0. Scope of this Policy
This Personal Data Protection Policy applies to the business operators who have been licensed by the SEC Office, the market professionals who have been approved by the SEC Office, other persons approved by the SEC Office, as well as the persons who commit offenses as prescribed by the acts/royal decrees under the power and duties of the SEC Office.
1. Personal data collected by the SEC Office:
The SEC Office collects the following personal data:
1.1 Definitions and examples of data collected by the SEC Office
Personal data: | Data of a personal nature, for example, identification number/passport number, title, name, surname (Thai/English), date of birth, citizenship, sex, marital status, father’s name/mother’s name, (former) titles, (former) surnames, and name of spouse, etc. |
Contact information: | Information for contact purposes, including, mobile phone numbers, email addresses, addresses on the identification cards, addresses on the house registration, permanent address, home telephone numbers, and facsimile numbers. |
Sensitive data: | Data under Section 26 of the Personal Data Protection Act, for example, criminal record, nationality, religion. |
Qualification data: | Data relating to the qualifications of business operators, which include experience, for example, education, employment record, affiliation, job positions, work experience, test/training records, certification numbers of locally certified public accountants/international certified public accountants, prohibited characteristics, and qualifications used for registration, whether with authority or not, training history at the Thai Institute of Directors. |
Financial data: | Data relating to the financial aspect of business operators, for example, the number of shares held, shareholding proportion, trading account numbers. |
Verification data: | Data for verification purposes, for example, trader codes/details of the business entities whose financial statements for the latest period have been signed by an auditor in giving opinion or whose working paper has been reviewed by the SEC Office. |
Work Areas | Personal Data | Contact Information | Sensitive Data | Qualification data | Financial Data | Verification Data |
---|---|---|---|---|---|---|
1. Information from the approval for the offer for sale and report of the results of the offer for sale of equity instruments, debt instruments, and derivative warrants; 2. Related party transactions (RPT) of the listed company that are required to obtain approval from the shareholders, and asset acquisition and disposal transactions of the listed company that are required to obtain approval from the shareholders; 3. Information regarding the consideration of complaints on wrongdoings on the issuance and offer for sale of securities and the relevant professionals, for example, appraisers, and financial advisors; 4. Information regarding any action undertaken with the company applying for approval for the offer for sale of securities, including the name of the company applying for approval or the directors of the company applying for approval on the Black List of the SEC Office. |
✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Information on the inspection of the quality of balance sheets and action undertaken with the listed company. | ✓ | ✓ | ✓ | ✓ | ✓ | |
1. Making of a tender offer; 2. Business takeover; 3. Report of the results of the sale of digital tokens (ICO Portal). |
✓ | ✓ | ✓ | ✓ | ✓ | |
Form for notifying the company secretary (Form 89/15-1 and Form 89/15-2). | ✓ | ✓ | ✓ | ✓ | ||
Training on enhancement of knowledge for the public by the SEC Network. | ✓ | ✓ | ✓ | |||
Any unlawful acts in other cases. | ✓ | ✓ | ✓ | |||
Summary of the types of auditor’s reports (Form 61-4)* *Since 1 December 2020, this information has no longer been required. |
✓ | ✓ | ||||
Related party transactions (RPT) of the listed company that are required to obtain approval from the shareholders, and the asset acquisition and disposal transactions of the listed company that are required to obtain approval from the shareholders. | ✓ | ✓ | ✓ | |||
Form for notifying the change of document storage (Form 89/15-3). | ✓ | ✓ | ||||
Other information regarding the disclosure documents, letters of acknowledgement of obligations, or written certifications of qualifications. | ✓ | ✓ | ✓ | ✓ | ||
1.2 Sources of personal data
2. Purposes of Data Processing
Data Processing Activities | Work Areas | Legal Basis for Data Processing |
---|---|---|
The SEC Office collects your personal data in order to grant approval for the offer for sale, filing, report of the results of the sale of equity instruments, debt instrument, funds, report of the sale of digital tokens. |
|
Public task basis |
Approval for establishment and management of an infrastructure fund |
|
Public task basis |
For publication or consideration of the operation or compliance with the law and regulations, rules, or the promotion of knowledge |
|
Public task basis |
|
|
Public task basis |
3. Disclosure of Personal Data
After the SEC Office has received personal data from other sources, the SEC Office has the responsibility to disclose your personal data on its website in accordance with its duty to disclose data to the public in the interest of investors, business operators, and all other relevant parties.
The SEC Office discloses or submits personal data for use in the personal data processing activities in accordance with its responsibilities and the relevant agencies as follows:
In disclosing your personal data to other persons, the SEC Office complies with the specified purposes or the purposes permissible by law only. In the case where it is required by law that your consent must first be obtained, the SEC Office shall request your consent.
The SEC Office complies with appropriate security measures, for example, ISO27001 standards or NIST, etc. In case of any cross-border data transfer to another country, international organizations, or recipients abroad, the SEC Office shall ensure that the destination agencies have sufficient security standards for personal data protection.
4. Retention and Retention Period of Personal Data
The SEC Office retains your personal data in the following manners:
1. Retention
The personal data will be retained in accordance with the characteristics of the personal data received:
2. Place for Retention
The personal data will be retained in accordance with the characteristics of the personal data received:
3. Retention Period
The retention period for personal data shall be in compliance with the Data Retention Policy.
5. Personal Data of Minors
The SEC Office does not have any specific intention or responsibility to process the personal data of minors. However, if it is necessary for the operation of the SEC Office, the SEC Office may collect and process the personal data of minors. For any activity related to the SEC Office, it is assumed that a minor cannot perform this activity on his or her own. The SEC Office will ensure that the legal representative or the person who uses the parental power has acknowledged or consented, as the case may be, in accordance with the Personal Data Protection Law.
6. Rights of Data Subjects
As a data subject, you have the following rights:
You can contact the Data Protection Officer (DPO) of the SEC Office to submit a request to exercise the rights stated above (please refer to the contact details in “Contact Channels” below). You may also refer to the details, conditions, exemptions of exercising those rights, on the website of the Ministry of Digital Economy and Society http://www.mdes.go.th
In exercising any right as stated above, you are not required to make any payment. The SEC Office will consider the matter and notify you of the results within 30 days from the receipt of the request.
If your request is declined, the SEC Office will notify you of the reasons via the contact channel provided by you. If you have any further questions or any additional complaint relating to your request, you can contact the Data Protection Officer (DPO) of the SEC Office.
7. Communication and Dissemination of Information of the Capital Market
The SEC Office communicates and disseminates information relating to the capital market, as well as the services provided by the SEC Office in which you may be interested so as to effectively perform its duties and supervision. In this regard, the SEC Office will request your prior consent to receive information. You may withdraw your consent at any time by taking the following steps:
8. Changes of the Personal Data Protection Policy
The SEC Office will consider and review this Personal Data Protection Policy on a regular basis in order to comply with the relevant guidelines, laws, and regulations. In case of any change to this Personal Data Protection Policy, the SEC Office will notify you by updating its website as soon as possible. This Personal Data Protection Policy was last reviewed on 8 April 2021.
9. Contact Channels
Information of the Data Control Officer
Name of the Organization in Thai: | สำนักงานคณะกรรมการกำกับหลักทรัพย์และตลาดหลักทรัพย์ |
Name of the Organization in English: | The Securities and Exchange Commission, Thailand |
Address: | 333/3 Vibhavadi-Rangsit Road, Chomphon, Chatuchak, Bangkok 10900 |
Contact Channels: |
Help Center: 1207 Telephone No.: 0-2033-9999 Email: info@sec.or.th |
Other contact or information channels: |
https://www.sec.or.th/TH/Pages/Home.aspx https://www.facebook.com/sec.or.th https://www.youtube.com/user/insideSEC https://twitter.com/ThaiSEC_News |
Contact channel of the Data Protection Office: | dpo@sec.or.th |