MONIX Company Limited (the “Company”, “MONIX”, “we”, “our”, “us”) cares about your privacy, thus, we provide this privacy notice to inform you in relation to the collection, use and disclosure of the personal data in accordance with the Personal Data Protection Act B.E. 2562 and any amendment thereof (“PDPA”) the applicable laws, regulations, and relevant notifications.This privacy notice informs you of how we collects, uses, or discloses personal data, what personal data we collects, uses, or discloses, and the purpose of collecting, using, or disclosing your personal data, the period that your personal data will be held, the disclosure of your personal data to third parties, your rights, steps to ensure that your personal data stays private and secure, and how you can contact us.
Scope of application
This privacy notice shall apply to the following natural persons:
• Employees or workers pursuant to employment agreement;
· Service providers and contractors, including their employees or staff under the agreements with the Company (e.g. service agreement, hire of work agreement, agency contract) including its employee or staff;
· Job applicants, whether they are applying directly with the Company, or through agency or other entities;
· Former employees whose personal data must be retained or used as required by law;
· Parents, descendants, relatives, spouses, or beneficiaries of employees;
· Guarantors of employees, staff, service providers, or contractors under employment agreements, service agreements, hire of work agreements, agency contracts or other similar agreements with the Company;
· Speakers and lecturers for training courses organized by the Company;
· Trainees or participants in projects or activities organized by or involving the Company;
· Directors, advisors, or authorized persons of the Company;
· Employees of companies in SCBX Group;
· Reference persons in job applications or other contracts made with the Company;
· Student trainees, scholarship students, and their guarantors or other relevant persons;
· Individuals who do not have the products or services with us, but we may need to collect, use, or disclose your personal data (e.g. directors; investors; shareholders; debenture holders; counterparties; persons who have business relationship and their legal representatives; anyone that visits our website or office; beneficiaries under insurance policy, ultimate beneficial owner; and anyone involved in transactions with us or our customers)
· Any natural person entering into contract or participating in any activity (whether directly or indirectly) with the Company for the purposes stated in this Privacy Notice;
If you provide personal data of any other person to us (e.g., emergency contacts, guarantors, family members), you have an obligation to inform those data subjects of this Privacy Notice and, where required, obtain their consent.
Please note that in the event that some of the links on our platform may lead to third party’s platforms, and if you access these platforms, your personal data will then be processed under the third party’s policies. Make sure that you have read those privacy notices when accessing such platforms.
We will only collect, use, or disclose your personal data when it is necessary or there is a lawful basis for collecting, using, or disclosing it based on the legitimate ground of legal obligation, the performance of contract made by you with us, our legitimate interests, performance under your consent, and other lawful basis which the reasons for collecting, using, or disclosing are provided below:
Since we are governed and regulated by many laws and regulations, it is necessary for us to collect, use, or disclose your personal data for the following purposes that are in accordance with the laws, rules of competent governmental, or supervisory or regulatory authorities, which include but not limited to:
a) compliance with the PDPA
b) compliance with applicable laws
(e.g., Financial Institution Business Laws, Accounting Law, Revenue Code, Anti-Money Laundering Laws, Prevention and Suppression of Financial Support to Terrorism and the Proliferation of Weapons of Mass Destruction Laws, Life and Non-Life Insurance Laws, Civil and Commercial Code, Labor Protection Act, Labor Relations Act, Social Security Act, Provident Fund Act, Workmen's Compensation Act, Empowerment of Persons with Disabilities Act, Skill Development Promotion Act,and other relevant laws to which we are subject both in Thailand and in other countries), including conducting identity verification, background checks and credit checks, Know Your Customer (KYC) process, Customer Due Diligence (CDD) process, and other checks and screenings (including screeding against publicly available database of regulatory authorities and/or official sanctions lists/ blacklists/ watchlist, and ongoing monitoring that may be required under any applicable law);
c) compliance with regulatory or orders of authorized persons (e.g., Court’s order, supervisory or regulatory authorities’ orders or authorized officers’ order);
d) checking and verifying of background or qualifications for the appointment of executives or other key positions as required by rules and regulations issued by relevant regulatory authorities or other relevant laws; and/or
e) checking of background, assets or securities holding of employees as required by laws, including reports made to relevant regulatory or governmental authorities.
We will collect, use, or disclose your personal data in accordance with the request, application documents, and/or the agreement made by you with us, for the following purposes, which include but not limited to:
a) processing your request prior to entering into an agreement, considering for approval and executing transactions or providing products and/or services, delivering products and/or services, providing advice and dealing with all matters relating to products and/or services, including any activities that if we do not proceed, then its operations or services may be affected or may not be able to provide you with fair and ongoing services;
b) carrying out your instructions (e.g., processing your applications and/or transactions, fulfilling a request for execution of transactions or utilization of products and/or services, responding to your enquiries or feedbacks, or resolving your complaints), including recording images, videos and/or voices to enable us to efficiently carry out your instructions and/or to keep records as evidence;
c) enforcement of legal rights or contractual rights, including recovery of the debts which you owe and/or;
d) rovide IT and helpdesk supports, create and maintain codes and user accounts for you, manage your access to any systems to which we have granted you access, and remove inactive accounts; and/or
e) in the event of sale or transfer of claims, assets, debt or business, merger, reorganization, rehabilitation, or similar event, we may disclose and transfer your personal data to one or more third parties who are the transferees of claims, assets, debt, or business, or the parties involved in the merger or reorganizing, or the plan preparers and plan administrators, or those related to such similar event.
f) job application, recruitment, interview, questionnaire, and performance assessment of the candidate;
g) employment negotiation, approval, preparation, modification, change, renewal, or any other actions with respect to employment agreements and/or agency agreements, including change of working conditions;
h) authenticating your identity when entering into, doing or executing any transactions;
i) preparing and maintaining employee profile registration on the Company's system, including creating, editing, and deleting personal data and granting or revoking access rights;
j) preparation of payroll and calculation of wages, salaries or compensations, including making payments or setting aside workers' compensation reserves;
k) arrangement of welfare, benefits, payments, loans, credits and reimbursements concerning welfare programs granted by the Company;
l) arrangement, change, or cancellation of health insurance, life insurance, accidental insurance or other types of insurance;
m) granting, altering, deleting and controlling rights to access or use the Company's assets or systems;
n) providing and managing office equipment and supplies (e.g.,uniforms, name cards, computers, mobile devices), including arrangement for return of the same upon employment termination;
o) record and management of data concerning employees' leaves and entitlements;
p) review and assessment for the appointment of executives or other key positions;
q) compliances with the employment agreement work rules, regulations and orders of the Company;
r) record and management of data concerning employees’ leaves and entitlement;
s) performance review and job assessment;
t) grant of scholarships and internship;
u) arrangements relating to termination or expiration of the employment agreement between the Company and employee, including retirement;
v) organisation of activities by internal and external personnel;
w) arrangement in relation to any internal and external trainings, license acquisition, projects or employees’ or agents’ capacity development programs, including issuance of training certificates or licenses;
x) communications and announcements to employees related to the performance of contract via any communication channels;
y) use of any third-party services to perform the duties under the contract between you and the Company
z) preparation of Power of Attorney;
aa) preparation of salary certificate, income statement, work certificate, or other certificates concerning employment, agency, or other types of service agreements;
bb) the analysis, evaluation, and report preparation through the Company's system for considering performance and improving employee’s work efficiency;
cc) the collection, use or disclosure of your personal data provided to the Company and/or the companies in SCBX Group for the purpose of analysing and summarizing the overall employee survey, as well as for the benefit of managing human resources within SCBX Group; and
dd) the disclosure of your employment status to third parties via telephone or other channels, based on specific prior requests you have submitted to the Company on a case-by-case basis.
We rely on the basisof legitimate interests by considering the benefits of our benefits or third parties with your fundamental rights in personal data which we will collect, use, or disclose for the following purposes, which include but not limited to:
a) conduct our business operation and the business operation of companies in SCBX Group as specified in https://www.scbx.com/en/affiliates-financial-business-group and the business operation of SCBX Group (e.g., to audit, to conduct risk management, to monitor, prevent, investing fraud, money laundering, terrorism, misconduct, or other crimes, including but not limited to carrying out the creditworthiness checks of any persons in relation to our Corporate Customers), even it is the case that an authorized officer does not require to proceed, including your identity verification to prevent these crimes.
b) conduct our relationship managements (e.g., to serve and facilitate you, to conduct survey, to manage customer segmentation, to handle complaints, to coordinate with relevant persons) including record images, videos and/or voices and/or any similar actions to enable us to efficiently conduct our relationship managements and/or to enhancing our services);
c) protect and ensure against security risk (e.g., to maintain CCTV records, to register, exchange identification card and/or take photo of visitors before entering into our building areas, network activity logs, detecting security incidents, conducting data security investigations, and otherwise protecting against malicious, deceptive, fraudulent, or illegal activity);
d) develop and improve our products, services and/ systems to enhance our service standard, and or for the greatest benefit in fulfilling your needs, including to conduct research, analyse data and offer products, services and benefits suitable to you by considering the fundamental rights in your personal data. If you do not wish to receive the offering of products, services and benefits from us, you can contact us, details as specified in No.11
e) record images, videos, and/or voices relating to the meetings, trainings, seminars, recreations or marketing activities and use such recorded images, videos and/or voices for the purpose of making internal and/or external public relations relating to such meetings, trainings, seminars, recreations or activities;
f) in case of the corporate entity, we will collect, use and disclose personal data of directors, authorized persons or attorneys
g) ensure business continuity;
h) handle claims and disputes, including solving disputes, exercising rights under the laws or defending legal claims;
i) contact you before you entering into a contract with us;
j) evaluate the appropriation and quality of the claims for the bid and the entry into the contract relating to you;
k) comply with applicable foreign laws;
l) analyze, carry out research, plan and conduct statistical analysis (e.g. data analytics, assessments, surveys and preparations of reports on our products and/or services and your behavior, usage location and usage history);
m) organize our promotional campaigns or events, conferences, seminars, and company visits;
n) facilitate financial audits to be performed by auditors;
o) receive advisory services from legal counsels, financial advisors, and/or other advisors appointed by you or us;
p) in the event of sale, transfer, merger, reorganization, or similar event, or if such an action is contemplated, disclose and transfer your personal data to one or more third parties as part of that transaction;
q) maintain and update lists and directories of the customers (including your personal data) and keep contracts and associated documents in which you may be referred to;
r) comply with reasonable business requirements (e.g. management, training, auditing, reporting, control or risk management, statistical and trend analysis and planning or other related or similar activities, implementing business controls to enable our business to operate, and enabling us to identify and resolve issues in our IT systems to keep our systems secured, performing our IT systems development, implementation, operation and maintenance);
s) proceed with the development of fraud detection model, risk management model and financial credibility, the development of the collection of payment model, development of revenue model, and follow up the propensity to approve;
t) use personal data of non-applicants during the process of recruitment, interview and assessment of applicants, including to store the personal data of beneficiaries of employees;
u) perform duties under a contract between the Company and another person where your personal data is necessary but you are not a contractual party;
v) pursue safety and business continuity measures of the Company, the companies within SCBX Group (as listed at https://www.scbx.com/en/affiliates-financial-business-group/, and SCBX Group as a whole, including governance, auditing, risk management regarding internal personnel, and reporting operational incidents;
w) perform accounting, financial, or other internal management operations;
x) perform accounting, financial, or other internal management operations;
y) enhance staff knowledge and capabilities including relevant management and planning for corporate structuring projects;
z) undertake measures and actions towards surveillance, prevention, investigation, complaint handling, investigation of suspicious behaviours, or fraudulent behaviours, money laundering, and terrorism misconduct, including actions to prevent such incidents;
aa) undertake measures and actions towards surveillance, prevention, investigation, complaint handling, investigation of suspicious behaviours, or fraudulent behaviours, money laundering, and terrorism misconduct, including actions to prevent such incidents;
bb) undertake and record disciplinary actions, make criminal reports, give statements or information to the police, competent officers, courts and other competent authorities;
cc) provide and disclose information regarding employee status, employment information, human resource management, salary framework development, benefits, compensation and employee welfare to third parties such as companies within SCBX Group for the purpose of analysis and improvement to ensure alignment with the policies and standards of the companies in SCBXGroup;
dd) prepare reports for the Company's internal departments including questionnaires, collecting, and analysing various data to support the work within the organisation or for planning, management, implementation of administrative measures, workforce development, or any related activities;
ee) make travel and accommodation or other facilities arrangements for employees (e.g., ticket and hotel reservations, meals, etc.); and
ff) communicate with and make announcements to employees via any channels, including through channels utilizing current or future technologies possessed by the Company such as Chatbots.
In certain cases, we may request your consent to collect, use, and disclose your personal data to maximize your benefits and/or to enable us to fulfill your needs for the following purposes, which include but not limited to:
a) we deems it necessary to collect and use sensitive personal data, for example, for the purposes of authentication (identity verification), criminal record checks, or providing health-related benefits and welfare to employees, etc.;
b) checking the background of employees or agents within SCBX Group (in cases where consent is required under the PDPA);
c) disclose your personal data and any other data to SCBX Group as shown on https://www.scbx.com/en/affiliates-financial-business-group/ and our trusted business partners for purpose of analysis, carry out research, and prepare of statistical data, which will be beneficial in providing services that are more efficient and suitable for you.
d) collect, use, and request your personal data from third person for the purposes listed in the consent form that we may ask from you;
e) send or transfer your personal data and sensitive personal data overseas, which may have inadequate personal data protection standards (unless the PDPA specifies that we may proceed under other lawful basis or without obtaining consent);
f) when you classified as minor, incompetent or quasi-incompetent whose consent must be given by their parent, guardian or curator (as the case may be) (unless the PDPA specifies that we may proceed without obtaining your consent); and
g) other activities which we may require your consent.
Apart from the lawful basis mentioned above, we may collect, use, and disclose your personal data based on the following lawful basis:
a) prepare historical documents or archives for the public interest, or for purposes relating to research or statistics;
b) prevent or suppress a danger to a person’s life, body or health; and
c) necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from you is required to meet our legal obligations or to enter into an agreement with you, we may not be able to execute transactions with you or to provide (or continue to provide) some or all of our products and services to you if you do not provide such personal data when requested.
In addition, we may utilize technologies currently possessed or to be acquired in the future for the collection, use, or disclosure of your personal data in accordance with the purposes stated in clauses 1.1 – 1.5 above, including, but not limited to, Artificial Intelligence (“AI”), Generative AI Usage, such as AI Chatbot technology, Cloud Computing, etc.
Furthermore, we may establish the system(s) to support operations and business activities for shared use within SCBX Group and may collect, use, or disclose your personal data held by us and the companies in SCBX Group through such system(s) in accordance with the PDPA.
The type of personal data that the Company collects, uses, and discloses varies on the scope of products and/or services that you may have used or been interested in, containing both personal data and sensitive personal data, which include but not limited to:
Normally, we will collect your personal data directly from you, but sometimes we may collect it from other sources (e.g., social media, online platform of third party, or other sources), in such case we will ensure the compliance with the PDPA.
Personal data we collected from other sources may include but not limited to:
a) Data obtained by us from companies in SCBX Group, business partners, and/or any other persons who we have legal relationship with;
b) Data obtained by us from persons related to you (e.g. your family, friends, referees);
c) Data obtained by us from corporate customers as you are director, authorised person, attorney, representative or contact person;
d) Data obtained by us from our trusted business partners or other third parties involved in your transactions;
e) Data obtained by us from governmental authorities, regulatory authorities, financial institutions, credit bureau and/or third-party service providers (e.g. data that is publicly available, data that relates to transactions, credit data); and/or
f) Data obtained by us from insurance companies and/or other persons in relation to insurance policies or claims for compensation, which may include:
(a) information about your medical records obtained through an agreement with a medical provider or with your consent;
(b) information about your insurance claims history
Other than the above-mentioned information, we may collect personal data of the following third parties from you:
a) Emergency contact;
b) Guardian, family members or other individuals who have relationship with you; c) Beneficiaries to receive welfares from the Company; and
d) People who you refer to in the job application or contract with the Company.
In case you have given any personal data of any other person to us in executing transactions with us or any purposes, you shall notify such person of the details relating to the collection, use and disclosure of personal data and rights under this privacy notice. In addition, you shall obtain consent from such person (if necessary) or relied on another legal basis to provide personal data to us.
The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA in details as specified below:
You are entitled to request access to and obtain copy of your personal data held by the Company, unless the Company rejects your request under the laws or court orders, or your request will adversely affect the rights and freedoms of other individuals.
You are entitled to request the Company to rectify your inaccurate personal data and to update your incomplete personal data.
You are entitled to request the Company to erase or destroy your personal data, or anonymize your personal data to become anonymous data, unless there are certain circumstances where the Company has the legal grounds to reject your request.
You are entitled to request the Company to restrict the use of your personal data under certain circumstances (e.g., when the Company is pending an examination with your request to rectify your personal data or to object the collection, use or disclosure of your personal data, or you request to restrict the use of personal data instead of the deletion or destruction of personal data which is no longer necessary as you have necessity to restrain it for the purposes of establishment, compliance, exercise or defense of legal claims).
You are entitled to object the collection, use or disclosure of your personal information in case the Company proceed with legitimate interests or for the purpose of direct marketing, or for the purpose of scientific, historical or statistical research, unless the Company has legitimate grounds to reject your request (e.g., the Company have compelling legitimate ground to collect, use, or disclose your personal data or for establishment, compliance, or exercise legal claims, or for the reason of the Company’s public interest).
You are entitled to obtain your personal information in case the Company can arrange such personal data in a readable or commonly usable format by ways of automatic tools or equipment and can be used or disclosed by automated means. Also, you have right to request the Company to transfer your personal data to third party, or to obtain personal data which the Company sent or transferred to third party, unless the Company is not able to do so because of the technical circumstances, or the Company is entitled to legally reject your request.
You are entitled to withdraw your consent given to the Company at any time pursuant to the methods and means prescribed by the Company unless the nature of it does not allow the withdrawal. Your withdrawal will not affect the collection, use, or disclosure of your personal data that you have previously already given to the Company.
If you withdraw your consent, it may be impossible for the Company to provide you with some services (or the continuation of provision of services to you).
You are entitled to make a complaint with the Personal Data Protection Committee or their office in the event that the Company does not comply with the PDPA.
We may disclose your personal data to the following parties under the provisions of the PDPA:
a) companies in SCBXGroup, business partners and/or other persons that we have the legal relationship, including our directors, executives, employees, staffs, contractors, representatives, advisors and/or such persons’ directors, executives, employees, staffs, contractors, representatives, advisors;
b) our customers or service receivers, where the disclosure is necessary for you to perform your duties, or it has other lawful bases to do so;
c) governmental authorities and/or supervisory or regulatory authorities (e.g., Bank of Thailand, the Securities and Exchange Commission, Ministry of Digital Economy and Society, Department of Provincial Administration, Revenue Department and National Credit Bureau);
d) suppliers, agents, and other entities (e.g., professional associations which the Company is a member, external auditors, depositories, document warehouses, overseas financial institutions and clearing houses) where the disclosure of your personal data has a specific purpose under a lawful basis, and appropriate security measures;
e) any relevant persons as a result of activities relating to selling rights of claims and/or assets, business restructuring or acquisition which the Company may transfer the rights to such business, including any persons that it is necessary for the Company to share data for a purposed of sale, reorganization, transfer, financial arrangement, asset disposal or other transaction relating to our business and/or assets held by our business;
f) banks or other financial institutions, including third parties where the Company is required by law to disclose personal data to help such persons to recover funds that have entered your account due to misdirected payment or trace funds where you are the victim of suspected financial crime,or where suspect funds have entered your account as a result of financial crime;
g) debt collection agencies, lawyers, credit bureau, fraud prevention agencies, courts, authorities or any persons whom the Company is required or permitted by laws, regulations, or orders to share personal data;
h) third parties providing services to the Company (e.g., customer service, IT serviceproviders, marketing analysis and benchmarking service providers, including but not limited to the corresponding banking, agents or subcontractors acting on behalf of the Company;
i) social media service providers (in a secure format) or other third-party advertisers in order to display a relevant message to you and others about products and services of the Company which the third-party advertiser may use your history of your online activities to tailor adverts to you;
j) third party security providers;
k) other persons that provide you with benefits or services associated with your products or servicesand/or
l) your attorney, sub-attorney, authorized persons, or legal representatives who have lawfully authorized power.
The nature of our business is modern and global and under certain circumstances, it is necessary for us to send or transfer your personal data internationally (e.g., transferring data to companies in SCBX Group or to cloud server overseas for the purpose of the provision of service). In such case, we will exercise the best effort to have your personal data transferred to our reliable business partners, service providers, or other recipients by the safest method in order to maintain the security of your personal data,
In the event that the destination country does not have adequate personal data protection standards, we will ensure that the sending or transfer of personal data complies with the requirements of the PDPA, and will implement measures for personal data protection deemed necessary and appropriate to ensure that your personal data is protected under standards equivalent to those in Thailand, such as entering into agreement with the data recipient to stipulate personal data protection with adequate security standard.
We will retain and keep your personal data as long as you still have the relationship with the Company as our employee, service provider, contractor under the employment agreement, service agreement, hire of work agreement, agency contract, or other agreements of the same kind that you have entered into with the Company. We will only keep your personal data for a period of time that is appropriate and necessary for each type of personal data and for the purposes as specified by the PDPA.
The period we keep your personal data will be in accordance with the prescription period or the period under the relevant law (e.g., Business Laws, Banking Laws, Securities and Exchange Laws, Anti-Money Laundering Laws, Counter Terrorism and Proliferation of Weapon of Mass Destruction Financing Laws, Accounting Laws, Tax Laws, Labor Laws, and other laws both in Thailand and in other countries that the Company is subjected to).
Apart from this, the Company may need to retain CCTV surveillance in our offices, or branches, records of visitors to our premises, and voice recordings to prevent fraud and for security reason, including to investigate any suspicious transactions at the request of our customers or related persons to validate those transactions.
The Company may collect and use cookies and similar technologies when you use products and/or services of the Company, including the website and application.
The collection of such cookies and similar technologies helps the Company to recognize you, remember your preferences, and improve how the Company provides products and/or services to you. The Company may use cookies for several purposes (e.g., enabling and operating basic functions, helping the Company to understand how you interact with the Company’s websites or emails, helping the Company to enhance your online experiences or the Company’s communications with you, and to ensure that online advertisements displayed are personalized to you.
You are entitled to reject or manage your cookies by setting your web browser or device that you use. The change of setting that you have accepted may enable you to use all or some services of the website.
We are entitled to collect and use your personal data, which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use, and disclosure of personal data of the original purposes. If you do not wish us to continue collecting, using, and disclosing such personal data, you can inform us of the request for the withdrawal your consent at any time.
We endeavor to ensure the security of your personal data through our internal security measures and strict policy enforcement. The measures extend from data encryption to firewalls. We also require our staffs and third-party contractors to follow our applicable privacy standards and policies and to exercise due care and measures when using, sending or transferring your personal data.
If you have any questions or would like more details about our privacy notice, please contact us through the following channels:
• MONIX Company Limited, our head office located on no.9 2nd floor Learning Center building Rutchadapisek Road Chatuchak, Bangkok 10900.
• Data Protection Officer by writing to E-mail at dpo@monix.co.th
We may change or update the privacy notice from time to time and we will announce the updated privacy notice at our website (https://www.monix.co.th/privacy-policy)
Privacy Notice
Updated as of May 2026
