Good Morning, Welcome to Offcial Website of KBank China

Privacy Policy

KASIKORNBANK (China) Company Limited

PERSONAL INFORMATION PROTECTION Policy

 

Issue Date: 29 November 2021

Effective Date: 29 November 2021

 

This PERSONAL INFORMATION PROTECTION POLICY applies only to personal banking products or service of KASIKORNBANK (China) Company Limited (including its branches and sub-branches, hereinafter collectively referred to as “KBank”, or we).

 

Should you have any question, comment or suggestion, please contact us through the following methods:-

Address: 59/F, Kingkey100 Tower A, 5016 Shennan East Road, Luohu District, Shenzhen, Guangdong Province

E-mail: PIPO@kasikornbank.com

Service Hotline: 0755-8229 1298.

 

 

Overview

 

This Personal Information Protection Policy of KASIKORNBANK (China) Company Limited (the “Policy”) explains the purpose, method, and scope of which your personal information is collected, stored, used, processed, transmitted, provided, disclosed and deleted by KBank, your control over your personal information, and our appropriate procedures for protecting your personal information.  We are responsible for the process of your personal information.  We advise you to read the Policy in its entirety so that you may understand how to maintain your interests.  Where the products or services of KBank you use are applicable to its proprietary personal information processing rules, such rules will prevail in priority.  Please refer to such proprietary personal information processing rules for your information

 

KBank hereby reminds you to carefully read and fully understand the terms and conditions of this Policy, especially the exclusions, limited liabilities on the part of KBank, and provisions limiting your rights and concerning the governing and applicable law, which are in bold font to draw your attention.  By using our services, you consent to our collection, use, storage and provision of your personal information in accordance with relevant laws and regulations and this Policy.  You may also review this Policy on our website.

 

This Policy is formulated in accordance with the applicable laws and regulations as of the Effective Date, and also refers to the applicable national and industry standards, international agreements and practices.  Should national laws and regulations otherwise provide for the content of this Policy, such provisions shall prevail.

 

 

This Policy covers:

 

1.  Legal Basis for Processing Your Personal Information

 

2.  How We Collect and Use Your Personal Information

 

3.   How We Store and Protect Your Personal Information

 

4.   How We Process, Share, Transfer and Publicly Disclose Your Personal Information

 

5.    Our Undertakings

 

6.    Your Rights

 

7.    Cookie Technologies

 

8.    How We Process Personal Information of Underage Youth

 

9.    Statement

 

10.  How This Policy is Updated and Revised

 

11.  Applicable Law & Dispute Resolution

 

12.  Contact Us

 


 

KBank fully understands the importance of personal information to you and will try its best effect to protect the security of your personal information.  We are committed to abide by the following principles to protect your personal information: the principle of consistency of rights and obligations, the principle of clear purpose, the principle of informed consent, the principle of minimization and necessity, the principle of security, the principle of subject participation, and the principle of openness and transparency, etc.  At the same time, KBank promises to take appropriate security measures to protect your personal information in accordance with the industry’s mature security standards.

 

 

1.        Legal Basis for Processing Your Personal Information

 

We will process your personal information, provide you with our products and services in accordance with the Cybersecurity Law of the People’s Republic of China, the Data Security Law of the People’s Republic of China, the Personal Information Protection Law of the People’s Republic of China and other relevant laws and regulation in the financial industry.

 

Generally, we will process your personal information only with your prior consent. Only with your separate consent will we process your personal sensitive information.  In some cases, we may also collect your personal information to protect your important rights and interests or those of others in accordance with Article 2.4 hereof.  

 

 

2.        How We Collect and Use Your Personal Information

 

When you apply for our services or products, we will collect varied personal information based on your authorizations in order to provide you with more precise, personalized and convenient services (including but not limited to, for the purpose of transactions, data processing, statistical studies, taxation, risk analysis, credibility monitoring, risk management and debt collection), and improve your experience with our services.

 

Personal information hereunder refers to various information recorded electronically or otherwise that can identify a specific natural person or reflect the activity of a particular natural person, either alone or in combination with other information, including name, gender, nationality, native place, date of birth, identity certificate information, number and validity of ID card, personal biometric identification information, contact information, residential address or working address, family information, occupational information, account information and property information, etc.  Personal sensitive information refers to those personal information that, once leaked, illegally provided or abused, may endanger personal and property safety, and easily lead to personal reputation, physical and mental health damage, or discriminatory treatment, etc., including ID card number, personal biological identification information, bank account number, property information and transaction information.

 

In order to comply with relevant provisions of laws, regulations and regulatory agencies and as is necessary for us to provide financial services to you, we will collect the following personal information from you; however, we may not be able to probably provide you with our personal banking services if you choose not to provide or do not agree to the collection and use of such personal information.

 

2.1  How We Collect Your Personal Information

 

 

(1) When you open a bank account with us, use our service to make deposits, process money collection, payment or transfers, apply for the service of loans, or purchase or sell foreign exchange, you are required to provide us with the following information

 

a)  Personal identity information, including name, gender, nationality, identity certificate information, telephone number, e-mail, date of birth, address, and occupation.  Further information such as your educational background, marital status, education level, work experience, health status, family member information may also be required;

 

b)   Personal property information, including personal income status (e.g., source of income / wealth and etc.), tax residency, and taxpayer identification number.  Further information such as real properties ownership, investment status (including financial assets and etc.), Class I bank account number, bank name, mobile phone number reserved at the bank may also be required;

 

c)   Personal biometric information, such as facial recognition features, fingerprints, and signatures.

 

The facial recognition features collected by us after obtaining your authorization fall within the scope of sensitive information, which will be encrypted and stored in the backend database of our information system.

 

(2)  When you apply for an on-line loan with us, you are required to provide us with the following information

 

a) When you log in to our online application for handling business, we will collect your mobile phone number and SMS verification code and conduct comparison and verification;

 

 

b)  When you apply for our services through WeChat mini-program, you are required to log in upon your authorization at WeChat.  We need to collect your WeChat nickname, image, region, gender information, WeChat OpenID, and WeChat UnionID based on your authorization to log in through WeChat.  Should you do not provide the said information, you will not be able to log in to the mini-program to apply for and use the services provided by us.  When you log in the Wechat mini-program through facial recognition feature, we will ask you to complete face verification on your device. We only receive the verification results and do not collect your face information;

 

c)  When you apply for personal loan through our online application, we will collect your name, gender, date of birth, certificate type, certificate number, certificate validity period, certificate image, marital status, educational background, work information, address or contact address, mobile phone number for application registration, e-mail, spouse information and contact information, At the same time, we may also collect your bank card number, deposit bank name and reserved mobile phone number of bank card so as to verify your identity and implement the real name requirement, anti-money laundering and other laws and regulations, regulatory requirements and to effectively prevent risks for you. In order to verify the authenticity, accuracy and completeness of the information, we may make inquiries and comparisons with state organs, financial institutions, enterprises and institutions and other organizations which have legally stored your personal information. If you do not agree to provide the said information, you will not be able to submit your personal loan application through our online application;

 

d)  For the purpose of evaluating your loan qualification and amount, implement loan management, carry out post-loan collection and litigation processes, and prevent risks, we will further collect your personal credit information, including credit reports obtained from the Credit Reference Center of the People's Bank of China and other legally established credit investigation institutions, credit card, loan and other credit transaction information, debt status, relevant information on debt repayment liabilities, collection record, civil judgments, compulsory execution, administrative penalty and other non-credit transaction information, as well as other information that could reflect personal credit status obtained from the collection agency and third-party data company entrusted by us. If you do not agree to provide the said information, you will not be able to use the personal loan service provided by us;

 

e)  When you use authentication service and bank card binding service, you may need to provide your name, certificate type, certificate number, facial recognition feature information, bank card number you open in other banks, deposit bank name and reserved mobile phone number of bank card, SMS verification code and other relevant information for us to verify. If you do not provide the above information, we will not be able to provide you with products and / or services that can only be used after completing identity verification and bank card information verification. The facial recognition features collected by us after obtaining your authorization fall within the scope of sensitive information, which will be encrypted and stored in the backend database of our information system.

 

f)  In order to protect your information security, we will collect your IP address, network type (Operator/WiFi), log information (including the type and mode of service used), device brand, device type, operating system, operator information and geographical location, etc., for identity verification, customer service, security prevention, fraud monitoring, archiving and backup purposes so as to maintain normal operation of the service and ensure service security.  If you do not agree to provide the said information, you will not be able to use our online application services normally.

 

g)  In order to recommend you with products and marketing activities, in addition to the above information, we may collect the information you render to our customer service and that you provide to us in relevant questionnaire feedback.  KBank will de-identify this information, extract your preferred characteristics and provide you with the promotion notifications, and commercial electronic messages and advertisements related to you in lieu of commonly placed advertisements based on the user portrait.  If you do not want to receive the aforementioned notifications, information or advertisements from us, you can contact our customer service to cancel your subscription or reject our subsequent information push service.  Your use of other services provided by us will not be affected if you do not provide the aforementioned information.

 

 

h)  When you use the functions and services of our online banking, under certain circumstances, we may need to use the software development kit or code (“SDK”) provided by a qualified third-party service provider to render services to you, where the third-party service provider may need to collect certain information of you, in particular

 

Digital Certificate SDK: when you use a Digital Certificate, the SDK of China Financial Certification Authority will collect information of your certificate type, certificate number and name;

 

Security Risk Control SDK: when you use the mobile banking app or online banking services, we need to collect your computer device identification code, type of the computer operating system, mobile device identification code, mobile phone model, type of mobile operating system, mobile network IP address and location information, type and manufacturer information of your mobile phone, whether connected to the mobile network ID, whether connected to the Wi-Fi network ID, the network model, the carrier's name, the mobile network country code, the mobile network code, the width of the device screen, the length of the device screen and whether the device has the jail breaking sign.

 

Should you choose not to provide the above information, you may not be able to use certain service or certain part(s) thereof, but this will not affect your use of other services provided by our bank.

 

2.2    Permissions

 

In the course of our provision of services, we may apply for your permissions for access to the following devices to ensure your normal use of relevant online functions.  We will obtain your approval in advance, and you may select “Permitted” or “Prohibited” with respect to the application; after your approval, you may enter the electronic device at any time to disable the corresponding permission.  Please understand that relevant functions may not be used normally after the permission is disabled.

 

(1)  Access to network communication. In order to provide you with personal loan service, we will conduct network communication with the client software you use;

(2)  Access to album.  In order to obtain the files in your designated album, we will apply for access to your album so that you can provide us with the information in your album necessary for loan business;

 

(3)  Access to camera.  We will apply for access to your camera when you conduct video interviews, facial recognition, or submit documents to us by taking pictures with your camera;

 

(4)  Access to microphone.  When you use the digital version of facial verification, we will apply for access to your microphone so that you can input your voice through it and we will read your voice for the purpose of implementing the facial verification function.  If you do not turn on this permission, you will not be able to use this digital version of facial verification, but it will not affect your use of other services provided by us;

 

(5) Access to location.  When you use Location Services, you may turn on the permission to view or access to the areas where services are currently available; and

 

(6)  Notification.  In order to push messages for you in online service notifications in a timely manner, we need to obtain your notification permission.

 

(7)  Read and write storage permissions. In order to ensure the stable operation of the service, we need to read and cache the information you use the service when you enable the service.

 

Please note that when you grant these permissions, you authorize us to collect and use the above information.  Your disabling any of the permissions shall be deemed as your cancellation of the authorization, and in this case, we will no longer continue to collect your corresponding information, nor will we be able to provide you with the corresponding functions.  In case of any collection or use of your personal information beyond the above circumstances, we will obtain your prior consent and authorization and fully inform you of the purpose, manner and scope of such collection and use.

 

2.3  Exclusions

 

To the extent that is permitted by laws and regulations, we may collect and use your personal information without seeking your consent or authorization if:

 

(1)   it is related to our performance of relevant obligations as stipulated by laws, regulations and regulatory authorities;

 

(2)   it is related to national security or national defense security;

 

 

(3)   it is related to public security, public health or significant public interests;

 

(4)   it is related to criminal investigation, prosecution, judicial trial, enforcement of judgment and etc.;

 

(5)   it is for the purpose of protecting the life, property or other significant legal rights and interests of you or the others, while it is difficult to obtain your personal consent;

 

(6)   the personal information so collected has been disclosed to the public by or on behalf of you;

 

(7)  the personal information is collected from legally and publicly disclosed information, such as legitimate news release, and government information publication;

 

(8)   it is necessary for academic research institution to conduct statistical or academic research based upon public interest, and the personal information contained in the results will be de-identified when the results or descriptions are provided to the public;

 

(9)   it is necessary for entering into and performing contract(s) as per your instructions; or

 

(10) other circumstances stipulated by laws and regulations.

 

 

2.4  How We Use Your Personal Information

 

We will use your personal information under the following circumstances:

 

(1)  We will provide and improve the functions of our products and/or services;

 

(2)  During the period of services, you authorize us to continuously collect and use your information.  When you deregister the services, we will stop collecting personal information related to you, but we may continue to use the information so collected under certain circumstances such as business filing, auditing, and regulatory assistance;

 

(3)  In order to enhance your experience with our products or services, or for risk prevention purpose, we will summarize, analyze and process the usage statistics of services;

 

(4) we will send you notifications of our products and/or services to keep you informed of the same;

 

(5)  In order to provide you with more accurate, personalized and convenient services, to enhance your service experience or to prevent risks, we will collect information provided in your feedback, suggestions or questions, and collect information on the categories, browsing behavior and operations of your use of products and/or services on the mini-program.  Moreover, we will de-identify this information and, in conjunction with statistical and analytical results, provide you with notifications of marketing activities for relevant products and/or services, commercial information or advertisements that may be of interest to you, and if you do not wish to receive such information, you can choose whether to receive it through the mini-program; and

 

(6) Other purposes that are authorized by you and permitted by relevant laws and regulations.

 

 

3.        How We Store and Protect Your Personal Information

 

3.1  Territory of Storage

 

Your personal information will be stored within the territory of People's Republic of China rather than outside China; however, for the purpose of handling cross-border business and fulfilling the requirements of overseas competent regulatory authorities, we may transfer your personal information outside China with your separate consent.  In such cases, we will, in accordance with relevant laws and regulations, make declaration for security of personal information to be exported, enter into contracts with recipients according to the standard contracts formulated by competent cyberspace administration authority, evaluate the procedures and take effective measures to protect the security of your information, such as data de-identification before cross-border data transfers, and verifying the confidentiality of your personal information by overseas institutions, etc.

 

3.2 Term of Storage

 

We undertake that your personal information will be retained by us within the period that is necessary for achieving the purpose as set out hereunder and stipulated by relevant laws and regulations.  Upon expiration of the period, we will delete or anonymize your information, unless otherwise specified by laws and regulations.

 

According to laws and regulations and relevant provisions of competent industry authorities, we shall comply with the provisions on the minimum period, including without limitation:

 

(1)  The Cybersecurity Law of the People’s Republic of China provides that technical measures shall be taken to monitor and record the network operation status and cyber security incidents, and relevant web logs shall be kept for no less than six months according to relevant provisions;

 

(2)  The Anti-Money Laundering Law of the People’s Republic of China provides that customer identity information or customer transaction information shall be kept for at least five years after the end of business relationship or the end of the transaction;

 

(3)  The Guidelines for the Depository Business of Peer-to-Peer Lending Funds provides that the records, books, statements and other relevant information on internet lending depository business, and relevant information, in hard copy or electronic form, shall be kept for more than five years from the expiration of the loan contract;

 

(4)  The Administrative Measures for the Identification of Financial Institution Clients and the Preservation of Clients’ Identities and Transaction Records provides that customer identity information or transaction information shall be kept for at least five years from the year when the business relationship ends or the one-time transaction is recorded; if the customer identity information or transaction involves suspected transaction activity that is under anti-money laundering investigation, and the investigation is ongoing when the minimum period expires, the said information or records shall be kept by the financial institution till the investigation is completed; and

 

(5)  The Administrative Measures for the RMB Bank Settlement Accounts provides that the management file of settlement account shall be kept for ten years after the cancellation of such settlement account.

 

3.3   Protection

 

(1)  To maintain the security of your personal information, we will take physical, technical and administrative security measures to protect your personal information in compliance with laws, regulations and industry standards within the current state of technology so as to reduce the risk of loss, misuse, unauthorized access, disclosure and alteration, including but not limited to transmission layer data encryption, firewalls and encrypted storage, physical access control and information access authorization control.  We will also take all reasonably feasible measures to ensure that no unrelated personal information is collected.

 

(2)  We have established a special management department for information security, which is responsible for establishing information security management mechanism, organizing and implementing various policies and systems for information security management, as well as establishing security defense system to deal with threats such as information system host intrusion, network DDOS attack and WEB application attack.  In addition, we have formulated an emergency response plan for security incidents, ensuring that KBank is able to timely respond to the incidents, organize or cooperate in conducting investigations as required by the regulatory authority, adopt corresponding treatment and rectification measures, and enhance follow-up prevention.

 

(3)  Our information security management department will regularly evaluate and analyze the security of information systems, inspect the implementation of security specifications, procedures and configuration baselines, etc., monitor any potential internet threat, make comments and supervise the rectification of the problems so found.  In addition, we will be guided and inspected, from time to time, by subordinate agencies or dispatched agencies of China Banking and Insurance Regulatory Commission and the People’s Bank of China, etc.

 

(4)  With respect to the disposal of personal information, we have set up a strict access control and monitoring mechanism for access to personal information, and applied the principle of minimum necessary authorization to the staff who do need to process the personal information.  In addition, those personnel who may access to the personal information are required to fulfill their obligations on information security and confidentiality in accordance with the labor contracts concluded with us as well as the rules and system procedure notices issued by us.  Training courses on information security protection and relevant laws and regulations are given to all personnel while regular information security examinations are organized.

 

 

3.4   Risk Alert

 

(1)  The Internet is not an absolutely secure environment.  Additionally, email, instant message, and communication with other users are not encrypted.  We strongly recommend you not to send personal information in this way.  Please use complex passwords to help us keep your account secure.

 

(2)  The Internet environment is not 100% secure, and we will do our best to ensure or guarantee the security of any information you send to us.  If our physical, technical, or administrative protection is damaged, resulting in unauthorized access, public disclosure, alteration, or destruction of information, which further impairs your legitimate right, we would undertake corresponding legal liabilities.

 

(3)  In the occurrence of any personal information security incident, we will, according to the requirements of laws and regulations, promptly notify you of the following: basic information about the security incident and its potential impact, treatment measures we have or will take, suggestions about proactive defense and risk mitigation, and remedial measures, etc.  We will promptly let you know relevant situations of the incident by means of mail, letter, phone call, push notification and etc.  We will issue announcement in a reasonable and effective manner when having difficulty in reaching out to each personal information subject.  Meanwhile, we will report the treatment for this security incident in accordance with requirements of regulatory authority.

 

 

4.        How We Process, Share, Transfer and Publicly Disclose Your Personal Information

 

4.1  Entrusted Process

 

We may entrust a third party to process your personal information, and the entrustment will not exceed the scope of your prior authorization or will comply with the provisions as set forth in Article 2.4 hereinabove.  For the third party entrusted by us, KBank will conduct a security impact assessment and sign a contract with the third party, requiring the third party to process your personal information in accordance with laws and regulations, this Policy and other confidentiality and security requirements of KBank, and supervise the third party. In case the third party fails to process the personal information in accordance with our requirements, or fails to effectively fulfill its responsibility for personal information security protection, we will immediately stop relevant actions and take or request the third party to take effective remedial measures (such as changing instructions, withdrawing permissions, disconnecting from the network, etc.) to control or eliminate the security risks to personal information.  Our bank will terminate the business relationship with the third party, if necessary, and request the third party to delete the personal information obtained from us in a timely manner.

 

4.2  Common Control

 

In order to provide and optimize our services, we use third-party services and/or embedded third-party SDK in the mini-program.  Some of the services and/or products provided by us may be rendered by our partners or jointly provided by us and our partners, and we may carry out certain features only by processing your information through such third-party services and/or SDK.  Such third-party services and SDK providers will obtain access and information necessary to provide certain functions or services to you.  We will take necessary measures to control the collection and use of your personal information by the SDK provider to ensure that your personal information is effectively protected.

 

4.3  Sharing

 

Principally, we do not share your personal information with any company, organization or individuals, with the following exceptions:

 

(1)  Share upon your explicit consent: with your explicit consent, we may share your personal information with such suppliers and other partners that support our business to ensure the smooth completion of the services provided to you; however, we will only share your personal information for legal, legitimate, necessary, specific, and clear purposes, and will only share the personal information that is necessary for our service provision.  Our partners have no right to use the personal information so shared for any other purpose.

 

Our authorized partners mainly include:

 

Our suppliers, service providers and other partners.  We will be required to disclose your login, account or transaction information (including name, ID number, personal image, geographic location, mobile phone number, bank account number, payer’s name, payee’s name, remittance account number, the remitting bank, business office of the remitting bank, receiving account number, the name of the receiving bank, business office of the receiving bank, transfer method, transferred amount, transfer time, agreed transfer intervals, transaction notes, processing status and transfer date) to those suppliers, service providers and other partners that support our business, such as providing us with technical infrastructure services, risk control services, identity verification services, customer services, transfer services, payment convenience, joint promotion activities, etc.

 

(2)  We may share your personal information in accordance with laws and regulations or mandatory requirements from governmental authorities

 

If we share your personal information with the said third party, we will, through a written agreement, procure the third party to process the above information in accordance with applicable laws, regulations, personal information protection or privacy policy and other confidentiality and security requirements to maintain the security of your information.  When you apply for real-name authentication, in order to effectively authenticate the information, we are required to share your basic personal information and personal identity information to a third party so that our bank may inquire and verify your personal identity information.

 

4.4  Transfer

 

Principally, we will not transfer your personal information to any company, organization or individuals except in the following cases:

 

(1)  Transfer upon your explicit consent: with your explicit consent, we may transfer your personal information to others;

 

(2)  In the case of mergers, acquisitions or bankruptcy liquidation, if it involves transfer of personal information, we will request the new company or organization that holds your personal information to be bound by this Policy; moreover we will notice you the name and contact information of such company or organization.

 

4.5  Public Disclosure

 

We will only publicly disclose your personal information under the following circumstances:

 

(1)  Upon your explicit and separate consent;

 

(2)  Disclosure based on law: we may publicly disclose your personal information if the disclosure is mandatorily required by relevant law, legal procedure, litigation or governmental agencies; in this case, we will carry out a security impact assessment upon the disclosure of personal information in advance, take effective measures to protect your personal information based upon the assessment results, and inform you of the purpose and type of the disclosure; in the case of personal sensitive information, we will inform you of the content of such personal sensitive information to be disclosed and obtain your prior explicit consent.

 

4.6   If We Share, Transfer or Publicly Disclose Your Information, We Guarantee That:

 

(1)  our cooperation with data partners will comply with the requirements of laws, rules and regulations, and the regulatory requirements of regulatory agencies; and

 

(2)   we will fully evaluate the industry access license, data security and information security system of our data partner;

 

(3)  we will effectively monitor our partners in accordance with laws, regulations, regulatory requirements and our rules;

 

(4)   we will take measures to select those partners who are in compliance with relevant rules, ensure data security during the cooperation, and strengthen the control of data partners; and

 

(5)   we will sign relevant legal documents with the third party, requiring the third party to take measure to protect your information, and if the third party has illegal or improper use and thus infringes your legitimate rights and interests, we will assume corresponding responsibilities and assist you in taking certain action to protect your rights in accordance with the law.

 

 

 

5.        Our Undertakings

 

5.1   We Collect and Use Your Personal Information Only to the Necessary and Reasonable Extent

 

We undertake to collect and process your personal information only to the extent that is necessary and reasonable.  Our collection and processing are for the purpose of complying with national laws and regulations as well as providing you with better products or services through our platform (including supporting us in developing new products or services, or improving the functionality of existing products or services).

 

5.2   We Collect and Process Your Personal Information with Your Prior Consent

 

We undertake to publicly and honestly inform you of the personal information that is collected and processed by us, the reason and manner of such collection and processing.  We respect your choices, and will inform you of any material changes to the scope, purpose and manner in which we collect and process your personal information.

 

5.3  We Respect Your Management to Your Personal Information

 

We ensure that the personal information you provide to us will not be maliciously altered, destroyed or lost.  We understand and respect your concerns about personal information and enable you to consult, correct, delete your personal information.

 

5.4  We will Take Necessary Measures to Ensure the Security of Your Personal Information

 

 

We undertake to take necessary security measures within our capabilities to maintain the security of your personal information, including but not limited to protecting the security of your personal information through hardware, software, data, personnel, physical environment and its infrastructure safeguards in compliance with applicable laws, regulations and standards; in addition, we will procure our employees to comply with this Policy by conducting corresponding security trainings.

 

 

 

6.        Your Rights

 

In accordance with China’s relevant laws, regulations, standards, and the common practice of other countries and regions, we guarantee you the following rights of your personal information:

 

6.1  Access to Your Personal Information

 

You are authorized to access your personal information, except for some circumstances stipulated by law and regulations.  You may exercise your right of data access through the following methods:

 

1.  Account information: through our counters or the customer terminal which you deal with the business, such as WeChat Official Account of KBank China, WeChat mini-program of KBank China, etc.; or

 

2.   Loan information: you may perform the action through the customer terminal which you deal with the business, such as WeChat Official Account of KBank China, WeChat mini-program of KBank China, etc.

 

6.2    Correct Your Personal Information

 

When you identify any error in your personal information by our process, you are entitled to require us to make the correction.  You can raise a correction application our Service Hotline.

 

6.3   Delete Your Personal Information

 

You may request us to delete your personal information, and we will respond to such request in accordance with applicable law and regulation if:

 

(1)  our processing of your personal information violates any law or regulation;

 

(2)  we collect or use your personal information without your consent;

 

(3)   our processing of your personal information breaches the agreement with you;

 

(4)   you no longer use our products or services, or you cancel your account; or

 

(5)    we no longer provide products or services to you.

 

6.4    Change Your Authorization Scope

 

Each business function requires certain basic personal information to be provided.   You may grant or withdraw your authorization and consent at any time for the collection and use of the personal information additionally collected.

 

 

When you withdraw your consent, we will no longer process your corresponding personal information; however, this decision to withdraw your authorization will not affect the processing of the personal information upon your previous authorization.  Meanwhile, some of our business functions require your authorization, and your withdrawal of the authorization may affect your use of corresponding business functions.

 

6.5   Account Cancellation

 

You can cancel your previously registered accounts at any time by going through formalities at our counter or following the steps through the e-client of KBank.

 

After the cancellation, we will stop providing you with our products or services, and will delete your personal information as per your requirements, unless otherwise stipulated by laws and regulations.

 

6.6   Responding to Your above Request

 

In order to maintain your rights and interests, you may need to provide a written request and to reasonably verify your identity during your exercise of the said rights.

 

6.7   Others

 

In principle, we do not charge for your reasonable request, however, for those repetitive and beyond reasonable requests, we may charge a fee as the case may be.  We may reject those unreasonably repetitive requests which need excessive technical means (for example, it is required to develop new systems or fundamentally change existing practices), pose risks to others’ legal rights, or are very impractical (for example, involving information stored on backup tapes).

 

We will not be able to respond to your request if:

 

(1)   it is related to the obligations to be performed by the controller of such personal information in accordance with relevant laws and regulations;

 

(2)    it is directly related to national security and national defense security;

 

(3)    it is directly related to public safety, public health, or significant public interests;

 

(4)    it is directly related to criminal investigation, prosecution, judicial trial, enforcement of judgment;

 

(5)    the controller of the personal information has sufficient evidence to prove that you have subjective malice or abuse of rights;

 

(6)     it is for the purpose of protecting the life, property or other significant legal rights and interests of you or the others, while it is difficult to obtain your personal consent;

 

(7)     respond to your request may result in serious damage to the legitimate rights and interests of you or other individuals or organizations; or

 

(8)     it involves our trade secrets.

 

 

7.        Cookies & Similar Technologies

 

When you use our mini-program, we will use cookies technologies and assign you one or more cookies.  Cookies will be stored on your device terminal and only be read by the server during your use of the program.  When you close the program, the cookies will be deleted as well.

 

Cookies will be used to:

 

(1)    Cache login information.  The mini-program will keep your login information so that you can continue to keep the login status after you switch to another app rather than repeatedly entering information to login;

 

(2)    Understand and help troubleshoot problems.  We will use Cookies to understand and help troubleshoot problems you encounter while using the mini-program; and

 

(3)    Optimize advertisements.  Instead of general advertising, we will show you products or advertising information that may be of your interest based on your use of the program.

 

 

8.        How We Process Personal Information of Underage Youth

 

Our products and services are primarily for adults.  Children under the age of 18 cannot hold their own accounts or go through loan formalities.

 

If you are under the age of 18, please ask your guardian to read these terms carefully and only use our services or provide information to us upon your guardian’s consent.  We only collect, use, retain and disclose your information to the extent allowed by laws, regulations and regulatory requirements, explicitly consented by your guardians or necessary for the protection of the interests of the underage youth.

 

 

9.        Statement

 

Please understand that we cannot control the systems and communication networks, or hardware devices that you use when using the products or services, and thus, please pay attention to protecting the security of your personal information.

 

It is noteworthy that our website, products, applications and services may contain links to websites, products or services of third parties which may collect personal information that involves you, and thus, we would like you to be aware of the personal information policy of these third parties.  If you find that the web pages created or applications developed by third parties are risky, you are advised to cease relevant operations so as to protect your legitimate interests.

 

Unless otherwise specified hereunder, in order to protect the security of your life and property, we specifically remind you not to provide any third- party rendering services to you on our behalf with information such as your account password, authentication code, or communication content through public networks.

 

 

10.    How This Policy is Updated and Revised

 

10.1  Our Policy May be Changed

 

We will not undermine your rights entitled under this Policy without your explicit consent.  We will post any changes and revisions of this Policy on this page.

 

For significant changes, we also provide more noticeable notices (including but not limited to, posting updates, SMS, pop-up alerts, and emails on official website and WeChat Account of KBank).

 

If you disagree with such changes, you may choose to deregister our service and cancel your account.  Your continuous use of our service shall be deemed as that you have fully read, understood and agreed to be bound by the updated Policy.

 

10.2   Significant Changes hereunder Include but not limited to:

 

(1)   material changes in our service model, such as changes to the purpose of processing personal information, the type of personal information processed, and the way in which personal information is used, etc.;

 

(2)  material changes to our ownership or organization structure, for example, change of owner arising from business adjustment, bankruptcy and M&A;

 

(3)  changes to the main objects of personal information sharing, transfer or public disclosure;

 

(4)    material changes to your rights to participate in the processing of personal information and the way of you exercising such rights;

 

(5)   changes to the department, contact information and complaint channels responsible for personal information security; and

 

(6)    security impact assessment report on personal information indicating that there is a high risk.

 

 

11.    Applicable Law & Dispute Resolution

 

11.1  Applicable Law

 

The implementation of this Policy, its interpretation and dispute resolution shall be governed by the laws of the People’s Republic of China (for the purpose of this Policy, excluding Hong Kong Special Administrative Region, Macao Special Administrative Region and Taiwan).

 

 

11.2  Dispute Resolution

 

You will be deemed to have fully understood and agreed to this Policy if you start and continue to use our products or services in an appropriate manner and do not explicitly reject the content of this Policy through the contact information rendered by us.  You understand and agree that the personal information we collect and use in accordance with this Policy remains valid unless and until you explicitly object it in writing.

 

Any dispute arising from this Policy or the implementation hereof shall be settled through friendly consultation; failing which, you may file a complaint or report to relevant industry association (e.g., consumer association), regulatory authority (Office of the Central Cyberspace Affairs Commission, etc.) or competent authority, or file a lawsuit to competent court in the place where this Policy is signed (i.e., Luohu District, Shenzhen, Guangdong Province, China).

 

 

12.    Contact Us

 

If you have any questions, comments or suggestions about this Policy, or if you have any comments, suggestions, complaints or reports regarding the collection, use, sharing, access, deletion, correction and other related matters of your personal information when using our products or services, or the problems you encounter when using our products or services, please contact us by the following means, and we will get back to you within 15 business days or the period required by laws and regulations:

 

Name:        KASIKORNBANK (China) Company Limited

Address:       59/F, Kingkey100 Tower A, 5016 Shennan East Road, Luohu District, Shenzhen, Guangdong Province

E-mail:         PIPO@kasikornbank.com

Tel:              0755-8229 1298

 

 

This PERSONAL INFORMATION PROTECTION POLICY was drafted in Chinese and English. Should there be any discrepancies, the Chinese one shall prevail.