PRIVACY POLICY
ERX Company Limited (the "Company", "we", "us," or "our") recognizes the importance in protecting your Personal Data (as defined below) that are under retention and responsibility and in order for us to comply with Thailand’s Personal Data Protection B.E. 2562 (2019) and its sub-regulations and notification related to the protection of Personal Data (collectively referred to as “Data Protection Law”). We, therefore, established this Privacy Policy (“Privacy Policy”) describes how we collect, use, disclose and cross-border transfer your Personal Data (collectively referred to as “process” or “processing”). This Privacy Policy applies to our business operations, activities on the websites, mobile applications, call centers, events and exhibitions, online communication channels, other locations, and any means where we collect, use disclose and/or cross-border transfer your Personal Data.
Categories of person (data subject) that will be explain under this Privacy Policy includes: (1) our individual customer, which includes prospective customers, current customers and former customers; (2) employees, personnel, officers, representatives, shareholders, authorized persons, members of the board of directors, contact persons, agents; other natural persons in connection with our prospective, current and former corporate customer, (3) visitors and users of our platforms, such as websites, mobile applications; and (4) any other persons with whom we interact in the course of our business operation or any related services including, but not limited to, business partners.
Natural/individual persons, collectively referred to as "you" or "your" and the individual client and the corporate client, collectively referred to as the "Client".
1.PERSONAL DATA WE COLLECT
"Personal Data" means any identified or identifiable information about you, directly or indirectly). In order to offer our services to the Client, we might collect your information in a variety of ways. We may collect your Personal Data directly from you, e.g., through account opening process, the registration to participate in various activities of us , contact between you and our employees, agent or call center; or indirectly from other sources, e.g., social media, third party’s online platforms, government authorities and other publicly available sources, and/or through our group companies, affiliates, service providers, business partners, official authorities, or third parties, i.e., Digital Asset Exchange, which specific types of data collected depends on the Client's relationship with us, and which services or products the Client requires from us.
"Sensitive Data" means Personal Data classified by law as sensitive data. We will only collect, use, disclose and/or cross-border transfer Sensitive Data if we have received your explicit consent or as permitted by law.
Individual
We will collect, use, disclose and/or cross-border transfer the following categories and types of your Personal Data, including but not limited to:
- Personal details, such as your title, name-surname, gender, age, occupation, job title, salary, source of income, work place (e.g. job title, type of business, company you work for, etc.), education, nationality, date of birth, marital status, information on government-issued cards (e.g. national identification number, passport number, etc.), tax identification number, signature, voice recording, image, motion picture, motion picture from closed circuit television (CCTV), house registration, background information, politically exposed persons information, relationship information with politically exposed persons and other identification information.
- Contact details, such as your address, work address, telephone number, mobile number, fax number, email address, other electronic communication ID including the social media account and information about contact person for emergency case.
- Account and financial details, such as your passbook, credit card and debit card information, account number and account type, prompt pay details, investment details, net assets, current assets, income and expenses, as well as payment details, service and product application details.
- Transaction details, such as the type of digital asset, price and quantity, purchase order, referral code, conditions (if any), trading history and balance, payment and transaction history relating to your assets, financial statements, liabilities, taxes, incomes, earnings and investments, source of wealth and funds, representation, investment information, default history, value referred to underlying assets and deposit and withdrawal digital assets.
- Technical details, such as your Media Access Central (MAC), Internet Protocol address (IP address), web beacon, log, device ID and network, connection details, access details, single sign-on (SSO) details, login log, access times, time spent on our page, cookies, login data, search history, browsing details, browser type and version, operating system, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on devices you use to access the platform.
- User account details, such as your trading account number, account identifier, username and password, PIN ID code for trading, interests and preferences, activities, investment objectives, investment knowledge and experience, and risk tolerance.
- Usage details, such as information on how you use the websites, platform, products, and services.
- Information for marketing communications, such as satisfaction surveys, investment attitude.
- Complaint details, such as any complaints, feedback, problem reports or responses through any channels related to our services.
- Other information, collected, used, disclosed and/or cross-border transfer in connection with the relationship with us, such as, information you give us in contracts, forms or surveys or data collected when you participate in our business functions, seminars, or social events._
Corporate Person
We will collect, use, disclose and/or cross-border transfer the following categories and types of Personal Data of the authorized persons, employees, personnel, agents, shareholders, directors, contactors, representatives or any beneficiary owner of the corporate person (if any), including but not limited to:
- Identity data of person related to corporate person, such as, name-surname, title, age, gender, photos, motion, image, motion from closed circuit television (CCTV), information on CV, education, work-related information (e.g., job position, function, occupation, job title, company you work for, employed at or holding shares, etc.), information on government-issued cards (e.g., national identification number, passport number), shareholding percentage, voting rights, income, source of income, country of income, signatures, politically exposed persons information, relationship information with politically exposed persons and other identifiers.
- Contact details, such as telephone numbers, address, country, email address, and other similar information.
- Personal Data generated in connection with the Client's relationship with us, such as, account opening, administration, operation, payment, settlement, processing and reporting on behalf of the Client. Such Personal Data may include signatures, and your correspondence with us.
- Other information, collected, used, disclosed and/or cross-border transfer in connection with the relationship with us, such as, information you give us in contracts, forms or surveys or data collected when you participate in our business functions, seminars, or social events.
Other than Personal Data of individual person and corporate person we described above, we may process your Personal Data that prescribed as Sensitive Data under the Data Protection Law which we will obtain your consent before or at the time we process your Sensitive Data, those Sensitive Data may including but not limited to:
- Biometric data e.g., face recognition, iris recognition or fingerprint (if any).
- Disability data or health data (if any).
- Criminal records (if any).
- Sensitive Data as shown in the national identification card, i.e., religion as appears on the identification card.
2. THE PURPOSE OF COLLECTION, USE OR DISCLOSURE OF YOUR PERSONAL DATA
We may collect, use, disclose and/or cross-border transfer your Personal Data for the following purposes (the purposes that we process your Personal Data depend on the relationship you have with us or the service or products you wish to use with us).
2.1 Purpose for which consent is required
In the case that we cannot rely on any regulations or legal basis, we may rely on your consent to:
- Provide marketing communications, special offers, promotional materials about our products and services (other than the existing products or services you are using with us) which we cannot rely on any regulations or legal basis.
- Collect, use, and/or disclose your sensitive data for the following purposes:
-
- Biometric data e.g., face recognition for applying the service and for the purpose of identity verification and authentication (if any).
- Disability data for providing services and facilitation (if any).
- Criminal records for background check (if any).
- Sensitive data as shown in the identification card, i.e., religion (as appear in identification card) for the purpose of identity verification and authentication (if any).
- Cross-border transfer your Personal Data to a country which may not have an adequate level of data protection according to the rules on the protection of Personal Data as prescribed by the Personal Data Protection Committee, for which consent is required by law.
Where we rely on consent as a legal basis, you are entitled to withdraw your consent at any time. This can be done so, by contacting us or our data protection officer via specified channels (the contacting detail can be found at “Contacting Us” as shown below this Privacy Policy). The withdrawal of consent will not affect the lawfulness of the collection, use, disclosure and/or cross-transfer of your Personal Data and sensitive data based on your consent before it was withdrawn.
2.2 Purpose for which we may rely on other legal grounds for processing your Personal Data
We may collect, use, disclose and/or cross-border transfer your Personal Data by relying on the following legal basis: (1) a contractual basis, for our initiation or fulfillment of a contract with you; (2) a legal obligation; (3) the legitimate interest of ourselves and/or third parties, to be balanced with your own interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health; and (5) public interest, for the performance of a task carried out in the public interest or for the exercise of official actions.
We rely on the legal basis in (1) to (5) above for the collection, use, disclosure and/or cross-border transfer of your Personal Data to our officers, employees including our affiliates, group companies or agents or assigned companies, whether domestic or international entity, of the following purposes:
Individual Person
- Contacting you before entering into a contract with us and for the course of entering into a contract or using services with us including to proceed with your request for using any services with us.
- Processing applications for account opening, account maintenance, and operations relating to your accounts, including but not limited to, processing your applications or requests for using services or products, processing your transactions, issuing your account statement, and operating and closing your accounts.
- Providing services and platform to you, such as proceeding with the purchase, sell and exchange of digital asset, digital asset dealer services, providing investment products, offering choices to you from time to time and dealing with all matters relating to the investment products, including the improvement of system for facilitating the use of services.
- Tracking, recording your transactions, and recording your conversation for the purpose of assistance and evaluating your services.
- Managing your relationship with us, administration of your account with us, observation communication, delivery management.
- Proceeding with your instructions or responding to your inquiries or feedback and resolving your complaints.
- Conducting identity verification and credit checks, know-your-customer (KYC), customer due diligence (CDD) processes, other checks and screenings, and ongoing monitoring that may be required under any applicable law.
- Preventing, detecting and investigating fraud, misconduct, or any unlawful activities, whether or not requested by any government or regulatory authority, and analyzing and managing risks.
- Complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any governmental, tax, law enforcement or other authorities or regulators (whether local or foreign), such as, Office of the Securities and Exchange Commission, Anti-Money Laundering Office, Department of Provincial Administration, Office of the Personal Data Protection Committee, Revenue Department, etc., including the communication, collaboration and respond to such authorities.
- Managing our infrastructure, internal control, internal audit and business operations, preparing reports and complying with our policies and procedures that may be required by applicable laws and regulations including those relating to risk control, security, legal opinion, examination or reference where it’s necessary (e.g., as a supporting evidence of financial statements, notes to financial statements and annual financial statements audit), finance and accounting, systems and business continuity.
- Investigating and retaliating any complaints, claims or disputes.
- Provide marketing communications, information, special offers, promotional materials about our products and services, our group companies, affiliates and subsidiaries and third parties that you may interest (if any).
- Developing new services and products and providing an update to you on our services and products from time to time.
- Carrying out research, planning and statistical analysis, for example, on your investment limit and investment behavior, for the purpose of developing our services and products.
- Organizing our promotional campaign or events, conferences, seminars, and company visits.
- Enforcing our legal or contractual rights including, but not limited to, recovering all debts owed to us.
- Dispute management, resolving disputes to enforce our contracts and to establish, exercise or raise against legal claims.
- Facilitating financial audits to be performed by an auditor or receiving legal advisory services from legal counsel appointed by you or us.
- Performing our obligations under any agreements to which we are a party, e.g., agreements with our business partners, vendors, or other asset management companies, or under which we are acting as an agent.
- Providing services and maintaining security in connection with our platforms, information technology, and workplace, such as websites, mobile applications, identity authentication, recording system, tracking system, device, internet system, monitoring cyber security, prevention and counter-measure of criminal, risk, fraud, and monitoring the premise and area of the Company.
- Changes in the business, such as in the case of business reorganization, business restructuring, merger acquisitions, sales, acquisitions, joint ventures, transfers, liquidation, or any similar event in connection with the transfer or disposition of all or any part of our business, assets, or shares. We may disclose your information to third parties as part of such a process.
If the Personal Data we collect from you is required to meet our legal obligations or enter into an agreement with you and we cannot collect those Personal Data from you, we may not be able to provide (or continue to provide) our products and services you requested.
Corporate Person
- Business communication, such as communicating with the Client about our products or services (e.g., by responding to inquiries or requests).
- Selection process, such as verifying your identity and the Client status, relationship with politically exposed persons status checks, bankruptcy status check, conducting due diligence or any other form of background checks or risk identification on you and the Client (including screening on sanction lists publicly available by law enforcement agencies and/or public authorities as required by law), evaluating suitability and qualifications of you.
- Data management, such as maintaining and updating lists/directories of the Client (including your Personal Data), keeping contracts and associated documents in which, you may be referred to.
- Relationship management, such as planning, performing, and managing the (contractual), e.g., by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, providing support services.
- Business analysis and improvement, such as conducting research, data analytics, assessments, surveys and reports on our products, services and your performance or the Client's performance, development and improvement of marketing strategies and products and services.
- IT systems and support, such as providing IT and helpdesk supports, creating and maintaining code and profile for you, managing your access to any systems to which we have granted you access, removing inactive accounts, implementing business controls to enable our business to operate, and to enable us to identify and resolve issues in our IT systems, and to keep our systems secure, performing IT systems development, implementation, operation and maintenance.
- Security and system monitoring, such as identity authentication and access controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security, prevention and solving crimes, as well as risk management and fraud prevention.
- Dispute handling, such as solving disputes, enforcing our contracts, establishing, exercising or defense of legal claims.
- Internal investigation, any investigation, complaints and/or crime or fraud prevention.
- Internal compliance, such as compliance with internal policies and applicable laws, regulations, directives and regulatory guidelines.
- Complying with laws and government authorities, such as liaising and interacting with and responding to government authorities or courts.
- Marketing purposes, such as informing you of our news and publications which may be of interest, events, offering new services, conducting surveys (if any).
- Complying with reasonable business requirements, such as management, training, auditing, reporting, control or risk management, statistical, trend analysis and planning or other related or similar activities.
- Providing services, such as digital asset subscription service, digital assets exchange service, digital assets wallet service, contacting for providing information or offering our services or products, after-sale services, and related services.
3.HOW WE DISCLOSE OR TRANSFER YOUR PERSONAL DATA
We may disclose or transfer your Personal Data to our affiliates, group companies, subsidiary or third parties authorized by us to proceed with specific matters (including the personnel and agent of such person), whether inside or outside Thailand, as follows:
3.1Our affiliates/ group companies
We may disclose or transfer your Personal Data to our affiliates, group companies or subsidiaries for the purpose of services management or providing assistance to you in the matters related to our services or products, or for the part of qualification assessment of a person.
3.2Service providers, vendors and suppliers
We may use other companies, agents or contractors to perform services on our behalf or to assist with the provision of products and services to you, such as: (a) IT service providers and data storage providers; (b) research agencies; (c) analytics service providers; (d) payment service providers and provide withdrawal services from your account with us to your bank account; (e) administrative and operational service providers; and (f) other service providers involved with the provision of our products or services.
In the course of providing these services, the service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the services, and we ask them not to use your Personal Data for any other purposes. We will ensure that all the service providers we work with will keep your Personal Data secure and treat your Personal Data in a manner consistent with this Privacy Policy.
3.3Business partners
We may transfer your Personal Data to persons acting on your behalf or otherwise involved in the provision of the type of product or service you receive from us or you requested for us to provide, those persons may including but not limited to payment recipients, beneficiaries, Digital Asset Exchange, Digital Asset Broker, Digital Asset Dealer, Digital Token Issuer, ICO portal, commercial banks, correspondent banks, trustees, agents, vendors, co-brand business partners, market counterparties, issuers of products, related person to whom we disclose Personal Data in the course of providing products and services to you, and whom you authorize us to disclose your Personal Data to in accordance with applicable law, and we will ensure that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Policy.
3.4 Government authorities
In certain circumstances, we may be required to disclose or share your Personal Data to law enforcement agency, court, regulator, government authority for complying with legal obligations, such as Securities and Exchange Commission, Anti-Money Laundering Office, Bank of Thailand, Department of Provincial Administration, Office of the Personal Data Protection Commission, Department of Business Development, Department of Intellectual Property, Office of the National Anti-Corruption Commission, Royal Thai Police, Revenue Department, court or other third party for which we believe disclosure or transfer is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party's or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues
3.5 Professional advisors
We may disclose or transfer your Personal Data to our professional advisors relating to audit, legal, accounting, smart contract and tax services who assist in running our business and defending or bringing any legal claims.
3.6 Third parties as assignees, transferees or novatees
We may assign, transfer, or novate our rights or obligations to a third party, to the extent permitted under the terms and conditions of any contract between you and us. We may disclose or transfer your Personal Data to assignees, transferees, or novatees, including prospective assignees, transferees, or novatees, provided that these data recipients agree to treat your Personal Data in a manner consistent with this Privacy Policy.
3.7 Third parties connected with business transfer
We may disclose or transfer your Personal Data to our business partners, investors, significant shareholders, assignees, prospective assignees, transferees, or prospective transferees in the event of any reorganization, restructuring, merger, acquisition, sale, purchase, joint venture, assignment, dissolution or any similar event involving the transfer or other disposal of all or any portion of our business, assets, or stock. If any of the above events occur, the data recipient will comply with this Privacy Policy in respect of your Personal Data.
When we transfer Personal Data to third parties, we will take steps to ensure the protection of your Personal Data, such as confidentiality arrangements or other appropriate security measures as required by law. If you wish to know more about how your Personal Data being process by those third parties, you may learn more detail by visiting privacy notice or privacy policy of such third parties.
4.SECURITY MEASURE OF YOUR PERSONAL DATA
We have enforced administrative measures, appropriate technical and physical measures to protect your Personal Data under our control from destruction, loss, access, use, alteration or disclosure whether by accident, unlawful or without permission which includes accessing or controlling access to your Personal Data to maintain a confidentiality, accuracy, and the availability of Personal Data under our control, in accordance with the minimum requirements required by law.
We have established measures to control access to your Personal Data and the use of equipment for storing and processing Personal Data which is safe and appropriate for the collection, use and disclosure of Personal Data. Moreover, the Company has provided the measures to limit access to Personal Data and the use of devices for storing and processing Personal Data by assigning the right to access the data to the authorize designated employees to access information and the responsibilities for preventing unauthorized access to Personal Data, disclosure, awareness or illegal copying of Personal Data or stealing of Personal Data storages or processing devices. In addition, the Company has provided the measures for retrospective review of access, change, deletion or transfer of Personal Data.
5. CROSS-BORDER TRANSFER OF YOUR PERSONAL DATA
We may disclose or transfer your Personal Data to third parties or servers located overseas, (for example, the transferring of Personal Data to service providers for supporting the process of know your customers and checking customer status for identity proofing and authentication), or the destination countries may or may not have the same data protection standards as Thailand. We have taken steps and measures to ensure that your Personal Data is securely transferred, that the data recipients have suitable data protection standards in place, and that the transfer is lawful by relying on the derogations as permitted under the law.
6. OTHER DETAIL ABOUT YOUR PERSONAL DATA
6.1 Cookies and how they are being use
“Cookies” are tracking technologies that are used in analyzing trends, administering our websites, tracking users’ movements around the websites, and remembering users’ settings. If you visit our websites, we will gather certain information automatically from you by using Cookies.
Most internet browsers allow you to control whether or not to accept Cookies. If you reject the use of Cookies, your ability to use some or all the features or areas of our websites may be limited.
6.2 Personal Data of minors, incompetent persons or quasi-incompetent persons
Our activities are not generally aimed at minors, incompetent persons and quasi-incompetent persons. However, if we receive these persons’ Personal Data in any cases, we do not knowingly collect Personal Data from customers who are minors without their parental or legal guardian consent, as a case maybe, when it is required, or from quasi-incompetent persons or incompetent persons without their legal guardian's consent.
In addition, if we are aware that we have unintentionally collected Personal Data from any minor without parental or legal guardian consent, as a case maybe, when it is required, or from quasi-incompetent person or incompetent person without their legal guardians' consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent.
6.3 Personal Data related to third parties
If you provide the Personal Data of any third party, such as your spouse and children, shareholders, directors, beneficiary, contact person, attorney-in-fact, e.g., their name, family name, email address, and telephone number and politically exposed persons. You should ensure that you have the authority to do so and to permit us to use Personal Data in accordance with this Privacy Policy. You are also responsible for notifying the third party of this Privacy Policy and, if required, obtaining consent from the third party or rely on other legal basis which allows us to lawfully collect, use and/or disclose Personal Data of such third parties.
7. HOW LONG DO WE RETAIN YOUR PERSONAL DATA
We retain your Personal Data for as long as is reasonably necessary to fulfill the purposes for which we have obtained it as set out in this Privacy Policy, and to comply with our legal and regulatory obligations. However, we may have to retain your Personal Data for a longer duration, if required by applicable law as well as our internal policies or operational requirements and other necessities, such as in the event of a dispute.
8. RIGHTS REGARDING YOUR PERSONAL DATA
Subject to the applicable laws and exceptions thereto, you may have the following rights regarding your Personal Data:
- Access: you may have the rights to access or request a copy of the Personal Data we are processing about you including information as to which categories of Personal Data we have in our possession or control;
- Data Portability: you may have the rights to obtain Personal Data hold about you, in a structured, electronic readable format or can be usable by tools or equipment that operate automatically for transmit your Personal Data to another data controller, where technically feasible, provided that the processing is based on your consent or necessary for the performance of a contract;
- Objection: in some circumstances, you may have the rights to object the means we process your Personal Data in certain activities which specified in this Privacy Policy;
- Erasure or Destruction: you may have the rights to request that we erase, destroy, or de-identify your Personal Data that we process about you, e.g., if the data is no longer necessary for the purposes of processing or withdraw the consent on which the collection or processing is based, and where we have no legal ground for such collection or processing or where the Personal Data has been unlawfully processed;
- Restriction: you may have the rights to restrict our processing of your Personal Data if you believe such data to be inaccurate, that our processing is unlawful, or that we no longer need to process this data for a particular purpose;
- Rectification: you may have the rights to have Personal Data that is incomplete, inaccurate, misleading, or out-of-date rectified;
- Consent withdrawal: you may have the rights to withdraw consent that was given to us for the processing of your Personal Data, unless there are restrictions on the right to withdraw consent as required by the law, or a contract that benefits you; and
- Lodge a complaint: you may have the right to lodge a complaint to the competent authority if you believe our processing of your Personal Data is unlawful or non-compliance with applicable data protection law.
If you wish to exercise any of your rights as specified above, please fill the request form in accordance with the form, method and channels provided by us or you may contact us to learn more detail about your right by contacting via “CONTACTING US” as specified below of this Privacy Policy.
Upon receiving the valid request from you, we will proceed with your request within the appropriate period or as required by the law. However, the period may be extended for a longer period due to reasons regarding your right that wish to exercise or complexity of your request. If we deny your request for exercising the data subject rights, we will advise you of the reason for the refusal.
9. LINK TO OTHER WEBSITES
In the event that you use our website or mobile application, it may contain links to other platforms, websites, applications or third parties service providers. We could not ensure their contents and their operations and could not be held responsible for any collection, use, disclosure and/or cross-border transfer of your Personal Data by such platforms, websites, applications or service providers. In this regard you should verify the privacy policy of such platforms, websites, applications or any services which linked to our website or our application (if any) to acknowledge and understand their processes of collection, use, disclosure and/or cross-border transfer your Personal Data.
10. CHANGE TO THIS PRIVACY POLICY
From time to time, we may change or update this Privacy Policy to be in accordance with our actual practice and legal compliance. We encourage you to read this Privacy Policy carefully and periodically review any changes that may occur in accordance with the terms of this Privacy Policy on our website (https://www.er-x.io). We will notify you or obtain your consent again if there are material changes to this Privacy Policy, or if we are required to do so by law.
11. CONTACTING US
If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries or complaints about your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer via the following detail:
A. ERX Company Limited
Address: 1788, Singha Complex Building, 27th Floor, Unit 2702-2708 New Petchaburi Road, Bang Kapi Subdistrict, Huai Khwang District, Bangkok 10310, Thailand
Telephone: 02-080-6060
Email: dpo@erx.io
B. Data Protection Officer
Address: Data Protection Officer of ERX Company Limited, 1788, Singha Complex Building, 27th Floor, Unit 2702-2708 New Petchaburi Road, Bang Kapi Subdistrict, Huai Khwang District, Bangkok 10310, Thailand
Telephone: 02-080-6060
Email: dpo@erx.io
This Privacy Policy was last updated on 9 August 2023
- Right to withdraw consent
- Right to access and receive a copy of personal data
- Right to reveal the source of personal data collection
- Right to rectify personal data
- Right to erase or destroy personal data
- Right to suspend the processing of personal data
- Right to request to send or transfer personal data (data portability)
- Right to object the processing of personal data
Data subject consent withdrawal form
If you are data subject wishing to withdraw the consent you have given to ERX Company Limited, please complete this form.