Privacy Policy

Last updated: Jan 2022

MONIX COMPANY LIMITED (the “Company”) cares about the privacy of the customers. Therefore, this privacy policy has been provided to inform customers about the policy relating to the collection, use and disclosure of the personal information of the customers (“you”) in accordance with the applicable laws, regulations, and relevant notifications.

This privacy policy informs you of how the Company collects, uses, or discloses personal information, what information that the Company collects, uses, or discloses, and the purpose of collecting, using, or disclosing your personal data, the period that your personal information will be held, the disclosure of your personal data to third parties, your rights, steps to ensure that your personal data stays private and secure, and how you can contact the Company.

Scope of application

This privacy notice shall apply to the following persons:

1) The Company’s customers

The Company’s customers include Individual Customers, both Company’s past and present customers who are individual, and Corporate Customers (e.g., directors, shareholders, ultimate beneficial owners, employees, guarantors, security providers, and legal representatives of the Company’s past and present corporate customers).

2) Non-customers

These include individuals who do not have the products or services with the Company, but the Company necessarily requires to collect, use, or disclose your personal data (e.g., visitors of the Company’s website and application, job applicants, guarantors, security providers, ultimate beneficial owners, professional consultant, directors, investors, shareholders, legal representatives, and any persons related to business activities made with the Company).

In certain circumstances, the Company may provide links leading you to third party’s platforms, and once you access these platforms, your personal data shall be entirely processed under the third party’s policies. In such case, the Company will inform you when you are leaving the Company’s platform.

1. How we collect, use, or disclose your personal data

The company will only collect, use, or disclose your personal data when it is necessary or there is a lawful basis for collecting, using, or disclosing it based on the legitimate ground of legal obligation, the performance of the contract made between you and the Company, the Company’s legitimate interests, performance under your consent, and other lawful basis which the reasons for collecting, using, or disclosing are provided below:

1.1. The Company’s legal obligation

Since the Company is governed and regulated by many laws and regulations, it is necessary for the Company to collect, use, or disclose your personal data for the following purposes that are in accordance with the laws, rules of competent governmental, or supervisory or regulatory authorities, which include but not limited to:
a) compliance with the Personal Data Protection Act B.E.2562 (the “PDPA”) and any amendment thereof;
b) compliance with laws (e.g., Financial Institution Business Laws, Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, and other relevant laws to which subject both in Thailand and in other countries), including conducting identity verification, background checks and credit checks, Know Your Customer (KYC) process, Customer Due Diligence (CDD) process, and other checks and screenings (including screeding against publicly available database of regulatory authorities and/or official sanctions lists/ blacklists/ watchlist, and ongoing monitoring that may be required under any applicable law); and/ or
c) compliance with regulatory or orders of authorized persons (e.g., Court’s order, supervisory or regulatory authorities’ orders or authorized officers’ order).

1.2. Contract made between you and the Company

The Company will collect, use, or disclose your personal data in accordance with the request and/or the agreement made between you and the Company, for the following purposes, which include but not limited to:
a) process your request prior to the entry into the contract with the Company, underwriting and approval of products and/ or services, deliver of products and/ or services, and other managements about the products and/or services, including any activities that if the Company does not proceed, it will affect the operations of services of the Company, or the Company may not be able to provide you with fair and ongoing services;
b) identity verification before entering into or executing any transactions;
c) carry out your instructions (e.g., to proceed with the request regarding to credit amounts and other loans, or to respond to your enquiries or make a change as you request);
d) provide a service via mobile application platform or other online platforms;
e) track or record your transactions;
f) produce reports (e.g., transactions report requested by you or the Company’s internal reports);
g) notify you regarding your transactions;
h) Recovery of Money (e.g., when you have not paid for your loan debt and/ or outstanding fees); and/or
i) proceed to secure your account and execute your transactions which include but not limited to the process of your request of services or products, process your transactions, produce an account statement, and close your account.
j) proceed the transaction and/or payment or receipt of repayment (e.g., process of payment or transaction, process that results in the completion of transaction, reconciliation, billing, and other processes, collection of the repayment, collection of the interests and principal, conduct relationship management between you and the Company, and the process of registration regarding your account as the Company’s customers.
k) enforcement of legal rights or contractual rights, including recovery of the debts which you owe and/or;
l) the service regarding IT and helpdesk supports building and maintaining your account, managing your account to be able to access the system that you are authorized, and closing your inactive account.

1.3 The Company’s legitimate interests

The Company relies on the basis of legitimate interests by considering the benefits of the Company or the benefits of third parties with your fundamental rights in personal data which the Company collects, uses, or discloses for the following purposes, which include but not limited to:
a) conduct the Company’s business operation and the Company’s financial business group companies’ business operation (e.g., to audit, to conduct risk management, to monitor, prevent, investing fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons in relation to the Company’s Corporate Customers), even it is the case that an authorized officer does not require to proceed, including your identity verification to prevent these crimes.
b) conduct relationship managements between you and the Company (e.g., to serve customers, to conduct customers’ surveys, and to handle the complaints);
c) develop and improve the products and/or services, including the Company’s system in order to enhance the services standard of the Company and/or for the greatest benefits in fulfilling your needs;
d) proceed for the purpose of business continuity of the Company;
e) manage claims and disputes, including solving disputes, exercising rights under the laws or defending legal claims;
f) contact you before you enter into any contracts relating to the Company;
g) evaluate the appropriation and quality of the claims for the bid and the entry into the contract relating to you;
h) prevent the security risks (e.g., network activity logs, security incidents, investigation of data security, and the prevention of fraud, corruption and illegal acts);
i) perform in accordance with foreign laws;
j) manage the fundamental structure of the Company, internal investigation, internal control, business operation, the performance in relation to the Company’s policy and process, including risk control, security, audit, finance, and account, and the process for business continuity of the Company;
k) research, plan and analyze the statistics (e.g., your behaviors regarding debts repayment, data analytics, assessment, surveys form and report regarding the Company’s services and your behaviors);
l) for the convenience of auditing service performing by auditors or legal advisors appointed by the Company or you;
m) in case of sale, transfer, merger or other likewise incidents, the Company may disclose or transfer your personal data to any third party relating to such transactions;
n) maintain and improve the name lists or directory of customers to be up to date (including personal data of every customer) and collects contact information and relating documents that may refer to you in such documents;
o) perform according to business reason that must be operated (e.g., management, training, auditing, reporting, risk control or risk management, analyzing and planning the statistics and trend and other likewise activities, performing regarding business control for the business operation and for the Company’s ability to identify and solve any problems in IT system for the security propose and the Company’s system, and developing, proceeding, and maintaining the Company’s IT system and/or
p) proceed with the development of fraud detection model, risk management model and financial credibility, the development of the collection of payment model, development of revenue model, and follow up the propensity to approve

1.4. Your consent

In certain cases, the Company may request your consent to collect, use, and disclose your personal data to maximize your benefits and/or to enable the Company to fulfill your needs for the following purposes, which include but not limited to:
a) necessary to collect, use, and disclose your sensitive personal data (e.g., biometric data such as face recognition and liveliness or your identification card photo) (which the information contained such card includes religions and/or blood types) for verification of your identity before continuing the transaction Know Your Customers (KYC) process, and recovery payment process;
b) collect, use, and request your personal data from third person for the purposes listed in the consent form that we may ask from you;
c) collect and use your personal data or any other data to research and analyze it for the benefits of developing the products and services exclusively suitable to you;
d) collect and use your personal data for job applying or to offer an appropriate position for job applicants of the Company, and to analyze, consider the profile and quality of the job applicants and/ore) disclose your personal data and any other data to SCB Public Limited Company and our financial business groups for the purpose of (1.) research and analyze your personal data and any other data to maximize the benefits in relation to the development of products and services that truly fulfills your needs (2.) contact you to offer the products, services, and benefits that exclusively suit you.

1.5 Other lawful basis

Apart from the lawful basis mentioned above, the Company may collect, use, and disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health;
c) necessary to carry out a public task, or for exercising official authority.

If the personal data that the Company receives from you comes from the Company’s legal obligations or to enter into an agreement with you, the Company may not be able to provide (or continue to provide) some or all of products and services of the Company to you, unless you provide such personal data when the Company requests.

2. What personal data is collected, used, and disclosed by the Company

The type of personal data that the Company collects, uses, and discloses varies on the scope of products and/or services that you may have used or been interested in, containing both personal data and sensitive personal data, which include but not limited to:

Category
Examples of personal data
Personal details

• Name title
• Given name, middle name, surname, hidden name (if any)
• Gender
• Date of birth
• Age
• Educational background
• Marital status
• Nationality
• Number of persons in custody

Contacts details

• Mailing address
• Current address
• Address from the Identification card
• E-mail address
• Phone number
• Fax number
• Name of representatives or authorized person/directors acting on behalf of the Company’s customers
• Account or ID of social media or ID for contacting purposes
• Address for business contact
• Phone number for business contact

Identification and authentication details

• Identification card photo
• Identification number, laser number, issue date, and expiration date appeared on the identification card · Passport information
• Driving license
• Signatures
• Tax ID· House Particulars

Employment details

• Occupation
• Employer’s details and workplace
• Position
• Salary/ income
• Remuneration
• Job position · Bonus
• Work location

Financial details and information about your relationship with the Company

• Products and/or services you use

Relationship between you and the Company

• Channels you use and ways you interact with the Company
• Your customer status, your ability to get and manage credits, your payment history, and transaction records
• Your transactions information, (e.g., type, number, price, number and condition (if any) of the transaction record, tax financial statement, income, default record, and other information relating to your transactions)
• Credit card and Debit card information
• Account number and type of account
• History of users’ account · Current assets
• Monthly income and expense
• Payment details
• Source of income

Market research, marketing, and sales information

• Customer survey
• Information and opinions expressed when participating in market research (your answers from the questions, questionnaire, request for acknowledging the recommendations, and research)
• Details of services you receive and your preferences
• Information referring to the communication between you and the Company
• Communication that you need and details or content of your communication between you and the Company

Geographic information and information about your device and your software

• Your GPS location
• IP address
• Technical specifications and uniquely identifying data (e.g. web beacon, log, Device ID, device model and type, network, connection data, access data, single sign-on (SSO) information, login log, logout log, date and time of registration, access time, period of time on the Company’s page, cookies, login information, logout information, search history, browsing information, type and version of browser, time zone setting, location, language setting and version of plugin browser, operation system and platform, model and brand of mobile, International Mobile Equipment Identity (IMEI), version and operation system of mobile, SMS log, phonebook, E-mail, calendar, list of installed application, crawling date and time, and other details relating to mobile phone)
• Information of applications on your device

Investigation data

• Data for due diligence checks (e.g., information related to Know Your Customer (KYC) process and Customer Due Diligence (CDD) process.
• Anti-Money Laundering and Combating the Financial Terrorism checks

User login and subscription data

• Login information for using the Company’s system and application
• Data that can identify an account
• Account name and password
• Interest, need, and activities of usage

Details of usage

• Your information of the usage of website, platform, products, and services.
• Information of usage and response after viewing the Company’s advertisement (including the content and links that you have visited, and features that you use)

Personal information that you allow the Company to contact you for the purpose of fraud investigation and recovery of payment

• Name title
• Given name, middle name, surname, hidden name (if any)
• Relationship
• Address
• Phone number
• Mobile phone number
• E-mail

Spouse information

• Name title
• Given name, middle name, surname, hidden name (if any)
• Status
• Number of persons in custody
• Occupation
• Type of habitation · Habitation ownership status

Information concerning loan

• Information related to loan approval • Information related to loan payment • Information related to the payment transaction

Information concerning security

• Images
• Personal appearance
• Detection of any suspicious and unusual activity
• CCTV images or recordings
• Video recording

Other information

• Records of correspondence and communication between you and the Company in whatever manner and form (e.g., phone, E-mail, message, social media and chatbot
• Other information related or appeared on your job application (e.g., educational history, work experience, and training experience)
• Information that you provide to the Company through any channels

3. Sources of your personal data

Normally, the Company will collect your personal data directly from you (e.g., through mobile applications and customer service center), but in certain cases, we may collect your personal information indirectly from other sources (e.g., social media, online platform of third party, or other sources) and through SCB Public Limited Company, affiliated companies, service providers, business partners, official and legal authorities, or third parties (e.g., your representatives, employer, sponsor and third party service providers or any other authorized person of such persons who may provide your information to the Company), in such case the Company will comply with that the PDPA or other related laws.

4. Your legal rights

The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA in details as specified below:

4.1 Right to access and obtain copy of your personal information

You are entitled to request access to and obtain copy of your personal data held by the Company, unless the Company rejects your request under the laws or court orders, or your request will adversely affect the rights and freedoms of other individuals.

4.2 Right to rectification

You are entitled to request the Company to rectify your inaccurate personal data and to update your incomplete personal data.

4.3 Right to erasure

You are entitled to request the Company to erase or destroy your personal data, or anonymize your personal data to become anonymous data, unless there are certain circumstances where the Company has the legal grounds to reject your request.

4.4 Right to restrict

You are entitled to request the Company to restrict the use of your personal data under certain circumstances (e.g., when the Company is pending an examination with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary as you have necessity to restrain it for the purposes of establishment, compliance, exercise or defense of legal claims).

4.5 Right to object

You are entitled to object the collection, use or disclosure of your personal information in case the Company proceed with legitimate interests or for the purpose of direct marketing, or for the purpose of scientific, historical or statistical research, unless the Company has legitimate grounds to reject your request (e.g., the Company have compelling legitimate ground to collect, use, or disclose your personal data or for establishment, compliance, or exercise legal claims, or for the reason of the Company’s public interest).

4.6 Right to date portability

You are entitled to obtain your personal information in case the Company can arrange such personal data in a readable or commonly usable format by ways of automatic tools or equipment and can be used or disclosed by automated means. Also, you have right to request the Company to transfer your personal data to third party, or to obtain personal data which the Company sent or transferred to third party, unless the Company is not able to do so because of the technical circumstances, or the Company is entitled to legally reject your request.

4.7 Right to withdraw consent

You are entitled to withdraw your consent given to the Company at any time pursuant to the methods and means prescribed by the Company unless the nature of it does not allow the withdrawal. Your withdrawal will not affect the collection, use, or disclosure of your personal data that you have previously already given to the Company.
If you withdraw your consent, it may be impossible for the Company to provide you with some services (or the continuation of provision of services to you).

4.8 Right to lodge a complaint

You are entitled to make a complaint with the Personal Data Protection Committee or their office in the event that the Company does not comply with the PDPA.

5. The Disclosure of your Personal Data

The Company may disclose your personal data to the following parties under the provisions of the PDPA:
a) parent company, financial business group companies of the Company’s parent company, business partner and/or other personas that the Company has legal relationship with including the directors, executives, employees, staffs, contractors, representatives, advisors of the Company and/or of such parties mentioned above;
b) governmental authorities and/or supervisory or regulatory authorities (e.g., Bank of Thailand, the Securities and Exchange Commission, Ministry of Digital Economy and Society, Department of Provincial Administration, Revenue Department and National Credit Bureau);
c) suppliers, agents, and other entities (e.g., professional associations which the Company is a member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses) where the disclosure of your personal data has a specific purpose under a lawful basis, and appropriate security measures;
d) any relevant persons as a result of activities relating to selling rights of claims and/or assets, business restructuring or acquisition which the Company may transfer the rights to such business, including any persons that it is necessary for the Company to share data for a purposed of sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
e) banks or other financial institutions, including third parties where the Company is required by law to disclose personal data to help such persons to recover funds that have entered your account due to misdirected payment or trace funds where you are the victim of suspected financial crime, or where suspect funds have entered your account as a result of financial crime;
f) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom the Company is required or permitted by laws, regulations, or orders to share personal data;
g) third parties providing services to the Company (e.g., customer service, IT service providers, marketing analysis and benchmarking service providers, including but not limited to the corresponding banking, agents or subcontractors acting on behalf of the Company such as the Companies which print and deliver credit card statements;
h) social media service providers (in a secure format) or other third-party advertisers in order to display a relevant message to you and others about products and services of the Company which the third-party advertiser may use your history of your online activities to tailor adverts to you;
i) third party security providers;
j) other persons that provide you with benefits or services associated with your products or services and/or
k) your attorney, sub-attorney, authorized persons, or legal representatives who have lawfully authorized power.

6. Internationally send or transfer of personal data

Currently, the nature of business is modern and global which in some circumstances, it is necessary for the Company to send or transfer your personal data internationally. In such case, the Company will exercise the best effort to have your personal data transferred to the Company’s business partners, service providers, or other recipients by the safest method in order to maintain the security of your personal data, including the following circumstances:
a) compliance with the laws;
b) inform you if the destination countries do not have adequate data protection standard, and received your consent;
c) comply with the contract that you have entered with the Company, or as you have requested before entering into the contract;
d) prevent or restrain danger to other persons or your life, body, or health if it is impossible for you to give a consent at such moment, ore) proceed with the task for the necessary benefit of the public.

7. Retention period of personal data

The Company will retain and keep your personal data while you are the customer of the Company, and once you end the relationship with the Company (e.g., after you closed your account with the Company or following a transaction or the Company disapproved your service request, or you terminated a service provided by the Company). The Company will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by PDPA.

The Company will keep your personal data in accordance with the prescription period or the period under the relevant law (e.g., Business Laws, Banking Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Counter Terrorism and Proliferation of Weapon of Mass Destruction Financing Laws, Accounting Laws, Tax Laws, Labor Laws, and other laws both in Thailand and in other countries that the Company is subjected to).

8. Use of Cookies

The Company may collect and use cookies and similar technologies when you use products and/or services of the Company, including the website and application.

The collection of such cookies and similar technologies helps the Company to recognize you, remember your preferences, and improve how the Company provides products and/or services to you. The Company may use cookies for several purposes (e.g., enabling and operating basic functions, helping the Company to understand how you interact with the Company’s websites or emails, helping the Company to enhance your online experiences or the Company’s communications with you, and to ensure that online advertisements displayed are personalized to you.

You are entitled to reject or manage your cookies by setting your web browser or device that you use. The change of setting that you have accepted may enable you to use all or some services of the website.

9. Use of personal data for original purposes

The Company is entitled to collect and use your personal data, which has previously been collected by the Company before the effectiveness of the PDPA in relation to the collection, use, and disclosure of personal data of the original purposes. If you do not wish the Company to continue collecting, using, and disclosing such personal data, you can inform the Company of the request for the withdrawal your consent at any time.

10. Security

The Company has an internal security measures and policies to ensure the security of your personal data by requiring staffs and third-party contractors to comply with applicable privacy standards and privacy policy, also to exercise care have a measure when using, sending, or transferring your personal data.

11. How to contact us

If you have any questions or would like more details about the privacy notice, or would like to exercise your rights, please contact the Company through MONIX Call Center Tel. 02-113-1113 at 9.00 am. – 6.00 pm. (on Monday-Friday) and at 9.00 am.- 12.00 pm. (on Saturday and Public holidays) Also, you can also contact Data Protection Officer through an E-mail at dpo@monix.co.th or the head office of the Company located on no.9 2nd floor Learning Center building Rutchadapisek Road Chatuchak, Chatuchak, Bangkok 10900.

12. Changes to this privacy notice

The Company may change or update the privacy policy from time to time and the Company will announce the updated privacy policy on the Company’s website https://www.finnix.co/privacy-policy/