Privacy Policy Notice of CGS-CIMB Securities (Thailand) Company Limited
Under the Personal Data Protection Act B.E.2562 (2019)

CGS-CIMB Securities (Thailand) Company Limited(the "Company", "we," "us," or "our") recognizes the importance of the protection of your Personal Data. We have therefore established your Personal Data security measures to prevent access, disclosure, use or changes information without permission, in order to comply with the Personal Data Protection Act 2019.

This privacy notice (the "Privacy Policy") describes how we collect, use, disclose, transfer Personal Data, data collection period, data destruction and the rights of the data subject in relation to the operations and services of the company. Including to our business, websites, mobile applications, call centers, events and exhibitions, online communication channels other locations.

1.        Personal data collection

"Personal Data" means any identified or identifiable information about you. In order to services with you or which services or products that you requires from us. We may collect your Personal Data directly from you or indirectly from other sources e.g. social media, third party’s online platforms, and other publicly available sources and through our affiliates, service providers, business partners, official authorities, or third parties e.g. custodians etc.,

For Personal Data classified by law as “Sensitive Data” e.g. race, religion, blood group, criminal record and health data. We do not wish to collect or use information such sensitive data, even if such information appears on any other documents that you voluntarily disclose to the company.

Your Personal Data that we collect, use, disclose as the following:

1.1      Personal details, such as your title, name, gender, age, occupation, job title, salary, work place, work position, education, nationality, date of birth, marital status, information on government-issued cards .g. national identification number, passport number, tax identification number, driver's license details, signature, voice recording, phone records, picture, CCTV records, house registration, and other identification information e.g. holding shares, percentage of shares including biometric data (which is facial recognition, fingerprint);

1.2      Contact details, such as your address, telephone number, mobile number, fax number, email address, and other electronic communication ID;

1.3      Account and financial details, such as your credit card and debit card information, account number and account type, prompt pay details, current assets, income and expenses, as well as payment details, service and product application details;

1.4      Transaction details, such as the type of products (e.g. securities, derivatives), price and quantity, order number, broker number, conditions (if any), trading history and balance, payment and transaction records relating to your assets, financial statements, liabilities, taxes, revenues, earnings and investments, source of wealth and funds, representation, trade information, default record, margin balance, and margin loan record;

1.5      Technical details, such as your Internet Protocol (IP) address, web beacon, log, device ID and type, network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform;

1.6      Profile details, such as your account identifiers, username and password, PIN ID code for trading, interests and preferences, activities, investment objectives, investment knowledge and experience, and risk tolerance;

1.7      Usage details, such as information on how you use the websites, platform, application, wireless devices and mobile phone;

1.8      Personal data generated in connection with the Client's relationship with us, such as, account opening, administration, operation, payment, settlement, processing and reporting, on behalf of the Client your correspondence with us, information you give us in contracts, forms or surveys or data collected when you participate in our business functions, seminars, and social events.


2.        The Purpose of collection, use or disclosure of your Personal Data

2.1      For purpose as consent basis, we rely on your consent to provide marketing communications, special offers, promotional materials about the products and services of the Company, our affiliates and subsidiaries and the third parties which we cannot rely on other legal grounds including collect, use, and/or disclose your Sensitive Data, Cross-border transfer your Personal Data to a country which may not have an adequate level of data protection.

You have the right to withdraw your consent at any time. This can be done so, by contacting with the company as method determine.

2.2      For purpose rely on other legal basis, we may collect, use, disclose, and/or cross-border transfer your Personal Data by relying on the following legal basis.

     2.2.1      A contractual basis, for our initiation or fulfilment of a contract with you, processing applications for account opening, account maintenance, and operations relating to your accounts, including without limitation, processing your applications or requests for services or products, processing your transactions, generating your account statement, and operating and closing your accounts, securities brokerage, securities dealing, securities underwriting, mutual fund management, private fund management, investment advisory, securities lending and borrowing, derivatives dealing, derivatives brokerage, derivatives advisory, and derivatives fund management services, providing investment products, offering choices to you (including investment products of third parties, managing your relationship with us and administration of your account with us, preventing customers with certain limitations for the purpose of damage control, carrying out your instructions or responding to your inquiries or feedback, and resolving your complaints, conducting identity verification and credit checks, know-your-customer (KYC) and customer due diligence (CDD) processes, other checks and screenings, and ongoing monitoring that may be required under any applicable law, preventing, detecting and investigating fraud, misconduct, or any unlawful activities, whether or not requested by any governmental or regulatory authority, and analysing and managing risks.

     2.2.2       A legal obligation, complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any governmental, tax, law enforcement or other authorities or regulators (whether local or foreign), such as the Stock Exchange of Thailand, Thailand Futures Exchange, Thailand Securities Depository, Thailand Clearing House, Office of the Securities and Exchange Commission of Thailand, Bank of Thailand, Anti-Money Laundering Office, and Thai Revenue Department. Including in case of the company received the letter, summons, seize from the government agencies, Courts or Constitutional Independent Organizations, etc.

     2.2.3      The legitimate interest of the company, including third parties, to be balanced with your own interest and fundamental rights and freedoms in relation to the protection of your Personal Data, managing our infrastructure, internal control, [internal] audit and business operations and complying with our policies and procedures that may be required by applicable laws and regulations including those relating to risk control, security, audit, finance and accounting, systems and business continuity.

     2.2.4      Vital interest, for preventing or suppressing a danger to a person’s life, body or health.

     2.2.5      Public interest, for the performance of a task carried out in the public interest or for the exercise of official actions;

We need to collect the personal data by fulfilling the company's legal obligations or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you e.g. to provide you with services. In this case, we may have to cancel a product or service you have with us, but we will notify you this is the case at the time.


3.         Disclose or transfer Personal Data

We may disclose or transfer your Personal Data to the third parties may be located in or outside Thailand in accordance with the purposes under this Privacy Policy as following.

3.1      CGS-CIMB Group, we are part of a CGS-CIMB Group, for the avoidance of doubt, the term “Affiliate” when used in relation to CGS-CIMB shall mean (i) any Affiliate of CGS-CIMB; (ii) CGS-CIMB Securities Sdn. Bhd. (formerly known as Jupiter Securities Sdn. Bhd.); (iii) CIMB Group Sdn. Bhd.; and (iv) China Galaxy International Financial Holdings Limited.

3.2      Our service providers, we may use other companies, agents or contractors to perform services on our behalf or to assist with the provision of products and services to you. We may share your Personal Data to these service providers, including but not limited to: (a) IT service providers; (b) research agencies; (c) analytics service providers; (d) survey agencies; (e) marketing, advertising media and communications agencies; (f) payment service providers; and (g) administrative and operational service providers. We will only provide our service providers with the Personal Data that is necessary for them to perform the services, we will ensure that all the service providers we work with will keep your Personal Data secure.

3.3      Our business partners, we may transfer your Personal Data to persons acting on your behalf or otherwise involved in the provision of the type of product or service you receive from us, including payment recipients, beneficiaries, account nominees, intermediaries such as third-party securities companies, asset management companies, custodians, correspondents, agents, vendors, co-brand business partners, market counterparties, issuers of products, or global trade repositories to whom we disclose Personal Data in the course of providing products and services to you and whom you authorize us to disclose your Personal Data to, provided that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Policy.

3.4      Third parties permitted by law, we may be required to disclose or share your Personal Data to a third party in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party for which we believe disclosure or transfer is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party's or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.

3.5      Professional advisors, we may disclose or transfer your Personal Data to our professional advisors relating to audit, legal, accounting, and tax services who assist in running our business and defending or bringing any legal claims.

3.6      Third parties, we may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under the terms and conditions of any contract between you and us. We may disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Policy.

3.7      Third parties connected with business transfer, we may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees, prospective assignees, transferees, or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets, or stock. If any of the above events occur, the data recipient will comply with this Privacy Policy to respect your Personal Data.


4.         International transfers of Personal Data

We may disclose or transfer your Personal Data to third parties or servers located overseas, and the destination countries may or may not have the same data protection standards as Thailand. We have taken steps and measures to ensure that your Personal Data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.

5.            Period keep Personal Data

We retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which we have obtained it as set out in this Privacy Policy, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for longer duration, if required by applicable law.


6.            Other important information about Personal Data

6.1      Cookies and how they are used, we will gather certain information automatically from you by using Cookies. Cookies are tracking technologies that are used in analyzing trends, administering our websites, tracking users’ movements around the websites, and remembering users’ settings. Most Internet browsers allow you to control whether or not to accept Cookies. If you reject Cookies, your ability to use some or all of the features or areas of our websites may be limited.

6.2      Personal Data used by minors, we do not knowingly collect Personal Data from clients who are minors (those who have not reach the legal age) without their parental consent when it is required. If you are a minor and wish to engage in a contractual relationship with us, you must obtain the consent from your parent or legal guardian prior to contacting us or providing us with your Personal Data. If we learn that we have unintentionally collected Personal Data from any minor without parental consent when it is required without their legal guardians' consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent.

6.3       Personal Data related to third parties, the Personal Data of any third party such as your spouse and children, shareholders, directors, beneficiary, emergency contact including their name, family name, email address, and telephone number, you should ensure that you have the authority to do so and to permit us to use the Personal Data in accordance with this Privacy Policy. You are also responsible for notifying the third party of this Privacy Policy and, if required, obtaining consent from the third party or rely on other legal basis.


7.            Your rights with regard to Personal Data

Subject to the applicable laws and exceptions thereto, you may have the following rights regarding your Personal Data:

7.1      Access: you may have the right to access or request a copy of the Personal Data we are processing about you;

7.2      Data Portability: you may have the right to obtain Personal Data hold about you, in a structured, electronic format, and to transmit this data to another data controller;

7.3      Objection: in some circumstances, you may have the right to object to how we process your Personal Data in certain activities which specified in this Policy;

7.4      Deletion: you may have the right to request that we delete, destroy, or de-identify your Personal Data that we process about you, e.g. if the data is no longer necessary for the purposes of processing;

7.5      Restriction: you may have the right to restrict our processing of your Personal Data if you believe such data to be inaccurate, that our processing is unlawful, or that we no longer need to process this data for a particular purpose;

7.6      Rectification: you may have the right to have Personal Data that is incomplete, inaccurate, misleading, or out-of-date rectified;

7.7      Consent withdrawal: you may have the right to withdraw consent that was given to us for the processing of your Personal Data, unless there are restrictions on the right to withdraw consent as required by the law, or a contract that benefits you;

7.8      Lodge a complaint: you may have the right to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliance with applicable data protection law.


8.            Changes to this Privacy Policy

We may change or update this Privacy Policy. We encourage you to read this Privacy Policy carefully and periodically revisit to review any changes that may occur in accordance with the terms of this Privacy Policy.

We will notify you or obtain your consent again if there are material changes to this Privacy Policy, or if we are required to do so by law.


9.           Contact Us

If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries or complaints about your Personal Data under this Privacy Policy, please contact us via the following avenues:

      CGS-CIMB SECURITIES (THAILAND) COMPANY LIMITED
                130 - 132  Sindhorn Tower 2, 2nd , 3rd Floor and Sindhorn Tower 3, 12th  Floor, Wireless Road, Lumpini, Pathumwan, Bangkok 10330

              Telephone: 02-8419000 Fax: 02-8419090

              Website: www.cgs-cimb.co.th

      Client Service, Telephone: 02-2098787, 02-8468696, 02-8468687

×