Updated December 2021
KASIKORNBANK PCL (“KBank”) attaches importance to the respect of privacy rights of Directors, including related persons, and the maintenance of security of personal data. KBank has established these practical guidelines related to the protection of personal data for Directors (“these Practical Guidelines”) to inform you, as a data subject, of the objectives and details of the collection, use and / or disclosure of your personal data, as well as your legal rights to ensure that KBank shall protect your personal data with stringent measures in order to maintain the security of your personal data, and your personal data will be used in accordance with the purposes you have notified of, and not contrary to the law.
The Directors of KBank and persons nominated as the Directors of KBank, including individuals who have a relationship with or are related to said persons such as spouses and / or persons living together as a couple, children, parents and siblings.
2.1 Personal data which you have directly provided to KBank, including those from government and regulatory agencies as well as personal data disclosed to the public, as follows:
2.2 KBank may be required to collect, use and / or disclose sensitive personal data such as religion, race, criminal history, health records, blood groups, biometric data (such as face, fingerprint, iris, voice and electronic signature recognition) to process the verification and authentication of your identity for attendance or participation in various activities and / or in compliance with the laws or orders of the regulatory agencies. KBank shall seek your explicit consent on a case-by-case basis or where necessary as permitted by law, and KBank shall use its best efforts to provide adequate security measures for the protection of your sensitive personal data.
KBank shall collect, use and / or disclose your personal data as much as is necessary under lawful purposes and supported by legal rules or bases, whether for performing its duties in compliance with the laws or legal obligations, or the contract that you have entered into with KBank or your request prior to entering into a contractual basis, or necessary operations under the legitimate interests of KBank or other individuals or juristic persons, taking into account the fundamental rights of your personal data and not exceeding the extent of your legitimate interest or for other purposes as you have chosen to give consent, such as:
In addition to the above legitimate purposes of KBank, KBank may collect, use and / or disclose your personal data to proceed with certain operations under other legal bases, as follows:
(1) Production of historical documents or archives for public benefit or documents related to research studies or statistics.
(2) Prevention or suppression of any danger to life, body or a person’s health.
(3) Requirement to carry out its duties for public benefit or for the officers to exercise their authority.
However, if KBank is required to collect, use and / or disclose your personal data in order to comply with the agreement that you have entered into with KBank and / or to carry out its duties per the relevant laws, KBank may not be able to perform its duties that it should have done for you as a director if you do not provide such personal data to KBank upon request.
KBank may disclose your personal data to government agencies, regulatory agencies and individuals or other agencies related to the various purposes per these Practical Guidelines such as the Ministry of Finance, Ministry of Commerce, Bank of Thailand, Office of the Securities and Exchange Commission, Office of the Insurance Commission, Anti-Money Laundering Office, Stock Exchange of Thailand, Securities Depository (Thailand) Co., Ltd., courts, Thai Bankers’ Association, international agencies or organizations, companies in the financial conglomerate, data processors, external service providers (e.g., providers of conference and cloud computing services), securities companies, partners, counterparties, consultants, auditors, external auditors, credit rating companies, authorities or competent authorities, prospective assignees and / or assignees in transactions or mergers of various businesses of KBank, any juristic persons or individuals who have established a relationship or entered into a contract with KBank, including the Board of Directors, executives, employees, contractors, agents, consultants of KBank, individuals or agencies who are the recipients of such information. KBank shall ensure that the individuals or agencies who are the recipients of such information collect, use and / or disclose your personal data to the extent for which you have given your consent or in relation to the purposes for which these Practical Guidelines apply.
KBank may need to send or transfer your personal data to other companies within KASIKORNBANK FINANCIAL CONGLOMERATE in other countries, or to other data recipients, as part of KBank’s normal business operations. For instance, personal data may be sent or transferred for storage on cloud platforms or servers located in other countries, or to KBank’s business partners, trade partners and / or international agencies or organizations related to operations of KBank.
In case of sending or transferring your personal data to other countries, KBank shall ensure that personal data will be sent or transferred in accordance with legal requirements, while personal data protection measures will be put in place, appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your personal data will be protected under the personal data protection standard equivalent to that in Thailand. If the data recipients are other companies within KASIKORNBANK FINANCIAL CONGLOMERATE abroad, KBank may ensure that binding corporate rules verified and certified by relevant competent authorities are in place, and shall send or transfer personal data to other companies within KASIKORNBANK FINANCIAL CONGLOMERATE abroad in accordance with said binding corporate rules.
KBank will keep your personal data for as long as is reasonably necessary during the period you have a relationship with KBank, or throughout the period required in order to achieve the related objectives of these Practical Guidelines. Once your relationship with KBank ends, KBank may need to further keep your personal data, if required or permitted by law. For instance, personal data shall be kept for a maximum period of 10 years in accordance with the statute of limitations of applicable law.
KBank will undertake operations through appropriate steps to delete or destroy the personal data or make it anonymous when it is no longer necessary or said period ends.
KBank shall apply appropriate technical and organizational measures for safeguarding your personal data in order to ensure the security in processing personal data and to prevent the infringement of personal data. KBank has therefore established policies, procedures and criteria for personal data protection such as security standards of information technology system, and measures to prevent unauthorized or illegitimate use or disclosure of personal data for any other objectives by the data recipients. In addition, KBank has revised said policies, procedures and criteria from time to time as necessary and appropriate.
KBank’s executives, employees, personnel, contractors, representatives, advisors, and recipients of data from KBank shall maintain the confidentiality of personal data in accordance with the confidentiality measures determined by KBank.
You can exercise your rights as stipulated by law and these Practical Guidelines currently available or to be amended in the future, including criteria determined by KBank.
Your aforementioned personal data must be personal data that you have granted consent to KBank to collect, use and / or disclose or must be personal data that KBank needs to collect, use and / or disclose for any operation related to the rights and / or duties of the directors, or must be other personal data as determined by competent authorities.
In addition, you are entitled to lodge an objection to the collection, use and / or disclosure of your personal data which is undertaken for objectives related to direct marketing or for the purpose of scientific, historical or statistical studies and research.
Exercising the aforementioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause KBank to deny your request or may prevent KBank from complying with your request such as for compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If KBank denies the aforementioned request, KBank shall give you the reason(s) for such denial.
KBank may consider rectifying or revising these Practical Guidelines from time to time, as deemed appropriate and permitted by law. In case of rectification or change in these Practical Guidelines, KBank will announce the current Practical Guidelines through the channels determined by KBank.
If you have any suggestions or would like to inquire about information regarding details of the collection, use and / or disclosure of your personal data, including exercising your rights under these Practical Guidelines,
you can contact the data protection officer