3. Disclosure of Personal Data
The Bank may share your Personal Data with others where it is lawful to do so, including where the Bank or other person: -
- needs to perform obligations under a contract regarding the products or services (e.g., to fulfil a payment request, etc.)
- has legal duties to do so (e.g., to assist with detecting and preventing fraud, tax evasion, financial crime and money laundering)
- needs to, in connection with a regulatory reporting, litigation, asserting or defending legal rights
- has legitimate interest to do so (e.g., to manage risk, verify identity, enable another company to provide you with the services you have requested or assess your suitability for the products and/or services) and/or
- asks for your consent to share it, and you agree.
The Bank may share your Personal Data for the above purposes with others, including: -
- other CIMB group companies and any sub-contractors, agents or service providers who work for the Bank or provide the services to the Bank or other CIMB group companies, including their employees, sub-contractors, service providers, directors and officers
- any trustees, beneficiaries, administrators or executors
- people who give guarantee or other securities for any amount you owe the Bank
- people you make the payment to and/or receive the payment from
- your intermediaries, correspondent and agent bank, clearing houses, clearing or settlement systems, market counterparties and any company you carry out investment services through the Bank
- other financial institutions, lenders and holders of securities, tax authorities, trade associations, credit reference agencies, payment service providers and debt recovery agents
- any fund managers who provide asset management services to you and any brokers who introduce you to the Bank
- any people or companies where required in connection with a potential or actual corporate restructuring, merger, acquisition or takeover, including any transfer or potential transfer of any of the Bank’s rights or duties under the Bank’s agreement with you
- law enforcement, government, courts, court procedures, dispute resolution bodies, the Bank’s regulators, auditors and any parties appointed or requested by the Bank’s regulators to carry out investigations or audits of the Bank’s activities
- other parties involved in any disputes, including disputed transactions
- fraud prevention agencies who will also use it to detect and prevent fraud and other financial crime and to verify your identity
- anyone who provides instructions or operates any of your accounts, products or services on your behalf (e.g., Power of Attorney, solicitors, etc.)
- anybody else that the Bank has been instructed by you to share your Personal Data with and/or
- other parties involved in any marketing purposes
There may be instances which the Bank may share non-personally identifiable information about you to third parties, such as advertising identifiers or one-way coding (cryptographic hash) of a common account identifier, such as a contact number or e-mail address, to enable the conduct targeted advertising.
Except as described in this Privacy Notice, the Bank will not use the Personal Data for any purposes other than the purposes as described to you in this Privacy Notice. Should the Bank intend to collect, use or transfer additional information which are not described in this Privacy Notice, the Bank will notify you and obtain your consent prior to the collection, use and disclosure unless the Bank is permitted to do so without your consent under the law. You will also be given the opportunity to consent or to decline approval of such collection, use and/or transfer of your Personal Data.
The Bank will continue to adhere to this Privacy Notice with respect to the information the Bank has in its possession relating to prospective, existing and former clients and investors.
Cross-border Transfer of Personal Data
Your Personal Data may be transferred to and collected and/or used in other countries, including Malaysia.
Such countries may not have adequate level of protection for the Personal Data as will be prescribed by the Personal Data Protection Committee of Thailand. When the Bank do this, the Bank will ensure that the transfer has an appropriate level of protection and that the transfer is lawful. For example, your Personal Data may be shared to other CIMB group companies in accordance with the Bank’s Binding Corporate Rules (BCRs) or other relevant contractual arrangements, which require all CIMB group companies to follow the same rules or terms when collecting, using and/or disclosing your Personal Data. If you wish to request for a copy of the Bank’s BCRs, you can do so by contacting the Bank at dpo@cimbthai.com.
The Bank may need to transfer the Personal Data in this way to carry out the Bank’s contract with you, fulfill the legal obligations, protect the public interests and/or for the Bank’s legitimate interests. In some countries, the law might compel the Bank to share certain Personal Data, e.g., with tax authorities or National Bank. Even in these cases, the Bank will only share the Personal Data with people who have the right to see it.