Personal Data Protection Notice for the Secure Platform
Last updated on 12 December 2024
AI AND ROBOTICS VENTURES COMPANY LIMITED (“Company” or “we”) recognizes the importance of personal data protection and therefore, issues this Personal Data Protection Notice for the Secure Platform (“Notice”) to inform you, as the Data Subject, about the purposes and methods by which the Company Processes your Personal Data, including details about the rights in your Personal Data. The details of which are as follows:
1. Application of the Notice
This Notice applies to the Processing of Personal Data of Data Subjects who access and/or use various Services on the Platform (as defined below) or related to the use of the Platform.
2. Definition
- 2.1 “Personal Data Protection Law” means any applicable law that has provisions regarding the Processing of Personal Data, including but not limited to the PDPA.
- 2.2 “Terms and Conditions of Use” means the Terms and Conditions of Use for Secure Platform.
- 2.3 “Personal Data” means any information about an individual which enables the identification of that person, whether directly or indirectly, but does not include information of deceased persons specifically.
- 2.4 “PDPC” means the Personal Data Protection Committee established under the PDPA, having the duty and authority to regulate and issue rules, measures, or other practices with respect to personal data protection under the PDPA.
- 2.5 “Data Subject” or “you” means the person who can be identified, whether directly or indirectly, through his/her Personal Data.
- 2.6 “Processing” or “Process” means the collection, retention, disclosure or otherwise processing of Personal Data of Data Subjects.
- 2.7 “PDPA” means the Personal Data Protection Act B.E. 2562 (2019), as amended from time to time, as well as any rules, regulations, or notifications issued by virtue of the PDPA.
- 2.8 “Platform” means the website, application and/or any other form of platform under the name “Secure” provided by the Company for Users to access and use the Services.
- 2.9 “Supervisory Authority” means any agency having the authority to regulate the Company’s business, including, but not limited to, the PDPC and the Office of the Personal Data Protection Committee.
3. Collection of Personal Data
In providing the Services, the Company will collect Personal Data for purposes, within the scope, and using methods that are lawful and fair. The collection will be done only to the extent necessary to provide the Services to you and for the purposes specified in this Notice with the following details:
| Categories of Personal Data | Examples of Personal Data |
|---|---|
| Identification Information | First name, Middle name, Surname |
| Identity Verification Information | Identification card number, Date of birth, Address, Card issuance date, Card expiration date |
| Transaction Information | History of receiving, transferring, and storing assets, Transaction status, Number of coins, Other digital wallet information |
| Device Information | IP address, Device ID, Device type, Connection details, Operating system |
| Contact Information | Phone number, Email address, Address |
| Other Information | Any other Personal Data which you may provide to the Company – for example, when you have any inquiries or complaints relating to the Platform, etc. |
4. Sources of Personal Data
In general, the Company will collect Personal Data directly from you when you access or use the Platform. However, in certain cases, the Company may collect your identity verification information from the Department of Provincial Administration, Ministry of Interior, through the ThaiD application or other related applications, for the purposes of Processing as specified in this Notice.
5. Purposes for Processing Personal Data of Data Subjects
Generally, the Company will Process Personal Data of Data Subjects for the following purposes:
| Purpose | Type Of Personal Data | Legal Basis |
|---|---|---|
| Provision of Platform To proceed with your requests to subscribe for the Services on the Platform, to create user accounts and to provide Services to you, as well as to perform our obligations under the Terms and Conditions of Use and other relevant agreements. | - Identification Information Remark: If you do not provide any Personal Data which is necessary for entering into the agreement, or to provide the Services, the Company may not be able to proceed with the request to enter into the agreement (i.e., cannot create account) or the Company may also be unable to provide services to you, either in whole or in part. | Contract |
| For Identity Verification * In the cases where you would like to use the Platform to receive or transfer digital assets between the Platform and digital wallet provided by third party which requires that Know Your Customer must be carried out on you prior to the use of service, you may verify your identify through ThaiD in which case the Company will process the result of such verification to enable you to use the digital wallet service provided by said third party. * To conduct identity verification before approving account creation request on the Platform. This is to ensure that you are a real individual, the information you have provided is accurate and belongs to you, and to perform any additional checks deemed necessary and appropriate by the Company to ensure that the provision of services and Platform usage comply with the law. | - Identification Information - Identity Verification Information Remark: The Company will not collect or process any special categories of personal data of yours that may appear on a copy of your identification card, such as religious information and/or blood type. In cases where the Company requires a copy of your identification card for identity verification purposes, you are requested to redact special categories of personal data from the copy of your identification card before submitting it to the Company. If you do not redact such information, the Company may perform the redaction on your behalf. | Legitimate interest |
| Improvement and Development To improve the Platform and Services as well as to develop the system | - Identification Information - Transaction Information - Device Information - Other Information | Legitimate interest |
| Compliance with Law To comply with any laws, rules, regulations, notifications and/or orders of the government agencies, Supervisory Authority, competent officials or courts which are related to the Company’s provision of Platform, including to perform obligations under the PDPA – for example, to proceed with your request to exercise your rights, etc. | - Identification Information - Identity Verification Information - Transaction Information - Device Information - Contact Information - Other Information Remark: If you do not provide any Personal Data which is necessary for the performance of obligations under the law or order of the competent organization or official, it may be considered as you and/or the Company violates or fails to comply with such law or order which could result in penalties being imposed. | Compliance with Legal Obligation |
| Legal Claims To establish, comply with, contest, defend or take any action regarding the Company’s claims. | - Identification Information - Identity Verification Information - Transaction Information - Device Information - Contact Information - Other Information | - Legitimate interest - Compliance with Legal Obligation |
| Fraud Detection and Prevention To investigate, detect and prevent fraud, deception, suspicion activities or the use of Services for criminal activities or violations of laws, rules, regulations or the Terms and Conditions of Use. | - Identification Information - Identity Verification Information - Transaction Information - Device Information - Contact Information - Other Information | Legitimate interest |
| Contact and Communication To contact and communicate with you when you have inquiries, complaints or any other issues as well as when it is necessary for the Company to contact you such as to notify you of the change of the Terms and Conditions of User, this Notice and/or any other relevant policies of the Company, etc. | - Identification Information - Identity Verification Information - Transaction Information - Device Information - Contact Information - Other Information | Legitimate interest |
If the Company needs to Process Personal Data beyond what is specified in this Notice, the Company may notify additional Personal Data Processing and/or seek consent from the Data Subject as required by law.
6. Disclosure and Cross-border Transfer of Personal Data
The Company may disclose Personal Data of Data Subjects to the following individuals and/or legal entities, which are either in or outside of Thailand, for the purposes specified in this Notice:
- (a) Our affiliates and companies within our group of companies
- (b) Third-party service providers, including business partners, IT service providers, other platform service providers, payment gateway providers, auditors, accounting firms, audit firms and legal consultants;
- (c) Third parties relating to business transfers, mergers, and acquisitions, or other similar procedures.
Where your Personal Data is disclosed to any of the above persons, the Company will ensure that such persons keep your Personal Data confidential, and do not use it for any purpose other than those specified herein.
Where your Personal Data is transferred to other countries, the destination country of which the Personal Data recipient is located may not have adequate personal data protection standards as required by the PDPA, in which case we will ensure that the Personal Data recipient implements and uses adequate personal data protection standards as required by the Personal Data Protection Law to ensure that the Personal Data of Data Subjects will be securely protected and that the international transfer complies with the Personal Data Protection Law.
Furthermore, the Company may disclose Personal Data of Data Subjects as required by any applicable laws, rules, regulations, notifications or orders, including disclosure to government agencies and Regulatory Authorities, or upon lawful requests, such as requests of Personal Data for litigation, orders of government agencies or courts, or requests by private entities or other persons involving in legal procedures.
7. Retention of Personal Data
The Company will retain and Process Personal Data for as long as it is necessary for the purposes described in this Notice. In general, the Company will retain your Personal Data throughout the period in which you use the Services, and for an additional 10 years from the date your user account is deleted, or you have not accessed the Platform for a consecutive period exceeding 1 year, or when the provision of the Platform services has ended.
8. Data Subject’s Rights
You have the following rights as a Data Subject:
- (a) The right to withdraw consent for the Processing of Personal Data that you have given consent for. However, such withdrawal of consent will not affect the consent that you have lawfully given.
- (b) The right to access Personal Data. To request to have access to Personal Data and obtain a copy of Personal Data, including to request the disclosure of the acquisition of Personal Data which you did not give consent.
- (c) The right to request that Personal Data be corrected, updated or completed.
- (d) The right to request that Personal Data be deleted, destroyed or de-identified.
- (e) The right to obtain a copy of Personal Data in a format that can generally be read or used by automatic tools or device, and can be used or disclosed by automated means (if applicable), including the right to request the transmission of Personal Data in such format to another data controller.
- (f) The right to object to the Processing of Personal Data; and
- (g) The right to suspend the use of Personal Data.
Data Subjects may exercise any of the rights above by submitting a written request to the Company, or by sending an email to us using the form specified by the Company. The Company will respond to your request within a reasonable time frame or within the time frame specified by law.
Data Subjects acknowledge that the exercise of any of the above rights is subject to the limitations and conditions of Personal Data Protection Law. Therefore, we may refuse to comply with your request.
Additionally, you have the right to file a complaint with the Regulatory Authority in Thailand if you believe that the Processing of your Personal Data by us does not comply with the PDPA. However, we encourage you to contact us first to address any issues or concerns you may have before filing a complaint with the Regulatory Authority.
9. Reviews and Amendments of the Notice
The Company may review and amend this Notice from time to time, so that it corresponds with any changes in the applicable law, material changes in the Company’s operations, and suggestions and feedback of other relevant entities. For amendments that affect the purposes for the Processing of Personal Data, we will inform the Data Subjects about the new purposes and, if required by law, take necessary actions to obtain your consent before such amendments come into effect.
10. Contact Details
If you have any inquiries or concerns with respect to this Notice or how we handle your Personal Data, or you would like to exercise your right as a Data Subject as specified above, please contact us at:
AI AND ROBOTICS VENTURES COMPANY LIMITED
No. 304, Vanich Place Aree Building (Building A), 25th Floor,
Unit 2501, Phahonyothin Road, Samsen Nai Subdistrict,
Phaya Thai District, Bangkok 10400, Thailand
Email arv.secure@arv.co.th
or
Data Protection Officer (DPO) of the Company
Contact Information: Email arv.secure@arv.co.th