Privacy Policy or Personal Data Protection Policy – Secure by Primular Wallet
AI and Robotics Ventures Company Limited or ARV (hereinafter referred to as the “Company” or “We”) value the importance of protecting your Personal Data. We have therefore made this Personal Data Protection Policy (the “Policy”) in accordance with the Personal Data Protection Act B.E. 2562 (2019) and relevant laws and regulations (the “PDPA”) to explain how we collect, store, use, disclose, or otherwise process (the “Process”) and to inform you of your rights as the Data Subject. The Company announces the policy as follows:
1. Application of the Policy
This Policy applies to all individuals who access the Platform of Secure by Primular Wallet (the “Secure”) including the following parties:
1) Customers
- Individual: Existing and current customers of the Company who are individuals
- Juristic persons: Directors, shareholders, true benficiaries, employees, guarantors, collateral providers, and legal representatives of existing and current customers, including the person who have authority to act on behalf of juristic persons. The Company recommends juristic persons to ensure that the person who have authority or any other related person acknowledge the Policy of the Company
2) Non-Customers
Those customers (including individuals) that are not using the products or services of the Company, but the Company may need to collect, use, and disclose your personal information, such as the people who have visited the Company’s website and application, users using the services at the Company’s office, gurantors and collateral providers, true benficiaries, director or legal representative of juristic persons that use the Company’s services, debtors and customers of the Company, professional consultants, directors, investors, and shareholders of the Company as well as legal representatives of such persons, and other related individual who transact with the Company or Company’s customers.
2. Definition
“Digital Wallet” means program that stored and control access to information or documents certified by the owner or holder of the document so that the document holder can access and use such information including documents certified by the owner or holder of that document safely and securely.
“Personal Data” means any information that is related, either directly or indirectly, to an identified or identifiable person, except for the information of any deceased person.
“Sensitive Personal Data” means personal information that poses a significant risk to fundamental rights and freedoms, including details related to race, ethnicity, political opinions, religious or philosophical beliefs, sexual orientation, criminal history, health status, disabilities, union membership, genetic and biological data, or any other information that could impact the Data Subject similarly as outlined by the Office of the PDPC.
“PDPC” means the Personal Data Protection Committee established under the PDPA with duties and authority to govern, issued criteria, measures, or any other practices related to personal data protection in accordance with the PDPA.
“Data Subject” or “You” means a person who can be identified by Personal Data, whether directly or indirectly. For the purpose of this Policy, Data Owner means User.
“Service” or “Services” means services of, or provided by the Secure, including securing, tracking, and transferring of token asset.
“PDPA” means the Personal Data Protection Act B.E. 2562 (2019), as amended from time to time, as well as any rules, regulations, or notifications issued by virtue of the PDPA.
“Platform” means [browser extension or mobile application] for the Secure.
“Verifiable Data Registry” means a system that acts as an intermediary for creating and validating necessary data to use verifiable certified documents such as identifier, public key, revocation registry, and schema.
“Regulatory Authority” means any agency having the authority to regulate our business, including, but not limited to, the PDPC.
3. Collection of Personal Data
In providing Services to Data Subjects, we will collect Personal Data under, within, and through legitimate and fair objectives, scope, and methods, only to the extent as necessary to provide Services to you, and for the purposes as described in this Policy.
We will collect and process Personal Data as follows:
| Personal Data | Example of Personal Data Type |
|---|---|
| Information for using the Platform | IP address, Device ID, Cookies, Platform usage records, Username, Password |
| Contact Information | Mobile Number, Email Address |
4. Source of Personal Data
The Company will collect your Personal Data directly from You as the Data Subject. However, in some cases, the Company may collect your Personal Data from other sources such as.
4.1) Information receives from companies in AI and Robotics Ventures Group, business partners and/or any other persons associated with the Company
4.2) Information receives from your relatives (such as your family, friends, and referrals)
4.3) Information receives from corporate customers as you are the director, the person who have authority to act on behalf, representatives, assigned person or contact person and/or
4.4) Information received from government agencies, regulators, financial institution, and/or external service providers (such as publicly disclose information, transaction information)
In the event that you have provided personal information of another person to the Company in conducting transactions with the Company or in other cases, you must inform such person of the details of collection, use, and disclosure of personal information, and the rights according to this privacy policy. You also must obtain consent from such person (if necessary) or rely on other legal bases in providing personal information to the Company.
5. Disclosure of your Personal Data
The Company may disclose your Personal Data to the following persons or organization under the PDPA.
5.1) Companies in AI and Robotics Ventures group, business partners, co-brand partners, market counterparties, and/or any other persons associated with the Company, including directors, managements, employees, contractors, representatives, and advisors of the company of such persons
5.2) Law enforcement agencies such as court, government agencies and/or regulatory authorities (such as Ministry of Digital Economy and Society, Anti-Money Laundering Office, Department of Provincial Administration, Revenue Department)
5.3) Partners, representatives, sellers, or other organizations (such as professsional association, independent auditor, document archive, foreign financial institution, clearing house). The disclosure of your personal information will have a specific purpose, under legal basis and appropriate safety measures.
5.4) Persons involved in the sale of claims and/or assets, corporate restructuring, or merger and acquisition of the Company that may need to transfer rights to such business, including any persons that the Company needs to share information in order to sell claims and/or assets, corporate restructuring, business acquisition, transferring or disposing business, financial agreement, disposal of assets, or any other transaction related to the businesss and/or the Company’s operating assets.
5.5) Other bank and financial institution, including external parties as disclosure of information is required by law
5.6) Representative of debt collectors, lawyer, credit bureau, anti-corruption agency, court, any organization or persons that the Company is required or is permitted to disclose personal information by law, regulation, and order.
5.7) External service providers of the Company (such as IT service provider, market research company, cloud computing company, correspondent banking, representatives, payment provider, subcontractors and professional consultant
5.8) Online media service provider (with safety measures) or advertising companies and any other persons related to product and service of the Company. Third party advertising companies may use your online activities historty for advertisement that might be interested to you
5.9) External collateral provider
5.10) Other persons that provide benefits or services related to product and service of the Company to you and/or
5.11) Your attorney, sub-attoryney, representatives or legal representatives
Remark:
-
In the event that your Personal Data is necessary for the purpose of your request to enter into a contract with the Company or to perform duties according to the contract between You and the Company, failure provide your Personal Data in such cases may result in us being unable to process your request or are unable to perform our contractual duties including but not limited to our inability to provide the Service to you, whether in whole or in part such as we may not be able to allow you to access or use the Platform.
-
Generally, your personal Data is stored with encryption or other security which the Company cannot access or use for other purposes. However, your personal Data will remain in the possession of the Company for the above purposes. If the Company needs to process Personal Data other than what is specified in this Policy, the Company may notify you of additional processing of Personal Data or ask for your consent as required by applicable laws.
6. Disclosure and Sending or Transferring of Personal Data Oversea
The Company will not disclose your Personal Data to third parties. However, if necessary, the Company may disclose owner’s Personal Data to individuals or juristic persons located in Thailand and abroad as follows:
(A) Affiliated Companies
(B) Third parties who provide services to the Company including business partners, suppliers, IT service providers, payment gateway providers, auditors, accounting offices, audit offices, and legal advisor.
(C) Issuer or Verifier who is the counterparty of the legal entity of the User.
(D) Government authorities or relevant regulatory authorities
(E) Third parties involved in the case of business transfer, merger and acquisitions, or any other similar operations.
Where your Personal Data is disclosed to any of the above persons, we will ensure that such persons keep your Personal Data confidential, and do not use it for any purpose other than those specified herein
Where your Personal Data is transferred abroad, the destination country may have inadequate personal data protection standards as compared to those required by the PDPA, in which case we will implement, and ensure that the recipients of your Personal Data implement, measures to ensure appropriate protection of your Personal Data and compliance with the PDPA, as well as any applicable laws and regulations.
Furthermore, we may disclose Personal Data of Data Subjects as required by any applicable laws, rules, regulations, notifications, or orders, including disclosure to government and regulatory agencies, or upon lawful requests, such as requests of Personal Data for litigation, requests by government agencies or courts, or requests by private agencies or other persons involving legal procedures.
7. Storage of Personal Data
We will retain and Process Personal Data of the Data Subject for as long as it is necessary for the purposes described in this Policy. In general, we will retain your Personal Data throughout the period in which you use the Platform, and for 10 more years from your cancellation of the Platform account or the last day on which you access or use the Platform, unless the applicable law requires otherwise. After the period specified, we will delete, destroy, or de-identify your Personal Data within 30 days, unless the applicable law requires otherwise.
8. Rights of the Owner of Personal Data
You have the following rights as the Data Subject:
(a) The right to withdraw your consent to the Processing of your Personal Data;
(b) The right to access or obtain a copy of your Personal Data, and to request the disclosure of the source of your Personal Data that we obtained without your consent;
(c) The right to request that your Personal Data be corrected, updated, or completed;
(d) The right to request that your Personal Data be deleted, destroyed, or de-identified;
(e) The right to request suspension of use of Personal Data;
(f) The right to request a copy of their Personal Data in a commonly used and machine-readable format, and to transmit that data in the same format, if feasible (if any); and
(g) The right to object to processing of Personal Data.
Data Subjects may exercise any of the rights above by submitting a written request to us, or by sending an email to us using the form specified by us to the contact information provided in clause 11 of this Policy. We will respond to your request within a reasonable time. In the case of a request for access to Personal Data, we will respond to this request within 30 days from the date of receipt of your request. In cases where we cannot respond to your request within the above time period, we will promptly inform you of such delay.
Your exercise of any of the above rights is subject to the restrictions and conditions stipulated in the PDPA. Therefore, we may refuse to respond to your request in accordance with the restrictions set out in the PDPA.
You are also entitled to file a complaint with the regulatory agency responsible for personal data protection in Thailand, if you are of the opinion that the processing of your Personal Data does not comply with the PDPA. However, we encourage you to contact us, and allow us to address your concerns, before filing a complaint with said agency.
9. Cookies
We use cookies and other similar technologies on the Platform. Cookies are stored on your computer’s hard disk to enable us to study and collect necessary data about your use of the Platform and other relevant information, to enable you to sign in to your Platform account.
In the case of customers, we use cookies for additional purposes as follows:
(A) To study your Platform usage behavior to further develop the Platform to be easier, faster and more efficient.
(B) To study your Platform usage behavior and personalize Platform content in specific ways and/or offer specific products, services, promotions and special privileges to you.
10. Revise and Change of Policy
We may review and amend this Policy from time to time, so that it corresponds with any changes in the applicable law, material changes in our operations, and suggestions and opinions of other relevant organizations. For amendments that affect the purposes for the Processing of Personal Data, we will inform you about the new purposes and, if required by law, obtain your consent before such amendments come into effect.
This Policy was last updated on 1 Oct 2024.
11. Contact Information
If you have any questions about this Policy or how we handle your Personal Data, or you would like to exercise your right as a Data Subject, please contact us at:
AI and Robotics Ventures Company Limited
304 Vanit Place Ari Building A
Floor 25 Phaholyothin Road Samsen Nai Phayatai
Bangkok 10400 Thailand
E-mail: arv.secure@arv.co.th, arv.securesupport@arv.co.th
Or
Our Data Protection Officer (DPO)
E-mail: ARV.DPO@arv.co.th