Privacy Policy

Created by Support WaanX, Modified on Tue, 26 Mar at 3:46 PM by Support WaanX

 Privacy Policy


    The company recognizes the importance of collecting, using, and/or disclosing ("processing") your personal information when accessing or using our services. Therefore, we have established this privacy policy to inform you of the purposes and details of how we collect, use, and disclose your personal information. The company will take strict measures to ensure security and prevent unauthorized use of your information. Visitors can browse the company's website for information about digital assets, other services, check service rates, and retrieve relevant company information without providing any personal information unless they wish to register for our services.

Purpose of Data Collection

    Information related to customers or any individuals will only be used for lawful purposes in conducting the company's operations. Customer data will not be processed unless the company has communicated its intended purpose. The company will only collect as much personal data as necessary, either directly from you when registering on our website or from other reliable sources, in a lawful and appropriate manner.

    The company will only collect, use, and/or disclose your personal information as necessary under the company's lawful purposes. This includes collecting, using, and/or disclosing personal information for contract performance where you are a party, complying with legal obligations, for legitimate interests, based on your consent, and/or other legal bases. The purposes of collecting, using, and/or disclosing personal information according to this policy are as follows:

Purposes Relying on Consent

    In the event that you have provided your consent to our company for the collection, use, and/or disclosure of your personal information, we will process your personal data for the following purposes:

1. Collection, use, and/or disclosure of sensitive personal data that the company cannot rely on other legal bases, other than explicitly seeking consent. The purposes include:

    (1)    Information related to religion and ethnicity (Such information is derived from copies of identification cards or copies of passports from certain countries that the company must use solely for verification and identity confirmation purposes).

    (2)    Biometric data for signature verification, personal identification, and the company's electronic Know Your Customer (e-KYC) services.

2. Marketing activities, product offers, and/or service promotions, exclusive rights to participate in events organized by the company or its business partners, including receiving news, useful suggestions, and suitable promotions. It also involves the use of data for analysis, research, and/or statistical compilation, as well as the development and enhancement of the company's products and/or services. If you do not provide consent in this regard, you might miss out on news updates and benefits you could have otherwise received.

For purposes based on legal grounds other than consent

The company will collect, use, and/or disclose your personal data according to legal provisions necessary for the company's lawful objectives. This could be for contract execution where you are a party, meeting legal obligations, deriving lawful benefits, and/or actions under alternative legal bases. The data processing purposes might include: 

    •    Verifying information/document accuracy, identity authentication, such as through the "Know-Your-Customer" (KYC) and customer due diligence (CDD) processes, cross-referencing the Sanction List mandated by law enforcement or public organizations, checking for property confiscation or bankruptcy, and assessing customer risk.

    •    Offering advice, recommendations, and/or related product and/or service information, as well as customer engagement for convenient service and/or product application.

    •    Executing orders to fulfill the customer's transactional objectives, such as depositing, withdrawing, transferring, exchanging assets, verifying, confirming, and updating transaction records.

    •    Addressing complaints, resolving issues, and processing to customer requests.

    •    Conducting marketing initiatives not requiring your legal consent, such as showcasing products /services and/or highlighting special privileges, relaying your entitlements, engaging when service registration has not yet been completed, assisting in the registration of similar services, evaluating customer groups for event invitations, or tailoring sales promotions.

    •    The company's other activities such as analysis, research, market research, compiling statistical data, financial data analysis, and/or preparing reports for internal use. This also includes management, risk management, internal company audits, upholding lawful interests, establishing customer databases, and storing data in systems or databases. It also covers any other objectives that the company can lawfully undertake.

Personal Data to be Collected 

The company collects your personal data directly from you or from other sources as specified by law to align with the company's legal basis mentioned earlier. The personal data that the company collects may include: 

    •    General personal information, such as name-surname, address, contact channels, date of birth, nationality, country of residence, KYC and CDD details, shareholding proportions, and/or data from documents or other information to verify occupation, income, or business operations. Financial data and transactions, such as transaction history including purchases, sales, exchanges, transfers, asset account numbers, asset quantities, deposit amounts, and transaction channels, etc.

    •    Technical information or tools, like computer identification numbers (such as IP or MAC addresses), device identification codes (Device ID), logs, and other technical data from platform and operating system usage, etc.

    •    Other information, for example, records of communication or interactions between you and the company, complaints, or requests for various rights submitted by customers to the company.

Data Disclosure

    The company will not allow the disclosure of any information, except to employees who have been granted permission, or to other individuals who have been authorized by the customer to access the data for performing tasks as prescribed by law. The company also prevents unauthorized use of customer information. However, the company may disclose your information based on its legal foundation to individuals or entities as follows:

    •    Partners, company representatives, subcontractors, or external service providers to conduct business on behalf of the company or to support the provision of the company’s products and/or services as specified by law. This includes legal enforcement agencies, regulatory bodies overseeing the company, and consultants/experts such as auditors and external inspectors.

    •    Other authorized individuals involved in maintaining, repairing, modifying, or upgrading the company's transaction systems. The company ensures confidentiality agreements are in place, binding them to the applicable laws.

    •    With your consent, the company may disclose information to any individual or entity to achieve the objectives that have been communicated to you.

    •    Other third parties, such as individuals with whom you have a contractual or transactional relationship, users of the company's e-KYC services, etc.

Use of Cookies and/or Similar Technologies

    The company may collect and use cookies and/or other similar technologies when you access and use the company's website and/or applications, including conducting transactions, using products, and/or services of the company through digital channels and the internet network. To learn more about the collection and use of cookies or other similar technologies, you can refer to the company's "Cookies Policy" at

Data Retention

The company will collect and store personal data for a period that can be reasonably expected based on standard data collection practices. Personal data is retained either for the period mandated by law, throughout the duration required by a contract, or any other legally justified basis. Once the retention period for the personal data expires, the company will immediately delete or destroy said data.

Details on Transferring or Sending Personal Data Abroad

    The company may transfer your personal data to foreign countries at your request or in order to fulfill the company's legitimate objectives. The company will send or transfer personal data to destination countries or international organizations that maintain adequate personal data protection standards. Alternatively, data may be transferred abroad under other conditions as prescribed by law. The company ensures that appropriate measures are in place to safeguard your rights as the data owner, including effective legal remedies.

Your Rights under the Personal Data Protection Act, B.E. 2562 (2019)

    The Personal Data Protection Act, B.E. 2562 (2019) defines various rights of personal data owners. These rights will come into effect once the provisions of the law regarding these rights are enforced. The details of these rights include:

    1)    Right to Access Personal Data: You have the right to access, obtain copies, and request the disclosure of the origins of your personal data stored by the company without your consent. This is unless the company has the right to refuse your request based on legal reasons, court orders, or in cases where exercising your rights may adversely affect the rights and freedoms of others.

    2)    Right to request the correction of personal information to ensure it is accurate, complete, and up-to-date: If you find that your personal information is incorrect, incomplete, or outdated, you have the right to request a correction to make it accurate, current, complete, and to prevent misunderstandings.

    3)    Right to Erase or Destroy Personal Data: You have the right to request the company to erase or destroy your personal data or to make your personal data unidentifiable in the future. This right to erase or destroy personal data is subject to conditions as stipulated by the law.

   4)    Right to request a suspension of the use of personal information: You have the right to request a suspension of the use of your personal information under the following circumstances:

        a)    During the period the company is reviewing your request to correct personal information to ensure it is accurate, complete, and up-to-date.

        b)    When the personal information has been collected, used, or disclosed unlawfully.

        c)    When the retention of the personal data of the data subject is no longer necessary according to the purposes informed by the company during its collection, but the data subject wishes the company to retain that data for the exercise of legal rights.

        d)    During the period the company is verifying the lawful grounds for collecting the personal information or checking the necessity of collecting, using, or disclosing personal information for public benefit, resulting from the data subject's objection to the collection, use, or disclosure of personal data.

    5)    Right to object to the processing of personal information: You have the right to object to the collection, use, or disclosure of your personal information.  

    6)    Right to withdraw consent: In the event that you have given your consent to the company for the collection, use, or disclosure of your personal information, you have the right to withdraw that consent at any time throughout the period your personal information is retained by the company, unless there are legal limitations which necessitate the company to continue holding the data.

    7)    Right to access, transfer, or transmit personal information: You have the right to request your personal data from the company in a format that is generally readable or usable by automated devices, and to use or disclose personal information automatically. You may also request the company to send or transfer such data to another data controller, provided that this right is exercised under the conditions defined by law.

    You, as the owner of personal data, have the above rights subject to conditions and exceptions as set forth by the law. Specifically, in cases where the collection, use, or disclosure of your personal data is carried out to fulfill legal obligations of the company, your rights may in some instances be limited by the law.

    You can submit a request to exercise your rights to the company. The company will consider and respond to your request or deny it, notifying you of the result within 30 days from the day the company receives a complete request document as defined by the company's conditions.

    In cases where the company has an unavoidable necessity that requires more than 30 days to consider your rights request, the company will promptly notify you of the reasons for such delay. If the company decides to deny your rights request, the company will inform you of the denial along with its reasons. Should you have doubts about the denial, you can inquire with the company.

Contact for Inquiries or Exercising Rights

    If you have any questions, suggestions, or concerns about the company's collection, use, and disclosure of personal data, or about this policy, or if you wish to exercise your rights under the personal data protection law, you can contact:

Data Protection Officer

-    Contact: Data Protection Officer

-    Address: 1758/4 Sukhumvit Road, Phra Khanong Tai Sub-district, Phra Khanong District, Bangkok 10260  

-    Contact channels: Email:

Amendments and Changes to the Personal Data Protection Policy

    The company may occasionally modify this privacy policy to align with any changes related to the processing of your personal data and to comply with any updates in the personal data protection laws or other relevant regulations. The company will inform you of any significant modifications by disclosing them on our website or through other appropriate channels, such as sending them to your email address. 

    This personal data protection policy is effective from the date: 2nd January, 2024.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article