Privacy Policy

Updated September 2022


KASIKORN LEASING the COMPANY LIMITED (“Company”) operates its business in adherence with ethical standards and respect for your privacy.
the Company has always placed importance on personal data protection and security to ensure that your personal data obtained by the Company will be used in accordance with the objectives and in compliance with law. the Company has formulated this personal data protection policy (this “Policy”) to inform you, as a data subject, of the objectives and details for collection, use and / or disclosure of personal data, including your legal rights

  1. To whom will this Policy apply, and what are channels for personal data collection?
    1. 1.1 To whom will this Policy apply?

      This Policy shall apply to you if you are classified as one or several types of the following persons.

Type of person under the Policy Details and examples
  1. Individual customer of the company
    ("Individual Customer")
The Company’s individual customer such as
  • person who is using or has used products and / or services
  • person who requests data on products and / or services
  • person who has knowledge of data on products and / or services via various channels
  • person who has been offered or persuaded by the Company to use or accept products and / or services
  1. Individual having involvement with a juristic person which is a customer of, or conducts transactions with, the Company
    ("Personnel of Juristic Person")
Individual having involvement with a juristic person which is a customer of, or conducts transactions with, the Company such as
  • shareholder
  • director
  • authorized person
  • agent or partner
  • employee, officer and / or assignee
  1. Individual having involvement with transactions of the Company or the Company’s customers
Individual having involvement with transactions of the Company or the Company’s customers such as
  • contact person
  • employee, staff, officer, personnel
  • person in the family, friend, neighbor
  • person recommended or referred by the Company’s customers
  • investor, guarantor, mortgager, security provider, ultimate beneficial owner
  • trade partner such as supplier, sponsor, dealer, seller, contractor, service provider, buyer, etc.
  • creditor, debtor, lessor, lessee
  • person who makes payment to or receives money from the Company’s customers
  • any other person of whom the Company may receive personal data from transaction conducted by customers (such as property assessment or loan provision)
  • person who visits the Company’s website or application, or online social media account or uses services at the Company’s branch or head office
  • professional advisor
  • any other individuals of similar nature
  1. General individual
General individual such as
  • person with whom the Company has a relationship, interaction, contact in other ways, or who has provided personal data to the Company, or of whom the Company has received personal data, either directly or indirectly, regardless of any channel
Click and scroll through the information.
    1. 1.2 Channel for collection of personal data

      The Company may collect your personal data via the following channels :

      (1) The personal data that you give directly to or through the Company, or held by the Company by your use of products and / or services, contact, visit, joining activities, search via service channels and / or the Company’s contact channels such as branch, head office, website, application, online social media account of the Company email, banking agent, customer data service center, telephone, facsimile, postal mail, short message service (SMS), questionnaire, name card, meeting, training, seminar, event, recreation, marketing promotion activity, contact or any other channel;

      (2) The personal data received or accessed by the Company from other sources, such as government agencies, other companies within the Company Financial Conglomerate, other banks or financial institutions, financial service providers and other service providers of the Company, business partners and service providers of business partners, companies that jointly issue products and / or services with the Company, the National Credit Bureau, information service providers, the Company’s customers, individuals or juristic persons conducting a transaction with the Company (as you having involvement with such transactions as mentioned above), registrar, securities issuer, Thailand Securities Depository Co., Ltd. (TSD), online social media, online platform of third party, public data sources (such as Government Gazette), a person having legal authority or legal right, any other person or agency with which the Company has a legal relationship, etc.

  1. Which personal data does the Company collect, use, and / or disclose?

    2.1 Personal data is the data that can directly or indirectly identify you, i.e.

    1. 2.1.1 Individual means Individual Customer, individual having involvement with transactions of the Company or the Company’s customers and general individual.
Type of data Examples of data that the Company collects, uses and / or discloses
Personal information
  • Title, first name, middle name, last name, alias (if any)
  • Gender, date of birth, age
  • Marital status, family status, number of family members and children
  • Data of relationships (such as between the principal and joint borrower, principal and supplementary cardholder, you and beneficiary)
  • Nationality, country of residence
  • Signature
  • Data on the document issued by government agencies (such as copy of national ID card, copy of passport, copy of visa, copy of certificate of alien, copy of work permit, copy of government / state enterprise official, copy of house registration, copy of birth certificate, copy of name change, copy of marriage certificate, copy of divorce certificate, copy of death certificate, copy of driving license copy of vehicle registration booklet or documents used for identifying and confirming identity of the same characteristic), other KYC and CDD data, etc.
Contact information
  • Address per important document, home address and address in the country of your nationality, workplace
  • Telephone number, mobile phone number, facsimile, email
  • Name or user name for contact via electronic communication or online social media (such as LINE ID)
  • Evidence for having residence in Thailand (for foreign national)
Education and work information
  • Data on a copy of student ID card, the highest education level
  • Career and professional field
  • Position, current years of work
  • Work detail, type of business
Proprietorship data
  • Shareholding ratio and / or data on other documents for confirming business operation (such as commercial lease agreement)
  • Customer’s business photos
Financial data and transaction
  • Deposit account number, deposit amount, interest
  • Credit / debit card number
  • Income data, source of income and expenses
  • Information on salary certificate, salary slip / bonus or evidence showing other income, other banks’ account statement, appraised value of property
  • Tax ID number and data on personal tax payment
  • Data on application for channel, product and / or service
  • Type of account, deposit period, conditions for payment, type of card, account statement
  • Credit score, credit card limit, accumulated points, approved credit limit, borrowing data, debt amount, collateral data and documents showing ownership of collateral details and payment history
  • Investment data (such as details of securities subscription or reservation), invest risk level, data per risk profile assessment form, client suitability data, trading securities data, value of securities, investment value, investment period)
  • Transaction history, transaction details and objectives for transaction, data in transaction memo, transaction reference number, transaction channel
  • Application user name and password
  • Insurance data (such as documents related to insurance application, type of insurance, insurance application, details of insurance policy, starting and ending date of coverage, details of insured property, insurance premium, the sum insured and details on insurance claims)
  • Other information to support the use of products / services (such as customer code / customer information system (CIS), cheque data, bill of exchange data, credit line, interest rate, information to support loan application, trade data, purchase order, purchase and sale agreement and / or other agreements, details on guarantee
Technical data, devices or equipment
  • Data of application usage
  • IP address or MAC address
  • Cookies ID
  • Web beacon, Pixel Tag or Software Development Kit (SDK)
  • Device ID
  • Series and type of devices, network, connection data
  • Data on access, data on single sign - on (SSO)
  • Log
  • Data on login, access period, usage and usage period of application and website, search history, browsing data
  • Time zone and location data
  • Type and version of plug - in browser, operating system and platform including other technologies on your device used for accessing platform
  • Other technical data from usage on platform and operating system
Other information
  • Record of communication or correspondence between you and the Company, details on complaints or comments, request for exercising rights, survey results, audio record, photos, video, audio clips, communication record via log / chat bot, photos or video from CCTV, data on court order / Government Gazette related to transactions of the Company’s customers or related to the Company’s compliance with laws (such as receivership order, order for appointment of administrator of an estate, order effecting a person to be incompetent or quasi - competent person, order for submission of documentary evidence or physical evidence) and any other data deemed personal data under the personal data protection law.
  • Data on registration for joining the Company’s activities
Click and scroll through the information.
  1. 2.1.2 Personnel of Juristic Person means individual having involvement with a juristic person which is a customer of, or conducts transactions with,
    the Company.
Type of data Examples of data that the Company collects, uses and / or discloses
Personal information
  • Title, first name, middle name, last name, alias (if any)
  • Gender, date / month / year of birth, age
  • Marital status, signature,
  • Data on documents issued by government agencies (such as copy of national ID card, copy of passport, copy of visa, copy of alien certificate, copy of work permit, copy of house registration or documents used for verifying and confirming identity of the same characteristics), other KYC and CDD data, etc.
Contact information
  • Address per important document, current home address and address in the country of nationality, workplace
  • Telephone number, mobile phone number, facsimile number, email
Work information
  • Career and professional field
  • Position, current years of work
  • Work detail, type of business
Information in documents supporting transaction
  • The Company certificate
  • List of shareholders
  • Power of Attorney
  • Commercial registration certificate
Other information
  • Information which has been collected, used and / or disclosed relating to relationship with the Company such as information given by a juristic person to the Company in a contract, details about complaints or comments, survey results., information on registration for joining the Company’s activities
Click and scroll through the information.
  1. 2.2 Sensitive Personal Data

    “Sensitive Personal Data” means personal data which is specifically determined by law. the Company has no intention to collect Sensitive Personal Data from you.

    In certain cases, however, the Company may need to collect Sensitive Personal Data from you for providing services or products to you, for example, religion (displayed on a copy of national ID card) or race (displayed on a copy of passport of some countries), biometric data (such as facial recognition data, fingerprint recognition data, electronic signature data which uses technology extracting specific behavior of such signing for identification and authentication of the person who writes such signature), data on criminal record, health data, data on disability, sexual behavior, etc. the Company shall collect, use and / or disclose the Sensitive Personal Data provided that the Company has been given explicit consent by you or permitted by law. This shall be undertaken on a case - by - case basis when the Company is required to collect Sensitive Personal Data from you.

    (Unless specifically stated otherwise, personal data and Sensitive Personal Data as earlier mentioned shall hereinafter be collectively referred to as “Personal Data”.)

  1. 2.3 Personal Data of minors, incompetent or quasi - incompetent persons

    The Company has no intention to collect, use and / or disclose Personal Data of minors, the incompetent or quasi - incompetent persons, unless the Company obtains consent from the guardian, the appointed guardian the appointed curator or any act which minors may give consent by itself pursuant to law (as the case may be) and / or has any lawful basis. If the Company discovers that the collection, use and / or disclosure of Personal Data of minors, the incompetent or quasi - incompetent persons is undertaken without (i) consent from the guardian, the appointed guardian, the appointed curator or minors who may give consent by itself pursuant to law (as the case may be) and (ii) any lawful basis, the Company shall delete or destroy such Personal Data.

  1. 2.4 Personal Data of any other third party

    If you provide Personal Data of any other third party who is a Personnel of Juristic Person and / or who has involvement with you to the Company such as shareholders, directors, authorized persons, family members, reference persons, trade partners, guarantors, mortgagers, providers of collateral, beneficiaries, administrator of an estate, emergency contact persons and / or any other person per document of your transaction, etc., please inform those persons of the details under this Policy and request their consent, if necessary, or apply other lawful bases to ensure that the Company can collect, use and / or disclose Personal Data of the aforementioned third party.

  1. What are the objectives of collection, use and / or disclosure of your Personal Data?

    The Company will collect, use and / or disclose your Personal Data only as necessary under the Company’s legitimate objectives which include the collection, use and / or disclosure of Personal Data for compliance with the contract in which you are a contract party, for performance of duties as required by law, for legitimate interest, for operations according to your consent and / or for operations under other lawful bases. Objectives for collection, use and / or disclosure of Personal Data under this Policy are as follows.

    Some of the following objectives may or may not apply to you. Please consider the objectives in accordance with your relationship with the Company on a case - by - case basis.

  1. 3.1 Objectives requiring consent

    The Company shall collect, use and / or disclose your Personal Data based on consent for the following objectives.

    3.1.1 Collection, use and / or disclosure of Sensitive Personal Data for which the Company cannot apply other lawful bases but must request explicit consent. Such objectives shall be :

    • (1) Data on religion and race (such data collected from a copy of national ID card or passport of some countries which the Company needs to use as evidence of identification and authentication only.)

      (2) Biometric data for signing, identification and authentication, electronic know your customer service of the Company and for support of the Company’s business partners

      (3) Health record data, disability data, criminal record, and sexual behavior which the Company shall collect, use and / or disclose only when necessary for the use of certain products and / or services of the Company only. Criminal record shall be used for examination and confiscation of related property

    • 3.1.2 Analyses, research and / or conducting statistical data including those for development, improvement of products and / or services of the Company, other companies within the Company Financial Conglomerate, business partners and / or other juristic persons that require your consent in accordance with law.

      3.1.3 Marketing operations, submission of offers for products and / or services, privileges for attending activities held by the Company, other companies within the Company Financial Conglomerate, business partners and / or other juristic persons including news, useful advice and appropriately selected promotions and launch of marketing strategies that require your consent in accordance with law.

    The Company may request your consent directly or via other companies within the Company Financial Conglomerate, business partners and / or other juristic persons on a case - by - case basis

      3.2 Objectives requiring other lawful bases other than consent
      The Company will collect, use and / or disclose your Personal Data based on other lawful bases as necessary under the Company’s legitimate objectives, such as, for compliance with the contract in which you are a contract party or your request, for performance of duties as required by law, for the legitimate interest and / or for operations under other lawful bases for the following objectives :

      3.2.1 Operations before entering into a contract with the Company such as giving consultation, advice and / or any other data related to products and / or services, analysis and assessment of customer demand, verification of qualification, verification of juristic person customer’s status, check of data or document accuracy, identification and authentication, including know - your - customer (KYC) and customer due diligence (CDD) procedure, property assessment, credit data examination and / or request for credit data correction, examination of Sanction List of competent authorities and / or government agencies which are generally disclosed as required by law, examination of receivership or insolvency, customer risk classification, and pre - filling of customer’s personal information / contact information for facilitation in applying for products and / or services of the Company

      3.2.2 Any operation related to consideration of products and / or service provision such as communication, receipt / delivery of documents or parcels, processing of request and operation per the request approval procedure (including but not limited to customer’s property assessment, property examination and valuation, property price review), establishment of loan limit, entering into a contract, agreement and / or any other related juristic act, registration for use of products, services and / or for participation in the Company’s activities.

      3.2.3 Delivery of products and / or services under the contract you have entered into with the Company such as

      • Disbursement of loan, purchase of insurance
      • Any operation related to the provision of products and / or services (such as acceptance of payments, amendment to contract as earlier agreed, conducting transaction report, operation related to relationship between credit line and securities, operation related to securities, insurance, preparation of customer data documents used for customer’s transaction (such as document certification))
      • Examination, confirmation and improvement of transactions (including transaction conducted via website and / or the Company’s application)
      • Provision of benefits and operation in accordance with customers’ benefits
      • Customer relationship management, after - sale transaction operation, customer facilitation and / or management of complimentary gifts for customers
      • Provision of advice or risk management guidelines
      • Complaint management, solving problem, operation per customer request
      • Acceptance of payment or any asset
      • Monitoring compliance with conditions for use of products and / or services, termination of services.

      3.2.4 Marketing operation which does not require your consent under the law such as

      • Consideration of customer groups for sending them invitation to join activities or sales promotion as appropriate
      • Submission of the offering of products and / or services, privileges for attending activities, events or meeting held by the Company, including facilitation for joining activities (such as registration for event)
      • Offering of products, services and / or privileges that you have requested or notification of your benefits
      • Offering of products and / or services of the same type / close to those of the Company or other companies within the Company Financial Conglomerate which you are using
      • Contact in case where you have dropped off the application for products and / or services to facilitate you in case you wish to reapply for the products and / or services of the same type with the Company, or offering other products and / or services that you may have an interest in
      • Organization of sales promotional activities (such as provision of benefits and gifts).

      3.2.5 Analysis, research and / or conducting statistical data which does not require your consent under the law for development, improvement of products and / or services within the Company such as

      • Analysis, research, marketing research, conducting statistical data analysis of your financial data and / or conducting report for the Company’s internal use
      • Analysis, conducting model (such as credit scoring)
      • Studying, analyzing and monitoring the proportion of credit portfolio.

      3.2.6 Other operations of the Company such as

      • Management, risk management, internal audit within the Company
      • Maintain legitimate benefits
      • Conducting customer database or recording data in the system or database
      • Consideration and review of customer credit quality
      • Notification of debt payment or renewal of products and / or services
      • Debt collection
      • Satisfaction survey and assessment after use of products and / or services
      • Litigation or other legal processes
      • Participation, coordination and / or assignment of work to another person to perform on behalf of or in collaboration with the Company (such as for design of products or services, design of customer service experience, design of process or support of the delivery of products and / or services)
      • Assignment of rights and / or duties, management of operations of the Company and other companies within the Company Financial Conglomerate
      • Use of CCTV, control of entry / exit of the Company’s premises
      • Management of complaints or management of illegal incidents or suspicious incidents (such as fraud, money laundering, terrorism and mass destruction weapon proliferation, crime, intellectual property infringement including management planning, examination, surveillance, evidence collection, reporting, and / or detection)
      • Prevention and assessment of risk, which may be incurred from granting financial accommodations, of financial institution system
      • Conducting database on business risk to the Company
      • IT operation, communication system management and prevention, response and mitigation of IT risk and cyber threats

      3.2.7 Compliance with the order of competent authorities and / or compliance with laws such as

      • Compliance with the order of court, the government agencies, banking supervisory agencies, competent officers under the personal data protection law, financial institution business law, securities and stock exchange law, life insurance law, non - life insurance law, insurance commission law, payment system law, exchange control law, deposit protection agency law, taxation law, anti - money laundering law, counter - terrorism and proliferation of weapons of mass destruction financing law, computer crime law, bankruptcy law and other laws with which the Company is required to comply, either in Thailand or other countries, including regulations and rules issued under these laws, which are now being enforced, to be amended or to be enforced in the future.

      3.2.8 Prevention or cessation of danger to a person’s life, body or health

      3.2.9 Conducting historical documents or annals for public benefit or related to study, research or statistics

      3.2.10 The Company’s operation of public benefit or performance of duties in using the government’s authority granted to the Company

    If the Company needs to collect, use and / or disclose your Personal Data for execution of or compliance with a contract that you have entered into with the Company and / or for the Company’s performance of duties under the law and you, upon request, do not provide such necessary Personal Data to the Company or you have chosen to delete your user account from the application of the Company, the Company may not be able to approve or deliver / provide products and / or services, either partly or wholly, for you and it may impact on the Company’s performance of duties under the law or your relationship with the Company

  1. To whom will your Personal Data be disclosed?

    Under your consent or criteria permitted by law, the Company may disclose your Personal Data to a third party. Persons or agencies receiving such Personal Data will collect, use and / or disclose your Personal Data within the scope for which you have given consent, or within the scope related to this Policy. In certain cases, you may be under the personal data protection policy of such recipient of your Personal Data. the recipient of your Personal Data may be in Thailand or other countries.

    The Company may disclose your Personal Data to persons or agencies based on your relationship and transaction as follows :

  2. Type of Personal Data Details
    Other companies within the Company Financial Conglomerate The Company may disclose your Personal Data to other companies within the Company Financial Conglomerate for the determined purposes or according to your consent under this Policy. Other companies within the Company Financial Conglomerate can rely on the consent that the Company obtains.
    The Company’s service providers The Company may use another the Company, trade partner, the Company’s agent, sub - contractor or external service provider to conduct business operation on behalf of the Company or to support the provision of the Company’s products and / or services to you. therefore, the Company may disclose your Personal Data to the Company’s service provider, including but not limited to :
    • Banking agents
    • National Digital ID the Company Limited
    • National Interbank Transaction Management and Exchange (NITMX) Service providers of digital infrastructure system and service providers of database system for data exchange between financial institutions
    • Property valuation service providers
    • Telecom operators
    • IT, technology support and security service provider
    • Cloud computing service providers
    • Marketing service providers
    • Document storage providers
    • Online social media providers
    • Payment channel service providers
    • Debt collection service providers
    • Printing house or print service providers
    • Document or parcel delivery providers
    • Provider of concierge services
    • Card producers
    • Provider of vehicle registration
    The Company’s business partners The Company may disclose your personal data to
    • The Company’s business partners including those who jointly provide products and / or services (such as Vehicle manufacturer, Car Dealer, Used car Dealer, non-life insurance or life insurance companies)
    • Co - branding business partners
    • Banks or other financial institutions (such as corresponding bank)
    • Business partners which are fintech companies
    • Co - underwriters

    In cases where your Personal Data is disclosed to business partners for their marketing purposes such as for sales promotion, public relations or offering of products and / or services by business partners to you, the Company will notify you of the names of business partners for supporting your decision in giving consent. Business partners can rely on the consent that the Company obtains.

    Persons determined by law In some cases, the Company may be required to disclose your personal data for compliance with the order of persons having legal authority or legal rights and / or for compliance with law. the recipients of your Personal Data include :
    • law enforcement agencies
    • banking supervisory agencies (such as the Bank of Thailand, the Anti - Money Laundering Office, the Revenue Department, the Department of Provincial Administration, courts, police officers, the Legal Execution Department, the Department of Lands, the Department of Land Transport, the Office of Personal Data Protection Commission, the Office of Consumer Protection Board, agencies performing the duty of registering collaterals, etc.)
    • public agencies
    • associations, agencies or any other person as necessary to perform duties under laws or regulations or for protection of the Company’s rights, third party’s rights, which may include any related legal procedures
    Advisors / experts For the benefit of the Company’s business operation, the Company may disclose your Personal Data to
    • auditors
    • external auditors
    • legal advisors
    • tax advisors
    • credit rating companies
    • other advisors or experts, as the case may be
    Prospective assignee and / or assignee of rights in any transaction or merger of the Company In cases where the Company engages in organizational restructuring, debt restructuring, merger, business acquisition, transfer of rights, business dissolution or any other incidents of the same nature, the Company may need to disclose your Personal Data to :
    • trade partners, interested parties
    • asset management companies and / or those assignees of rights
    Any other third party The Company may disclose your Personal Data to any other third party for the objectives as specified in this Policy. Any other third party receiving your Personal Data may include but are not limited to
    • the persons with whom you have entered into a contract or have relationship relating to transaction (such as reference person, guarantor, mortgagor, provider of securities and beneficiary or embassies for document certification)
    • National Credit Bureau
    • developers of technology infrastructure and / or work system of the Company
    • Members of National Digital ID the Company Limited
    • card schemes (such as VISA, Mastercard, JCB, UPI)
    • universities or educational institutions
    • online social media provider
    • public or ordinary people
    Click and scroll through the information.
  1. Will the Company send or transfer your Personal Data to other countries?

    The Company may need to send or transfer your Personal Data to other companies within the Company Financial Conglomerate located in other countries, or to other recipients of data, as part of the Company’s normal business operation. For instance, sending or transferring Personal Data for storage on cloud platforms or servers located in other countries, sending or transferring data of cross border fund transfer transaction to a financial institution located in another country via international funds transfer management intermediaries, a trade partner which is a private banker in another country, banks or financial institutions which are corresponding banks or nostro banks in other countries, business partners including those jointly providing products and / or services and Co - branding business partners, online social media service providers, government agencies in other countries and / or a person having connection with your transaction in other countries, etc.

    If the destination country has insufficient standards of Personal Data protection, the Company shall ensure that Personal Data will be sent or transferred in accordance with law and shall set standards of Personal Data protection as deemed necessary, and appropriate for and consistent with the confidentiality standards. For instance, an agreement must be entered into with the data recipient in that country to ensure that your Personal Data will be protected under the Personal Data protection standards equivalent to that in Thailand. If the data recipients are other companies within the Company Financial Conglomerate, the Company may decide to conduct binding corporate rules verified and certified by relevant competent authorities and will send or transfer Personal Data to other companies within the Company Financial Conglomerate located in other countries in accordance with said binding corporate rules.

  1. Use of cookies and / or technologies of similar nature

    The Company may collect and use cookies and / or any other technologies of similar nature when you use the Company’s website and / or application including conducting transactions, using products and / or services of the Company via digital channels and internet network. the collection of cookies and / or use of any other technologies of similar nature will help the Company to recollect your use and preferences, including analysis of your interest for improvement and development of efficiency of the Company’s website and / or application in order to respond to your demand and use so that you can have positive experiences in using the Company’s website and / or application. You can learn more details from the “Cookies Policy” of the Company at www.kasikornbank.com/en/privacy-policy/pages/cookiespolicy.aspx
    Moreover, the Company may disclose the data that cannot identify you to data analysis service providers such as Google, both in Thailand and other countries. Google will use technologies and tools for data analysis such as cookies and / or the Software Development Kit (SDK) to monitor and conduct reports of data analysis related to your use of the Company’s website and / or application. You can learn details of Google’s data analysis under the heading “How Google uses data when you use your partner’s sites or apps” www.google.com/policies/privacy/partners or other URL as determined by Google

  1. How long does the Company keep your Personal Data?

    The Company will keep your Personal Data during the period you are the Company’s customer or have a relationship with the Company, or throughout the period required in order to achieve the related objectives of this Policy. Once your relationship with the Company ends, the Company will further keep your Personal Data for a period as necessary according to the statute of limitations or for a period as required or permitted by law, for instance

    • Personal Data shall be kept in accordance with the anti - money laundering law for 5 - 10 years after the end of the relationship, as the case may be.
    • Personal Data shall be kept in accordance with financial institution business law, securities and stock exchange law, accounting law, and taxation law, for 10 years after the end of the relationship.

    The Company will undertake operations through appropriate steps to delete or destroy the Personal Data or make it anonymous when it is no longer necessary or said period ends.

  1. How does the Company protect your Personal Data?

    The Company shall apply technical, administrative and physical safeguard measures for safekeeping of your Personal Data in order to maintain confidentiality, accuracy, completeness, and availability of Personal Data to prevent unauthorized or illegitimate access, collection, revision, rectification, use and / or disclosure of Personal Data in accordance with legal requirements.

    The Company has put in place appropriate measures to prevent the infringement of Personal Data. the Company has therefore established policies, procedures and criteria for Personal Data protection such as measures to control access to Personal Data and use of secure and proper devices for storing and processing Personal Data, restriction of access to Personal Data, determination of users’right to access Personal Data, right to permit assigned employees to access Personal Data and users’ responsibilities in order to prevent unauthorized access to Personal Data, unauthorized disclosure, unauthorized knowledge or unauthorized copy of Personal Data, or theft of devices used for storing or processing Personal Data. Measures have thus been put in place for tracking back of access to, change in, deletion or transfer of Personal Data, which are consistent with and appropriate for the methods and tools for collection, use or disclosure of Personal Data, including examination for assessing the effectiveness of compliance with policies, procedures and criteria for Personal Data protection.

    The Company’s executives, employees, personnel, contractors, representatives, advisors, and recipients of data from the Company shall maintain the confidentiality of Personal Data in accordance with the confidentiality measures determined by the Company.

  1. What are your rights in connection with your Personal Data?

    Your rights under this item are legal rights that you should be aware of. You can exercise your rights as stipulated by law and this Policies currently available or to be amended in the future, including criteria determined by the Company. If you are less than 20 years old, or have limited capacity to perform juristic acts under the law, you may request your father and / or mother, appointed guardian or authorized person to express the intention to exercise these rights on your behalf.

      9.1 Right to withdraw consent (opt - out) : You are entitled to withdraw the consent that you have previously given to the Company to collect, use and disclose your Personal Data (whether such consent has been given prior to or after the personal data protection law is enforced), at any time during which your Personal Data is held by the Company, unless there is right restriction by law or there is a contract which is beneficial to you which remains valid. the collection, use and / or disclosure of your Personal Data which was undertaken before the withdrawal of your consent shall not be affected.

      However, the withdrawal of your consent related to and required for the service request may prevent the Company from complying with the contract or providing services to you, or may cause the transaction or any other related activities to be suspended or temporarily discontinued, or may affect your knowledge of products and / or services, for instance, you may not receive the offer of products and / or services, benefits, promotions or other new offers, or may not receive alternative products or services which are more in line with your needs, or may not receive news and recommendations that are beneficial to you, etc. For your own benefit, you should determine and inquire about the potential impacts before deciding to withdraw your consent.

      9.2 Right to access : You are entitled to have access to your Personal Data under the Company’s responsibility and to request the Company to provide you duplication of your Personal Data and inform you of how your Personal Data has been obtained.

      9.3 Right to data portability : You are entitled to request your Personal Data which has been processed by the Company to be in a format that can be read or used in general with an automated device or equipment, and can be used or disclosed via automated methods. You are also entitled to request the Company to send or transfer your Personal Data of said format to other data controllers if it can be processed via automated method, and to request Personal Data of said format which is directly sent or transferred by the Company to other data controllers, unless it cannot be processed due to technical difficulties.

      Your aforementioned Personal Data must be Personal Data that you have granted consent to the Company to collect, use and / or disclose or must be Personal Data that the Company needs to collect, use and / or disclose for your use of the Company’s products and / or services in accordance with your intention wherein you are a contract party with the Company or for undertaking operations per your request before using the Company’s products and / or services or must be other Personal Data as determined by competent authorities.

      9.4 Right to object : You are entitled to lodge an objection to the collection, use or disclosure of your Personal Data at any time. If the collection, use or disclosure of your Personal Data, to which you lodge an objection, is undertaken under legitimate interest of the Company or any person or any juristic person, or for public benefit, the Company shall continue to collect, use and / or disclose your Personal Data only if the Company can provide legal reasons that the collection, use and / or disclosure of your Personal Data is sufficiently important, or is undertaken for the establishment, defense, use of, or compliance with, the rights to claim in accordance with applicable law, as the case may be.

      In addition, you are entitled to lodge an objection to the collection, use and / or disclosure of your Personal Data which is undertaken for objectives related to direct marketing or for the purpose of scientific, historical or statistical studies and research.

      9.5 Right to deletion or destruction  : You are entitled to request the Company to delete or destroy your Personal Data or make it anonymous if you believe that your Personal Data has been collected, used and / or disclosed illegitimately, which is not in compliance with applicable laws or if you deem that it is no longer necessary for the Company to keep your Personal Data under the objectives of this Policy or when you exercise your right to withdraw consent or your right to object as mentioned earlier.

      9.6 Right to suspension  : You are entitled to request the Company to suspend the use of Personal Data if the Company is conducting an investigation per your request to exercise your right to rectification or right to object, or for any other case wherein it is no longer necessary for the Company to keep your Personal Data and the Company must delete or destroy your Personal Data in accordance with applicable laws, but you have sought to request the Company to suspend the use of your Personal Data instead.

      9.7 Right to rectification : You are entitled to rectify your Personal Data to keep it accurate, up - to - date, complete and not misleading.

      9.8 Right to lodge complaint : You are entitled to lodge a complaint to relevant competent authorities if you believe that the collection, use and disclosure of your Personal Data violates or does not comply with applicable laws.

      Exercising the aforementioned rights may be restricted by applicable laws, and, in certain cases, there may be compelling reasons that may cause the Company to deny your request or may prevent the Company from complying with your request such as for in compliance with laws or court orders, for the public benefit, exercising the aforementioned rights may potentially violate other persons’ rights or freedoms, etc. If the Company denies aforementioned request, the Company shall give you the reason(s) for such denial.

      You can submit your request to exercise your rights via the following channels :

Rights Channels to exercise the rights Processing Time*
Call Center Branch
Right to withdraw consent correct correct 7 Days
Right of access¹ correct correct 30 Days
Right to data portability¹ correct correct
Right to object¹ correct correct
Right to erasure¹ correct correct
Right to restriction of processing¹ correct correct
Right to rectification correct correct Immediately
Click and scroll through the information.

*from the day you submit your request and the Company receives all documents

Remark¹ : If data subject determined to exercise these rights, please download “Application Form for the Exercise Right of the Data Subject” and send back the completed form via

    10. The Company rectify or revise this Policy ?

    The Company may consider rectifying, revising or changing this Policy from time to time, as deemed appropriate and permitted by law. In case of rectification or revision of, or change in this Policy, the Company will announce the current policy on the Company’s website at www.kasikornleasing.com/en/privacy-policy

    11. How can you contact the Company and the data protection officer ?

    If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact the Company and / or the Data Protection Officer via the following channel :

    The Company Call Center

    Tel : phone 02-6969999

    Address : KASIKORN LEASING THE COMPANY LIMITED, 17th Floor, 400/22 Phahon Yothin Road, Samsen Nai Sub-District, Phayathai District, Bangkok 10400

    Data Protection Officer (Compliance and Internal Audit Department)

    E-mail : dpo.officer@kasikornleasing.com

    Address : KASIKORN LEASING THE COMPANY LIMITED, 17th Floor, 400/22 Phahon Yothin Road, Samsen Nai Sub-District, Phayathai District, Bangkok 10400