You Are In

  • Blog
  • Products
  • Ways to Bank
  • Who We Are
  • Help & Support
  • Quicklinks
Blog
Products
Ways to Bank
Who We Are
Help & Support
Quicklinks
Financial Guru
Accounts
Cards
Insurance
Investment
Loans
Remittance
CIMB THAI App
Corporate Governance
Leadership
Investor Relations
Sustainability
News and Event
Rates & Charges

 

 

Privacy Notice

CIMB Thai Bank Public Company Limited

 

Updated version dated 30 June 2024

Dear Our Valued Customers,

 

        CIMB Thai Bank Public Company Limited (“the Bank”) prioritizes personal privacy and is committed to protecting Personal Data of yours or persons related to your business (“Personal Data ”) in accordance with the Personal Data Protection Act, B.E. 2562 (2019), including its amended versions (“Personal Data Protection Law”).

 

This Privacy Notice provides an expliantion of the following matters:

  1. To whom will this Privacy Notice apply?
  2. Which Personal Data does the Bank collects, use, and/or disclose and the collection channels?
  3. How does the Bank collect, use, and/or disclose Personal Data?
  4. To whom will the Bank disclose your Personal Data?
  5. Sending or transferring your Personal Data to other countries
  6. Use of cookies and/or similar technologies
  7. Retention of your Personal Data
  8. How to keep your Personal Data up to date
  9. How does the Bank protect your Personal Data?
  10. Security measures for your Personal Data
  11. Recommendations for taking care of your Personal Data
  12. Bank Contact Channels
  13. Amendments to the Privacy Notice

 

1.      To whom will this Privacy Notice apply?

This Privacy Notice applies to you, if you fall into one or more of the following catagories:

  • Individual customers of the Bank: This includes persons who currently use or previously used the products and/or services of the Bank, those who contact or inquire about information from the Bank, including but not limited to, individuals who have acknowledged the information of products and/or services through our various channels, and those who have been offered or received advertisements or any informative messages about the products and/or services.
  • Individuals related to the Bank's juristic person customers or juristic persons that have conducted transactions with the Bank. For example, such individuals include shareholders, directors, authorized persons, representative of partners, agents, employees, officers, and/or any assignees.
  • Individuals involved in transactions with the Bank or the Bank’s customers. For example, such individuals include visitors, employees, officers, directors, representatives, shareholders, investors, guarantors, mortgagors, collateral providers, ultimate beneficial owners, emergency contact persons and/or other persons in similar capacities.

 

2.      Which Personal Data does the Bank collects, use, and/or disclose and the collection channels?

2.1.    Personal Data Collected, Used, and Disclosed by the Bank

Personal Data means information that related to an individuals, which enables the identification of such individuals, whether directly or indirectly can be used to identify you, whether directly or indirectly. The types of Personal Data that the Bank collects under relevant laws include, but are not limited to:

  • Personal Data:  First name, middle name, last name, gender, date of birth, age, marital status, ID card number, laser number of ID card, passport number, social security number, work permit number, driver's license number, other identifiable numbers, personal information, including personal photos on government-issued documents for identification purposes, tax identification number, nationality, country of residence, photos in passport licenses, car registration number, signature, information for verification and/or identification, facial scan information, any  information that the Bank receives from you in connection with your identity verification questions (e.g. passwords, answers to securities questions in case of forgetting passwords, PINs, facial recognition data), photos, videos, voice recordings, records of your communications with the Bank and footage from CCTV.
  • Family information: Family status, information about relationships with family members, Personal Data of people involved in your family such as first name, middle name, last name, age, and contact information, including your spouses and children.
  • Contact information: Personal contact information you have provided to the Bank for the purposes, such as your address, telephone number, email address, and social media profiles.
  • Educational and work information: Details about your education and/or work, qualifications, business type, workplace details, workplace contact information, and as any information on documents to verify  your business.
  • Financial information: Evidence of income, financial statements,  billing address, bank account information, investment information, credit/debit card number, cash card number, cardholder’s information or account details, request records, transaction history, transaction details, information of contractual parties, insurance policy-related information, credit scores, loan information, unitholder information, securities holder information, including shareholding or proprietary rights and other information related to products and/ or services such as credit limits, interest rates, installment periods or accounting status.
  • Transaction information: First name and last name of the beneficiary, address, application user account, password and other details related to transactions with the Bank, including communications regarding payments/transfers of related transactions through the Bank.
  • Electronic information: Any information related to computer systems or technological devices that you have used to log into service channels, applications, websites or social media, including computer-identification numbers (IP Address or MAC Address), cookies, or similar technologies, activity records, data that can be personally identified or tracked online, login information, usage, and search history unique device identifiers, geographic information, and other technical data incurred from the usages on platforms and operating systems.
  • Footage from closed- circuit cameras (CCTV ) and geographic information: This information can indicate your locations, areas, and transactions for security reasons, or for the purposes of determining location of the Bank’s branches or any authorized service providers located near you.
  • Other personal information: This includes other information supporting your use of products and/ or services, such as customer ID, product and/or service types, transaction memo information, cheque, bill of exchange information, title deeds, insurance policy, personal information  for applying for a loan, relevant contracts, guarantee details, FATCA Form, market research and feedback information and any other Personal Data that you have provided into the Bank's and/or delivered to the Bank
  • Sensitive Personal Data: Sensitive Personal Data as determined by the Personal Data Protection Law, includes Personal Data you provide regarding race, ethnicity, religion or philosophy, sexual behavior, criminal record, health information, disabilities, biological information such as facial recognition or other Personal Data arising from the use of techniques or technologies related to the physical or behavioral dominance of a person, which can be used to identify such person apart from others. This includes any other information that affects you in the same manner as announced by the Thailand Personal Data Protection Commission.
  • ·Personal Data related to third parties: This includes Personal Data of individuals who are involved in your transactions, such as shareholders, directors, and authorized persons, family members, reference persons, business partners, guarantors, mortgagors, collateral providers, beneficiaries, executors, parents, guardians, curators, emergency contact persons and/or any other persons according to your transaction documents. In the event that you are the person who provide Personal Data of third parties to the Bank, please inform those persons of the details under this Privacy Notice and comply with  Personal Data Protection Law so that the Bank can collect, use and /or disclose Personal Data of the aforementioned third parties that you provided.

 

The Bank has no intention of collecting, using and/or disclosing Personal Data of minors, incompetent  or quasi-incompetent persons, unless the Bank has received consent from their parent, guardian, or curator, or it is a processing of Personal Data where minors, incompetent persons, or quasi-incompetent persons are legally permissible to provide consent on their own, and/or carrying out activities under other legal bases.

 

In the case that you are a minor, an incompetent person, or a quasi-incompetent person and the Bank needs to collect, use and/or disclose your Personal Data for purposes for which you can not intentionally consent on your own in accordance with the applicable laws, your parent, guardian or curator can contact the Bank to provide the required consent or exercise rights related to the processing of Personal Data by contacting the Bank via the channels specified in this Privacy Notice.

 

The Bank collects various types of Personal Data. The types of collected Personal Data depend on your relationships with the Bank and the type of products, services, and/or transactions you have applied or requested, including Personal Data that you have directly provided to the Bank, information that the Bank has acknowledged when you become our customer and information which the Bank has received from other sources related to products and/or services you have applied and/or requested. The Bank will process your Personal Data in accordance with the Personal Data Protection Law.

 

2.2.   Channels for Collecting your Personal Data

The Bank collects Personal Data that you have provided to the Bank directly or through channels of the Bank, including Personal Data the Bank obtained or accessed from following other sources and situations, but not limited to:

  • Applying for or using the Bank’s products and/or services;
  • Engaging in conversations with the Bank or our branches via telephones, including the recording of telephone conversations, emails, text messages or any other methods;
  • Visiting our websites or using the Bank’s applications via mobile phones;
  • Requesting any  claims for compensation from insurance policies or other documents;
  • Conducting investigations and making any clarifications to the Bank;
  • Conducting customer surveys;
  • Participating in marketing activities and/or events with the Bank;
  • When your Personal Data is explicitly visible to the public and disclosed through social media, the Bank will choose to collect only Personal Data that you have intentionally made public;
  • When the Bank receives or accesses your Personal Data from other third parties or other sources (related to your transactions) such as information from your employer, our relevant customers, other organizations that provide  your credit information, companies and/or service providers that provide identity verification service, companies within the Bank's financial business group, financial service providers and other service providers of the Bank, other financial institutions, business partners, persons with legal authority or legal rights, govermental officer with authority or any governmental agencies or any persons or agencies that the Bank has legal relationship with.

 

In some cases, the Bank may collect Personal Data from other online and offline sources, including third-party sources, such as credit information provider (including National Credit Bureau Company Limited.), data providers, or third parties for the purpose of identification and verification, subject to your consent or where the Bank has necessity as permitted by applicable laws. In such cases, the Bank may combine the received Personal Data  with your Personal Data collected under this Privacy Notice.

 

In this regard, the Bank may engage third parties outside its fnancial business group to collect Personal Data related to your online activities when visiting the Bank’s websites. In addition, the Bank may also use Personal Data collected across websites of companies outside its financial business group for the purpose of advertisements related to your web browsing behavior. If the Bank carries out those activities, it will furnish you with an appropriate notice and options, thereby granting you alternatives to opt-out such practices.

 

3.      How does the Bank collect, use, and/or disclose Personal Data?

The Bank may collectuse and/or disclose your Personal Data only when it has appropriate reasons to do so. This includes the disclosure of  Personal Data to third parties. The Bank will consider the appropriate lawful basis for processing, collecting, using and/or disclosing of Personal Data, based on at least one of the following bases:-

  • Performance of contract: When it is necessary for fulfilling a contract which the Bank has with you - when it is necessary for the Bank to collect, use and/or disclose your Personal Data to provide services according to the contract or to carry out your requests before entering into a contract with you.
  • Legal Obligations: When it is necessary for legal obligations of the Bank - when the Bank is required to collect, use and/or disclose your Personal Data in connection with applicable laws and regulations, legal obligations, legal proceedings or any related legal processes.
  • Legitimate Interest: When it is a legitimate interest for the Bank or other persons or juristic persons - when it is necessary to collect, use and/or disclose your Personal Data for legitimate interest of the Bank or other persons or juristic persons, except where such interests are overridden by your fundamental rights.
  • Consent: When you provide your consent to the Bank for the purposes of collecting, using and/or disclosing your Personal Data for any specific purposes.
  • Other Lawful Bases: In some cases, the Bank may need to process your Personal Data on other lawful bases, such as preventing or ceasing danger to a person’s life, body or health,  conducting historical documentation or archives for public interests or related to research studies or statistics, or carrying out activites for public interests or performing duties exercising the government’s authority granted to the Bank In such events, the Bank will process your Personal Data as necessary in accordance with the Personal Data Protection Law.

 

The Bank has objectives and lawful bases for processing of Personal Data in accordance with the Personal Data Protection Law for the collection, use, and/or disclosure of  your Personal Data as follows. Please consider the purposes of processing based on the relationship between you and the Bank on a case-by-case basis.

 

3.1.     Purposes for Which the Bank Required Your Consent

Processing of Sensitive Personal Data

When the Bank cannot apply any other lawful bases to process sensitive Personal Data under the Personal Data Protection Law, the Bank will request your explicit consent.

 

  • Information about race, ethnicity, religion, or blood group ( In case that you provide  the copy of ID card or official documents issued by governmental agencies of some countries which the Bank  needs as evidence for personal identification and verification without concealing or crossing out such sensitive Personal Data )
  • Biometric data such as facial recognition for the purposes of identification and verification and/or transaction verification through digital channels, branches, websites, or any other channels.
  • Health information, disability information, criminal records or any other information which affects you in the same manner as announced by the Thailand Personal Data Protection Commission in case where it is necessary for provision of some certain types of products and/or services only.

Marketing activities
  • To develop and carry out various activities related to marketing.
  • To communicate with you via email, telephone, text messages, websites, applications, social media, and/or any other appropriate electronic channels, including face-to-face communications relating to the Bank's products and/ or services, the Bank's financial business group, CIMB Group or our trusted business partners in which you may be interested.
  • To send you personalized marketing messages.
  • To enable the Bank's business partners to offer you products and/or services in which you may be interested.
  • To research and analyze your products and/or services and crosselling products and/or services that requires your consent according to the Personal Data Protection Law.
  • To test, research, analyze, and develop new products/ new features of products and/or services for marketing purpose that requires your consent according to the Personal Data Protection Law.   

3.2     Purposes for Which the Bank Relies on Lawful Bases Other Than Consent for Processing Personal Data

The Bank will collect, use, and/or disclose your Personal Data based on other lawful bases as necessary under the Bank's legitimate objectives under the following purposes:

The Purpose of

Collecting, Use, and/or Disclosing Personal Data

Lawful Basis for Collecting, Use, and/or Disclosing Personal Data

Application, Consideration, and Delivery of Products and Services
  • To take actions before entering into a contract, such as providing any information related to products and/or services, analyzing and evaluating customer’s needs, verifying the qualifications, and checking the accuracy of information or documents.
  • To review, verify your identity, and examine your creditability-related information.
  • To consider products and/or services, including any  relevant ongoing operations.
  • To fulfill services and/or deliver products.
  • To verify, confirm, and update transactions.
  • To manage the relationship between the Bank and you or your business including post-sale operations, complimentary arrangement, complaint handling, and/or fulfillment of customer requests.
  • To communicate with you via email, telephone, text message, social media, postal mail, or face-to-face communication regarding products and/or services, including providing information, and any news unrelated ·         to marketing purposes, such as notification of branch closures, information related to the provision of products and/or services that you have applied or you currently use with the Bank, and compliance with the terms and conditions of products and/or services, including renewals or termination of products and/or services.
  • To facilitate the service provision related to products and/or services.
  • To enable, as part of the Bank’s privilege/wealth banking services, tthe Bank’s relationship manager to contact you about the relevant privilege/wealth products and services that are advantageous to you.
  • To analyze credit information and your affordability behaviors as part of the credit approval process.
  • To fulfill your requests for making transactions, including your requests for payments or transfers. 
  • Performance of Contract

 

 

 

 

 

 

 

 

 

Compliance with Legal Obligations
  • To submit reports according to regulations to relevant regulators.
  • To prevent and detect money laundering or the financing of terrorism and comply with relevant laws through the Know Your Customer (KYC) process (to identify and verify your identity and details with the sanction list and your profile background) and to conduct Customer Due Diligence (CDD) according to Anti-Money Laundering laws and other relevant law as well as the verification of related transactions, FATCA and relevant applicable laws.
  • To comply with laws, regulations, and orders from regulatory bodies.
  • To detect, investigate, and prevent fraud, tax evasion, financial crimes, money laundering, cyber attacks, or Personal Data breach.
  • To conduct litigation processes, exercise legal rights or protect legal right.
  • Legal Obligation

 

 

 

 

Customer Service Support
  • To engage in customer relationship management, post-sale transactions, complimentary arrangement for customers, and/or carry out customer requests.
  • To create satisfaction and provide you with professional support.
  • To contact you through various communication channels.
  • To answer questions and record correspondence, comments, and/or complaints.
  • To carry out your orders or requests, such as request for changing of information or asking for documents, etc.
  • Performance of Contract 

 

 

 

Transactions - Related Operations
  • To identify issues related to products and services.
  • To conduct business and improve business activities.
  • To prepare statistical reports, market research, non-marketing analysis report, or sale promotion.
  • To plan for improvement of products and services currently available.
  • To carry out financial operations and improve operational performance.
  • To engage in data management and operating systems for service provision.
  • Legitimate Interest

   

Safety and Risk Management
  • To investigate, report, and prevent financial crimes,  ensure cyber security and Personal Data protection
  • Legitimate Interest
  • To tackle with problems or disputes related to the contracts, including managing complaints or incidents that are illegal and suspicious.
  • To prevent crimes and ensure the safety in the Bank’s operation and service areas, office space, including bank branches (such as using CCTV to record the moving image or your voice, etc.)
  • To manage risks for the Bank, companies in the Bank's financial business group, customers, trading partners, and / or within the Bank's group of companies.
  • To manage internal auditing of the Bank, companies in the Bank's financial business group and/or within the Bank's group of companies
  • To follow up and collect debts
  • To maintain the security of your Personal Data by pseudonymizatiing  (such as encryption), anonymizing and/or making your Personal Data non - personally identifiable
  • Performance of Contract

Other Operations of the Bank
  • To study and analyze your use of products and/or services, conduct statistical data and reports for internal use within the Bank and its financial business group.
  • To test, research, analyze, and develop products and/or services.
  • To consider customer groups based on their interests as appropriate
  • To recommend products and/or services of the similar types or connected to the products and/or services you currently use with the Bank or companies in its financial business group which you may be interested in or suitable for you
  • To contact and facilitate you in applying for products and/or services.
  • To survey and evaluate satisfaction after using products and/or services.
  • To contact for reviewing and updating customer information to be current, accurate, and complete
  • To transfer rights and/or duties in managing the businesses of the Bank and other companies in the Bank's financial business group.
  • Legitimate Interest

        When the Bank relies on the legitimate interest as the basis of collecting, using, and/or disclosing Personal Data, it has consideredwill consider whether your fundamental rights are overridden by the Bank’s legitimate interests and has concluded tthat it has more importance.

 

        In the event that you submit your identification documents, such as a copy of your ID card, to the Bank, it does not have a policy to collect, use, and/ or disclose your sensitive Personal Data from such documents. However, in the case that you do not manually cross out or conceal sensitive Personal Data on the documents before sending them to the Bank, the Bank will cross out and/or conceal your sensitive Personal Data on such documents before collection in accordance with the Bank’s security measures for Personal Data under the Personal Data Protection Law.

 

        Where the Bank needs to collect your Personal Data as required by law or by the terms of a contract it has with you and you fail to provide your Personal Data when requested, the Bank may not be able to fulfill its obligations under the contract it has with you or plans to enter into with you (for example, provide the account opening service). In this case, the Bank may decline to provide the relevant services, but it will notify you when your Personal Data is collected.

4.      To whom will the Bank disclose your Personal Data?

The Bank may disclose your Personal Data for the purposes mentioned above to other persons or organizations as follows.

  • Companies in the Bank's financial business group, including its other group of companies (CIMB group) (for more details, please visit: https://www.cimbthai.com/en/personal/who-we-are/about-us.html).
  • Subcontractors, agents, contractors, brokers, and outside service providers to conduct business on behalf of the Bank or to help support the Bank's services both in Thailand and abroad including employees subcontractor service providers, directors, and officers of the said service providers.
  • Assigned to manage properties or any benefits, official receivers or enforcement officers.
  • Guarantors or deposits in lieu of performance in the amount that you are obliged to the Bank.
  • Any person to whom you have paid and/or received payment.
  • Representative, representatives of the Bank, payment systems, business partners, vendors, and other companies in which you invest through the Bank.
  • Other financial institutions, lenders, collateral holders, Revenue Department officers, trade associations, credit information collection agencies, service providers related to payment systems, and debt collection agents.
  • Database system providers for exchanging information between financial institutions, including digital identity verification service providers ( i.e. National Digital ID (NDID)), third-party agencies engaging in identification and verification, and service provider of payment infrastructures and international money transfers (i.e. National Interbank Transaction Management and Exchange (NITMX)).
  • Service providers for delivering messages (SMS) or emails.
  • Service providers for information technology, technology support, and technological security.
  • Fund managers providing you with asset management services and any financial advisors, or brokers introducing you to the Bank, Stock Exchange of Thailand, Thai Bond Market Association Securities, Depository Service Center  dealer Registrars appointed by a bond distributor.
  • Any person or companies involved in a company restructuring, merger or acquisition that occurs or may occur, including the transfer of any rights or obligations under the contract between the Bank and you.
  • Law enforcement agencies, government, courts, court procedures, dispute resolution agencies, the Bank’s regulartory bodies, auditors, and persons appointed or requested by the Bank’s regulartory bodies to examine the Bank's operating activities.
  • Other person involved in any dispute that arises, including disputes related to transactions.
  • Anti-corruption and/or fraud agencies which use such information to investigate and prevent corruption, fraud, and other financial crimes and to verify your identity.
  • Persons who order or manage your account, products, or services on your behalf (e.g. attorney, lawyer).
  • Persons to whom the Bank discloses your Personal Data as per your instruction.
  • Consultants or experts in various fields of the Bank.
  • Business partners or service providers with whom the Bank is a counterparty, established in Thailand and abroad.
  • Debt collection service providers.
  • Providers for document storages and/or warehouses, card production, printed media documents, or parcel delivery services.
  • Business partners, marketing service providers, social media service providers in a secure format, or any external advertising companies for any marketing purposes. and/or
  • Third parties and/or other agencies to meet the purposes specified in this Privacy Notice.

In some cases, the Bank may disclose your non-personally identifiable information to designated third parties for the purpose of targeted advertising.

 

The Bank will not use Personal Data for purposes other than those specified in this privacy notice. If the Bank collects, uses, and/or discloses additional information, it will inform you and request your consent before doing so. You have the right to provide your consent or decline the collection, use, and/or disclosure of your Personal Data, except in cases where the Bank is legally permitted to do so without your consent.

 

The Bank will strictly treat Personal Data related to customers under its responsibility as the Personal Data Controller in accordance with this Privacy Notice.

 

5.      Sending or Transferring your Personal Data to other Countries

Your Personal Data may be sent or transferred to other countries and collected and/or used by other countries (such as Malaysia which is a country in CIMB Group) and by cloud service providers (Cloud Computing) where the Bank has business operations or the Bank is required to comply with various laws to achieve the business objectives or for your benefits.

 

However, the destination country receiving your Personal Data may have been not yet recognized an adequacy decision for Personal Data protection under the Personal Data Protection Law as announced by the Thailand Personal Data Protection Commission.  In such cases, the Bank will ensure that such sending or transferring has appropriate levels of Personal Data protection measures and that such sending or transfer of information is in accordance with the law. This may involve entering into relevant standard contractual contracts (or any available appropriate safeguards that have equivalent safeguards) with counterparties outside Thailand. For example, your Personal Data may be disclosed to other companies in CIMB Group  under Binding Corporate Rules (BCRs), acceptable contractual terms, and/or other appropriate Personal Data protection safegaurds. The Bank may need to send or transfer Personal Data to complay with a contract to which you are a contracting party or to fulfill your request before entering into the contract, or to comply with law, protect the public interest for fulfilling your request according to the contract between the Bank and the recipient of your Personal Data and/or with your consent which the Bank has informed you that the destination country receiving your Personal Data has inadequate level of Personal Data protection safeguards. However, the laws of some countries may require the Bank to disclose certain types of Personal Data (e.g., disclose to tax authorities). In such case, the Bank will disclose Personal Data only to those entitled to access such Personal Data.

 

6.      Use of cookies and/or similar technologies

The Bank may collect and use cookies and/or other similar technologies when you use the Bank's websites and/or applications. You can learn more details from Cookies Notice on the Bank's website.

 

7.      Retention of your Personal Data

The Bank will keep your Personal Data as long as necessary to achieve the purpose of collecting Personal Data.

The Bank will retain your Personal Data while you are a customer, or have a relationship with the Bank or for the necessary period to achieve objectives related to this Privacy Notice. When you end your relationship with the Bank, it will further retain your Personal Data for the necessary or legally-required or permitted period. For example, the Bank may keep it for 5 to 10 years after your relationship with the Bank ends (as the case may be) for the interest of the Bank to address any contractual disputes that may arise during that period. However, if the Bank is required by law or has technical reasons, it may retain your Personal Data longer than the expected retention period. If the Bank no longer needs to retain your Personal Data or when the retention period ends, the Bank will destroy, delete, or make Personal Data to be de-identifiable to the person who are data subject (so it is no longer linked to you).

 

In the event that you access third-party websites and/or applications via the Bank’s  channels including being contacted by or using the products and/or services from third parties,  such as insurance companies introduced to you by the Bank, those third parties may process your Personal Data in accordance with their own Privacy Notices and additional terms and conditions applied to their products and/or services. You can also learn more details from those third parties.

 

8.      How to keep your Personal Data up-to-date

You can update your Personal Data which is under the responsibility of the Bank as the Personal Data Controller to ensure its currency, completeness, and accuracy. You need to inform the Bank of any changes to your Personal Data  by contacting the following channels:

  • Contact the Bank’s representative at bank  branches or CIMB Thai Care CenterTel. 0 2626 7777
  • Update your Personal Data at bank branches or CIMB Thai Care Center Tel. 0 2626 7777

In addition, the Bank will occasionally contact you to review and update your Personal Data to ensure it remains current, complete, and accurate.

 

9.      How does the Bank protect your Personal Data?

Under certain circumstances, you have entitled rights in your Personal Data in accordance with the Personal Data Protection Law. The Bank will respect your rights and proceed according to laws, rules or regulations related to  the collection, use and/or disclosure your Personal Data in a timely manner.

 

Details of your rights are determined as below:

  • Right to withdraw consent: In cases where the Bank collects, uses, and/or discloses your Personal Data relied on your consent, you have the right to withdraw such consent provided to the Bank to collect, use, and/or disclose your Personal Data at any time. The Bank may continue to collect, use, and/or disclose your Personal Data when  the Bank has other lawful bases for doing so.

 

You have the right to adjust your consent provided to the Bank at any time through the channels specified in this Privacy Notice and/or other Privacy Notice of the Bank which are notified to you, unless there are limitations on legal rights and/or, a contract which results in benefits to the data subject. The change to your consent will be processed within 30 days from the date the Bank receives the notification of the change to the consent through the channels determined by the Bank.

 

In the event that you withdraw your consent provided to the Bank for the purpose of offering products and/or financial services by other service providers authorized by the Bank, it will no longer disclose your Personal Data to those service providers.

 

  • Right to access to Personal Data: You have the right to access and request a copy of your Personal Data from the Bank.
  • Right to rectification of Personal Data: You have the right to request rectification of your Personal Data to be accurate, up-to-date and complete. Please refer to Section 8 (How to keep your Personal Data up-to-date).
  • Right to erasure of  Personal Data: You have the right to request the Bank to delete, destroy or anonymize your Personal Data when there is no reasonable ground for the Bank to collect, use, and/or disclose your Personal Data. You can exercise your right to request the Bank to delete this Personal Data, along with your right to object to the use of personal data, in other paragraph. However, this right does not entitle you to request the deletion of all Personal Data. The Bank will carefully consider each request in accordance with any legal requirements regarding the collection, use, and/or disclosure of your Personal Data.
  • Right to suspension of using Personal Data : You have the right to request the Bank to temporarily stop collecting, using, and/or disclosing your Personal Data, such as when you request correction of your Personal Data or when you request the Bank to justify the reason or lawful  basis for collecting, using, and/or disclosing  your Personal Data.
  • Right to portability of Personal Data: In some cases, you may request a generally available electronic copy of your Personal Data. This right applies only to Personal Data that you have submitted to the Bank, and when the collection, use, and/or disclosure of such data relies on  your consent, or in case where such Personal Data needs to be collected, used, and/or disclosed for the performance of obligations under a contract.
  • Right to object to the use of Personal Data: You have the right to object to the collection, use, and/or disclosure of your Personal Data under legitimate interests of the Bank and/or other persons or juristic persons. In addition, you have the right to object to the collection, use, and/or disclosure of your Personal Data if the Bank has done so for the purposes of direct marketingand historical documents or archives for public benefit or related to research studies or statistics.
  • Right to lodge a complaint: You can contact the Bank to complain about how it collects, uses, and/or discloses your Personal Data at bank branches or CIMB Thai Care Center, Tel. 0 2626 7777, and the Bank will consider your request as soon as possible. However, lodging  a complaint to  the Bank does not affect your right to complain to a governmental officer or the Personal Data Protection Commission.

In this regard, you have the right to be informed of details in relation to the processing of Personal Data from the Bank. Such details are as per this Privacy Notice.

 

Additionally, you can file a complaint with the relevant governmental agencies, including the Personal Data Protection Commission, in case where you consider that the Bank, its employees or service providers violate or do not comply with the Personal Data Protection Law or other announcements issued by virtue of Personal Data Protection Law.

 

You may exercise any of your rights under the Personal Data Protection Law at any time by contacting the Bank through the channels specified in Section 12 (Bank Contact Channels) below. The Bank may charge a reasonable additional fee if your requests have no ground, are redundant, or excessive, or it may refuse to exercise your request in those situations.

 

You can exercise your rights above according to the Personal Data Protection Law  through the following channels:

Rights under Personal Data Protection Law 

Bank applications​

Bank branches

Head office

CIMB THAI Care Center

dpo@cimbthai.com

Right to withdraw consent

Other rights

 

The Bank may need to request certain information from you in order to verify your identity and certify your right to access Personal Data (or to exercise any other rights) as a security  measure to ensure your Personal Data will not be disclosed to those who do not have the right to access such Personal Data. The Bank may contact you for additional information regarding your request to expedite its response.

 

The Bank will make every effort to respond to all lawful requests within 30 days. In some cases, it may take more than 30 days if your request is complex, or if you submit multiple requests. In such case, the Bank will keep you abreast of your request status.

 

10.      Security measures for your Personal Data

The Bank, as the data controller, attaches great importance to the security of your Personal Data. The Bank will examine and regularly implement up-to-date physical, technical, and administrative security protection measures of the organization when collecting, using, and/or disclosing your Personal Data. The Bank has established a policy and internal control measures to ensure that your Personal Data will not be lost, or accidentally destroyed, misused, disclosed, and accessed by unauthorized person to perform their duties. The Bank’s employees have received training to handle Personal Data securely. If they do not comply with the measures after being trained, they will face disciplinary action. In addition, the Bank requires personnel, service providers, and recipients of information from the Bank to maintain the confidentiality of Personal Data as their duty in accordance with the confidentiality measures established by the Bank.

 

11.   Recommendations for taking care of your Personal Data

You can ensure that your Personal Data collected, used, and/or disclosed  by the Bank under this privacy notice is accurate, complete, up-to-date and not misleading. You can regularly recheck the Personal Data you provided to the Bank, whether by yourself or on your behalf, to ensure its accuracy and currency, and notify the Bank as soon as possible if such Personal Data has changed or is not updated.

When you enter into a contract with the Bank, you are contractually obliged to provide Personal Data to the Bank in order to exercise your legal rights. Failure to comply with these obligations may result in the loss of your legal rights.

 

You are required to submit Personal Data that is correct, complete, up-to-date and does not cause misunderstandings such as contact information and payment information to the Bank. This ensures that the Bank can enter into a contract with you. If you do not submit such Personal Data, it may prevent the Bank from exercising rights and efficiently fulfilling the obligations under the contract.

 

12.   Bank Contact Channels

If you have any questions about the protection of your Personal Data or wish to exercise your rights under the Personal Data Protection Law, please contact the Bank through the following channels:

  • Customer service officers at all the Bank branches.
  • CIMB THAI Care Center Tel. 0 2626 7777
  • Personal Data Protection Officer e-mail: dpo@cimbthai.com
  • Head office of CIMB Thai Bank Public Company Limited, No. 44, Lang Suan Road, Lumpini Sub-district, Pathumwan District, Bangkok 10330
  • CIMB THAI Digital Banking Application ( for the right to withdraw consent only)
  • Any other channels as specified by the Bank. The Bank will notify you when asking  for your consent.
  •  

13.   Amendments to the Privacy Notice

The Bank will review this Privacy Notice regularly. Therefore, this Privacy Notice may be revised and updated from time to time. For the latest changes, please refer to the date on the top of this Privacy Notice.

Our Personal Data Protection Privacy Notice

Privacy Notice for candidates and operator

Privacy notice for vendors

Personal Data Protection Principles

You are about to leave CIMB THAI official website

Our privacy policy will cease to apply, please refer to the privacy policy of the website you are about to access.

 

Do you wish to proceed?

Yes, please proceed