SG Capital Public Company Limited (the “Company”) Values and Recognizes the Importance of Your Personal Data. The Company is deeply committed to safeguarding and protecting your personal data. The Company will implement necessary security measures to protect, manage, and handle your personal data effectively, in compliance with the Company’s Privacy Policy (the “Policy”) and the Personal Data Protection Act B.E. 2562 (the “PDPA”).

This policy specifies the Company’s practices related to your personal data, including collection, processing, disclosure, and transfer of personal data obtained through various channels such as the website, applications, social media, and other platforms designed to allow you to access and utilize the Company’s services and/or ours partners. This includes details on how, when, and why the Company processes your personal data, specifying what personal data is involved and at which stages it is processed. Additionally, this policy explains the duration of data retention, measures for confidentiality, and security protocols for protecting your personal data collected by the Company. Furthermore, it outlines your rights regarding your personal data, which are protected under the Personal Data Protection Act B.E. 2562, along with any applicable regulations, rules, or other relevant laws (as amended or replaced from time to time) concerning personal data protection.

The Company kindly requests your cooperation in thoroughly reading this policy to understand the details of the Company’s practices and your rights regarding the collection, use, and disclosure of your personal data. Should you have any further questions about this policy or wish to exercise your rights concerning the personal data collected by the Company, you may contact the Company using the information provided under the “Contact Us” section of this policy.

1. Personal Data Collected by the Company
1.1

Definition of Personal Data Your personal data refers to any information related to or capable of identifying you, whether directly or indirectly. Identification may be possible through such information alone or in combination with other information the Company possesses or can access from other sources. However, personal data does not include information related to deceased individuals.

General Personal Data

The Company may collect and process the following categories of general personal data:

  • Personal Information: Such as name, surname, nickname, gender, age, nationality, date of birth, marital status, address, occupation, job title, workplace, postal code, email address, phone number, national identification number, voice recordings, and photographs.
  • Financial Information: Such as credit card numbers, bank account numbers, and monthly income.
  • Asset Identification Information: Such as vehicle registration numbers.
  • Interests Information: Including preferred products and services, hobbies, activities, frequently used social networks, sports, travel preferences, and other interests.
  • Decision-Making Data: Such as reasons for purchasing or not purchasing products or services, budget, objectives, other products used for comparison, opinions on products and services, and data on browsing products and services.
  • Location Data: Information about your geographical location while using the website via GPS. You may disable GPS on your mobile device if you wish to hide this information.
  • Website Browsing Behavior: The Company may use cookies to collect data, such as IP address, type of web browser used, visited web pages, time of visit, and referring websites.
  • Application Usage Data: Including logs of your activities on the Company’s applications.
  • Other Information: Any additional information you have provided to the Company.

Sensitive Personal Data

The Company may also collect and process the following categories of sensitive personal data, subject to strict safeguards as required by law:

  • Race: As may appear in copies of passports from certain countries.
  • Religion: As may appear in copies of national identification cards.
  • Criminal Records: Information related to past criminal activities or convictions.
  • Health or Physical Disabilities: Information regarding medical conditions or physical impairments.
  • Biometric Data: If applicable, such as fingerprints or facial recognition data.
1.2

Methods of Personal Data Collection

The Company collects your personal data directly from you when you engage with the Company, use our services, enter into agreements, submit application forms, contact the Company via telephone or mail, or access our website, applications, or social media platforms. These platforms include, but are not limited to, Facebook, Instagram, Twitter, TikTok, and Line. The Company also collects data related to transactions you conduct with the Company or through our agents. Additionally, the Company automatically collects your information when you visit our website, view our advertisements, or use our products or services.

Additionally, the Company may collect your personal data indirectly through various publicly available sources and/or from third parties, such as:

  • Service providers and the Company’s business partners.
  • The Company’s group entities.
  • Your employer.
  • Third parties who have informed you at the time of collection that your data will be disclosed or transferred to the Company.
  • Government agencies, legal entities, regulatory bodies, or law enforcement authorities.
  • Any individuals authorized or designated by you to interact or conduct transactions with the Company.
1.3

In cases where you disclose or share another individual's personal data with the Company, you agree to undertake the following actions:

  1. Inform the individual that their personal data is being disclosed to the Company.
  2. Obtain consent from the individual for providing their personal data.
  3. Direct the individual to this Privacy Policy.
  4. Ensure the individual is informed about the details and content of this Privacy Policy.
1.4

Consequences of Refusal to Provide Personal Data or Consent

In cases where you fail to provide, are unable to provide, or refuse to provide your personal data or consent to the Company for the collection, use, or disclosure of necessary personal data required for the Company to perform actions related to providing services and/or products to you, the Company may be unable to contact you, enter into agreements with you, provide services and/or products to you, or fulfill obligations under any agreements made with you.

2. Reasons and Methods for Collecting, Processing, and Disclosing Your Personal Data

The Company will collect and process your personal data solely for the specified purposes and only to the extent necessary. These actions will be carried out in compliance with applicable laws and based on lawful grounds, corresponding to the purposes and types of personal data as follows:

2.1

Legal Obligation Basis

The Company collects and processes your personal data as necessary to fulfill legal obligations, including the following:

  1. Compliance with the Personal Data Protection Act
    Adhering to the requirements under the Personal Data Protection Act.
  2. Compliance with Various Laws
    Following applicable laws such as credit business laws, debt collection laws, labor laws, tax laws, accounting laws, anti-money laundering and combating the financing of terrorism laws, laws against the proliferation of weapons of mass destruction, and other laws applicable to the Company both in Thailand and internationally.
  3. Compliance with Legal and Regulatory Requirements
    Acting in accordance with laws, regulations, and/or orders from competent authorities that the Company must comply with, such as court orders or directives from government agencies, regulatory bodies, or authorized officials.
  4. Legal and Regulatory Actions
    Performing activities to prevent, investigate, and resolve issues, as well as responding to requests from government officials regarding the Company's business, products, and/or services. This includes evaluating compliance with applicable laws.
2.2

Vital Interests Basis

The Company collects and processes your personal data as necessary to fulfill a contract to which you are a party or to take steps at your request before entering into a contract. This includes the following scenarios:

2.3

Contractual Basis

The Company collects and processes your personal data as necessary to fulfill a contract to which you are a party or to take steps at your request before entering into a contract. This includes the following scenarios:

  1. Contract Execution: Facilitating the execution of agreements between you and the Company.
  2. Provision of Products and Services: Delivering products and services to you.
  3. Evaluation and Approval: Assessing, verifying, analyzing, approving, and reviewing loan applications, loan renewals, or any other requests related to the Company’s products and/or services.
  4. Risk Management: Managing and mitigating risks associated with contracts between you and the Company.
  5. Payment Processing: Facilitating payments and maintaining accounting records related to your contract with the Company.
  6. Debt Management: Determining outstanding debts owed by you or amounts to be refunded to you.
  7. Debt Collection: Collecting payments or pursuing debts from you or individuals who have provided guarantees or assurances for your obligations.
  8. Exercising Rights: Exercising any rights the Company may have concerning the products and/or services provided to you.
  9. Sharing with Representatives: Disclosing personal data to the Company’s agents and distributors for the purpose of delivering products and services to you.
  10. Recruitment and Selection: Handling recruitment and selection processes for job or internship applications before entering into employment or internship contracts.
2.4

Legitimate Interests Basis

The Company collects and processes your personal data under the legitimate interests basis, either for the Company’s own interests or those of third parties, provided that such interests do not override your fundamental rights and freedoms. After considering your interests, rights, and freedoms, the Company may collect and process your personal data in the following scenarios:

  1. Protection of Rights and Property: Safeguarding the rights, property, safety, or operations of the Company or group entities, including actions to remedy or mitigate damages that the Company may incur.
  2. Legal Claims and Processes: Establishing, complying with, exercising, or defending legal claims or conducting legal proceedings involving your general personal data.
  3. Business Communication: Communicating with you for business purposes related to requests, inquiries, and/or transactions with the Company.
  4. Do-Not-Contact List Management: Creating, maintaining, and recording lists of individuals who do not wish to receive communications or marketing offers (e.g., Do-Not-Contact List or Suppression List).
  5. Data Collection for Corporate Operations: Collecting and processing personal data of directors, authorized persons, or representatives of the Company’s customers and/or business partners.
2.5

Legal Claims Basis

The Company may collect and process your general personal data and sensitive personal data for the purposes of establishing, exercising, or defending legal claims or for legal proceedings that are currently underway or may occur in the future, under this legal claims basis.

2.6

Consent Basis

In addition to the aforementioned legal grounds, the Company may process your personal data based on your consent. Consent will be requested in cases where the Company lacks other legal grounds to collect and process your personal data, particularly when dealing with sensitive personal data. The Company may seek your consent or the consent of relevant individuals for the following purposes:

  1. Product and Service Offers: To offer the Company’s products and services, communicate information, and notify you about product and service-related benefits, promotions, and news through various communication channels of the Company or designated representatives.
  2. Marketing and Promotion Plans: To develop marketing strategies and promotional campaigns.
  3. Data Sharing with Affiliates and Partners: To disclose your personal data to Singer Group, J Mart Group, and/or business partners for the purpose of marketing, offering products and services, notifying benefits, publicizing special offers, marketing information, and promotional content related to the products of these groups.
  4. Data Analysis and Research: To analyze data, conduct research, and gather feedback for the purpose of developing and enhancing products, services, and systems, enabling the Company to provide higher standards of service and additional benefits for you.
  5. Processing of Spouse and Reference Data: To collect and process personal data of your spouse and references.

If consent is required, the Company will provide clear information regarding the type of personal data to be collected or processed and the purposes for which it will be used, enabling you to make an informed decision about granting consent.

If you choose not to provide consent, the Company may be unable to proceed with agreed transactions, deliver products, or provide services to you.

3. Notification of Personal Data Collection and Processing

The Company will always inform you of the purposes for collecting and processing your personal data, either before or at the time of data collection. However, there are certain circumstances where the Company may not be required to notify you, as follows:

  1. Pre-existing Knowledge: When you are already aware of the purposes or details of the data collection and processing.
  2. Impractical Notification: When notifying you of new purposes or details of the Company’s data collection and processing is not feasible or would obstruct the use or disclosure of your personal data. In such cases, the Company will implement appropriate measures to protect your rights, freedoms, and interests.
  3. Urgent Situations: When the collection or processing of your personal data is required urgently by law, and the Company has taken appropriate measures to protect your interests.
  4. Professional Context: When the Company obtains your personal data as part of professional or official duties and processes the data solely for such purposes, maintaining confidentiality in accordance with legal requirements.
4. Disclosure of Personal Data

The Company will not disclose your personal data unless it is necessary to assist you upon request or to facilitate transactions or services related to those specified above. The Company may disclose your personal data to the following parties:

  1. Affiliated Companies: Singer Thailand Public Company Limited, SG Broker Co., Ltd., SG Service Plus Co., Ltd., Jay Mart Group Holdings Public Co., Ltd., Jay Mart Mobile Co., Ltd., JMT Network Services Public Co., Ltd., Jay Mart Insurance Public Co., Ltd., J Asset Management Co., Ltd., JK Asset Management Co., Ltd., JAS Asset Public Co., Ltd., J Ventures Co., Ltd., Beans and Brown Co., Ltd., J Elite Co., Ltd., and JGS Synergy Power Co., Ltd.
  2. Employees: Employees of the Company and the group companies mentioned above.
  3. Consultants and Professionals: Consultants, including lawyers, technicians, and auditors who assist with the Company’s business operations or legal proceedings.
  4. Business Partners and Service Providers: Legal entities or individuals contracted by the Company or group companies, or those acting on their behalf.
  5. IT Service Providers: Providers managing the Company’s website or other IT systems that store or process your personal data on behalf of the Company, under confidentiality and security requirements prescribed by law.
  6. Authorized Representatives: Individuals authorized to offer the Company’s products and services, including agents and subcontractors.
  7. Third-Party Contractors: Other individuals or contractors involved in the Company’s products and services, marketing activities, information dissemination, or quality improvement efforts, such as payment processing, debt collection, data documentation, IT systems, and document delivery.
  8. Business Acquirers: Individuals or entities acquiring the Company’s business or assets, in whole or in part, during corporate restructuring, mergers, business transfers, sales, purchases, joint ventures, or similar transactions involving the Company’s business or assets.
  9. Legal and Regulatory Bodies: Legal authorities, regulatory agencies, law enforcement entities, litigation parties, or other third parties as required to comply with legal or regulatory obligations, protect the Company’s rights or the rights and safety of others, or address security concerns as mandated by law.
5. Transfer of Personal Data

The Company may transfer your personal data to affiliates or third parties outside Thailand for the purposes specified in this document. The Company will only transfer your personal data to countries recognized by the Thai Personal Data Protection Committee as having adequate data protection laws. In cases where it is necessary to transfer your personal data to countries with insufficient data protection standards, the Company will implement appropriate safeguards to protect your interests or transfer the data under one of the exceptions provided under the Personal Data Protection Act, as follows:

  1. Legal Compliance: When the transfer is necessary to comply with legal requirements.
  2. Informed Consent: When you are informed of the risks due to inadequate data protection and have explicitly consented to the transfer.
  3. Contractual Fulfillment: When the transfer is necessary for the performance of a contract with you or for pre-contractual measures at your request.
  4. Third-Party Contracts for Your Benefit: When the transfer is necessary for the conclusion or performance of a contract between the Company and another individual or entity for your benefit.
  5. Protection from Harm: When the transfer is necessary to protect you or another individual from a life-threatening danger, in cases where you are unable to provide consent.
  6. Public Interest: When the transfer is necessary for significant reasons of public interest.
6. Rights of Data Subjects

You have the following rights under the Personal Data Protection Act concerning your personal data:

6.1

Right of Access

You have the right to access and request a copy of your personal data under the Company’s responsibility. The Company may deny your request if doing so complies with legal obligations, court orders, or if fulfilling the request would seriously affect the rights and freedoms of others.

6.2

Right to Rectification

You have the right to request corrections to your personal data if it is inaccurate, incomplete, or outdated, ensuring it is up-to-date and complete to avoid misunderstandings.

6.3

Right to Erasure

You have the right to request the deletion or destruction of your personal data, or to have your data anonymized, except where the Company has legal grounds to refuse your request.

6.4

Right to Restrict Processing

You may request the Company to restrict the processing of your personal data in specific cases, such as during the investigation of your rectification request, objections to data collection, or if deletion is not feasible and you prefer restriction over deletion.

6.5

Right to Object

You have the right to object to the collection, use, or disclosure of your personal data when it is processed under the basis of legitimate interests, direct marketing, or scientific, historical, or statistical research. The Company may reject your request if it has overriding legitimate grounds, such as compliance with the law or public interest.

6.6

Right to Data Portability

You have the right to obtain your personal data in a commonly used, machine-readable format, and to request the transfer of your data to another party. The Company may deny your request if it is technically infeasible or if the Company has lawful grounds to refuse.

6.7

Right to Withdraw Consent

You may withdraw your consent for data processing at any time, following the procedure specified by the Company. However, withdrawal of consent may affect the Company’s ability to provide services fully. The Company may retain your data for audit purposes or legal compliance but will no longer use it for other purposes.

6.8

Right to Lodge a Complaint

You have the right to lodge a complaint with the Personal Data Protection Committee or the office if the Company fails to comply with the Personal Data Protection Act. Before filing a complaint, you are encouraged to contact the Company directly to resolve the matter.

You may submit a request to exercise your rights via the Company’s customer service center or the Data Protection Officer using the contact details in the “Contact Us” section of this policy. The Company may require identity verification or additional information to process your request and will notify you of the outcome within 30 days of receiving your request.

If you submit more than three consecutive requests within 15 business days or if your request is unreasonable or unfounded, the Company reserves the right to take appropriate action, deny the request, or charge a reasonable fee.

The Company reserves the right to refuse your request on legal grounds and will provide a reasonable explanation for the denial.

7. Retention Period for Personal Data

The Company does not retain your personal data for longer than necessary, considering the purposes of data collection and legal requirements. When the Company, and roup companies, and/or related third parties determine that your personal data is no longer necessary for collection, use, or disclosure, it will permanently anonymize, delete, destroy, or otherwise remove your data from the company’s database. This applies in the following cases:

  1. Data is No Longer Needed: The Company no longer needs to retain your personal data for the purposes for which it was collected. In many cases, this period may extend up to 10 years after the termination of the relationship between you and the Company.
  2. Inaccurate Data: The Company deems the retained personal data inaccurate.
  3. Withdrawal of Consent: You have informed the Company that you no longer consent to the processing of your personal data.

Extended Retention Periods

In certain cases, the Company may need to retain your personal data for a longer period:

  1. Legal Requirements: When legal or regulatory obligations require the Company to retain your personal data for the duration specified by law.
  2. Legal Disputes: When the Company needs to retain personal data in connection with liabilities or legal disputes. In such cases, the data will be retained for as long as necessary to address the issues.
8. Data Security Measures

The Company implements various measures to ensure the security of your personal data as follows:

8.1

SSL Technology and System Security

The Company employs Secure Socket Layer (SSL) technology to protect data transmitted over the internet. SSL encrypts data and establishes a secure firewall, preventing unauthorized interception of data during transmission. Intercepted data becomes incomprehensible to unauthorized parties. SSL also validates the authenticity of websites. The Company regularly updates and tests technology systems to ensure maximum data security and reliability. The Company reserves the right to upgrade security tools as deemed necessary to enhance data protection.

8.2

Third-Party Agreements

The Company ensures that third parties engaged in system development, maintenance, or resource management on behalf of the Company uphold the same level of data security.

8.3

Compliance with Standards

The Company adheres to widely recognized business standards and practices for storing and protecting personal data, as required by law. It implements appropriate technical and organizational measures to prevent unauthorized loss, access, processing, alteration, disclosure, or deletion of personal data.

8.4

Employee and Third-Party Compliance

Personnel of the Company, affiliates, and third parties processing personal data are required to comply with appropriate privacy standards, including obligations to prevent data leaks and implement suitable security measures.

8.5

Regular Security Audits

The Company reviews storage practices and security measures as necessary, especially when technology evolves, to ensure effective personal data security. Once personal data is received, the Company enforces stringent security measures to prevent unauthorized access.

8.6

Continuous Security Enhancements

The Company continuously improves the security procedures and measures to maintain appropriate levels of personal data security based on varying risks. This includes safeguarding the confidentiality, integrity, and availability of data to prevent unauthorized loss, collection, use, alteration, or disclosure of personal data. These measures apply to all forms of data processing, whether electronic or physical.

8.7

Handling Excessive Requests

In cases of repeated or unreasonable requests (e.g., more than three within 15 business days, or baseless requests), the Company reserves the right to fulfill, deny, or charge reasonable fees for processing the requests.

9. Cookies and Logs

The Company may use cookies and logs to enhance services provided through the website or applications.

9.1

Cookies

Cookies are data sent from the Company’s website to a visitor’s computer while browsing the site. Cookies enable the Company’s website to recognize you and remember your preferences or frequently accessed items. This allows the Company to customize the website to meet your needs. Cookies collect anonymous, non-identifiable personal preferences, meaning they do not include names, addresses, or any other information that allows others to contact you via phone, email, or other methods. Additionally, cookies do not store any of the customer’s personal data. You can disable cookies by adjusting your web browser settings. However, disabling cookies may affect your experience when using the Company’s website or online services. For example, it may hinder your ability to conduct transactions via the Company’s website, and the Company may need to request additional information from you.

9.2

Logs

Logs are data generated from the use of applications. They may include information such as source, origin, destination, routes, time, date, volume, duration, type of service, or other details related to the application usage.น

10. Marketing and Promotional Activities

If the Company sends you marketing and promotional information, including details about products, services, or activities of interest, and you have agreed to receive such communications, you retain the right to opt-out at any time.

To cancel your subscription or cease receiving such information, you can do so by contacting the Company through the methods outlined under the “Contact Us” section of this policy.

11. Exceptions to Personal Data Protection

The following cases are not considered violations of the Company’s personal data protection policy:

  1. Publicly Disclosed Data: When personal data has already been made public before or at the time you disclosed it to the Company, or if the disclosure to the public was not caused by the Company’s fault.
  2. Consent-Based Disclosure: When the disclosure of personal data is based on your consent, whether provided in writing or through other forms of authorization.
  3. Legally Required Disclosure: When the disclosure of personal data is necessary to comply with laws, regulations, court orders, government directives, or other legal necessities.
12. Updates to the Privacy Policy

The Company may amend or update this privacy policy, in whole or in part, to reflect changes in personal data practices related to the company’s products and services or to comply with applicable laws and regulations. Any updates to this policy will be announced via the Company’s website.

13. Contact Information

If you have any questions about this policy, wish to file a complaint, or intend to exercise your rights, you can contact the Company through the following channels:

  1. Customer Service Center Phone: 02-028-2828
  2. Data Protection Officer
    Address: 20th Floor, Telecommunication Tower, 72 Charoenkrung Road, Bang Rak Subdistrict, Bang Rak District, Bangkok 10500
    Email: SgcDPO@sgcapital.co.th
  3. Personal Data Rights Portal: Website Link https://sg-prod-web.singerthai.co.th:28909/SingerConsent