Announcement regarding our Personal Data Protection Policy

E-Post Service Company Limited

Last updated May 2024.

E-Post Service Co., Ltd. (“the Company”) is committed to conducting business ethically and respecting your right to privacy. Therefore, the Company places great importance on the protection and security of personal data. This Privacy Policy is hereby issued to inform customers of the Company’s policies regarding the collection, use, and disclosure of personal data, in accordance with the Personal Data Protection Act B.E. 2562 (“Personal Data Protection Act”), relevant laws, and regulations. To ensure that your personal data received by the Company is used for the intended purpose and in a legally correct manner, the Company has established this Personal Data Protection Policy (“Policy”) to inform you, as the data subject, of the purposes and details of the collection, use, and/or disclosure of personal data, as well as your rights under the law.

1. Who does this policy apply to, and how is personal data collected?

 1.1 Who does this policy apply to?

This policy applies to you if you fall into one or more of the following categories:

Types of individuals subject to this policy.

Details and examples.

1. Individual customers of the company (“Individual Customers”)

• People who use or have used the service.

• Customer service inquiries

• People who received information about the service through various channels.

• Individuals who have been offered or solicited by the company to use the service.

• Existing and current customers of the company, who are individuals.

2. Individuals who are related to the company’s corporate clients or corporate entities that use the company’s services.

(Personnel of the juristic person)

• Shareholders

· director

The true beneficiaries.

• Authorized representative

• Legally authorized representatives of existing and current corporate clients.

• Employees, officers, and/or authorized persons with authority to act on behalf of corporate clients are advised by the Company to ensure that their authorized representatives or any related natural persons are aware of the Company’s Privacy Policy.

3. Individuals involved in the company’s transactions or the company’s clients.

Contact person

Employees, staff, officers, personnel.

Family members, friends, neighbors.

• Individuals recommended or referenced by the company’s clients.

• The actual beneficiary.

• Business partners such as suppliers, sponsors, distributors, vendors, contractors, service providers, buyers, etc.

• A person who has paid or received money from a company’s customer.

• Any other individuals or parties whose personal information the company may receive from customer transactions.

• Individuals who have visited the company’s website, application, or social media accounts, or accessed services at the company’s headquarters.

Professional advisor

• Other individuals in a similar manner.

4. Ordinary individuals.

• Individuals with whom the Company has a relationship, interaction, or other contact, or who provide personal information to the Company, or from whom the Company has received personal information, directly or indirectly, through any channel.

Please note that links appearing on the company’s platform may lead you to third-party platforms. Once you access a third-party platform, the processing of your personal data will be in accordance with that third-party’s privacy policy. Therefore, the company recommends that you read and understand the third-party’s privacy policy when accessing their platform.

 1.2 Methods of Collecting Personal Data
The company may collect your personal data through the following channels:

  1. Personal information that you provide to the company directly, through the company, or that is held by the company as a result of using the company’s services, contacting, visiting, participating in activities, searching, or through the company’s service channels and/or various contact channels such as the head office, website, application, company social media accounts, email, customer service center, telephone, fax, mail, short message service (SMS), questionnaires, business cards, meetings, training, seminars, events, recreational activities, marketing activities, meetings, or any other channel.
  2. Personal information that the Company receives or has access to from other sources, such as government agencies, other companies within the Company’s financial group, other companies or financial institutions, financial service providers and other service providers of the Company, business partners and their service providers, companies providing services in conjunction with the Company, credit information companies, data service providers, the Company’s customers, individuals or legal entities conducting transactions with the Company (as you, a natural person, involved in such transactions as mentioned above), social media platforms, online platforms of third parties, public information sources (such as the Government Gazette), persons with legal authority or rights, and any other individuals or entities with whom the Company has legal relationships, etc.

2. How does the company collect, use, or disclose your personal information?

The company will collect, use, or disclose your personal information only when necessary or based on a legal basis. This includes collecting, using, or disclosing personal information to fulfill legal obligations, fulfill contracts you have entered into with the company, for the company’s legitimate interests, acting in accordance with your consent, and/or under other legal grounds. The purposes for which the company collects, uses, or discloses your information are as follows:

2.1 The company’s legal obligations.

Because the company is subject to regulatory oversight and must operate according to applicable laws and regulations, it is necessary to collect, use, or disclose your personal information for various purposes to comply with the laws and regulations of government agencies and/or regulatory bodies responsible for overseeing the company. This includes, but is not limited to, the following purposes:

  1. To comply with the Personal Data Protection Act and its amendments.
  2. To comply with laws (e.g., laws for non-financial institutions, anti-money laundering laws, laws on the prevention and suppression of financing of terrorism and the proliferation of weapons of mass destruction, and other laws that the company must comply with, both in Thailand and abroad), including identity verification, background checks, credit checks, Know Your Customer (KMTC), Know Your Merchant (KMTC), Customer Due Diligence (CDU), and other checks (including checks against public databases of regulatory agencies and/or designated individuals’ information), and to continuously take action to comply with any applicable laws.
  3. To comply with regulations and/or orders from authorized persons (e.g., court orders, government agency orders, regulatory bodies, or authorized officials).

2.2 The contract you have entered into with the company.

The company will collect, use, or disclose your personal information upon your request and/or agreement with the company, including but not limited to the following purposes:

  1. Prior to entering into a contract with the company, we will process your requests, including reviewing, approving, and providing services; delivering services to you; providing advice and managing the services, including any actions by the company that, if not taken, would affect the company’s operations or services, or prevent the fair and continuous provision of services.
  2. Verify your identity for any transaction (e.g., submitting your national ID card information to the Department of Provincial Administration to verify your ID card status).
  3. To fulfill your instructions (e.g., submitting withholding tax on your behalf, processing your requests and/or transactions, or requests regarding the use of services, responding to your inquiries or suggestions, or resolving your complaints).
  4. We provide services to companies through mobile applications and other online product platforms.
  5. Track or record your transactions.
  6. Prepare various reports (e.g., transaction reports as requested, or internal company reports).
  7. Transaction notifications and service due reminders.
  8. We will collect any outstanding debts you owe the company (e.g., if you have not yet paid any debit adjustments and/or other outstanding fees).
  9. This includes managing and handling user and/or financial accounts, as well as operations related to your user and/or financial accounts, including but not limited to processing service requests, processing your transactions, issuing account statements, and processing and closing your user accounts.
  10. To conduct or enter into transactions and/or make payments (e.g., processing payments or transactions, completing transactions, collecting payments or conducting activities, managing your relationship with the company, and managing your existing accounts with the company).
  11. Enforce the company’s legal or contractual rights.
  12. Provide IT and helpdesk support, create and maintain user IDs and accounts, manage access to any systems you are authorized to access, and cancel inactive accounts.

 2.3 Legitimate interests of the company.

The company will base its decisions on a legitimate interest basis, taking into account the interests of the company or other parties, as well as your fundamental rights regarding the personal data that the company will collect, use, or disclose, including but not limited to the following purposes:

  1. Managing the company’s affairs (e.g., oversight, risk management, financial and accounting management, auditing, internal management, monitoring, prevention and investigation of fraud, money laundering, terrorism, misconduct or other crimes, including but not limited to verifying the credibility of any individual connected to the company’s corporate clients, which may not be required by law enforcement officers or regulators, including identifying you to prevent such crimes).
  2. Managing the relationship between our company and you (e.g., customer care, satisfaction assessments, customer segmentation, complaint handling).
  3. We develop and improve our services and systems to enhance our service standards. We use your personal data to create service models and/or to best meet your needs, including researching and analyzing data, and offering you appropriate services and benefits, while respecting your fundamental rights to privacy. If you do not wish to receive offers of services and benefits from the company, you can contact us at 02-0070239.
  4. Recording still images, videos, and/or audio related to meetings, training sessions, seminars, recreational activities, or events (e.g., marketing events, social activities, client business support activities, etc.), including using these recordings for public relations purposes related to such meetings, training sessions, seminars, recreational activities, or events, both within and/or outside the company.
  5. For corporate clients, the company will collect, use, and disclose the personal information of directors, authorized representatives, or agents.
  6. Taking steps to ensure the company’s business continuity.
  7. Manage claims and disputes, file lawsuits, and conduct related legal proceedings.
  8. We will contact you before you enter into a contract with the company.
  9. Preventing security risks (e.g., monitoring network activity logs, identifying security incidents, conducting data security audits, and any other safeguards against malicious, fraudulent, deceptive, or unlawful acts).
  10. Comply with applicable foreign laws.
  11. Conduct research, plan, and perform statistical analysis (e.g., data analysis, evaluation, surveys, and reporting on company services and your behavior).
  12. Organize promotional projects or activities, meetings, and seminars.
  13. To facilitate accounting audits conducted by auditors.
  14. Seek services from legal advisors, financial advisors, and/or any other advisors appointed by you or your company.
  15. In the event of a sale, transfer, merger, restructuring, or similar event, the Company may disclose and transfer your personal information to one or more third parties as part of that transaction.
  16. To maintain and update customer lists and directories (including your personal information), and to archive related contracts and documents that may refer to you in such documents.
  17. To comply with reasonable business practices (e.g., management, training, auditing, reporting, risk control or management, statistical and trend analysis and planning, or other related or similar activities; to establish business controls to enable the business to operate and to allow the company to identify and resolve problems in the company’s information technology (IT) systems for security, development, provision, operation, and maintenance of the company’s IT systems).

 2.4 Your consent.

In some cases, the company may request your consent to collect, use, or disclose your personal information in order to provide you with the best possible benefits and/or to enable the company to provide services that meet your needs, including but not limited to the following purposes:

  1. It is necessary to collect, use, or disclose sensitive personal data (e.g., using face recognition data or photographs of your national identity card (which contains sensitive personal information such as religion and/or blood type)) to verify your identity prior to transactions and Know Your Customer (Know Your Customer) and Know Your Merchant (Know Your Merchant) processes.
  2. We collect and use your personal information and any other data for research and analysis to best develop services that truly meet your needs and/or contact you to offer services and benefits tailored specifically to you.
  3. We may contact you to provide information about our company’s services that you may be interested in (provided your consent is required under the Personal Data Protection Act).
  4. We will not disclose your personal information or any other information to our trusted business partners for the following purposes:
    1. Research, compile statistical data, develop, and analyze products, services, and benefits that meet your needs.
    2. We will contact you to offer or provide products, services, and benefits that are suitable for you.
  5. Sending or transferring your personal and sensitive personal data to foreign countries where the data protection standards may be inadequate (unless the Personal Data Protection Act allows it to be done under other legal grounds or without consent).
  6. If you are a minor, a person with disabilities, or a person deemed to have disabilities, you must obtain consent from your parents, guardian, custodian, or conservator (as applicable) (unless the Personal Data Protection Act allows for processing without consent).
  7. Other actions that require your consent from the company.

 2.5 Other legal basis

In addition to the legal basis mentioned above, the company may collect, use, or disclose your personal information under other legal basis as follows:

  1. To compile historical documents or archives for public benefit, or for purposes related to education, research, or statistics.
  2. To prevent or mitigate harm to a person’s life, body, or health.
  3. It is necessary for the performance of duties in carrying out missions for the public interest or for the exercise of authority by officials.
    If personal information that the company collects from you is necessary for compliance with company regulations or for entering into a contract with you, the company may not be able to provide (or continue to provide) some or all of its products or services to you if you do not provide such personal information to the company when requested.

3. Personal information that the company collects, uses, or discloses.

The types of personal data that the company collects, uses, or discloses vary depending on the scope of services you may have used or are interested in. This includes both general and sensitive personal data, and is not limited to the following:

Data Types

Example of personal information.

Personal details  

 

   Title

• First name, middle name, last name, alias (if any)

· sex

Date of birth

· age

· study

Marital status

· contract

 

Contact details

• Postal address

• Electronic address

• Phone number

• Mobile phone number

Fax number

• The name of the representative or person authorized to act on behalf of the client.

• Social media accounts, including profile information, photos, and other identifying details for electronic communication.

• Business contact address

• Business contact telephone number.

• Contact details of the reference person.

Details used for identification and identity verification.

• Photographs

• Photograph of national identity card

• National ID number, laser number (on the back of the ID card)

Passport

• Official documents, alien identification cards

• Driving license

Signature

Taxpayer Identification Number

• Household registration

Job details

· occupation

• Details about the employer and workplace.

• Job position

• Salary, income, and compensation.

Financial details and information regarding your relationship with the company.

• Information about the services you are using (e.g., store information).

• The channels and methods you use to interact with the company.

• Your customer status, such as transaction history.

• Information about your transaction.

Market research data and marketing information.

• Customer opinion surveys

• Information and opinions expressed when participating in market research (e.g., your answers to questions, questionnaires, feedback requests, and research contributions).

• Details of the services you received and your requirements.

• Conclusions regarding you based on your communication with the company.

• The type of communication you require, and the details or content of the communication between you and the company.

Geographic information, details about your device and software, and technical specifications.

• EDC serial number

• Technical specifications and identifying data (e.g., location, device ID and device type, network, connection information, access information, date and time of access, usage duration, cookies, search history, browsing data, IMEI (International Mobile Equipment Identity) of the mobile phone or other unique device identifier, details about the mobile phone and technology on the device you are using).

Information for verification.

• Information for due diligence (e.g., information related to Know Your Customer, Know the Store, Customer Due Diligence).

• Information for risk management or for monitoring money laundering and countering the financing of terrorism.

Access information, service requests, and user account details.

• Login information, financial transaction data with the company via the internet, and company applications.

Username

Interests, needs, and usage activities.

Usage details

• Information regarding your website, platform, products, and services usage.

• Usage data and responses to the company’s advertisements (including the content you view, the links you click, and the functions you use).

Spouse information.

Title

• First name, middle name, last name, alias (if any)

Marital status

• Number of people under your care.

· nationality

• National ID number

Date of birth

· income

Information regarding security.

• Photographs

• Physical characteristics of a person

• Detection of suspicious or unusual activity.

• Record a video.

 

Sensitive personal information.

Religion as stated on the national identity card.

• Blood type as shown on your national identity card.

• Health data (e.g., weight, height, heart rate)

Criminal record

Data from your mobile phone, with your consent.

• Mobile phone network information

• GPS location

· calendar

• Contact information (contact list)

• Information about files and photos.

• Information and SMS messages

• Mobile phone, application, and internet usage history.

Other information

• Record all interactions and communications between you and the company, in any form or by any means, including but not limited to telephone, email, text messages, and social media communications.

The information you provide to the company, regardless of the channel through which it is provided.

4. Source of your personal data.

Generally, the company collects personal data directly from you. However, in some cases, the company may obtain your personal data from other sources, and the company will process this information in accordance with the Personal Data Protection Act. Personal data collected from other sources may include, but is not limited to, the following:

  1. Information that the company receives from any other party with whom the company has a legal relationship.
  2. Information that the company receives from individuals related to you (e.g., your family, friends, referrers).
  3. Information that the company receives from corporate clients in your capacity as a director, authorized representative, agent, designated person, or contact person.
  4. Information received by the Company from government agencies, regulatory bodies, financial institutions, credit bureaus, and/or external service providers (e.g., publicly available information, transaction data, credit information), and/or in cases where you provide personal information of other individuals to the Company in the course of transactions with the Company or in any other case, you must inform such individuals of the details of the collection, use, and disclosure of their personal information and their rights under this Privacy Policy. You must also obtain their consent (if necessary) or rely on other legal grounds for providing personal information to the Company.

5. Your legal rights.

The Personal Data Protection Act aims to give you greater control over your personal data. You can exercise your rights under the Personal Data Protection Act, as detailed below, through the channels specified by the company.

  1. Right to access and request a copy of your personal data:
    You have the right to access and receive a copy of your personal data that the company holds, except where the company has the right to refuse your request according to law or court order, or where your request would have a possible impact that would cause harm to the rights and freedoms of other individuals.
  2. Your right to request correction of your personal data.
    You have the right to request the company to correct or update your personal data that is inaccurate or incomplete.
  3. Your right to request the deletion of your personal data:
    You have the right to request the company to delete or destroy your data, or to anonymize your data, except where the company has lawful grounds to refuse your request.
  4. Right to request suspension of use of your personal data:
    You have the right to request the company to suspend the use of your personal data in certain cases (e.g., when the company is reviewing a request to correct personal data or object to the collection, use, or disclosure of your personal data, or you request the company to suspend the use of your personal data instead of deleting or destroying personal data that is no longer needed, because you need the company to retain your personal data for the purpose of establishing a legal claim, complying with or exercising a legal claim, or defending against a legal claim).
  5. Right to object to the collection, use, or disclosure of your personal data.
    You have the right to object to the collection, use, or disclosure of your personal data if the company is acting in a legitimate interest, or for direct marketing purposes, or for scientific, historical, or statistical research, except where the company has legitimate grounds to refuse your request (e.g., the company can demonstrate that the collection, use, or disclosure of your personal data is more legitimate, or for the establishment of a legal claim, compliance with or exercise of a legal claim, or in the company’s public interest).
  6. Your right to request, or to request the sending or transfer of your personal data.
    You have the right to request your personal data if the company can make it available in a format that is generally readable or usable by automated tools or devices, and if the personal data can be used or disclosed automatically. You also have the right to request the company to send or transfer your personal data to third parties, or to receive personal data that the company has sent or transferred to third parties, unless the company is technically unable to do so or has lawful grounds to refuse your request.
  7. Right to Withdraw Consent:
    You have the right to withdraw your consent to the company at any time, following the procedures and methods prescribed by the company, unless it is impossible to withdraw consent due to unforeseen circumstances. Your withdrawal of consent will not affect the collection, use, or disclosure of your personal data that you have already duly consented to prior to such withdrawal. 
  8. Right to Complain: You have the right to file a complaint with the Personal Data Protection Commission or the Office of the Personal Data Protection Commission if a company acts in a manner that violates the Personal Data Protection Act.

6. Disclosure of your personal information.

The company may disclose your personal information to the following individuals or organizations, subject to the Personal Data Protection Act.

  1. The company and/or any other person with whom the company has a legal relationship, including directors, executives, employees, contractors, agents, consultants of the company and/or of such persons.
  2. Government agencies and/or regulatory bodies responsible for overseeing companies (e.g., the Bank of Thailand, the Anti-Money Laundering Office, the Ministry of Digital Economy and Society, the Revenue Department, the Department of Provincial Administration).
  3. Business partners, agents, or other organizations (such as professional associations of which the company is a member, independent auditors, securities depository centers, document archives, foreign financial institutions, clearing houses) will disclose your personal information for specific purposes, based on legal grounds and appropriate security measures.
  4. Individuals involved in the sale of claims and/or assets, organizational restructuring, or mergers of companies, to which the company may need to transfer rights, including individuals to whom the company needs to share information for the sale of claims and/or assets, organizational restructuring, business transfer, financial agreements, sale of assets, or any other transactions related to the company’s business and/or assets used in its operations.
  5. Companies and other financial institutions, as well as third parties, may disclose information where required by law to help them recover funds in the event of erroneous deposits into their accounts, to trace financial transactions if they are victims of financial crime, or to investigate suspicious funds entering their account as a result of financial crime.
  6. Debt collection agents, lawyers, credit information companies, fraud prevention agencies, courts, or any other agency or individual to whom the Company is designated or authorized to disclose personal information according to law, regulation, or order.
  7. Third parties who provide various services to the company (e.g., IT service providers, market analytics and comparison service providers, cloud computing service providers, including but not limited to correspondent banking, international payment system providers and switching service providers, agents or subcontractors acting on behalf of the company, such as companies that print and deliver credit card statements).
  8. Social media service providers (in a secure format) or external advertising companies may display messages to you and others about the company’s products and services. External advertising companies may also use your online activity data to tailor advertisements to your interests.
  9. Third-party guarantor
  10. Any other person who provides you with benefits or services related to the company’s products or services, and/or
  11. Your authorized representative, sub-authorized representative, agent, or legal representative with legitimate authority under the law.

7. Sending or transferring your personal data to foreign countries.

Because the company currently operates globally, it may occasionally need to send or transfer your personal data to overseas locations (e.g., sending data to the company, sending data for storage on cloud servers overseas for service provision). In such cases, the company will make every effort to send or transfer your personal data to trusted business partners, service providers, or data recipients using the most secure methods to maintain the security of your personal data.

In cases where the destination country has inadequate personal data protection standards, the company will transmit or transfer personal data in accordance with the Personal Data Protection Act and will implement necessary and appropriate personal data protection measures.

8. Duration of personal data retention.

The company will retain your personal data while you are a customer and after your relationship with the company ends (e.g., after you close an existing account with the company, or after a transaction with the company, or if the company rejects your service request, or you cancel your use of the company’s services). The company will retain your personal data for a period that is appropriate and necessary for each type of personal data and for the purposes stipulated by the Personal Data Protection Act.

The company will retain your personal data for the statute of limitations or the period prescribed by applicable law (e.g., Financial Institutions Act, Securities and Exchange Act, Anti-Money Laundering Act, Act on Prevention and Suppression of Terrorism Financing and the Proliferation of Weapons of Mass Destruction, Accounting Act, Tax Act, Labor Act, and other laws that the company must comply with, both in Thailand and abroad). In addition, the company may need to retain recordings from CCTV cameras at its head office and/or audio recordings of service interactions through the company’s systems to prevent fraud and maintain security, as well as to investigate suspicious transactions that you or related parties may report to the company.

9. Use of cookies.

The company may collect and use cookies and similar technologies when you use the company’s products and/or services, including using the website, conducting financial transactions online, and the company’s applications.

The collection of cookies and similar technologies helps the company remember you, know your preferences, and improve how it offers you its services. The company may use cookies for various purposes (e.g., to enable basic functions, to help the company understand how you use the company’s website or email, to help the company provide a better online experience or communication with you, and to ensure that online advertisements shown to you are more relevant and of interest to you). For details, please see the Cookie Policy.

10. Using personal data for its original purpose.

The company reserves the right to continue collecting and using your personal data that it collected before the Personal Data Protection Act came into effect, in relation to the collection, use, and disclosure of personal data, for the original purposes. If you do not wish for the company to continue collecting and using such personal data, you can inform the company at any time to withdraw your consent.

11. Security.

The company employs strict internal security measures and policy enforcement to keep your personal data secure. These include data encryption and unauthorized access protection measures. The company requires its personnel and external contractors to adhere to appropriate privacy standards and policies, and to maintain proper data security and implement appropriate measures for the use, transmission, or transfer of your personal data.

12. How to contact the company.

If you have any questions or require further details regarding the company’s privacy policy, please contact the company through the following channels:
Telephone: 02-821 5459
Email: Compliance@eposservice.com
Website: www.eposservice.com
E-Post Service Co., Ltd.
Address: WeWork T-One Building, 8 Soi Sukhumvit 40, 15-17, 20, 25-27th Floor, Phra Khanong, Khlong Toei, Bangkok 10110
Business Hours: Monday-Friday, 9:00 AM – 5:30 PM
If you wish to exercise your rights under the Personal Data Protection Act, please contact the company through the company’s channels.
If you are a customer of the company’s overseas branches, you can contact the company to exercise your rights by calling 02-821 5459.

13. Changes to the Privacy Policy Notice.

The company may change or amend this Privacy Policy from time to time. The current Privacy Policy will be posted on the company website, eposservices.

Contact Us

Send us a message and our team will get back to you