personal Data you have
provided to us and/or we possess about you, whether now or in the
future, as well as to assist you in making an informed decision before
providing us with any of your Personal Data.
1.3
The terms of this Privacy Policy must be read and understood in
conjunction with other notices, contractual clauses, consent clauses that apply in
relation to the collection, storage, use, disclosure and/or processing
of your Personal Data by us and is not intended to override those
notices or clauses unless we state expressly otherwise.
1.4
This Policy applies to mobile applications, call center, website,
social media features, social networking sites, online communication
channels, and other locations where we collect your data.
1.5
We may update this Privacy Policy from time to time. Any changes we
make to this Privacy Policy in the future will be reflected on this
page and material changes will be notified to you. Where permissible
under local laws, your continued use of the Services or access to the
Platform, including applying for a loan (as defined in the
Terms of Services) on the Platform, or express consent thereto,
following the modifications, updates or amendments to this Privacy
Policy (whether or not you have reviewed such document) shall
constitute your acknowledgment and acceptance of the changes we make
to this Privacy Policy. You agree that it is your responsibility to
review and check the Privacy Policy frequently to see if any updates
or changes have been made to this Privacy Policy.
PLEASE READ THIS PRIVACY POLICY CAREFULLY. BY CLICKING OR CHECKING
“SIGN UP”, “I AGREE TO KREDIVO’S PRIVACY POLICY”, “I AGREE AND CONSENT
TO THE COLLECTION, USE, DISCLOSURE, STORAGE, TRANSFER AND/OR
PROCESSING OF MY PERSONAL DATA FOR THE PURPOSE STATED IN, AND UNDER
THE TERMS OF, KREDIVO’S PRIVACY POLICY” OR SIMILAR STATEMENTS
AVAILABLE AT THE REGISTRATION PAGE OR IN THE COURSE OF PROVIDING YOU
WITH THE SERVICES OR ACCESS TO THE PLATFORM, YOU ACKNOWLEDGE THAT YOU
HAVE READ AND UNDERSTOOD THE TERMS OF THIS PRIVACY POLICY AND THAT YOU
HAVE AGREED AND CONSENTED TO THE COLLECTION, USE, DISCLOSURE, STORAGE,
TRANSFER AND/OR PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED AND
UNDER THE TERMS HEREIN.
2.
PERSONAL DATA TO BE
COLLECTED
2.1 We will collect the
Personal Data described below in a lawful and fair manner in
accordance with Applicable Laws and, if required, upon obtaining your
consent.
2.2 "Personal Data" means data, whether true or not, about an individual who can
be identified from that data, or from that data and other information
to which an organization has or is likely to have access. Common
examples of Personal Data could include name, identification number
and contact information.
2.3. Depending on your use
of our Platform and/or your interaction with our Services (such as
when registering for our Services and/or logging into our Platform),
you may be asked to provide us with certain information. While you can
choose not to provide us with certain information, you may not be able
to use all or a part of our Services. The Personal Data that you may
opt to provide to us and the common instances of when Personal Data about you may be
collected,
are as follows:
(a)
Registration Information. If you sign up for an Account, We ask
You to provide Us with personal information, which may include your
name, date of birth, gender, username and password, email address,
work address, telephone number, signature, e-signature, ID card
number, your interests, and any Personal Data in any photographs that
you upload onto our Platform. This information collectively is
referred to as "Registration Information or Profile
Data."
(b)
Personal details, such as title, full name, gender, age,
occupation, qualifications, job title, position, business type,
nationality, country of residence, date of birth, marital status, work
place, education, house registration, household income, salary, financial information
and personal income, any other personal details you provided to
us;
(c) User IDs and Device IDs. When You install the Application, We create a unique identification
number associated with that installation of the software ("User
ID").
(d)
Usage Information. We also collect information about how You
use Our Services, including how You view and interact with content,
the parts of Our Services that You use, information You search for,
content that You view, and actions You take.
(e)
Marketing and Communications Data, which may include your
interests, survey responses, preferences in receiving marketing
materials from us and your communication preferences, your preferences
for Services, as well as your feedback, chat, email or call history on
the Platform or with third party service providers.
(f)
Account and Transaction Data, which may include your credit
card details, bank account details, bank statements, delivery/ billing
address, payments and orders to and from you, and other details of
services that you have used through the Platform.
(g) LogData.
When You use Our Services, We automatically record information about
Your use ("Log Data"). This Log Data may include information
such as Your computer's or mobile device's Internet Protocol
("IP") address, browser type, the webpage You were visiting
before you came to Our Site, pages of Our Site that You visit, access
times and dates and other statistics.
(h)Technical details, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID, device model and type, network, connection details, access details, single sign-on (SSO), login log, access time and location, time spent on the page, login data, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, and any other technical details from the use on the Platforms and systems;
(g) Third-party application,
user IDs linked to our Services or given to us when activating and/or
using the Services;
2.4 If you provide
Personal Data of any third party (e.g., your beneficiary, emergency
contact person,
referral, and references) to us, e.g., their name, family name,
address, telephone number,
family member income and any personal and contact details for
emergency contact,
complete your application or execute your transactions with us; please
provide this Privacy Policy for
their acknowledgement and/or obtaining consents where
applicable for us.
2.5 We automatically
collect and process certain types of information when you use your
devices to
access our Platform and interact with our Services for the purposes
set out
herein.
2.6 If you do not want us to collect the aforementioned
information/Personal Data, you may
opt out at any time
by notifying us in writing about it. Further information on opting out
can be found in
section 10 below. Note, however, that opting out of us collecting your
Personal Data or
withdrawing your consent for us to collect, use or process your
Personal Data may affect your
use of the Services. For example, opting out of the
collection of location
information will cause its location-based features to be disabled.
3.
PURPOSES OF COLLECTION AND
USE OF PERSONAL DATA
3.1 We may collect, use
and disclose your Personal Data for the following purposes;
(a) To provide products and services to you: to enter into a contract
and manage our
contractual relationship
with you; to support and perform other activities related to
such services or
products; and to carry out
financial transaction and services;
(b) To carry out
the Services, including but not limited to customer due diligence,
credit scoring or
assessment, monitoring and verifying the loan usage, billing
statement, repayment of loan
and debt collection;
(c) To register,
verify, identify and authenticate you or your identity;
(d) To consider and/or process your application/transaction with us
or your transactions or
communications with third parties via the Services;
(e) To respond to, process, deal with or complete a transaction
and/or to fulfil your
requests for certain
products and services and notify you of service issues and unusual
account
actions;
(f) To enforce our Terms and Conditions of Services provided for the
respective financial
products and/or any
other terms and conditions relevant to the Services, including to
enforce the relevant loan agreement made under our Services or that of our
affiliate(s) where
applicable and in accordance with its terms;
(g) To contact and
communicate with you as requested by you or in relation to the
products and services you obtain from us, affiliates, subsidiaries and
business partners; to
handle customer service-related queries, request, feedback, complains,
claims, disputes or
indemnity; to provide technical assistance and
deal with technical issues; to
process and update
your information; to facilitate your use of the products and
services;
(h) To produce statistics and research for internal and statutory
reporting and/or record- keeping requirements;
(i) To carry out due diligence or other screening activities
(including, without limitation,
background checks)
in accordance with legal or regulatory obligations or our risk
management procedures that
may be required by law or that may have been put in
place by us;
(j) To provide privileges, offers, updates, sales, special offers,
promotions, advertisements,
notices, news, information and any marketing and communications
about the products and services
from us, affiliates, subsidiaries and business partners.
(k) To improve business operations, products, and services: To
evaluate, develop, manage, and
improve, research and develop the services, products, system, and
business operations
for you and all of our customers, affiliates, subsidiaries and
business partners;
to identify and resolve issues; to create aggregated and anonymized
reports, and measure the
performance of our products, and marketing campaigns;
(l) Functioning of the sites, mobile application, and platform: To
administer, operate,
track, monitor, and
manage the sites and platform to facilitate and ensure that they
function properly,
efficiently, and securely; to facilitate your experience on the sites
and platform; improve layout,
and content of the sites and platform;
(m) For business management
purpose including for IT operations, management of
communication system,
operation of IT security and IT security audit; internal business
management for internal
compliance requirements, policies, and
procedures;
(n) Compliance with regulatory and compliance obligations: To comply
with legal obligations, legal
proceedings, or government authorities' orders which can include
orders from
government authorities outside Thailand, and/or cooperate with court,
regulators, government
authorities, and law enforcement bodies when we reasonably
believe we are legally
required to do so, and when disclosing your Personal Data is
strictly necessary to
comply with the said legal obligations, proceedings, or government
orders.
(o) To protect the security and integrity of our business; to
exercise our rights or protect
our interest where
it is necessary and lawfully to do so, for example to detect, prevent,
and respond to
fraud claims, intellectual property infringement claims, or violations
of law;
to manage and prevent loss of our assets and property; to secure the
compliance of our
terms and conditions.
(p) To verify your identity, and to conduct legal and other
regulatory compliance checks
(for example, to
comply with anti-money laundering regulations, and prevent fraud).
(q) Corporate transaction: in the event of sale, transfer, merger,
reorganization, or similar
event we may transfer
your Personal Data to one or more third parties as part of that
transaction.
(r) To perform risk
management, audit performance, and risk assessments; and/or
If you fail to provide your Personal Data when requested, we may not
be able to provide our products and services to you.
3.2 You acknowledge, consent and agree that Company may access, preserve
and disclose your Account
information and Content if required to do so by law (including Credit
Information Business Act
B.E. 2545 and any Applicable Laws and regulations related the
said Act.) or pursuant to an
order of a court or an order/ permission by any
governmental or regulatory
authority having jurisdiction over the Company or in a good
faith belief that such
access preservation or disclosure is reasonably necessary to: (a)
comply with legal process;
(b) comply with a request and/or a permission from any
governmental or
regulatory authority having jurisdiction over the Company (including a
permission by the Bank of
Thailand to disclose your Personal Data and information for
any other interests);
(c) enforce the Terms and Conditions of Services provided for the
respective financial
products or this Privacy Policy; (d) respond to any threatened or
actual claims asserted
against the Company or other claim that any Content violates the
rights of third parties; (e)
respond to your requests for customer service; or (f) protect
the rights, property
or personal safety of the Company, its users and/or the public.
3.3. As the purposes for
which we will/may collect, use, disclose or process your personal
data depend on the
circumstances at hand, such purpose may not appear above.
However, we will notify
you of such other purpose at the time of obtaining your consent,
unless processing of
the applicable data without your consent is permitted by the
Privacy Laws.
4.
WHO WE DISCLOSE YOUR PERSONAL DATA TO
4.1
We may share (or permit the sharing of) your Personal Data with and/or
transfer your Personal Data
to third parties and/or our affiliates for the above-mentioned
purposes under this Privacy
Policy. These third parties may be located in Thailand and areas
outside Thailand,
including but not limited to:
(i) Service providers and related companies such as agents, vendors,
contractors and partners
in areas such as payment or loan services, marketing, data analytics,
market or consumer
research, survey, social media, customer service, installation
services, information
technology and website hosting;
(ii) Courts, tribunals,
enforcement agencies, governmental or regulatory authorities
having jurisdiction over
Company;
(iii) Our subsidiaries, affiliates and related corporations;
(iv) Users or our bank partners you have transacted with or
interacted with on the
Platform or in
connection with your use of the Services for the above-stated
purposes;
(v) A buyer or other successor in the event of a merger, divestiture,
restructuring,
reorganization,
dissolution or other sale or transfer of some or all of the Company’s
assets, whether as a going
concern or as part of bankruptcy, liquidation or similar
proceeding in which
Personal Data held by the Company about our service users is
among the assets
transferred; or to a counterparty in a business asset transaction that
the Company or any of
its affiliates or related corporations is involved in;
(vi) We may share user information, including statistical and
demographic information
about our Users and
information about their use of the Services with advertising
partners and third-party
suppliers of advertisements, marketing, and/or other
programming.
4.2
In disclosing your
Personal Data to them, we endeavor to ensure that the third parties
and our
affiliates keep your Personal Data secure from unauthorized access,
collection,
use,
disclosure, processing, or similar risks and retain your Personal Data
only for as long
as your Personal
Data is needed to achieve the above-mentioned purposes.
4.3 International data transfer: We may transfer or permit the
transfer of your Personal Data
outside of your
jurisdiction for any of the purposes set out in this Privacy Policy.
However, we will not
transfer or permit any of your Personal Data to be transferred
outside of such
jurisdiction unless the transfer is in compliance with Applicable
Laws, including, for
example, to inform and obtain your consent on the countries to which
your Personal Data
may be transferred to and the applicable standards on data
protection under the laws of
such countries. If you provide Personal Data to our
Platform, you
acknowledge and agree that such Personal Data may be transferred from
your current location to the
offices and servers of Kredivo and its affiliates, agents, and
service providers, as
referred herein and located in other countries.
By visiting this application and providing Personal Data to our
Platform, you consent to
these
transfers.
5.
HOW DOES COMPANY
PROTECT AND RETAIN CUSTOMER INFORMATION?
5.1 We implement a
variety of security measures and strive to ensure the security of your
Personal Data on our
systems. Maintaining technology products to prevent unauthorized
computer access. User
personal data is contained behind secured networks and is only
accessible by a
limited number of employees who have special access rights to such
systems. However, there
can inevitably be no guarantee of absolute security. You are also
advised to exercise caution
with respect to the sharing of your Personal Data and your
authentication /
security details (such as passwords, credit card details, transaction
details) outside of our
Platform / Services.
5.2 We will retain
Personal Data in accordance with the Privacy Laws and/or other
applicable laws. That is,
we will destroy or anonymize your Personal Data as soon as it is
reasonable to assume that
(i) the purpose for which that Personal Data was collected is
no longer being served by the
retention of such Personal Data; and (ii) retention is no
longer
necessary for any legal or
business purposes; and (iii) no other legitimate
interests warrant further
retention of such Personal Data. If you cease using the Services
on the Platform, or your
permission to use the Platform and/or the Services is
terminated or withdrawn,
we may continue storing, using and/or disclosing your
Personal Data in accordance
with this Privacy Policy and our obligations under the
Privacy Laws. Subject to
Applicable Laws, we may securely dispose of your Personal Data
without prior notice to
you.
6. THIRD-PARTY
SITES
6.1. The Platform may
contain links to other websites operated by other parties, such as our
business
affiliates, merchants, or payment gateways. We are not responsible for
the privacy practices of
websites operated by these other parties. You are advised to check
on the applicable privacy
policies of those websites to determine how they will handle
any information they collect
from you.
6.2. Please note that even
if the third party is affiliated with us, we have no control over
these third-party
websites, each of which may have their own separate privacy and data
collection
practices independent of us. We therefore have no responsibility or
liability for the content,
security arrangements (or lack thereof) and activities of these linked
sites. These linked
sites are only for your convenience, and you therefore access them at
your own risk. Nonetheless,
we seek to protect the integrity of our Platform and the
links placed upon each of
them and therefore welcome any feedback about these linked
sites (including, without
limitation, if a specific link does not work).
7. MINORS
7.1. Company does not
provide Services to minor under the age of 20 (which is to be
determined based on the
Applicable Laws), nor does it intend to provide any of the
Services or the use of the
Platform to minors. We do not knowingly collect any personal
data relating to minors.
7.2. You hereby confirm
and warrant that you are above the age of minority and you understand
and accept the terms of this Privacy Policy.
As a parent or legal guardian, please do not allow minors under your
care to submit Personal
Data to Company.
8. HOW AND HOW LONG
WE KEEP YOUR PERSONAL DATA
8.1 The Company has
information security policies and practices in place to safeguard your
Personal Data, as follows:
• Collection characteristics: We keep your Personal Data either in
printed document (hard
copy) or in electronic document system (soft copy) with appropriately
secured measures to
prevent the loss, unauthorized access, change, and disclose of your
Personal Data.
• We manage to put in place procedures to deal with any suspected
Personal Data
breaches. In case of
substantiated complaints concerning breaches of customer privacy
and losses of customer
data, our security team will immediately investigate to solve the
case.
• Retention period: We will not keep your Personal Data for any
longer than we seem
necessary for the purposes
for which we collect and process it, or within the effective
period of contract,
or within the period of the exercise, or defense of legal claims.
• When your Personal Data for which we collect, use and process it,
is no longer required for the
purposes and by Applicable Laws, we will erase or destroy or aggregate
and/or anonymize your
Personal Data to an extent that it no longer identifies you within
a reasonable time.
9.
COOKIE POLICY
9.1 During any use of the
Company's website and/or mobile application Information relating to
your access to this website will be saved in the form of a cookie.
This cookie policy describes the meaning of functional cookies, their
purposes and how to delete cookies for your privacy.
By accessing our website and/or mobile application, you consent to
our use of cookies in accordance with the cookie policy detailed
below.
How the Company uses cookies?
The Company will collect website information from all visitors
through cookies or similar
technologies and will use
cookies for the purpose of improving the efficiency of
accessing and using
the Company's internet services. The company collects cookies for
the following purposes:
• To study the behavior of your website usage and to develop company
websites to be able to use easily,
quickly and more efficient;
• To enable you to sign in to your account on the Company's
website;
• To protect you from fraud and improve security;
• To analyze products and services, and offers of the Company
products that may be
relevant to
you;
• To improve the marketing that you see on social media, applications
and other
websites.
You can refuse the collection of information via cookies through your
browser settings,
which may reduce
the optimum performance of the website and application.
10.
HOW CAN YOU ACCESSING AND CORRECTING, OPT-OUT, WITHDRAW, PERSONAL
DATA YOU HAVE
PROVIDED TO US?
10.1 You may request
information about your Personal Data which we have collected or
enquire about the ways
in which your Personal Data may have been used, disclosed,
stored, or processed
by us via the personal account information setting on our Platform
or by contacting us using the
contact details below. You may also request correction of
any error or omission in your
Personal Data which we have collected in the same way. In
order to facilitate processing
of your request, it may be necessary for us to request
further information
relating to your request. Where permissible under law, we may
refuse such correction
requests if deemed vexatious or unreasonable.
10.2 You may withdraw your
consent for the collection, use and/or disclosure of your
Personal Data in our possession
or under our control by sending an email to our
Personal Data
Protection Officer at dpo.th@kredivo.com and we will process
such requests in
accordance with this Privacy Policy and our obligations under the
Privacy Laws and other
Applicable Laws. However, your withdrawal of consent may mean that
we will not be able to
continue providing the Services to you and we may need to
terminate your
existing relationship and/or the contract you have with us.
10.3 However, your
withdrawal of consent could result in certain legal consequences
arising from such withdrawal.
In this regard, depending on the extent of your withdrawal of
consent for us to process your
Personal Data, it may mean that we will not be able to
continue providing the
Services to you, we may need to terminate your existing
relationship and/or
the contract you have with us, etc., as the case may be, which we
will inform you of.
10.4 You may request that
we erase or destroy or temporarily suspend the use of or
anonymize the Personal Data
we hold about you in case you believe that the Personal
Data we hold about
you is being unlawfully processed by us or we are not complying
with the Privacy Laws.
Please provide as much detail as possible on your reasons for the
request to assist us in
determining whether you have a
valid basis for erasure or destruction or suspension or
anonymization, as the
case may be. However, we may retain the Personal Data if there
are valid grounds under law
for us to do so (e.g., for the defense of legal claims or
freedom of expression) but we
will let you know if that is the case. Please note that
after deleting,
destroying, suspending, or anonymizing the Personal Data, we may not
be able to provide
the same level of servicing to you as we will not be aware of your
preferences.
10.5 For a request to
access Personal Data, once we have sufficient information from you to
deal with the request, we
will seek to provide you with the relevant Personal Data within
30 days. Where we are
unable to respond to you within the said 30 days, we will notify
you of the soonest possible
time within which we can provide you with the information
requested. Note that
Privacy Laws may exempt certain types of Personal Data from
being
subject to your access
request.
11. Questions,
Feedback, Concerns, Suggestions or Complaints
11.1. If you have any
questions on Personal Data protection or data privacy or you have
other concerns
about our data protection / privacy practices or wish to exercise any
rights you may have under
Applicable Laws, please feel free to contact us via below
channels.
11.2. If you have any
complaint or grievance regarding how we are handling your personal
data or about how we are
complying with Privacy Laws, we welcome you to contact us
with your complaint or
grievance through our contact below.
E-mail: dpo.th@kredivo.com and Attention it to the
"Personal Data Protection Officer"
11.3 If you have any
questions or concerns about our privacy practices or your dealings
with the Services,
please do not hesitate to submit your questions or concerns through
the mechanism set out in
the Platform for the Services or contact:
support.th@kredivo.com.
12. TERMS AND
CONDITIONS
12.1 Please also read the
Terms and Conditions of Services provided for the financial
products establishing the
use, disclaimers, and limitations of liability governing the use
of the Platform and the
Services respectively and other related policies.
Updated on 25 March 2024