Atome Data Protection and Privacy Policy

1.              Introduction

1.1.        The Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other applicable data privacy laws strives to protect personal data of individuals.

1.2.        Atome (Thailand) Company Limited, Atome Fin (Thailand) Company Limited and Atome Holding (Thailand) Company Limited (collectively “Atome” or “we” or “our” or “us”), recognises and undertakes its responsibilities under PDPA and other applicable data privacy laws. We recognize the importance of the Personal Data (defined in Clause 2.3 below) you have entrusted to us and believe that it is our responsibility and commitment to properly manage, protect and process your Personal Data.

1.3.        Please read this Data Protection and Privacy Policy (“policy”) to understand what Personal Data is collected, used, disclosed, transfer or processed by us, and for what purposes it is used for, how we handle, collect, use, disclose, transfer and process Personal Data about you that you give us, or receive through third parties or that is in our possession.

1.4.        By providing your Personal Data to us, you acknowledge and agree that you have fully read and understood this policy, and are consenting to the collection, use, processing, transfer and disclosure of your Personal Data as described in this policy.

1.5.        Without prejudice to any of the foregoing, if you provide the Personal Data of any other third party (including family members and your referees (which may be collected, used, disclosed, transfer or processed by us for the purpose of being your emergency contacts)) to us, you represent, warrant and agree that, subject to applicable laws, you (i) have notified such third party of details under this policy, and such third party has fully read and understood this policy, (ii) have obtained consent from such third party (if required by applicable laws), and (iii) have complied with legal requirements according to applicable laws, to ensure that we can collect, use, disclose and/or transfer Personal Data of such third party according to applicable laws before submitting such Personal Data to us.

2.              Definition of Data Protection Terms

2.1.       Data is recorded information whether stored electronically, on a computer, or in certain paper-based filing systems.

2.2.       Data Controller means a Person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data;

 

2.3.       Personal Data means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular; and

2.4.       Process/ process, Processing/processing is any activity that involves collection and use of the data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, adapting, altering, amending, retrieving, combining, using, disclosing, erasing or destroying it. Processing also includes transferring and disclosure of Personal Data to third parties.

3.              Types of Personal Data We Collect

  1.          We collect information about you when you voluntarily submit your Personal Data directly to us or through us and when you use our website(s),IT portal(s),mobile application(s), forms, surveys, and/or other channels and throughout other interactions, communications and services you have with us.
  2.          Personal Data which we may collect include but are not limited to:

(a)    your Personal Data such as your name, information contained in copy of your national identity card or passport, date of birth, marital status and gender.

(b)    your contact information such as residential or postal addresses, email addresses, telephone, mobile phone and fax numbers;

(c)    your past and present employment information such as organization name, organization type, industry sector, job function and responsibilities, designation, business telephone and fax numbers and business email addresses; 

(d)    your billing and payment information, including name of the credit/debit cardholder, credit/debit card number, security code and expiry date; 

(e)    information about your device (including MAC address, technical specifications and uniquely identifying data);

(f)      geolocation data based on your mobile or other electronic device;

(g)    other information which we may need to collect, depending on the specific Atome contest, event, campaign, form, feature or other service that you use or request;

(h)    data relating to any customer service requests you may raise or complaints you may have in order to resolve them;

(i)      data from public sources, credit information, credit reference, debt collection and fraud prevention agencies, and other data aggregators;

(j)      biometric information such as  picture, reproduction of facial feature etc.

(k)    Any other personal data that you have provided to Atome

 

  1.          Other information collected may include proof of income and financial details, photographs, videos and/or audio recordings collected by us through online (websites, emails, apps, etc.) or offline platforms (events, surveys, phone calls, etc.).
  2.          We may collect and store certain information automatically when you use or visit our website(s), IT portal(s) and/or mobile application(s). Examples include the internet protocol (IP) address used to connect your computer or device to the internet, connection information such as browser type and version, your operating system and platform, a unique reference number linked to the data you enter on our system, login details, the full URL clickstream to, through and from the website(s), IT portal(s), mobile application(s) (including date and time), cookie identifier and your activity on our website(s), IT portal(s), mobile application(s), including the pages you visited, the searches you made and, if relevant, the services you used.
  3.          We may receive information about you from other sources and third parties, when permitted by the consent or  the consent requirement has been exempted under PDPA or other applicable laws including:
  1.     if you use any websites or social media platforms operated by third parties (for example, Facebook, Instagram, Twitter etc.) and, if such functionality is available, you have chosen to link your profile on our website(s), IT portal(s), mobile application(s) with your profile on those other websites or social media platforms.
  2.     our business partners i.e., merchants, e-commerce platform
  3.      Third party KYC platform i.e., e-wallet partners, NDID network
  4.     credit bureau
  5.     telecommunication companies
  6.      when our users/customers provide your detail as emergency contact

4.              Purposes for which the Personal Data is Collected, Used and Disclosed

4.1.        Processing in order to provide the Atome services and/or products (Delivery of services and / or products under the contract you have entered into with Atome)

4.1.1.  For Atome (Thailand) Company Limited, we will/may collect, use, disclose, transfer and/or process your Personal Data for one or more of the following purposes:

a.       To consider and/or process your application to be our customer/user and/or to process your account with us;

b.      To facilitate, process, deal with and/or administer your account with us;

c.       For the supply of any products and/or services (including but not limited to lending services and disbursements of loan) which we may offer to you or that you may request, obtain, or purchase from us;

d.      For any operation in relation to the supply of any products and/or services provided by us and monitoring compliance with terms and conditions for use of any products and/or services provided by us;

e.       To deal with, process and/or administer your use of the online services at any of our website(s), website/IT portal(s)/mobile application(s) and/or through other digital or telecommunication channels;

f.        For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you by us or that you may request from us;

g.       To carry out your instructions, respond to any enquiry or deal with any feedback given by (or purported to be given by) you or on your behalf, including contacting you via phone/voice call, text message and/or fax, email and/or postal mail regarding your instructions, enquiries and/or feedback;

h.      dealing with, processing and/or administering marketing campaigns conducted by us or on our behalf if you have provided your marketing consent to participate in;

i.         To contact you or communicate with you via various modes of communication such as phone/voice call, text message, forms, email and/or postal mail for the purposes of administering, dealing with and/or managing your account with us. You acknowledge and agree that such communication by us could be by way of the mailing of correspondence, documents or notices to you, which could involve disclosure of certain Personal Data about you to bring about delivery of the same as well as on the external cover of envelopes/mail packages. We may reach out to the alternate contact details provided by you in case we are unable to contact you;

j.         To carry out due diligence or other screening activities (including security and background checks) in accordance with legal or regulatory obligations or our risk management procedures that may be required by law or that may have been put in place by us;

k.       To prevent or investigate any fraud, unlawful activity or omission or misconduct, whether or not there is any suspicion of the aforementioned; dealing with and/or investigating complaints;

l.         To facilitate and/or deal with payment for products and/or services provided by us or our subsidiaries, and/or a third party on our behalf including debt collection payment, verification of credit card details with third parties and additionally, using the Personal Data you provide to conduct matching procedures against databases of known fraudulent transactions (maintained by us or third parties);

m.    To deal with, handle and/or conduct disciplinary, security and quality assurance processes, matters and/or arrangements;

n.      To perform internal administrative, operational and technology tasks to facilitate, administer or manage your account with us;

o.      To produce statistics and research for internal and/or statutory reporting and/or record-keeping requirements and performing our policy/process reviews;

p.      To help us improve our services to you; and/or

q.      To store, host, back up (whether for disaster recovery or otherwise) of your Personal Data, whether within or outside Thailand or Singapore.

4.1.2.  For Atome Fin (Thailand) Company Limited, we will/may collect, use, disclose, transfer and/or process your Personal Data for one or more of the purposes as set out in Clause 4.1.1

4.1.3.  For Atome Holding (Thailand) Company Limited, we will/may collect, use, disclose, transfer and/or process your Personal Data for one or more of the purposes as set out in Clause 4.1.1

 

4.2.        Product improvement and research

4.2.1. To conduct research, analysis and development activities (including but not limited to data analytics, surveys, focus groups and/or profiling, customer behaviour) to improve our services and facilities for your benefit.

4.2.2. Perform data analysis for product improvement and product testing (for example to improve risk and fraud models).

4.2.3. Enable internal research and creation of statistical models

4.2.4. For Joint Modelling to enhance product recommendations and personalizing your experience, developing new and innovative features and services and conducting research and analysis to better understand customer preferences.

4.3.        Compliance and to protect Atome from legal claims

4.3.1. To comply with or as required by any applicable law, governmental or regulatory requirements of any jurisdiction applicable to us or our affiliates/associated companies, including meeting the requirements to make disclosure under the requirements of any law binding on us or our affiliates/associated companies, and/or for the purposes of any guidelines issued by regulatory or other authorities (whether of Thailand, Singapore or elsewhere), with which we or our affiliates/associated companies are expected to comply;

4.3.2. To comply with or as required by any request or direction of any governmental authority; or respond to requests for information from hospitals, embassies, public agencies, ministries, statutory boards or other similar authorities;

4.4.        To provide marketing

4.4.1. For marketing purpose with your consent where we send you news, information, materials and/or updates about events, marketing campaigns, sale promotion, products and/or services that we and/or our business partners provide, or on our behalf. In this regard, we will be doing so by way of postal mail and/or electronic transmission and/or text messages to your address, email address(es) and/or the phone number(s) you provide. You may unsubscribe from this service in the manner set out in Clause 4.10 below.  If you refuse to give consent for marketing purpose, this will not impact on consideration of entering into agreement with you and/or offering any products and/or services to you

4.4.2. To deal with, process and/or administer marketing campaigns conducted by us or on our behalf which you have consented to participate in.  If you refuse to give consent for this purpose, this will not impact on consideration of entering into agreement with you and/or offering any products and/or services to you;

4.5.        Subject to applicable laws, you may be required to provide your Personal Data in order to comply with a law or contract or for the purpose of entering into a contract with us. Please be informed that if you do not provide your Personal Data for such purposes, decision-making and/or action by Atome may be prevented or delayed, and we may not be able to establish or maintain a relationship, contractual or otherwise, with you. 

4.6.        Whom do we share your Personal data with?

4.6.1. We may/will need to disclose your Personal Data to third parties, including to banks, payment service providers and/or other payment gateways, whether located within or outside Thailand or Singapore, for one or more of the purposes outline in this policy, as such third parties, would be Processing your Personal Data for one or more of the purposes outline in this policy. In this regard, you hereby acknowledge, agree and consent that we may/are permitted to Process and disclose your Personal Data to such third parties (whether located within or outside Singapore or Thailand) for one or more of the purposes outline in this policy and for the said third parties to subsequently collect, use, disclose and/or process your Personal Data for or more of the purposes outline in this policy.  Without limiting the generality of the foregoing, such third parties include: 

a.       our associated/affiliated organisations or related corporations.

b.      any of our collaborative partners, agents, contractors, sub-contractors, business facilitators or third-party service providers that process or will be processing your Personal Data on our behalf including but not limited to those which provide administrative or other services to us such as mailing houses, telecommunication companies, information technology companies and data centres, conducting know your customer, customer due diligence as well as debt collection

c.       third parties to whom disclosure by us is for one or more of the purposes outlined in this policy and such third parties would in turn be collecting and processing your Personal Data for one or more of the purposes outlined in this policy.

d.      To disclose to a third parties including courts, authorities, government bodies, to comply with any law, legal requirements, orders, directions or requests from any court, authority or government body of any jurisdiction, which may be within or outside Thailand or Singapore including the Ministry of Finance of Thailand and the Bank of Thailand; and

e.       If you apply to use any Service which is provided by Atome, we may share your credit information with credit reporting bodies ("CRBs") including your Personal Data with the National Credit Bureau Co., Ltd. provided that Atome entities you engage with is the member of the National Credit Bureau Co., Ltd.

 

4.6.2. For marketing purpose, the recipient of your Personal Data includes merchants on the Atome platform including but not limited to our associated/affiliated organisations or related corporations, our business partners when permitted by the consent or the consent requirement has been exempted under PDPA or other applicable laws

4.6.3. We may share and disclose your Personal Data with any member of our group (which means our subsidiaries, affiliates, our ultimate holding company and its subsidiaries from time to time for one or more of the purposes set out in this policy. 

4.7.        Do we disclose your Personal Data outside Thailand?

4.7.1. Your Personal Data may be transferred across borders and outside Thailand by us where the data protection laws may not be as protective as PDPA in accordance with applicable laws and where there is a lawful basis for us doing so (such the performance of a contract between you and us, your consent, and/or our legal or regulatory obligation). Your Personal Data may be transferred with any member of our group located in different countries. We will take reasonably appropriate measures to maintain the security of the Personal Data both during transit and at the receiving location. 

4.8.        Automated decisions, Artificial Intelligence Use and Profiling

4.8.1. As part of providing our product and services, we use artificial intelligence and profiling including behavioural analysis, to verify your identity through our electronic ”know your client” processes and the capture of your live selfie, to make credit-risk decisions and to prevent money laundering, terrorism, fraud and other financial crime.  If you do not agree with us using your Personal Data for such purposes, you can send a written request to us. Please note should you wish to object the usage of your Personal Data in this way, we may not be able to continue to offer you our products and services, in which case we may need to terminate our relationship in order to fulfil your request.

4.9.        Other Bases For Handling Your Personal Data - Legitimate Interest

4.9.1. We may collect, use, disclose and/or otherwise process your Personal Data without your consent for purposes which we may notify you from time to time, where it is in the legitimate interests of Atome or another person (including without limitation the purposes as notified to you above in paragraph 4.1 above, but not for sending you direct marketing messages unless you have otherwise provided your consent).

 

 

4.10.    Consents and withdrawing consent for us to use certain Personal Data

4.10.1.                      You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or under our control at any time by contacting our Data Protection Officer unless there are limitations on your right to withdraw the consent imposed by applicable laws or contract which confers benefits on you.  However, the withdrawal shall not affect the collection, use, disclosure, transfer or processing of your Personal Data for which you have already given consent, and your withdrawal of consent could result in certain legal consequences arising from such withdrawal, including us being unable to perform the transactions requested by you on our website(s) or website/IT portal(s)/mobile application(s). Do note that your withdrawal of consent will not affect our ability to collect, use or disclose your Personal Data for a specific purpose without your consent, if the PDPA or a provision in any applicable law permits us to do so.

4.10.2.                      We may collect, use, disclose, transfer or process your Personal Data for other purposes that do not appear above. However, we will notify you of such other purpose at the time of obtaining your consent, unless it is permitted by the PDPA or by any applicable law.

4.10.3.                      To the extent permitted by applicable laws, Atome may collect, use, disclose or process your Personal Data for any of the following purposes without your consent:

a.    if it is necessary for compliance with laws to which Atome is subjected;

b.   if it is in order to prevent or suspend danger to life, body or health of a person;

c.    if it is in order to comply with the contract to which you are a party or in order to comply with your request prior to execution of the contract;

d.   if it is in order for Atome to comply with the duty to take actions for public benefit or to comply with the duty to exercise state power conferred on Atome;

e.    if it is in order to achieve legitimate interests of Atome or affiliates of Atome or other persons unless such interest has less weight than your basis right in the Personal Data;

f.     if it is in order to achieve the objective related to the preparation of historical documents or annals for public benefit or in relation to research or statistics for which there is in place appropriate protective measure to safeguard the right and freedom of you; or

g.    if it is permitted by or falls under any circumstances prescribed by any applicable laws including the applicable data privacy laws.

4.10.4.                      We may/will also be collecting from sources other than yourself, Personal Data about you, for one or more of the purposes outlined in this policy, and thereafter using, disclosing and/or processing such Personal Data for one or more of the purposes outlined in this policy. We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes outlined in this policy (depending on the types of information we receive).

5.              Accuracy of Personal Data

  1.    By providing us with your Personal Data, you warrant that it is true and accurate and undertake to notify us as soon as practicable of any change or alteration to the same. Any loss or damage caused by the provision of erroneous, inaccurate or incomplete information will be your exclusive and absolute responsibility.

6.              Storage of Personal Data

  1.    Security of your Personal Data is important to us. We take appropriate action to protect Personal Data from loss, misuse, unauthorised access or disclosure, alteration or destruction using the same safeguards as we use for our own proprietary information. All information you provide to us is stored on secure servers and any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website(s) or website/IT portal(s)/mobile application(s), you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
  2.    We will put in place measures such that your Personal Data in our possession or under our control is destroyed and/or anonymized as soon as it is reasonable to assume that (a) the purpose for which that Personal Data was collected is no longer being served by the retention of such Personal Data; and (b) retention is no longer necessary for any other legal or business purposes. 
  3.    We store your Personal Data for the duration of legal relationship between you and us, or for as  long as is necessary to fulfil the original or directly related purposes outlined in this policy or comply with any legal and regulatory requirements or a retention period required by applicable laws, or as per legal prescription for an establishment of legal claims, legal compliance or exercise of legal claims, or defense of legal claims, or for other purposes in accordance with policies and internal rules of Atome, whichever is longer.  

 

7.              Link to Other Websites

Our website(s), website/IT portal(s)/mobile application(s) and other digital and telecommunication channels may contain links to other sites that are operated by third party companies with different privacy practices. You should remain alert and read the privacy statements of other sites. We have no control over Personal Data that you submit to or receive from these third parties.

8.              Withdrawal of Consent for Marketing Purposes

You have the right to ask us not to use your Personal Data for marketing purpose. If you no longer wish to receive marketing messages and/or other messages for any of such purposes from us and/or do not wish us to use your Personal Data for any of such purposes, you may request to withdraw your consent by emailing or writing to our Data Protection Officer at [email protected], or if applicable, using the unsubscribe facility contained in the marketing message.  

9.              Data Access and Correction

  1.    The provisions in this Clause 9 shall be subject to provisions, conditions and exceptions under the applicable laws including PDPA.
  2.    You have the right to access to and to receive copy of your Personal Data or request for the disclosure of the acquisition of your Personal Data for which you have not given consent, and/or correct any Personal Data that we hold about you where the Personal Data is inaccurate or incomplete and make necessary requests in order to ensure that your Personal Data is correct, up-to-date, complete and not misleading. If you would like to request for a copy of your Personal Data being held by us (such right being subject to applicable exemptions), or to update and/or correct the Personal Data which you have previously provided to us, please email or write to our Data Protection Officer.
  3.    We will need enough information from you in order to ascertain your identity as well as the nature of your request, so as to be able to deal with your request. We reserve the right, or may, charge a reasonable fee for the processing of any data access request.
  4.    For a request to access Personal Data, once we have sufficient information from you to deal with the request, we will seek to provide you with the relevant Personal Data within 30 days from receipt of your request. Where we are unable to respond to you within the said 30 days, we will notify you of the soonest possible time within which we can provide you with the information requested to the extent permitted by the applicable laws.
  5.    For a request to correct Personal Data, once we have sufficient information from you to deal with the request, we will correct your Personal Data within 30 days. Where we are unable to do so within the said 30 days, we will notify you of the soonest practicable time within which we can make the correction. We will send the corrected Personal Data to every other organisation to which the Personal Data was disclosed by us within a year before the date the correction was made, unless that other organisation does not need the corrected Personal Data for any legal or business purpose.

10.          Complaint Process

  1. The provisions in this Clause 10 shall be subject to provisions, conditions and exceptions under the applicable laws including PDPA.
  2. If you have any complaint or grievance regarding about how we are handling your Personal Data or about how we are complying with the PDPA, we welcome you to contact us with your complaint or grievance by emailing or writing to our Data Protection Officer.
  3. Where you are sending an email in which you are submitting a complaint, your indication at the subject header that it is a PDPA complaint would assist us in attending to your complaint speedily by passing it on to the relevant staff in our organisation to handle. For example, you could insert the subject header as “PDPA Complaint”.
  4. We will certainly strive to deal with any complaint or grievance that you may have speedily and fairly.
  5. If you consider that your Personal Data is not being processed in accordance with the applicable data protection laws (including the PDPA), you are entitled to contact or submit a complaint with the relevant competent authorities in accordance with criteria set out under the applicable data privacy laws (including the PDPA).

11.          General

  1.       Your consent that is given pursuant to this policy is additional to and does not supersede any other consents that you had provided to us with regard to processing of your Personal Data.
  2.       For the avoidance of doubt, in the event that Thailand or Singapore Personal Data protection law (as applicable) permits an organisation such as us to collect, use or disclose your Personal Data without your consent, such permission granted by the law shall continue to apply.
  3.       Your rights: Subject to the provisions, conditions and exception of PDPA and any applicable laws, you have the following rights in respect of your Personal Data that we hold:

a.       Right of Erasure: The right to request us to delete or cause your Personal Data to be unable to identify you as the data owner in certain circumstances such as where the Personal Data is no longer necessary in relation to the purposes for which it was collected, used or disclosed.

b.      Right to Portability: The right to request to send or transfer your Personal Data to other Data Controllers or to you when possible through electronic means and to receive your Personal Data that Atome sends or transfer directly in automatic method to other Data Controller unless it is technically impossible.

c.       Right to Object to processing: The right to object, at any time and on legitimate grounds relating to your particular situation, to the processing, collection, use or disclosure of your Personal Data. 

d.      Right to Suspend the Use: The right to request us to suspend the use of your Personal Data.

12.          Updates to our Privacy Policy

We constantly work to improve our Service offerings, in order for you to get an even smoother user experience. This includes both changes in existing Services and new Services over time. It’s therefore important that you read this policy each time you use Atome, since the processing of your Personal Data can differ since you last used one of our Services.

We reserve the right to change this policy with or without notice. Any changes to this policy will be posted on and can be viewed at https://www.atometh.com/en-th/privacy-policy     

13.          Enquiries

For any enquiries on our privacy policy, please write to:

Data Protection Officer

No. 725 S Metro Building, 20th Floor, Sukhumvit Road, Khlong Tan Nuea Sub-District, Watthana District, Bangkok Thailand

Email: [email protected]

 

For Atome (Thailand) Company Limited

No. 725 S Metro Building, 20th Floor, Sukhumvit Road, Khlong Tan Nuea Sub-District, Watthana District, Bangkok Thailand

Email: [email protected]

For Atome Fin (Thailand) Company Limited

No. 725 S Metro Building, 20th Floor, Sukhumvit Road, Khlong Tan Nuea Sub-District, Watthana District, Bangkok Thailand

Email: [email protected]

For Atome Holding (Thailand) Company Limited

No. 725 S Metro Building, 20th Floor, Sukhumvit Road, Khlong Tan Nuea Sub-District, Watthana District, Bangkok Thailand

Email: [email protected]

 

 

 

 

1


Version: November 2023