Privacy Policy

PraIn FinTech Company Limited (meaning PraIn FinTech Company Limited, including products that that the Company provides, such as ModernPay, ChillPay, or any other products that will be available in the future), hereinafter referred to as “Company”, has created Personal Data Protection Policy in order to inform you, the User or the Merchant who are using the Company’s services, hereinafter referred to as “User” or “Users”, the scopes and methods that the Company uses to collect, store, as well as access and manage the information that Users provide to the Company in according to the Personal Data Protection Act, B.E. 2562, herein after referred to as “PDPA”. By agreeing to use the Company’s services, Users shall be deemed to have understood, agreed, accepted, and agreed to comply with the Company’s Privacy Policy and consent to the collection of Personal Data. You may study the Privacy Policy on the Company’s website: https://www.chillpay.co The Company may change or update the Privacy Policy in the future. Therefore, the Company advises the User to often review the updated information and Privacy Policy. User’s Personal Data will not be collected, disclosed, published, or used for any other purposes other than the purposes that the Company has informed the Users, unless the Company receives a consent from the User or otherwise required by law.

Types of Personal Data Collected by the Company

To comply with the PDPA, the Company is oblieged to obtain the consent for the Company and/or the Company’s Personal Data Processors and/or government agencies and/or the private sectors to collect, use, or disclose your personal data in compliance with the laws. The Company will collect User’s information or data (collectively referred to as “Personal Data”) as follows:

• Information on ID card or passport or any other documents issued by the government, such as name, surname, title, identification number, passport number, etc.;
• Personal identifications, such as marital status, Biometrics information;
• Registered address and current address, including User’s current location;
• Information regarding education or work;
• Necessary information required for contacting User, such as current addresses, phone numbers, emails, etc.;
• Financial information, such as records of transactions via ModernPay and ChillPay, or any other services provided by the Company, credit card information, bank account information, savings account information, e-Wallet information, and any other information of the banks or financial institutions that the User currently retains;
• Information regarding products or services of which the User has transactions with the Company;
• User’s specimen of signature;
• Information regarding the devices used for obtaining the Company’s services, such as computers, mobile phones, Point of Sales machines, including Unique Device Identifier numbers, IP addresses, information regarding devices’ operating systems, mobile network operators, locations, cookies;
• Any other information specified in the Service Agreement or necessary information required for inspection and operations.

In the event of obtaining additional information beyond the Company’s fundamental services, or in the case of collecting, using, or disclosing sensitive personal data other than the abovementioned, the Company shall proceed with fundamental procedures required by laws. The Company shall inform the User of such purposes and types of personal data which will be collected, used, or disclosed before or during such actions.

Purposes of Collecting Personal Data

The Company shall collect, use, or disclose User’s personal data according to the law and for the following purposes:

1. For the implementation of User’s requests before entering into an agreement, including the necessity of an execution of the agreement of which the User is a contracting party, including but not limited to:
   • Consideration of registration requests for the use of products and services provided by the Company, such as ModernPay, ChillPay, or any other products that will be available in the future;
   • Customer supports, information supports, accept of requests, receive of information, or inquiries regarding services;
   • Development, improvement of services, enhancement of service efficiency, and facilitation for Users;
   • Data processing in order to provide services or any other actions necessary to provide the best services from the Company.
2. For the compliance of laws, rules, regulations, practices, or guidelines issued by the relevant regulatory authorities, such as the Bank of Thailand and the Anti-Money Laundering Act. The Company may submit your personal data to internal and/or external audits, government agencies, or any relevant juristic persons according to the Procedures of Know Your Client (KYC) or Client Due Diligence (CDD) under the Anti-Money Laundering Act.
3. For the purposes of receiving news, information, marketing and promotions, or special offers regarding benefits, products, and services. Or for the purposes of collecting and using such information for statistical studies, researches, data evaluation, or for management of business purposes of the Company, Company’s business partners, or Company’s affiliates. Including any other purposes that the Company deems to be beneficial to the Users. The Users agree and allow the Company to verify, and/or exchange information, and/or disclose such information to any persons and/or juristic persons, including affiliate companies and/or any other persons who have entered into a Data Protection Agreement with the Company. In doing so, Users shall not be able to claim or request any compensation from the Company.
4. For prevention of crimes and frauds, including system and network security according to international standards.

In the event that there is a collection, usage, or disclosure of personal data for any other purposes beyond the above mentioned, the Company shall later inform the Users.

Methods of Data Collection

The Company shall collect personal data during the process of registration for services or during the usage of Company’s services.

Period of Data Collection

The Company shall retain such data throughout the service period or until the services are terminated. The Company may retain the data thereafter if it is stipulated by law, such as Anti-Money Laundering Act. Or for the purpose of verifying and examining in the event that any disputes may arise, within the statute of limitation but not exceeding 10 years.

Disclosure of Personal Data

The Company shall not disclose any personal data to the third parties, or allow the third parties to do so, unless:

• It is to comply with the provisions of law or court order, or when the Company has been notified to investigate fraudulent transactions from the persons related to such services or the customers.
• It is a disclosure of such data to the staff, employees, directors, or advisors who are related to such services.
• The Company receives a consent from the owner of personal data or the owner of such data requests to disclose the information.
• It is a disclosure to the auditors, Company’s external audits, government agencies, assignees, and persons or juristic persons whom the Company is required to provide personal data for the purpose of legal compliance.
• It is a disclosure to the juristic persons which have the power over the Company or under the control of the Company, including the companies that are under the same governance of the Company, or any other persons who are Company’s business partners or have any legal relations to the Company, including any other service providers who have the authorities to process personal data of their service users, domestically and internationally. Such as external service providers, financial institutions, or any other business partners of the Company.
• It is the assignee of the Company in the event of a merger or acquisition, transfer of ownership of assets and/or business, in whole or in part.

Exercise of Right to Delete or Amend User’s Personal Data

In order to comply with the regulations prescribed by laws, such as the Anti-Money Laundering Act or the policies of the Bank of Thailand, should the User wish to delete or amend his/her own personal data, and such cause of action is against the regulations prescribed by other laws, the Company will not be able to delete such information. As stipulated by relevant laws, the Company, as a data receiver or a Personal Data Processor, is required to detain the personal data for the period of 10 years.

Security of Your Data

The Company acknowledges and is aware of the importance of User’s personal data. The Company has therefore improved and developed the security system for your personal data to be in accordance with international standards. The Company shall do its best to comply with this Privacy Policy. The Company shall emphasize its staff, including its Personal Data Processors who are authorized to access User’s personal data or have legal liabilities, to maintain the security of User’s personal data. However, in the event that User’s personal information has been compromised by any means, such as cyber espionage by hacking, stealing, copying, destroying the database, deleting passwords, stealing of documentation, or any other means that do not performed by the Company, or loss of information due to force majeure or any other actions that do not performed by the Company, the Company has the right to deny any responsibilities resulting from such actions.

Language

The translation of this Privacy Policy, whether translated into any languages, is only to facilitate your convenience. The Company has no intentions to change or modify its Personal Information Protection Policy. In the event of a conflict between the Thai edition and any other languages, the Thai edition shall prevail over other editions.

Notification of the Breach of Personal Data

In the event that there is a breach of User’s personal data, the Company, at its best efforts, will inform the Office of the Personal Data Protection Committee immediately within 72 hours after the acknowledgement of such breach. Should the breach be likely to highly affect the rights and freedoms of the Users, the Company shall immediately inform such breach and the remedies to the Users through various channels, such as website, SMS, email, phonecall, or postal letter, etc.

User’s Rights Regarding Personal Data Management

Should the User have any concerns regarding this Privacy Policy, or wish to change or amend any personal data which User has provided to the Company, please contact the Company via email: dpo@chillpay.co, or via phone call: 02-107-7788 during Company’s business hours.