Privacy Policy
Privacy Policy (Thai) (PDF/233KB)
Mizuho Bank, Ltd. Bangkok Branch (“MHBK”) commits to treat all Personal Data with security and confidentiality and will only collect, record, hold, store, disclose, transfer and use the Personal Data in accordance with the Personal Data Protection Act B.E 2562 (2019) (“PDPA”) and this Privacy Policy as set out below.
This privacy policy (“Privacy Policy”) shall be used for the personal data protection for:
- “Customers” which include (i) individual customers or (ii) individual associated with corporate customers (i.e. directors, shareholders, employees, guarantors, security providers, and legal representatives of corporate customers and other individuals authorized to act on their behalf) of MHBK.
- “Non-customers” which include any persons who may interact, communicate, or provide personal data to MHBK, e.g. MHBK’s directors, shareholders, employees, business partners, vendors, contractors, professional advisors, investors, creditors, service providers, consultants, outsourced contractual parties, anyone who makes a payment to or receives a payment from the Customers, anyone who visits our website, applications or offices and anyone involving in any transactions with MHBK or the Customers.
1. Types of Personal Data
“Personal Data” means any data relating to an individual which can identify such individual, directly or indirectly, excluding the data of a deceased individual or any other term, under its definition of the PDPA.
The Personal Data that MHBK may collect from you is consisted of:
| No. | Types of Personal Data | Details | |
| 1. | “Identity Data” | (a) name; (b) last name; (c) title; (d) gender; (e) age; (f) nationality; (g) country of residence; (h) date of birth; (i) photo; |
(j) identification number; (k) work details; (l) passport number; (m) other government-issued identification data; (n) marital status; (o) family details;and (p) any other identity data with the similar nature. |
| 2. | “Sensitive Personal Data” | (a) ethnicity; (b) religion; (c) gender preference; (d) blood type; (e) health data, such as disability, dietary allergy, and disorder; |
(f) biometric information, (e.g. face recognition, fingerprint, voice recognition and retina recognition); (g) criminal records;and (h) any other sensitive personal data with the similar nature. |
| 3. | “Transactional Data” | (a) details of products and services used by the Customers;and (b) payment history; |
(c) transaction details; (d) feedback and correspondence;and (e) other transactional data with the similar nature. |
| 4. | “Contact Details” | (a) address; (b) phone number; (c) email address; (d) facsimile number; |
(e) other contact details, such as Line, WeChat, Facebook, WhatsApp and Instagram;and (f) other contract details with the similar nature. |
| 5. | “Financial Data” | (a) credit or debit card details; (b) bank account details; |
(c) fund remittance details; (d) source of fund; and (e) other financial data with the similar nature. |
| 6. | “Preference and Lifestyle Data” | (a) preference; (b) interests; |
(c) occupation; (d) customers’ survey; and (e) other preference and lifestyle data with the similar nature. |
| 7. | “Investigation Data” | (a) due diligence checks (e.g. information related to Know Your Client (KYC) or Customer Due Diligence (CDD)); (b) Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) checks; and (c) other investigation data with the similar nature. |
|
| 8. | “Login Information” | (a) login information for using website and applications; and (b) other login information with the similar nature. |
|
| 9. | “Security & Loss Prevention Data” | (a) security camera footages; (b) vehicles and license plate data; |
(c) personal appearance; (d) detection of any suspicious and unusual activity; and (e) other security & loss prevention data with the similar nature. |
| 10. | “Technical Data” | (a) cookies; (b) IP address; (c) log files; (d) device details; (e) location; |
(f) mobile network data; (g) hardware model; (h) operation system; (i) location of branches or ATMs which Customers use; and (j) other technical data with the similar nature. |
| 11. | “Public Data” | (a) data publicly available on both online and offline channels such as social media data, e.g. photos, posts, locations, friend list, liked pages; and (b) other public data with the similar nature. |
|
| 12. | “Correspondence Data” | (a) any correspondence and other communications between MHBK and you, in whatever manner or form; and (b) other correspondence data with the similar nature. |
|
You are required to provide your Personal Data to MHBK for the purpose of entering into contract with MHBK, complying with the obligations thereunder and/or complying with the laws in relation to financial institutions businesses, e.g., anti-money laundering, counter-terrorism and proliferation of weapon of mass destruction financing. If you do not provide the Personal Data to MHBK, MHBK will not be able to consider your request, enter into contract with you, perform any obligations thereunder and it might result to a breach of contract with MHBK by you, breach of laws in relation to financial institutions businesses as abovementioned, or the event that your requests are fully rejected.
If you provide the Personal Data about other persons to MHBK, you affirm that this Privacy Policy have been reviewed by such persons and that such persons have given their consent regarding the processing of their Personal Data. You have to present the consent letter of such other persons to MHBK, as may be requested by MHBK.
2. Collection of Personal Data
MHBK may, directly and indirectly, collect your Personal Data through the following:
(a) Website and Phone Application: This includes when you interact or communicate with MHBK through the websites or application owned or controlled by MHBK (“MHBK’s Websites & Applications”).
(b) Phone Call, Email and Messaging Applications: This includes when you interact or communicate with MHBK over the phone, email, fax, postal service, or messaging applications, such as Line, WeChat, Facebook, WhatsApp and Instagram.
(c) Offline Interactions: This includes when you visit at MHBK’s offices or branches in person or when you discuss with MHBK’s personnel.
(d) Service Providers: This includes any agent, agency, marketing company, market research company, event organizer, caterer, and other service provider, which MHBK works with.
(e) Corporate Customers: This is when corporate Customers provides Personal Data of its director, authorized person, attorney, representative or contact person to MHBK.
(f) Group Company of MHBK: MHBK may collect the Personal Data from its group company such as Mizuho Financial Group, Inc, Mizuho Trust & Banking Co., Ltd., Mizuho Securities Co., Ltd., Mizuho Research Institute Ltd., Mizuho Information & Research Institute, Inc. (“Group Companies”).
(g) Strategic Business Partners: This includes any business partner with whom MHBK collaborates to provide and offer you with services or products.
(h) Other Sources: This includes (i) any third party that may provide your Personal Data to MHBK, such as your family members and related persons, (ii) governmental authorities, regulatory authorities, financial institutions, credit bureau, insurance companies, and/or third-party service providers, and (iii) other publicly available sources, either online or offline (in this regard, you affirm that you have reviewed this Privacy Policy and understood that MHBK may collect your Personal Data from the third parties).
3. Retention Period
MHBK will retain your Personal Data and within the period appropriate and necessary for each type of Personal Data (approximately of 10 (ten) years following termination the contractual relationships). The period MHBK keeps the Personal Data will be in line with statute of limitations or other period required under relevant laws and regulations, (e.g. laws in relation to financial institutions businesses, anti-money laundering, counter-terrorism and proliferation of weapon of mass destruction financing, accounting, tax, labor and other laws to which MHBK is subject both in Thailand and in other countries).
Nevertheless, MHBK may continue to retain the Personal Data as long as (a) it is permitted by PDPA and/or any applicable laws, (b) MHBK is under certain contracts with you, (c) MHBK is under legal obligation to retain the Personal Data, (d) the consent granted to MHBK has not been revoked, or (e) it is deemed necessary to complete the objectives of this Privacy Policy.
4. Purposes of Personal Data Processing
The Personal Data shall be collected and used only for the purposes stated below, including the consent given by you and any other purposes as permitted or required in the PDPA and/or any applicable laws.
| No. | Purpose | Personal Data | Lawful Basis |
| 1. | Contract (a) To provide you with services and products and to consider for approval in relation to the provision of services and products. (b) To process your request prior to entering into a transaction. (c) To enter into a contract and fulfil the obligations thereunder, including to negotiate the contract. (d) To manage the contractual relationship between MHBK and you. (e) To verify and authenticate your payments under the contractual ground. (f) To process the payments to or by you, issue invoices and receipts and/or refund. |
(a) Identity Data (b) Transactional Data (c) Contact Details (d) Financial Data (e) Preference and Lifestyle Data (f) Investigation Data (g) Login Information (h) Correspondence Data |
Contractual Basis |
| 2. | Legal Requirements (a) To comply with laws in relation to financial institutions businesses, anti-money laundering, counter-terrorism and proliferation of weapon of mass destruction financing, accounting, tax, labor and other laws to which MHBK are subject both in Thailand and in other countries. (b) To comply with court orders. |
(a) Identity Data (b) Transactional Data (c) Contact Details (d) Financial Data (e) Investigation Data (f) Login Information (g) Security & Loss Prevention Data (h) Technical Data (i) Correspondence Data |
Legal Obligation |
| 3. | Security and Ordinary Business Operation (a) [To verify and authenticate your identity before continuing the transaction. (b) To record video, picture and sound in the seminar or training to publicize on MHBK’s Websites & Applications or other channels (without having targeted advertisement). (c) To collect, use and disclose Personal Data of directors or agents of corporate Customers which MHBK receives from corporate Customers for purposes in relation to the transactions made between MHBK and corporate Customers. (d) To conduct ordinary business operation of MHBK, e.g. conducting risk management and creditworthiness checks. (e) To prevent any loss, crime, or any unlawful act. (f) To prevent fraud and investigate suspicious transactions and/or anti-money laundering. (g) To ensure security (e.g. to maintain security camera records, to register, exchange identification card and/or take photo of visitors before entering into our building).] (h) To administer and solve technical problem on the MHBK’s Websites & Applications. (i) To audit the business financial status and accounting matters, including the payments and debt collections. (j) To administer and protect security of MHBK’s businesses. (k) To research, to develop and improve the business operations, products, and services of MHBK (which is not direct marketing). (l) To connect data between MHBK’s Group Companies for the ordinary business operation. (m) To allow advisors, service providers, vendors, suppliers, contractors, sub-contractors to provide and supply MHBK with services and products. |
(a) Identity Data (b) Transactional Data (c) Contact Details (d) Financial Data (e) Investigation Data (f) Login Information (g) Security & Loss Prevention Data (h) Technical Data (i) Correspondence Data (j) Public Data |
Legitimate Interest |
| 4. | Process of Sensitive Personal Data To collect and use your Sensitive Personal Data as necessary for verification of your identity prior to continuing the transaction (e.g. to use identification card photo which contains religion and/or blood type information). |
(a)Sensitive Personal Data | Consent |
| 5. | Data Analysis & Sale and Marketing To conduct data analysis or to offer you the products similar to the products you are currently using or other products of MHBK’s Group Companies or other business partners (when MHBK has to disclose your Personal Data to the third parties). |
(a) Identity Data (b) Transactional Data (c) Contact Details (d) Financial Data (e) Preference and Lifestyle Data (f) Technical Data (g) Public Data (h) Correspondence Data |
Consent |
| 6. | Data Analysis & Sales and Marketing (a) To conduct data analysis or to offer you the products similar to the products you are currently using or other products of MHBK. (b) To conduct data analysis or to offer you the products similar to the products you are currently using or other products of MHBK’s Group Companies or other business partners (without disclosing your Personal Data to the third parties). |
Legitimate Interest | |
| 7. | Historical Documents or Archives for Public Interests, Research and Statistic To prepare historical documents or archives for public interest, including the purposes in connection with a research or statistic. |
||
| 8. | Vital Interest To prevent or suppress a danger to a person’s life, body, or health. |
||
| 9. | Public Task To carry out a public task, or for exercising official authority. |
||
5. To Whom Personal Data is Disclosed
Pursuant to the purposes stated in the Privacy Policy, the consent given by you, and any other purposes as permitted or required in the PDPA and/or any applicable laws, your Personal Data may be disclosed, or transferred to the third parties and/or governmental authorities as follows:
(a) Group Companies of MHBK such as Mizuho Financial Group, Inc, Mizuho Trust & Banking Co., Ltd., Mizuho Securities Co., Ltd., Mizuho Research Institute Ltd., Mizuho Information & Research Institute, Inc..
(b) Governmental authorities such as the Bank of Thailand, the Securities and Exchange Commission, Office of Insurance Commission, Ministry of Digital Economy and Society, Department of Business Development, the Revenue Department, the Land Office and the Immigration Bureau, including courts and any other authorities as required by law.
(c) Guarantors and security providers.
(d) Financial Institutions who are connected to your borrowing transactions or other banking transaction with MHBK.
(e) Strategic business partners and/or any persons whom MHBK collaborates and/or have the legal relationship with.
(f) Service providers, vendors, suppliers, contractors, sub-contractors who work with MHBK to provide and supply MHBK with services and products, such as debt collection, credit bureau check, fraud prevention, web hosting, marketing service, data analysis, market research, payment processing, order fulfillment, data technology and related infrastructure provision, customer service, email delivery, auditing, security, event organizing, caterer, insurance and other services or products
(g) Advisors such as accountants, internal auditors, external auditors, lawyers, IT advisors, and technicians.
(h) Third parties to whom MHBK or Group Companies chooses to sell, transfer, merge, any portions of the business, assets, or shares. This includes the parties in relation to the events of business reorganization, insolvency, rehabilitation and similar proceedings.
6. Cross-Border Transfer
Due to the nature of the modern banking business, MHBK may disclose or transfer the Personal Data in relation to you to the parties located overseas, e.g., Group Companies of MHBK or other third parties. MHBK takes steps and measures to ensure that the Personal Data is securely transferred and that the receiving parties have in place an appropriate level of protection standards as required by PDPA or other applicable laws.
In the event that the destination countries do not have the sufficient data protection standards, MHBK will ensure that the transfer of your Personal Data will be in accordance with the PDPA or other applicable laws, which includes the events specified in Section 28 of the PDPA as follows:
(a) to comply with a legal obligation;
(b) when you have been informed of such insufficient data protection standards of the destination country and your consent have been obtained;
(c) to comply with an agreement between you and MHBK or your request before entering into an agreement;
(d) to comply with an agreement between MHBK and other parties for your interest;
(e) to prevent or suppress a danger to your or other persons’ life, body or health and you are incapable of giving consent at such time; or
(f) to carry out activities relating to the substantial public interest.
7. Cookies
Cookies are software which is stored in the MHBK’s Websites & Applications and sent to your browser when using the MHBK’s Websites & Applications. The Cookies on the MHBK’s Websites & Applications are used to collect your log files, e.g. IP address, browser type, internet service provider’s name, entry and exit pages, platform type, date and timestamp, and number of clicks. These Cookies do not cause any harmful effects to the computer or transmit any viruses. MHBK uses the Cookies for the following purpose:
(a) to increase effectiveness of the MHBK’s Websites & Applications in operating online service or interactive applications;
(b) to enhance the visitation to the MHBK’s Websites & Applications, such as to recognize a name, account, password or previous interest, in order to serve those who repeatedly use the MHBK’s Websites & Applications; and
(c) to analyze the performance, including update and improve the operation of the MHBK’s Websites & Applications.
If you disagree to the use of Cookies in automatically collecting the data while browsing the MHBK’s Websites & Applications, you can choose not to accept Cookies by visiting our website or to contact MHBK or the Data Protection Office as detailed in paragraph 17.
8. Log Files
MHBK may record log files from you when using MHBK’s Websites & Applications. Log files include IP address, browser type, internet service provider’s name, entry and exit pages, platform type, date and timestamp, and number of clicks.
9. Surveillance Camera
MHBK uses surveillance cameras to capture footage of the visitors and the vehicles in and around the location of MHBK for safety purposes including the prevention and detection of crimes. The surveillance cameras of MHBK will detect the entrance, the lobby, the terrace, the parking lot outside of the buildings, the fence around the buildings and the area within the perimeter of MHBK, which is accessible by the people throughout 24 hours. MHBK ensures that live captures from the surveillance cameras will be observed by authorized person of MHBK only.
10. Minors, Incompetent Persons or Quasi-Incompetent Persons
To obtain consent from the minors, incompetent persons or quasi-incompetent persons, MHBK will proceed as follows:
In the event that the data subject is a minor (which is a person under the age of 20), the consent shall also be obtained from the lawful parent of such minor, unless such minor can act alone in relation to the purpose of collect, use and disclose in accordance with the Civil and Commercial Code. However, for the minor under the age of 10, the consent shall be obtained from their lawful parent in all cases.
In the event that the data subject is an incompetent person, the consent shall be obtained from their custodian.
In the event that the data subject is a quasi-incompetent person, the consent shall be obtained from their curator.
MHBK may not know if the persons visiting MHBK’s Websites & Applications are considered as a minor, incompetent person, or quasi-incompetent person. The parent of the minors, custodian of the incompetent person, or curator of the quasi-incompetent person providing the Personal Data to MHBK, may request MHBK to delete the Personal Data of such persons. If MHBK is aware that any person is a minor, incompetent person or quasi-incompetent person, MHBK therefore will proceed to obtain consent from the parent, guardian, or curator (as the case maybe) as required by the PDPA and/or other applicable laws.
11. Personal Data Security Measure
MHBK recognizes the importance of maintaining the security of your Personal Data. Therefore, MHBK has implemented reasonable technical and organizational security measures in order to protect your Personal Data collected and stored by MHBK against unlawful and unauthorized access, misuse, loss or destruction, which include control access, encrypted storage and storage with lock.
12. Personal Data Collected prior to PDPA’s Effectiveness.
MHBK is entitled to continue collecting and using your Personal Data which has been collected before PDPA’s effectiveness in accordance with the original purposes. If you do not wish MHBK to continue collecting and using your personal data, you may withdraw your consent at any time by contacting MHBK or the Data Protection Officer as detailed in paragraph 17.
13. Your Rights
Where permitted by the PDPA or applicable laws and under the relevant criteria/requirements specified thereunder, you have the rights with respect to your Personal Data to:
(a) Access: You have the right to access or request a copy of the Personal Data, which MHBK is collecting, using or disclosing about you, including to disclose the acquisition of your Personal Data which MHBK obtained without your consent. For your own privacy and security, MHBK may require you to prove your identity before providing the requested Personal Data.
(b) Data Portability: You have the right to obtain your Personal Data, which MHBK holds, in a structured, electronic format, and to send or transfer such Personal Data to another data controller, where this is (a) your Personal Data and (b) MHBK is collecting, using or disclosing such Personal Data on the basis of your consent or to perform a contract with you.
(c) Rectification: You have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data which MHBK collects, uses or discloses about you rectified.
(d) Withdraw Consent: For the purposes of consent, which you have given to MHBK for the collecting, using or disclosing of your Personal Data, you have the right to withdraw such consent at any time.
(e) File a complaint: You have the right to file a complaint with the Personal Data Protection Expert Committee if you believe that there is violation of the PDPA.
(f) Objection: You have the right to object the collection, use, and disclosure of the Personal Data in certain circumstances, including the case where your Personal Data is being processed for purposes of public task, legitimate interest, direct marketing or scientific, historical or statistic research.
(g) Restriction: You have the right to restrict the processing of your Personal Data in circumstances that (i) MHBK is under pending examination process to check the accuracy of Personal Data or to verify basis with regard to your objection request for the collection, use and disclosure of your Personal Data, (ii) you request MHBK to restrict the use of your Personal Data instead of deleting or destroying, or (iii) your Personal Data is no longer necessary for the purposes of collection, use and disclosure but you request MHBK to retain such Personal Data to establish, comply, exercise or defend legal claims.
(h) Deletion (‘right to be forgotten’): You have the right to request that MHBK delete or de-identify Personal Data which MHBK collects, uses or discloses about you, unless MHBK is not obligated to do so, or if MHBK needs to retain such Personal Data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
You may exercise these rights by contacting MHBK or the Data Protection Officer as detailed in paragraph 17.
Your withdrawal of any previously given consent, request to delete or anonymize the Personal Data or request to restrict or object to the processing of the Personal Data could mean that MHBK is unable to perform its obligations under an existing contract and unable to provide you with the services and products and/or to acts on your request.
MHBK may refuse to comply with the request if (a) there are legal restrictions, (b) MHBK has legal grounds to reject such request as permitted by the PDPA and/or any applicable laws, (c) MHBK has compelling legitimate grounds to reject such request as required or permitted by the PDPA and/or any applicable laws, (d) the Personal Data has been made anonymous, (e) the person submitting the request does not have evidence to verify that he/she is the data subject or does not has the authority to submit such request, or (f) the person submitting the request does not have legal grounds to exercise the rights or Personal Data in the possession of MHBK.
14. Privacy Policy of other Websites
MHBK’s Websites & Applications contain address links to other websites. This Privacy Policy applies only to MHBK’s Websites & Applications and MHBK shall be solely responsible subject to the scope of this Privacy Policy. MHBK shall not be responsible for any collection, use, or disclosure of Personal Data, or the use of cookies conducted by other websites which you access from MHBK’s Websites & Applications. Therefore, MHBK would kindly suggest you carefully review the privacy policies of other websites before using them.
15. Amendment and Review
MHBK may from time to time change, or amend any provision of this Privacy Policy to be in accordance with any amendment to the PDPA or other legal requirements under the rules/regulations issued under the PDPA.
16. Miscellaneous
This Privacy Policy is governed by and shall be construed in compliance with the PDPA and the applicable laws of Thailand. This Privacy Policy is written in English and Thai language. In the event of any inconsistency between the English version and Thai version, the English version shall prevail.
17. Contact Us
Regarding all queries with respect to the Personal Data arising from this Privacy Policy, or the activities of MHBK, including the exercise of any rights as set out in this Privacy Policy, MHBK and the Data Protection Officer can be contacted at the below address:
Data Controller
| To: | Mizuho Bank, Ltd. Bangkok Branch |
| Address: | 98 Sathorn Square Office Tower 32nd - 35th floor, North Sathorn Road, Silom, Bangrak, Bangkok 10500, Thailand |
| Tel: | +66-2-163-2999 +66-2-002-0222 |
| Fax: | +66-2-200-2600 |
| Email: | [email protected] |
Data Protection Officer
| To: | Data Protection Officer |
| Address: | 98 Sathorn Square Office Tower 32nd - 35th floor, North Sathorn Road, Silom, Bangrak, Bangkok 10500, Thailand |
| Tel: | +66-2-163-2999 +66-2-002-0222 |
| Fax: | +66-2-200-2600 |
| Email: | [email protected] |