Bitkub NEXT
Privacy Policy
Bitkub NEXT is a decentralized wallet service (“Wallet”) for the Bitkub Chain Network
(“Network”) distributed by Bitkub Blockchain Technology Co., Ltd. (“Bitkub” or “us” or “we” or
“our”) which allows users to view addresses, store asset and information that are part of the
Network. This Privacy Policy (“Privacy Policy”) informs you of how we collect, use or disclose
your personal data, what and why we collect, use or disclose your personal data, how long we
hold it, who we disclose it to, your rights, what steps we will take to make sure your personal
data stays private and secure, and how you can contact us. This Privacy Policy is in accordance
with the Personal Data Protection Act B.E. 2562 (“PDPA”) and relevant laws and regulations.
This Privacy Policy applies to:
(1) Our customers
Individual customers: our past and present customers who are individual
Corporate customers: directors, shareholders, ultimate beneficial owners,
employees, guarantors, security providers, and legal representatives of our past
and present corporate customers and other individuals authorised persons and
any of relevant individuals have acknowledged our privacy notice.
(2) Non-customers
These include individuals who have no product or service holding with us, but we may
need to collect, use or disclose your personal data, e.g. investors; anyone who makes a
payment to or receives a payment from our customers; anyone that visits our website or
our applications, branches or office; guarantors or security providers; ultimate beneficial
owner; directors or legal representatives of a company that uses our services; debtors or
tenants of our customers; professional advisors, including our directors, investors,
shareholders and their legal representatives, and anyone involved in other transactions
with us or our customers.
Please note that some of the links on our platform may lead to third party’s platforms, and if you
access these platforms, your personal data will then be processed under the third party’s
policies. Make sure that you have read those privacy notices when accessing such platforms.
1. How we collect, use or disclose your personal data
We only collect, use or disclose your personal data you give us where it is necessary or
there is a lawful basis for collecting, disclosing and using it. This includes where we
collect, use or disclose your personal data based on the legitimate grounds of legal
obligation, performance of contract made by you with us, our legitimate interests,
performance under your consent and other lawful basis. Reasons for collecting, using, or
disclosing are provided below:
1.1. To comply with law
We are regulated by many laws, rules, regulations, and orders of any governmental,
supervisory or regulatory authorities, and to fulfill our legal and regulatory requirements,
it is necessary to collect, use or disclose your personal data for the following purposes,
which included but are not limited to:
a) Compliance with the PDPA and any amendments thereof;
b) Compliance with laws (e.g. Digital Asset Laws, Securities and Exchange
Laws, Anti-Money Laundering Laws, Prevention and Suppression of
Financial Support to Terrorism and the Proliferation of Weapons of Mass
Destruction Laws, and other laws to which we are subject in Thailand and
in other countries), including conducting identify verification, background
checks and credit checks, Know Your Client/Customer Due Diligence
(KYC/CDD) processes, other checks and screening procedures (including
screening against publicly available database of regulatory authorities
and/or official sanction lists), and ongoing monitoring that may be
required under applicable law; and/or
c) Compliance with regulatory obligations and/or orders of authorized
persons (e.g. orders by any court of competent jurisdiction or of
governmental, supervisory or regulatory authorities or authorized
officers).
1.2. To provide our service
We will collect, use, or disclose your personal information in accordance with the
request and/or agreement made by you with us, for the following purposes, which
include but are not limited to:
a) Process your request prior to entering into an agreement, consider for
approval in relation to the provision of products and/or services, and
delivery our products and/or services to you including any activities that if
we do not proceed, then our operations or our services may be affected
or may be affected or may not be able to provide to you with fair and
ongoing services;
b) Verify your account;
c) Authenticate when entering into, doing or executing any transactions;
d) Carry out your instructions (e.g. to debit or credit amount from accounts
or respond to your enquiries);
e) Provide online services, mobile applications and other online product
platforms;
f) Track or record your transactions;
g) Produce reports (e.g. transactions reports requested by you or our
internal reports);
h) Notify you with transaction alerts; and/or
1.3. To optimise our platform
We rely on the basis of legitimate interests by considering our benefits or third
party’s benefits with your fundamental rights in personal data which we will
collect, use or disclose for the following purposes, which includes but not limited
to:
a) Conduct our business operations and our financial business group
companies’ business operations (e.g. to audit, to conduct risk
managements, to monitor, prevent, and investigate fraud, money
laundering, terrorism, misconduct, or other crimes, including but not
limited to carrying out the creditworthiness checks of any persons related
to our corporate customer);
b) Conduct our relationship management (e.g. to serve customers, to
conduct customer survey, to handle complaints);
c) Ensure security (e.g. to maintain CCTV records, to register, exchange
identification card and/or take photo of visitors before entering into our
building);
d) Develop and improve our products, services and system to enhance our
services standard and/or for the greatest benefits in fulfilling your needs,
including to conduct research, analyse data and offer products, services
and benefits suitable to you by considering the fundamental rights in your
personal data. If you do not wish to receive the offering of products,
services and benefits from us, you can contact us through our Call Center
Tel +66-2-032-9555;
e) Record images and/or voice recordings relating to the meetings, trainings,
seminars, recreations or marketing activities; and/or
f) In the case of our corporate customer, we will collect, use and disclose
personal data of directors, authorized representatives or attorneys.
1.4. With your consent
In certain circumstances, we may ask for your consent to collect, use or disclose
your personal data to maximise your benefits and/or to enable us to provide
services to fulfil your needs for the following purposes, which include but not
limited to:
a) To verify your identity through cross-checking your email address as a
part of Know Your Client/Customer Due Diligence (KYC/CDD) processes
with Bitkub Online Exchange platform in compliance with laws. Please
note that this is only to check whether you have completed Know Your
Client/Customer Due Diligence (KYC/CDD) processes with Bitkub Online
Exchange platform, we are NOT going to further collect, use, disclose,
request to collect, request to use, or request to disclose your information
and personal data from those processes with Bitkub Online Exchange
platform for other purpose other than the aforementioned without your
consent in advance;
b) To collect and use your sensitive personal data as necessary (e.g. to use
face recognition or your identification card photo, which contains your
sensitive personal data, namely religion and/or blood type) for verification
of your identity before continuing the transaction);
c) To access your camera and photos for the scanning of QR code to
receive tokens, NFT or any digital assets;
d) To access your Bitkub NEXT account, your Bitkub NFT account, your
Bitkub NEXT wallet, you Bitkub NFT wallet, data, or any digital wallet
provided on our Platform in order to revoke or destroy NFT which we
provided in connection with any marketing campaigns, marketing
activities, promotional, incentives, redemption, partnership, or any
activities relating to marketing and promotion, and STRICTLY in
accordance with an explicit rules of such activities you consent and agree
to participate in;
e) Collect and use your personal data and any other data to conduct
research and analyse for the greatest benefits in developing products and
services to truly fulfill your needs and/or to contact you for offering
products, services and benefits exclusively suitable to you;
f) Send or transfer your personal data overseas, which may have
inadequate personal data protection standards (unless the PDPA
specified that we may proceed without obtaining consent); and/or
g) When you are classified as a minor, incompetent or quasi-incompetent
whose consent must be given by their parent, guardian or curator (as the
case may be) (unless the PDPA specifies that we may proceed without
obtaining consent);
h) Disclose your personal data and any other data to our business group
companies as shown on and our trusted business partners for the
following purposes: (1) conducting research and analyzing your personal
data and any other data for the greatest benefits in developing products
and services to truly fulfill your needs; and (2) contacting you for offering
products, services and benefits exclusively suitable to you; and/or
i) Collect, use or disclose your personal data with our business group
companies,,prospective partners, perspective business partner, or in
collaboration with third party (together the “Prospective Partner”),
perspective business partner, or in collaboration with third party (together
the “Prospective Partner”) for (i) (i) conducting conducting marketing
campaigns, marketing activities, promotional, incentives, redemption,
partnership, or any activities relating to marketing and promotion of Bitkub
either solely solely by us or in collaboration with our Prospective Partners;
and (ii) conducting research and/or analyzing your personal data and any
other data for the analytics purposes, and/or monitoring traffic usage
either by solely us or in collaboration with our Prospective Partners.; and
(ii) conducting research and/or analyzing your personal data and any
other data for the analytics purposes, and/or monitoring traffic usage
either by solely us or in collaboration with our Prospective Partners.
1.5. Other lawful basis
Apart from the lawful basis which we mentioned above, we may collect, use or
disclose your personal data based on the following lawful basis:
a) Prepare historical data for the public interest, or for purposes related to
research or statistics;
b) Prevent or suppress a danger to a person’s life, body or health; and/or
necessary to carry out a public task, or for exercising official authority.
If the personal data we collect from you is required to meet our legal obligations or to enter into
an agreement with you, we may not be able to provide (or continue to provide) some or all of the
products or services to you if you do not provide such personal information when requested.
2. What personal data do we collect, use or disclose
The type of personal information, namely personal data and sensitive personal data,
which we collect, use or disclose, varies on the scope of products and/or services that
you may have used or had an interest in. The type of personal data shall include but not
limited to:
Category
Examples of Personal Data
Personal Details
Given name, middle name,
surname, hidden name (if any)
Gender
Date of birth
Age
Educational background
Marital status
Nationality
Contact details
Mailing address
E-mail address
Phone number
Facsimile number
Name of representatives or
authorised persons/directors
acting on behalf of our customers
Social media accounts
Identification and authentication details
ID card photo
Identification number
Passport information
Driving license
Signatures
Financial details and information about
your relationship with us
Products and/or services you use
Channels you use and ways you
interact with us
Your customer status, your ability
to get and manage credit, your
payment history, transaction
records
Information about your
transactions (e.g. type, number,
and other information relating to
your transactions)
Market research, marketing and sales
Customer survey
information
Information and opinion expressed
when participating in market
research
Details of services you receive and
your preferences
Geographic information and information
about your device and your software
Your GPS location
IP address
Technical specifications and
uniquely identifying data
Investigation data
Data for due diligence checks (e.g.
information related to Know Your
Client (KYC) or Customer Due
Diligence (CDD))
Data for risk management or Anti-
Money Laudering and Combating
the Financing Terrorism
(AML/CFT) checks
User login and subscription data
Login information for using our
system, online internet transaction,
and applications
Information concerning security
Visual images
Personal appearance
Detection of any suspicious and
unusual activity
CCT images or recordings
Video recordings
Sensitive personal data
Biometric information (e.g. face
recognition, fingerprint, voice
recognition and retina recognition)
Transactions data
Details about your purchases you
make through the service
Transactions record between
Bitkub Exchange and Bitkub NEXT
Display of public address and
transactions on Blockchain
Explorer
Camera and photos
Many of our services require us to
collect images and other
information from your device’s
camera and photos. For example,
users must scan the QR code
through their camera to receive
the tokens and NFT to store in the
Bitkub NEXT wallet.
Other information
Records of correspondence and
other communications between
you and us, in whatever manner
and form, including but not limited
to phone, e-mail, live chat, instant
messages and social media
communications
Information about insurance policy
and claim for compensation (e.g.
policy coverage, media records,
insurance claims history)
Information that you provide to us
through any channels
3. Sources of your personal information
Normally, we will collect your personal data directly from you, but sometimes we may get
it from other sources, in such case we will ensure compliance with the PDPA.
a) Your personal information from Bitkub Online Exchange platform
b) Information obtained by us from financial business group companies, business
partners, and/or other persons who we have relationships with;
c) Information obtained by us from persons related to you (e.g. your family, friends,
referees);
d) Information obtained by us from corporate customers as you are directors,
authorised person, attorney, representative or contact person;
e) Information obtained by us from governmental authorities, regulatory authorities,
financial institutions, credit bureau and/or third-party service providers (e.g.
information that is publicly available, or that relates to transactions, credit
information); and/or
f) Information obtained by us from insurance companies and/or other persons in
relation to insurance policy or claim for compensation.
4. Your rights
The PDPA aims to give you more control of your personal information. You can exercise
your rights under the PDPA upon the effectiveness of the provisions in relation to rights
of data subjects, details are as follows:
4.1. Right to access and obtain copy
You have the right to access and obtain copies of your personal data held by us,
unless we are entitled to reject your request under the laws or court orders, or if
such request will adversely affect the rights and freedoms of other individuals.
4.2. Right to rectification
You have the right to rectify your inaccurate personal data and to update your
incomplete personal data.
4.3. Right to erasure
You have the right to request us to delete, destroy or anonymise your personal
data, unless there are certain circumstances where we have the legal grounds to
reject your request.
4.4. Right to restrict
You have the right to request us to restrict the use of your personal data under
certain circumstances (e.g. when we are pending examination process in
accordance with your request to rectify your personal data or to object the
collection, use or disclosure of your personal data, or your request to restrict the
use of your personal data instead of the deletion or destruction of your personal
data which is no longer necessary as you have necessity to retain it for the
purposes of establishment, compliance, exercise or defense of legal claims).
4.5. Right to object
You have the right to object the collection, use or disclosure of your personal
data in case we proceed with legitimate interests basis or for the purpose of
direct marketing, or for the purpose of scientific, historical or statistic research
unless we have legitimate grounds to collect, use or disclose your personal data,
or the collection, use or disclose your personal data is carried out for the
establishment, compliance, or exercise legal claims, or for the reason of our
public interests.
4.6. Right to data portability
You have the right to receive your personal data in case we can arrange such
personal data to be in the format which is readable or commonly used by ways of
automatic tools or equipment, and can be used or disclosed by automated
means. Also, you have the right to request us to send or transfer your personal
data to third parties, or to receive your personal data which we sent or
transferred to third parties, unless it is impossible to do so because of the
technical circumstances, or we are entitled to legally reject your request.
4.7. Right to withdraw consent
You have the right to withdraw your consent that has been given to us at any
time pursuant to the methods and means prescribed by us, unless the nature of
consent does not allow such withdrawal. The withdrawal of consent will not affect
the lawfulness of the collection, use or disclosure of your personal data based on
your consent before it was withdrawn.
4.8. Right to lodge a complaint
You have the right to make a complaint with the Personal Data Protection
Committee or their office in the event that we do not comply with the PDPA.
5. How we share your personal data
We may disclose your personal data to the following parties under the provisions of the
PDPA:
a) Our financial business group companies, business partners and/or other persons
that we have the legal relationship with, including our directors, executives,
employees, staffs, contractors, representatives, advisors and/or such persons’
directors, executive officers, employees, staffs, contractors, representatives, and
advisors;
b) Governmental authorities and/or supervisory or regulatory authorities (e.g. Bank
of Thailand, the Securities and Exchange Commission, Office of Insurance
Commission, Ministry of Digital Economy and Society);
c) Suppliers, agents and other entities (e.g. professional associations to which we
are member, external auditors, depository institutions, document warehouses,
overseas financial institutions, clearing houses) where the disclosure of your
personal data has a specific purpose and under lawful basis, as well as
appropriate security measures;
d) Any relevant persons as a result of activities relating to selling rights of claims
and/or assets, restructuring or acquisition of any of our entities, where we may
transfer their rights to; any persons with whom we are required to share data for
proposed sale, reorganization, transfer, financial arrangement, asset disposal or
other transaction relating to our business and/or assets held by our business;
e) Other banks, financial institutions and third parties where required by law to help
recover funds that have entered into your account due to misdirected payment(s)
by such third parties or trace funds where you are a victim of suspected financial
crime, or where suspect funds have entered your account as a result of financial
crime;
f) Debt collection agencies, lawyers, credit bureau, fraud prevention agencies,
courts, authorities or any persons whom we required or permitted by laws,
regulations, or orders to share personal information;
g) Third parties providing services to us (e.g. market analysis and benchmarking,
including but not limited to correspondent, agents and subcontractors acting on
our behalf, the companies which print and deliver credit card statements);
h) Social media service providers (in a secure format) or other third-party
advertisers so they can display relevant messages to you and others on our
behalf about our products and/or services. Third-party advertisers may also use
information about your previous online activities to tailor adverts to you;
i) Third-party security providers;
j) Other persons that provide you with benefits or services associated with our
products or services (e.g. insurance company); and/or
k) Your attorney, sub-attorney, authorized persons or legal representatives who
have lawfully authorised power.
6. International transfer of personal data
The nature of the modern cryptocurrency business is global and under certain
circumstances it is necessary for us to send or transfer your personal data
internationally. When sending or transferring your personal data, we will always exercise
our best efforts to have your personal data transferred to our reliable business partners,
service providers or other recipients by the safest method in order to maintain and
protect the security of your personal data, which includes the following circumstances:
a) Comply with legal obligations;
b) Inform you the inadequate personal data protection standards of the destination
country and obtain your consent;
c) Perform the agreement made by you with us or your request before entering into
an agreement;
d) comply with an agreement between us and other parties for your own interest;
e) Prevent or suppress a danger to your or other persons’ life, body or health and
you are incapable of giving consent at such time; or
f) Carry out activities relating to the substantial public interest.
7. Retention period of personal data
We will maintain and keep your personal data which you are our customer and once you
has ended the relationship with us (e.g. after you closed your account with us, or
following a transaction with us, or in case of your application to use our services is
disapproved, or you terminate the services provided by us), we will only keep your
personal data for a period of time that is appropriate and necessary for each type of
personal data and for the purposes as specified in the PDPA.
The period we keep your personal data will be linked to the prescription period or the
period under the relevant laws and regulations (e.g. Financial Institutions Businesses
Laws, Securities and Exchange Commission Laws, Anti-Money Laundering Laws,
Counter-Terrorism and Proliferation of Weapon and Mass Destruction Financing Laws,
Accouting Laws, Tax Laws, Labour Laws and other laws to which we are subject both in
Thailand and other countries). In addition, we may need to retain records of CCTV
surveillance in our head office, our branches or at ATM machines and/or voice records
of Call Center to prevent fraud and to ensure security, including investigating suspicious
transactions which you or related persons may inform us of.
8. Use of cookies
We may collect and use cookies and similar technologies when you use our products
and/or services. This includes when you use our websites and applications.
The collection of such cookies and similar technologies helps us recognise you,
remember your preferences and customise how we provide our products and/or services
to you. We may use cookies for a number of purposes (e.g. enabling and operating
basic functions, helping us understand how you interact with our websites or emails, or
enabling us to improve your online experiences or our communications with you,
particularly, to ensure that online adverts display to you will be more relevant to you and
of your interests.)
8.1. Cookies we use
8.1.1. Strictly Necessary Cookies: These Cookies are essential to our service in
order to facilitate our authentication, registration, log-in or navigate the
features of our services and cannot be switched off in our system.
Without these cookies, you may not be able to take full advantage of our
services or features, and our service will not perform as smoothly for you
as we would like.
8.1.2. Analytical/ Performance Cookies: These cookies allow us to measure and
improve the performance of our sites. The information will help us create
reports and statistics on visits and traffic sources. Performance cookies
collect information such as your IP address, type of device, operating
system, date and time of page visits, and pages visited. If you do not
allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance. The information allows us to
record any difficulties encountered you have with our services and show
us whether our advertising is effective or not.
8.1.3. Functional Cookies: Functional cookies collect information on the usage
of our website, including for instance users language preferences, theme
preferences or login sessions. Functional cookies service the purpose of
improving the user friendliness of a website and therefore ensuring the
user’s best experience.
8.1.4. Cookies for marketing purposes: Cookies for marketing purposes are
used to offer more relevant content to users, based on their specific
interests. They are also used to limit the display frequency of an ad and to
measure and control the effectiveness of advertising campaigns. They
register whether users have visited a website or not, and which contents
were used.
9. Use of personal data for original purposes
We are entitled to continue collecting and using your personal data, which has
previously been collected by us before the effectiveness of the PDPA in relation to the
collection, use and disclosure of personal data, in accordance with the original purposes.
If you do not wish us to continue collecting and using your personal data, you may notify
us to withdraw your consent at any time.
10. How you information is secured
We endeavour to ensure the security of your personal data through our internal security
measures and strict policy enforcement. The measures extend from data encryption to
firewalls. We also require our staff and third-party contractors to follow our applicable
privacy standards and policies and to exercise due care and measures when using,
sending or transferring your personal data. Users of the services are responsible for
maintaining the security of any password, biometrics, user ID or other form of
authentication involved in obtaining access to the password protected or secure areas of
any of our digital services. In order to protect you and your data, we may suspend your
use of any of the services, without notice, pending on investigation, if any breach of
security is suspected.
11. How to contact us
If you have any questions or would like more information about our Privacy Policy or
would like to exercise your rights, please contact us through next@bitkub.com.
Alternatively, you can contact our Data Protection Officer by writing to email:
[email protected]m or contact our office located at 2525, FYI Center, Tower 2, 11th floor,
Unit 2/1101-2/1107, Rama 4 Road, Klongtoei Sub-district, Klongtoei District, Bangkok,
Thailand 10110.
12. Changes to this Privacy Policy
We may change or update this privacy notice from time to time and we will inform the
updated Privacy Policy notice via the application.