This Privacy Notice presents the reason for and the processing of personal data of data subjects and describes how the SEC Office processes your personal data, the rights to which data subjects are entitled, and the contact channels of the SEC Office in the case of any problems or queries concerning the processing of personal data.
Personal Data Protection Act
the Personal Data Protection Act B.E. 2562 (2019)
The Office of the Securities and Exchange Commission
any information that can be used to identify a natural person, both directly or indirectly, but shall not include, in particular, any information concerning deceased persons (as defined in the Personal Data Protection Act)
sensitive personal data
the personal data of a data subject that is sensitive and may lead to the risk of unfair discrimination, as specified in Section 26 of the Personal Data Protection Act and/or other data that may impact the rights and liberties of the data subject.
the process of converting personal data in order that such data cannot be identified as belonging to any particular person
data that cannot be used to identify any particular person
The processing of personal data is divided according to the missions of the SEC Office. Please click the following links for more details:
Personal data that the SEC Office collects:
The personal data that the SEC Office collects includes both direct and indirect data, for example, identification number/passport number, title, name, surname (Thai/English), date of birth, citizenship, mobile phone numbers, email, addresses on identification cards, and gender, etc. The types of personal data the SEC Office will collect depends on the necessity of the SEC Office in the carrying out of activities in each operating system. More details of personal data that the SEC Office collects can be found in the link to Privacy Policies above.
Sources of personal data
The SEC Office receives your personal data from you directly.
The SEC Office receives your personal data from a company or agent that you have delegated to proceed by using the system.
The SEC Office receives your personal data from the data cooperation with government agencies.
The SEC Office receives your personal data from other sources, for example, searching other websites.
Purposes of the processing of personal data
The SEC Office retains your personal data for the following purposes:
Approving the establishment and management of funds, and granting approval for the issue and offer for sale of securities under the supervision of the SEC Office;
Approving the persons in the capital market business under the supervision of the SEC Office;
Analyzing and reviewing the overview of investment and studying investment behavior, as well as considering the operation, compliance with the law, rules, and regulations, investigating and inquiring, and any other act in accordance with the missions of the SEC Office so as to ensure compliance with the law;
Considering complaints and wrongdoings, monitoring risks, considering wrongdoings on the issue and offer for sale of securities, as well as the wrongdoing of the relevant professionals;
Disseminating, researching, hearing, exchanging and promoting knowledge;
Internal administration in the SEC Office and other activities as specified by the SEC Office.
For more details of the purpose of the processing of personal data collected by the SEC Office, please click the link to the Privacy Policies above.
Retention and the Period of Retention of Personal Data
Retention of Personal Data
The SEC Office retains personal data in accordance with the nature of the data received. Personal data from the computer system of the SEC Office is retained in the central database with data security and access control features, as well as the control of rights to the computer center. In the case of data retained on the Cloud, the SEC Office has engaged a cloud provider with acceptable standards. In addition, the SEC Office ensures that the service provided by the cloud provider is reviewed on a regular basis. As for hard copy documents and printed materials, the SEC Office scans hard copy documents and printed materials and keeps them in the Enterprise Content Management (ECM), which is the central document database of the SEC Office, with data security and access control features. As for documents pending retention, these are stored in safe places in the SEC Office, i.e., central cabinets with locks. Document access is set by authorization and records of users are kept, etc. Complete documents are stored in warehouses, safeguarded with security features and access control against any unauthorized users.
Period of Retention of Personal Data
The period of retention of personal data is dependent on the processing of personal data as specified by the activities of the SEC Office. The SEC Office will retain any personal data that directly identifies a person, e.g., identification card number, name-surname, address, telephone number, etc. and any personal data that indirectly identifies a person, e.g., educational background, training, etc. as long as it is necessary for the purposes of collection of such data as required by law. In the case of personal data obtained through consent, for example, for seminars, the SEC Office will retain your personal data for a period of two years from the date of the relevant seminar in which you have participated. After the period of retention, or in the case that the SEC Office does not have the right or the basis for the processing of your personal data, the SEC Office will destroy personal data or anonymize personal data, so that it cannot be used to identify a person, in accordance with the procedures specified by the SEC Office within 30 days from the end of such period.
The details of the personal data retention period, the destruction of personal data, and the data anonymization can be found in the link to the Privacy Polices above.
Data subjects have the rights under the Personal Data Protection Act 2562 as follows:
Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data given to the SEC Office during the period your personal data has been retained by the SEC Office.
Right to be informed: You have the right to be informed of the personal data that the SEC Office will process before or at the time of the collecting of personal data.
Right to access: You have the right to access or obtain a copy of your personal data, and to request the disclosure of the source of your personal data.
Right to rectification: You have the right to request the SEC Office to rectify any incorrect or incomplete personal data.
Right to erasure: You have the right to request the SEC Office to erase your personal data for certain reasons.
Right to the restrict of processing: You have the right to restrict the processing of personal data for certain reasons.
Right to data portability: You have the right to request the SEC Office to transfer your personal data to other controllers or to you in certain cases.
Right to object to processing: You have the right to object to the processing of your personal data in certain cases.
Data subjects are entitled to the rights stated above. Therefore, data subjects may request the SEC Office to comply with the rights stated above by requesting the SEC Office via the link Request to Exercise the Rights as Data Subjects.
In requesting the exercise of these rights, data subjects will not be required to pay any expenses, provided, however, that whether or not the SEC Office will comply with any request of a data subject will depend on the basis of the process of personal data, and the reason given by the data subject. When a data subject makes a request to exercise his or her right, the SEC Office will approve or deny his or her request and inform the data subject of its decision within 30 days from the date on which the SEC Office receives a complete set of the request documents. In the case that the SEC Office cannot reply to the data subject within 30 days, the SEC Office will inform the reason for the delay to the data subject. In the case that the SEC Office refuses your request, the SEC Office will inform you of the reason using the contact channel provided by you. If any data subject has any question concerning the SEC Office's decision, the data subject shall address his or her question to the Data Protection Officer at email@example.com.
Notice of obtaining personal data
In the case that the SEC Office obtains your personal data, the SEC Office will inform you of the following matters in the Privacy Policies:
Definitions of personal data;
Personal data that the SEC Office collects;
Sources of personal data;
Purposes of the processing of personal data;
Processing of personal data;
Retention and period of retention of personal data;
Rights of data subject;
Marketing and marketing promotion activities (if any);
Amendment of the Privacy Policies;
1. 'Necessary cookies' are necessary for the website's basic functions, for example, for remembering preferences in visiting websites, security, network management, entering the system, etc. Users may close these cookies by choosing preferences at the web browser, but this may affect the performance and the use of the website.
2. 'Analytical cookies' collect website user behaviors. The SEC Office uses analytical cookies to analyze the pattern of user behaviors so as to improve the website's performance. Analytical cookies collect data that cannot identify persons, and users may choose to open or close these cookies.
Privacy Policies of other websites
The Privacy Policies apply to the services of the SEC Office and the use of the SEC Office's website only. If you click a link to other websites (even through the SEC Office's website), you are required to read and comply with the privacy policies of those new websites.
Amendment of the Privacy Notice
The SEC Office reviews the Privacy Policies on a periodic basis in accordance with the SEC Office's policy in ensuring that they will be in line with the relevant guidelines, laws, and rules. In case of any change to the Privacy Policies, the SEC Office will inform you of such change. This Privacy Notice will also be updated on our website at the same time. The Privacy Policies on the SEC Office's website will be the latest version. If you want to read any previous Privacy Policies, please click here.
Data Protection Officer
The SEC Office has appointed a Data Protection Officer of the SEC Office as required by law. The Data Protection Officer has the duty of giving advice to the SEC Office on the processing of personal data within the SEC Office; ensuring that the operations of the SEC Office on the processing of personal data are in compliance with the SEC Office's relevant policies and related laws: as well as acting as the coordinator between data subjects, the Personal Data Committee, and the SEC Office.
Name of the Organization in Thai:
Name of the Organization in English:
The Office of the Securities and Exchange Commission, Thailand
333/3 Vibhavadi-Rangsit Road, Chomphon, Chatuchak, Bangkok 10900
Help Center: 1207
Telephone No.: 0-2033-9999
Other contact channels
Contact channel of the Data Protection Officer