top of page

Privacy Notice

Privacy Notice

(Updated March 2025)

SCB DataX Company Limited

 

We, SCB DataX Company Limited ("DataX", "we", "our", or "us") care about your privacy. Thus, we provide this privacy notice to inform about the collection, use and disclosure of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”). This privacy notice describes how we collect, use and/or disclose your personal data, what and why we collect, use or disclose your personal data, how long we hold it, who we disclose it to, your rights, what steps we will take to make sure your personal data stays private and secure, and how you can contact us.

 

There are also statutory requirements and other contractual requirements we have to comply with in relation to our relationship with you. If we are not able to carry out the processing activities described in this privacy notice from your failure to provide certain personal data, we may not be able to enter into or comply with crucial aspects of contractual performance or agreements we have with you or legal entity associated with you, or impact our compliance with applicable legal obligations.

This privacy notice applies to:

 

  1. individual customers of SCB DataX (“Customer”);

  2. contractors, service providers, vendors, suppliers, consultants, business partners, representatives thereof or any other natural persons who are counterparties of DataX in the same manner ("Business Partners");

  3. authorized persons, directors, shareholders, , personnel, persons authorized to foster business relationships, and any other persons with the same status, including the contact persons of corporate clients and attorney-in-fact ("Related Parties");

  4. other natural person entering into contract or participating in any activity (whether directly or indirectly) with DataX for the purposes stated in this privacy notice, e.g., website users, visitors, participants in company events, any individual involving in incidents occurred, government officials.

This privacy notice will also apply to other persons who are related to the aforementioned persons and whose personal data is received by us from the aforementioned persons (hereinafter referred to as the "customer", “business Partner”, "you" or "your").

1. How we collect, use, or disclose your personal data

 

We only collect, use or disclose your personal data where it is necessary or there is a lawful legal basis for collecting, using or disclosing it. Except in limited instances where we indicate that certain information is processed based on your consent, we collect, use, and/or disclose your personal data on the legal basis of (1) contractual basis, for performance of activity in relation to our relationship with you; (2) legal obligation, for fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms to the protection of your personal data; (4) vital interest, for the prevention or suppression of danger to a person's life, body, or health; (5) public interest, for the performance of task carried out in the public interest or for exercising of official authorities duties; and/or (6) the reason for an establishment and defenses of legal claims in the future.

1.1 The purposes on which we rely on your explicit consent.

We may collect, use, and disclose the following personal data based on your explicit consent for the following purposes, if we cannot rely on another appropriate legal basis:

  • Sensitive personal data

    • Religion and/or Race (from the official documents), in which religion and/or race data may appear in the official documents and we may process your official documents for identification and authentication purposes.

  • Marketing activities, we may process your personal data such as name, surname, personal information, contact details, and other necessary information for provision of marketing communications from DataX or its affiliated companies, for which we cannot rely on other legal bases.

Where legal basis is consent, you have the right to withdraw consent at any time. This can be done so, by contacting us through channels as specified in "How to contact us". The withdrawal of consent will not affect the lawfulness of the collection, use and disclosure of your personal data and sensitive personal data based on your consent before it was withdrawn. You are well aware that if you withdraw your consent for the collection, use and disclosure of personal data for purposes set out above, we may not be able to perform certain contractual obligations we have with you, or to pursue certain actions per your request.

1.2 The purposes on which we rely on other legal bases.

We may collect, use, and disclose your personal data for the following purposes:

 

  1. Identity proofing and authentication;

  2. Communications and marketing include the dissemination of news and activity updates, engagement with customers and stakeholders, creation of marketing materials and strategic plans, development of public relations and policy strategies, and enhancement of product marketing performance.

  3. Provision of seminars, trainings, tests, events, exhibitions, and other activities includes communication with event attendees, speakers, and service providers; delivery of souvenirs and awards; preparing lists of attendees; collecting and assessing feedback; conducting surveys; and increasing awareness of data protection.

  4.  Record management, including retaining as legal evidence and for future reference;

  5. Provision and management of services and products include planning, overseeing, carrying out, managing, and monitoring projects according to targets; budget and resource allocation; performing according to instructions; developing, installing, and delivering products and services; setting prices and payment collection processes; delivering products; enhancing and analyzing data; cooperating to resolve technical difficulties; overseeing development and testing of products; and setting and overseeing customer service terms.

  6. Entering into contracts and conducting transactions include conducting risk assessments, and preparing, reviewing, revising, and negotiating contracts before execution.

  7. Risk management includes designing, monitoring, and developing risk management policies, procedures, or reports; developing and implementing systems, measures, or tools for risk management or assessment; and assessing, monitoring, overseeing, and solving problems when risks occur, including those from data breaches or cybersecurity breaches.

  8. Business management and development include handling complaints and cooperating to address issues; communication and cooperation; studying market forces and customer requirements; managing concepts, implementation, strategies, and guidelines of products and work plans; designing and developing internal systems; developing dashboard reports, insights, analytics, and internal tools; preparing internal and external reports; analyzing and enhancing business operations; researching and developing data science tools; monitoring and reviewing business operation progress; operating the business; performing according to system owners' suggestions; managing technology resources; improving database performance; preserving tools and providing information services; developing and improving software and applications; procuring and preserving technology assets; analyzing and developing technical and business processes; setting guidelines on data development and conversion; business development; market research; providing legal advice; and maintaining security and safety.

  9. Financial and accounting include financial planning and management, recording and reporting financial transactions, setting budgets, planning and developing financial policies, implementing financial control, performing financial close processes, preparing relevant documents, and complying with regulations by filing tax returns, financial statements, and other documents with government or relevant agencies.

  10. Conducting audits, which includes preparing, reviewing, analyzing, and reporting audit plans, as well as improving internal control.

  11. Ensuring compliance with relevant standards, policies, regulations, and laws in business operations, handling complaints and legal actions, managing security architecture, developing and implementing cybersecurity systems, overseeing information security, responding to data breaches, managing data-related complaints, and protecting our security.

  12. Provision of access to building and controlled premise;

  13. Protection of your vital interests or that of another individual;

  14. Business organizations such as merger, sale, purchase, joint venture, assignment, transfer or other disposition of our business, assets, or stock, or rehabilitation, capital venture, or any similar transaction, we may disclose your personal data to our assignee(s) of rights as part of such transactions.

  15. We may use artificial intelligence (AI) technologies in our operations to enhance our products and services and improve your experience with us. AI may be used to analyze data (e.g. predictive analytics), automate processes (e.g. content generation), assist with document review, and analyze contracts. When processing your personal data, we ensure that AI-driven data processing is lawful, fair, and transparent, adhering to ethical and regulatory standards and complying with relevant data protection laws and regulations.

2. What personal data we collect, use, or disclose

 

The type of personal data which we collect, use, and/or disclose may vary depending on the objectives, necessities, and the relationship between you and us. The type of personal data shall include but not limited to:

 

3. Sources of your personal data

Normally, we will collect your personal data directly from you, but sometimes we may get it from other sources.

Personal data we collect from other sources may include but not limited to:

  • Data obtained by us from companies in SCBX Group,

  • Data obtained by us from business partners (e.g., production company, legal counsel.), third-party service providers [(e.g. data service providers)] and/or any other persons who we have relationship with;

  • Data obtained from publicly available sources (e.g., website of the Department of Business Development, Ministry of Commerce);

  • Data obtained by us from governmental authorities, regulatory authorities (e.g., the Department of Business Development, Ministry of Commerce, the Revenue Department);

  • Information you have asked us to collect for you.

4. Your rights

The PDPA aims to give you more control of your personal data. You can exercise your rights under the PDPA, details as specified below, through the channels prescribed by us:

 

5. How we share your personal data

We may disclose your personal data to the following parties:

  • Group company: companies within SCBX Group (including its shared services). You acknowledge to further review relevant privacy policies of companies within SCBX Group (including its shared services) where applicable.

  • Service providers: business partners, service providers, suppliers, agents and other entities where the disclosure of your personal data has a specific purpose and under lawful basis, as well as appropriate security measures. The said service provider shall include, but not be limited to, production companies, advertising service providers, consultant, auditors, legal counsel, bank and financial institution, and/or information technology service providers. You acknowledge that each service provider may have its own privacy notice that governs the processing of their data. In the event that the service provider is acting in a capacity of a data processor, we will have in place an appropriate data processing agreement to limit their scope of processing and responsibilities pursuant to the laws;

  • Governmental authorities: governmental authorities and/or supervisory or regulatory authorities, which shall include, but not be limited to, Revenue Department, Bank of Thailand and Thailand Board of Investment (BOI).

  • Others: any persons whom we are required or permitted by laws, regulations, or orders to share personal data, your attorney, sub-attorney, authorized persons or legal representatives who have lawfully authorized power, persons or juristic persons you requested us to disclose your personal data to, the exercise of rights to inspect records from CCTV, the general public, and/or other public disclosures.

  • Assignee of rights and/or duties: we may undergo business reorganization, to which we may be required to disclose your personal data to the assignee(s) of rights and/or duties.

6. International transfer of personal data

 

In case where it is necessary for DataX to transfer your personal data internationally (e.g. to SaaS, ICT or cloud service providers for purposes regarding our business operation, data storage and identity proofing and authentication system, business partners / vendors / suppliers for business development and developing our alerting system, to companies within SCBX Group abroad for internal communication and cooperation, or other external data recipients as instructed, which may be located outside of Thailand (such as Singapore), we will ensure that your personal data is securely transferred and that the receiving parties have in place an appropriate level of data protection standard or other derogations as allowed by the PDPA, and to take a step to ensure that there is no unauthorized or unlawful processing of your personal data.

 

We will request your consent where consent to cross-border transfer is required by law, including the case where you are informed of the inadequate personal data protection standards of the destination country.

7. Retention period of personal data

 

We will keep your personal data for as long as you still have a relationship with us for the purposes specified in this privacy notice. We may continue to keep your personal data as long as if it is necessary to serve or interact with you in accordance with the law and for as long as it is considerable to be reasonable according to the purposes for any other lawful grounds or as allowed by applicable laws which the Personal Data is collected. In particular, we may retain your Personal Data for the duration of any period necessary to establish, exercise or defend any legal rights.

The period we keep your personal data may be linked to the prescription period or the period under the relevant laws and regulations.

8. Information about third parties

If you provide us with personal data about third parties (e.g., information about Related Parties, persons relating to data breach / cybersecurity breach) for the purposes set forth in the privacy notice, it is your responsibility to inform them of this privacy notice and their rights herein as applicable to them. You are also responsible for obtaining any required consent of these persons, and ensuring that you have the right to provide their personal data to us so we could legally collect, use and/or disclose their personal data for the purposes set forth in this privacy notice.   

9. Minors, incompetent person, or quasi-incompetent person

 

In some cases, as required by the applicable law, we cannot collect, use or disclose the personal data of a minor, incompetent person, or quasi-incompetent person without the consent of the person with parental authority, guardian, or curator. As such, if you are under the age of 20 and have not yet become sui juris, an incompetent person, or a quasi-incompetent person, you must ensure that you have obtained consent from parents, guardian, or curator (in the case where consent is required). In the case where we unintentionally collect personal data of a person under the age of 20 and has not yet become sui juris, an incompetent person, or quasi-incompetent person, without consent from the parent, guardian, or curator (as the case may be), we will delete that personal data without delay, or will collect, use and/or disclose such personal data only if we can rely on legal bases other than consent, or as permitted by law only.

10. Security Measures

We use systems, policies, and measures to protect your personal data from access to, use, alteration, modification, or disclosure of personal data unlawfully or without authorization and pursuant to the requirements under the applicable laws. Such measures include limiting access to appropriate personnel who have a legitimate business need to access personal data.

11. Use of Cookies

We may collect and use cookies and similar technologies when you use our products and/or services or visit our website.

The collection of cookies and similar technologies helps us recognize you, remember your preferences and customize how we provide our products and/or services to you. We may use cookies for a number of purposes (e.g. enabling and operating basic functions, helping us understand how you interact with our websites or emails, or enabling us to improve your online experiences or our communications with you, particularly, to ensure that online adverts displayed to you will be more relevant to you and of your interests), for details please see Cookie Notice.

Our websites may be redirected to other websites for the purpose of facilitating you when you visit other websites. These websites may collect your Personal Data. We are not responsible for the processing of your personal data by other websites or such parties. For this reason, we recommend that you carefully review the privacy notice of these websites before you use the service on those websites.

12. How to contact us

 

If you have any questions or would like more details about our privacy notice, please contact us through the following channels:

 

SCB DataX Company Limited
No.18 SCB Park Plaza West B, 7 Floor,

Rutchadapisek Road, Chatuchak, Bangkok 10900 Thailand

Tel.: 027951636

 

SCB DataX Data Protection Officer at email: dpo@data-x.ai

13. Changes to this privacy notice

 

We may change or update this privacy notice from time to time and we will upload such updated privacy notice at https://data-x.ai/

14. Other Privacy Notice

Privacy Notice for Personnel

Cookies Notice

bottom of page