Last updated: May 2025
Muangthai Capital Public Company Limited (the “Company”) recognizes the importance of privacy rights and the Company’s responsibilities in relation to the collection, use, and disclosure (“processing”) of personal data of business-related individuals, including business partners, service providers, authorized persons, agents, individuals acting on behalf of companies, including members of the Board of Directors and authorized directors (collectively referred to as “you”). The Company believes that the trust and confidence you place in the Company are among the most important values. Therefore, the Company is committed to ensuring that the processing of personal data is conducted appropriately, lawfully, and in compliance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”).
1. Personal Data Collected by the Company
The Company may process personal data (including sensitive personal data as defined under Section 26 of the PDPA and as prescribed by the Personal Data Protection Committee (“PDPC”)). The categories of personal data listed below represent the general scope of personal data that the Company may collect.
| General Personal Information | Identification information and information appearing on official documents identifying you or other related information, such as title, name-surname, national identification number, passport number, nationality, gender, date of birth, age, tax identification number, signature, copy of identification card, copy of house registration, director certification documents, power of attorney, etc. |
| Contact Information | Contact Information Information used to contact you, such as telephone number, mobile phone number, fax number, email, postal address, social media account (e.g., Line ID, Facebook, WhatsApp), location map of address, etc. |
| Financial Information | Financial information such as bank account number, payment account information, payment details, receipt/invoice information, tax information, etc. |
| Education and Work History Information | Educational background, educational institutions, academic titles, employment history, previous workplaces, positions previously held. |
| Information Necessary for Your Role | Necessary information may include information contained in appointment letters of directors, lists of directors, meeting minutes, documents signed by you on behalf of the Company, communications with the Company (e.g., emails, messages, correspondence), business contracts, and other similar documents. |
| Information on Positions Held in Other Companies | List of companies where you serve as director or executive (both listed and non-listed companies), nature of involvement such as independent director, audit committee member, etc. |
| Related Interest Information | Information relating to your interests or relationships with the Company or its subsidiaries, such as shareholding, relationships with executives or major shareholders. |
| Other Publicly Disclosed Information Required by Law | Information appearing in 56-1 One Report (annual registration statement), annual reports, shareholder meeting reports, and other legally required disclosures. |
If you provide personal data of other individuals (for example, information relating to your spouse, family members, children, dependents, guarantors, or beneficiaries) or request the Company to disclose personal data of such individuals to third parties, you are responsible for informing those individuals of this notice and obtaining their consent where required.
The Company will not collect sensitive personal data of the data subject, such as genetic data, sexual behavior, or any information that may cause harm, damage reputation, or lead to discrimination, unless the Company obtains your explicit consent or collects such data based on lawful processing grounds as prescribed by law.
2. Methods of Obtaining and Collecting Your Personal Data
The Company will collect your personal information as necessary and on the basis required by law as follows:
- When you express an intention to enter into a contract or during the period prior to establishing a business relationship with the Company, whether as a business partner, service provider, agent, authorized person, director, or authorized director, so that the Company can evaluate, verify, or assess your qualifications prior to entering into a contract or related operations.
- When you submit documents, information, or forms related to the preparation of contracts, provision of services, granting of authority, or performing duties on behalf of the Company, including signing documents or forms relating to the Company’s operations.
- 3. When you communicate with the Company, whether in writing or verbally, through various channels such as the Company’s website, applications, social media, telephone, email, in-person meetings, interviews, SMS, fax, postal mail, or any other means with the Company’s personnel, employees, authorized persons, or other individuals involved in the Company’s business operations (“Company Personnel and Business Partners”).
- When the Company receives personal data from sources other than you directly, such as government agencies, public databases, websites, social media platforms, commercial data sources, or companies within the Company’s group or business partners.
- When the Company receives personal data from other sources for the purpose of complying with legal obligations, reporting to regulatory authorities, or other lawful purposes, such as verifying director status from the Department of Business Development, preparing reports under capital market laws, or verifying qualifications for holding director positions.
3. Purposes and Legal Bases for Processing Personal Data
The Company collects personal data through lawful and fair means for the benefit of providing services to you and for other purposes specified in this notice. The purposes listed below represent the general framework of how the Company may use personal data.
| Contractual Obligations | - To carry out activities prior to entering into a contract or during the contractual relationship between you and the Company, such as identity verification, contract preparation, and signing of documents. - To assess your qualifications, suitability, or capability before and during a legal relationship. - To verify the identity of individuals or legal entities when conducting transactions with the Company. - To monitor, supervise, or evaluate performance during the contractual relationship. - To prevent, manage, and reduce risks arising from fraud, breach of contract, or unlawful activities. - To communicate, coordinate, and conduct business operations according to contractual purposes. - To establish, exercise, or defend legal claims. |
| Legal Obligations | - To comply with tax laws, labor laws, company laws, securities and exchange laws, accounting laws, and other applicable laws. - To comply with orders or requirements from regulatory authorities such as the Department of Business Development, the Securities and Exchange Commission (SEC), the Revenue Department, etc. - To prepare reports, documentation, or respond to inquiries from legally authorized authorities. |
| Legitimate Interests | - Risk management, auditing, and internal organizational management, including transferring personal data to companies within the same business group for such purposes under the Company’s personal data protection policy. - De-identification or anonymization of personal data. - Internal management and operations related to the development of the Company’s products and/or services, such as designing new products or services. |
| Consent | - To process sensitive personal data (if necessary), such as health information when a medical certificate is required. - To provide benefits, public relations communications, or activities related to the Company’s business that may be suitable for you. - To obtain your consent to process your personal data for your participation in activities, events, seminars, or other collaborative activities, where such processing is not covered under contractual or legal bases. |
If the Company needs to collect personal data and you refuse to provide such data or object to the processing for the purposes stated above, the Company may be unable to fully or partially proceed with or provide the services requested by you.
4. Disclosure of Your Personal Data
| Affiliated Companies | The Company may disclose your personal data to its affiliated companies in order to enhance service efficiency, including providing various benefits to you. |
| Business Partners | The Company may disclose your personal data to other persons or legal entities who jointly offer or develop products and/or services for customers or prospective customers, such as insurance companies, payment service providers, analytics providers, research agencies, survey service providers, marketing service providers, advertising and communication media, and event organizers. |
| Service Providers | The Company may engage other companies to act as service providers or to support the Company’s business operations, such as outsourcing providers, agents, or subcontractors. The Company may disclose your personal data to such service providers for business purposes, including providing services to customers, such as website and application providers, cloud service providers, software providers, and network service providers. |
| Professional Advisors | The Company may disclose your personal data to professional advisors, including those in information technology, auditing, legal, accounting, tax, and other professional services, in order to support the Company’s business operations. |
| Government Authorities and Other Entities as Required by Law | The Company may disclose your personal data to government authorities or regulatory bodies with legal authority and duties, for purposes of compliance with applicable laws and regulations, including tax laws, labor protection and social security laws, and other laws that the Company is required to comply with, both domestically and internationally, as well as related rules and regulations issued under such laws. |
5. Cross-border Transfer of Personal Data (If any)
The Company may need to transfer your personal data to affiliated companies within the same business group located in foreign countries, or to other recipients as part of the Company’s normal business operations, such as transferring or storing personal data on servers or cloud systems located overseas. The Company will ensure that such transfer of personal data is conducted in compliance with applicable laws and will implement appropriate safeguards to ensure adequate data protection standards.
6. Retention Period of Personal Data
TThe Company will retain your personal data for as long as reasonably necessary to fulfill the purposes specified in this Notice. In any case, the Company will retain your personal data for no longer than 10 years from the date the relationship ends or the last contact with the Company. In the event of legal proceedings or other necessary circumstances, the Company may retain your personal data until such proceedings are finalized, including any potential appeal or litigation period. After that, the Company will implement procedures to delete, destroy, or anonymize your personal data in accordance with applicable laws.
7. Personal Data Security Measures
The Company recognizes the importance of maintaining the security of your personal data. Therefore, the Company has implemented appropriate security measures in line with confidentiality standards to prevent loss, unauthorized access, destruction, use, alteration, modification, or disclosure of personal data without authorization or unlawfully.
8. Your Rights
- Right to Withdraw Consent You have the right to withdraw your consent previously given for the processing of your personal data. However, such withdrawal will not affect the lawful processing carried out prior to the withdrawal.
- Right to Object You have the right to object to the processing of your personal data based on legal grounds other than consent.
- Right to Be Informed You have the right to be informed of your personal data processed by the Company and to request a copy of such data.
- Right to Rectification You have the right to request correction of your personal data to ensure that it is accurate and up to date.
- Right to Restriction of Processing You have the right to request restriction of processing of your personal data. In such cases, the Company will only retain your data without further processing.
- Right to Erasure You have the right to request the deletion or destruction of your personal data.
- Right to Data Portability You have the right to receive your personal data in a readable or usable format and to request the Company to transmit such data to another data controller where technically feasible. This right applies where the processing is based on consent or contract and carried out by automated means.
- Right to Lodge a Complaint You have the right to lodge a complaint with the relevant authority if you believe that the collection, use, or disclosure of your personal data violates applicable laws.
- Right to Access and Obtain Information on Data Source You have the right to access or obtain a copy of your personal data and to request disclosure of how your personal data was obtained.
The Company will process your requests through designated channels such as branches, website, email, or telephone. However, the Company reserves the right to refuse your request if permitted by law or regulation. The Company may charge reasonable fees where applicable.
The Company will respond to your request within 30 days from the date all required documents are duly received.
In the event that the Company has unavoidable necessity which requires more than 30 days to consider your request to exercise your rights, the Company will notify you of the reason for such delay without undue delay. In the event that the Company refuses your request to exercise your rights, the Company will inform you of the rejection together with the reasons. If you have any questions regarding such rejection, you may contact the Company for further clarification. If you believe that the Company has not complied with applicable data protection laws, you have the right to lodge a complaint with the Personal Data Protection Committee or relevant authority.
9. Changes to the Privacy Notice
The Company reserves the right to amend, revise, or update this Notice as permitted by law to reflect changes in legal requirements, services, operations, or feedback from data subjects. The Company will notify you of any changes through the Company’s website. If the changes are material, the Company will notify you prior to their implementation.
10. Contact Information
If you have any suggestions or inquiries regarding the collection, use, or disclosure of personal data, or wish to exercise your rights under this Notice, you may contact the Company and/or the Data Protection Officer (DPO) through the following channels:
- Customer Service Center: 02-483-8888
- Data Protection Officer (DPO) Email: DPO@muangthaicap.com
- Head Office: Muangthai Capital Public Company Limited
332/1 Jaransanitwong Road, Bangplad Sub-district,
Bangplad District, Bangkok 10700
