เปิดบัญชีออนไลน์ 
ยืนยันตัวตน (NDID) 
ไทย
English
Privacy Notice for Customers, Visitors, and Participants in Company Activities
1.Definitions
“You”
Refers to the owner of the personal data that the company processes, including but not limited to visitors, investors, shareholders, website users, customers, partners, securities business professionals, personnel, agents, and any individuals involved in the company’s activities and operations.
“Company”
Refers to Beyond Securities Public Company Limited.
“Personal Data Protection Law”
Refers to the Personal Data Protection Act B.E. 2562 and related subordinate laws, including any amendments in the future.
“Personal Data”
Refers to information about an individual that can identify that person directly or indirectly, excluding data about deceased persons specifically under the Personal Data Protection Law.
“Processing”
Refers to any operation performed on personal data, whether by automated means or not, such as collecting, recording, organizing, storing, altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, arranging, combining, blocking, erasing, or destroying.
“Data Controller”
Refers to a person or juristic person who has the authority and duty to decide regarding the collection, use, or disclosure of personal data.
“Data Processor”
Refers to a person or juristic person who collects, uses, or discloses personal data on behalf of or as directed by the personal data controller.
2.General Details
This privacy policy is created to explain the details and methods of handling and processing personal data received from you. It covers the purposes of collecting, using, disclosing, and processing the data, as well as the retention period and your rights as the Data Subject . Since the company operates in Thailand, the processing of your personal data is subject to and must comply with the Personal Data Protection Law of Thailand.
3.Methods of Collecting and Receiving Personal Data
3.1 The company collects and receives your personal data through various channels, including:
1.Personal data you provide directly: This occurs when you contact the company, fill out forms online or on paper, apply for services, participate in activities, inquire, request marketing communications, provide feedback, attend meetings, apply for jobs, etc.
2.Personal data collected automatically: The company may collect certain technical data about your devices, activities, and browsing history automatically using cookies and similar technologies. For more details, please see our cookie policy at https://www.beyondsecurities.co.th/privacynotice
3.Personal data received from third parties: The company may occasionally receive your personal data from external parties such as the Securities and Exchange Commission, security issuing companies, fund management companies, brokers, banks, service providers, employment agencies, government agencies, state enterprises, partners, contractors, professionals, company personnel, applicants, media, etc.
3.2 When collecting your personal data, you will be informed of the details as stated in the company’s privacy notice and this policy, including but not limited to the legal basis for collecting, using, and/or disclosing personal data for lawful purposes. If consent is required under the Personal Data Protection Law, the company will explicitly request your consent for processing your personal data.
4.Collected Personal Data
4.1 The personal data collected by the company under this policy and the privacy notice includes the following categories of Data Subject
1.Customers and investors: This includes individuals who are shareholders, website visitors, service users, activity participants, seminar attendees, and any other individuals who contact the company for information or services, whether directly or indirectly.
2.Visitors, partners, contractors, professionals, and individuals involved in the company's business operations: This includes individuals who are contract partners or have any contractual relationship with the company, including suppliers, providers, consultants, and similar parties.
4.2 The personal data collected from you, either directly, automatically, or received from external sources, includes but is not limited to:
1.Personal Data such as name, date of birth, age, gender, photograph, passport number or ID card copy, signature, nationality, marital status, and family details.
2.Sensitive Personal Data such as religion, criminal record, health information, disability, etc.
3.Contact Information such as residential address, phone number, email, social media contact details, and emergency contact details.
4.Financial Information such as bank account number, credit card number, financial status, and tax information.
5.Securities/Futures Trading Information such as trading account numbers, interest or dividend information, securities deposit/withdrawal information, securities transfer or change of ownership information, and securities registration details.
6.Usage Information of Company Systems such as registration details for company services (e.g., BYD Member system, e-Open Account system, BYD Registration system), account information, usernames, passwords, PINs (if any), user profile details, service application information, data from other accounts managed by you, service usage information, interests, and opinions expressed through company systems, and participation in activities.
7.Technical information such as website and system access information, computer traffic data (logs), communication data between you and other users, usage logs, device identifiers, IP addresses, device types, mobile network information, connection data, geographical location data, browser types, access logs, transaction logs, customer behavior data, access times, search data, system function usage, and information collected through cookies or similar technologies.
8.Other information such as CCTV footage, photographs, audio recordings, conversation recordings, and purchase or service trend data.
4.3 In the case where the company has collected your personal data before June 1, 2021, the company will process such data in accordance with the provisions of the Personal Data Protection Law.
5.Purposes for Processing Personal Data
5.1 The company processes your personal data for the following purposes:
As necessary to perform the contract to with you as one a party with the company, or to proceed your request prior to entering into such a contract.
5.2 Since your personal data, which the company processes for the purposes specified in clause 6.1 above, is related to legal or contractual obligations, or is necessary to enter into a contract with you, such personal data is essential to achieve these purposes. If you do not provide such personal data to the company, it may result in legal implications, or the company may not be able to fulfill its duties under the contract with you or enter into a contract with you (as the case may be). In such cases, the company may need to refuse to enter into a contract with you or terminate related services, in whole or in part.
5.3 If the company intends to use your personal data for purposes not specified above, the company will issue additional privacy notices and personal data protection policies to explain the use of data for such purposes. You should read the company’s privacy notices and the relevant additional policies together with this privacy notice and personal data protection policy.
6.Disclosure of Personal Data
6.1 The company may disclose your personal data, under the specified purposes and according to the regulation, to the following entities and individuals:
1.Beyond Securities Public Company Limited, including its employees, staff, directors, managers, or personnel, as necessary and on a need-to-know basis for the processing of your personal data.
2.Government Sectors and regulatory bodies as required by law, such as the Securities and Exchange Commission, the Bank of Thailand, the Office of the Official Information Commission, the Office of Insurance Commission, the Department of Provincial Administration, the Revenue Department, the Department of Business Development, and the Department of Intellectual Property.
3.Entities that request data disclosure under legal authority, such as for investigations, lawsuits, or legal proceedings, or related to legal processes, including the Anti-Money Laundering Office, the National Anti-Corruption Commission, the Royal Thai Police, the Department of Special Investigation, the Office of the Attorney General, and the courts.
4.Associations related to the capital market business in Thailand, such as the Thai Listed Companies Association, the Association of Thai Securities Companies, the Association of Investment Management Companies, the Thai Bankers' Association, the Securities Analysts Association, and the Thai Investors Association.
5.Securities issuers, member companies, securities companies, asset management companies, brokers, dealers, or distributors of securities.
6.Partners, business associates, service providers, service recipients, and personal data processors assigned by the company to manage, provide services, or administer personal data, such as those involved in the development, improvement, or maintenance of security standards of information systems and IT systems, payment systems, accounting audits, human resource management, or other services that may benefit you.
6.2 Disclosure of your personal data to others will only be carried out for the specified purposes or other purposes permitted by law. If the law requires your consent, the company will obtain your explicit consent beforehand.
6.3 When the company discloses your personal data to others, it will implement appropriate measures to protect the disclosed personal data and comply with data protection standards and duties as prescribed by the Personal Data Protection Law.
6.4 If the company transfers or sends your personal data abroad, it will ensure that the destination country, international organization, or foreign recipient has adequate personal data protection standards. In some cases, the company may seek your consent for the international transfer of your personal data, as required by the Personal Data Protection Law.
7.Retention Period of Personal Data
7.1 The company will retain your personal data for the necessary period to achieve the purposes specified for the processing of that personal data. The retention period will vary depending on the purposes for which the personal data is collected and processed, in accordance with the retention policy or the statute of limitations as specified by law, such as a 10-year statute of limitations for legal proceedings.
7.2 The company will retain personal data for the period required by relevant laws and considering business practices for each type of personal data. After this period, the company may destroy such personal data from its storage or systems without prior notice to you.
8.Rights of Personal Data Subject
As the Data Subject, you have various rights related to your personal data as follows, under the criteria, methods, and conditions prescribed by the Personal Data Protection Law. If you wish to exercise your rights, you can contact the company using the contact details provided in clause 11 (Contact Methods) below.
8.1 Right to Access Personal Data
You have the right to access your personal data and request the company to provide such personal data to you. This includes requesting the company to disclose the acquisition of your personal data that the company has collected, used, and disclosed without needing your consent, to the extent permitted by personal data protection law.
8.2 Right to Data Portability
You have the right to receive your personal data in a commonly readable or usable format by automated tools or devices, and you also have the right to request the transfer or transmission of your personal data in such a format to another data controller or to yourself, unless technically impossible, as stipulated by personal data protection law.
8.3 Right to Object to Personal Data Processing
You have the right to object to the processing of your personal data, and the company will comply with such a request if the company has the following opinion.
1.Based on the interests by Legal Obligation of our company or a third party, or for the public interest in processing your personal data, unless the company can demonstrate compelling Legal Obligation grounds that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims; or
2.Processing your personal data for direct marketing purposes;
3.Processing your personal data for purposes of scientific, historical, or statistical research, unless it is necessary for the company to carry out its mission for the public interest.
If you object to the processing, please specify whether you wish for your personal data to be deleted or for the company to suspend the processing of such personal data.
8.4 Right to Erasure of Personal Data You may request the company to delete or anonymize your personal data in the following circumstances:
1.Your personal data is no longer necessary for the purposes for which it was collected or processed.
2.You withdraw your consent on which the collection and processing are based, and the company has no other legal grounds for collecting or processing such personal data.
3.You have objected to the processing as per section 8.3.
4.Your personal data has been unlawfully collected or processed.
The aforementioned cases do not apply to the processing of personal data necessary for the purposes of exercising the right to freedom of expression, creating historical or statistical records, performing tasks carried out for the public interest, complying with legal obligations, achieving objectives related to preventive or occupational medicine, public health benefits, establishing, exercising, or defending legal claims, or complying with laws.
8.5 Right to Restriction of Processing Personal Data. You have the right to request the restriction of the processing of your personal data in the following cases:
1.The company is verifying the accuracy of the personal data as per your request.
2.Your personal data needs to be deleted or destroyed as per section 8.4, but you prefer to request the restriction of its use instead.
3.The company no longer needs to use your personal data, but you require the company to retain such personal data for the establishment, exercise, or defense of legal claims.
4.The company is on the process of verifying or examining your objection as per section 8.3 (1) or 8.3 (3) to deny your objection.
8.6 Right to Rectification Personal Data. You have the right to request the correction of your personal data if it is inaccurate, outdated, incomplete, or misleading.
8.7 Right to Withdraw Consent. If the company relies on your consent to process your personal data, you have the right to withdraw that consent at any time while your personal data is in the company's possession.
8.8 Right to submit a Complaint. If you have any concerns or questions regarding the processing of your personal data by the company, please contact the company using the contact details provided in section 11 (How to Contact the Company) below. If there is a violation of personal data protection law, you have the right to lodge a complaint with the Office of the Personal Data Protection Committee. The company will make every effort within the capabilities of the relevant systems to facilitate and address your request promptly, unless such action would place an undue burden on the company, risk violating the personal data protection of others, contravene the law, or be practically unfeasible.
9. Security of Personal Data Storage
The company has established and/or selected personal data storage systems with appropriate mechanisms and techniques, and implemented security measures as required by personal data protection laws and related laws. Additionally, access to your personal data by employees, staff, and agents of the company is restricted to prevent unauthorized use, disclosure, destruction, or access.
10. Links to Third-Party Websites, Products, and Services
The company's services may contain links to third-party websites, applications, products, and services, which may collect certain information about your use of the services. The company's privacy notice and this personal data protection policy apply solely to the processing of personal data for purposes determined by the company. The company is not responsible for the security or privacy of any of your data collected by such third-party websites, applications, products, or services, even if you click on a link displayed in the company's services. Therefore, you should exercise caution and review the privacy notices/policies of those third-party websites, applications, products, and services.
11. How to Contact the Company
If you have any questions regarding the company's privacy notice and this personal data protection policy, or if you wish to exercise your rights as specified, please use the contact form on the company's website https://www.beyondsecurities.co.th. Additionally, you can contact the company through the Data Protection Officer at [email protected].
12. Changes to the Personal Data Protection Policy
The company may occasionally make changes or amendments to this personal data protection policy to align with any changes in the processing of your personal data and to comply with any changes in personal data protection laws or other related laws. The company will notify you of any significant changes through appropriate channels.
April 21,2023
