Bitkub NEXT

Bitkub NEXT is a decentralized wallet service (“Wallet”) for the Bitkub Chain Network

(“Network”) distributed by Bitkub Blockchain Technology Co., Ltd. (“Bitkub” or “us” or “we” or

“our”) which allows users to view addresses, store asset and information that are part of the

Network. This Privacy Policy (“Privacy Policy”) informs you of how we collect, use or disclose

your personal data, what and why we collect, use or disclose your personal data, how long we

hold it, who we disclose it to, your rights, what steps we will take to make sure your personal

data stays private and secure, and how you can contact us. This Privacy Policy is in accordance

with the Personal Data Protection Act B.E. 2562 (“PDPA”) and relevant laws and regulations.

This Privacy Policy applies to:

(1) Our customers

● Individual customers: our past and present customers who are individual

● Corporate customers: directors, shareholders, ultimate beneficial owners,

employees, guarantors, security providers, and legal representatives of our past

and present corporate customers and other individuals authorised persons and

any of relevant individuals have acknowledged our privacy notice.

(2) Non-customers

These include individuals who have no product or service holding with us, but we may

need to collect, use or disclose your personal data, e.g. investors; anyone who makes a

payment to or receives a payment from our customers; anyone that visits our website or

our applications, branches or office; guarantors or security providers; ultimate beneficial

owner; directors or legal representatives of a company that uses our services; debtors or

tenants of our customers; professional advisors, including our directors, investors,

shareholders and their legal representatives, and anyone involved in other transactions

with us or our customers.

Please note that some of the links on our platform may lead to third party’s platforms, and if you

access these platforms, your personal data will then be processed under the third party’s

policies. Make sure that you have read those privacy notices when accessing such platforms.

1. How we collect, use or disclose your personal data

We only collect, use or disclose your personal data you give us where it is necessary or

there is a lawful basis for collecting, disclosing and using it. This includes where we

collect, use or disclose your personal data based on the legitimate grounds of legal

obligation, performance of contract made by you with us, our legitimate interests,

performance under your consent and other lawful basis. Reasons for collecting, using, or

disclosing are provided below:

1.1. To comply with law

We are regulated by many laws, rules, regulations, and orders of any governmental,

supervisory or regulatory authorities, and to fulfill our legal and regulatory requirements,

it is necessary to collect, use or disclose your personal data for the following purposes,

which included but are not limited to:

a) Compliance with the PDPA and any amendments thereof;

b) Compliance with laws (e.g. Digital Asset Laws, Securities and Exchange

Laws, Anti-Money Laundering Laws, Prevention and Suppression of

Financial Support to Terrorism and the Proliferation of Weapons of Mass

Destruction Laws, and other laws to which we are subject in Thailand and

in other countries), including conducting identify verification, background

checks and credit checks, Know Your Client/Customer Due Diligence

(KYC/CDD) processes, other checks and screening procedures (including

screening against publicly available database of regulatory authorities

and/or official sanction lists), and ongoing monitoring that may be

required under applicable law; and/or

c) Compliance with regulatory obligations and/or orders of authorized

persons (e.g. orders by any court of competent jurisdiction or of

governmental, supervisory or regulatory authorities or authorized

officers).

1.2. To provide our service

We will collect, use, or disclose your personal information in accordance with the

request and/or agreement made by you with us, for the following purposes, which

include but are not limited to:

a) Process your request prior to entering into an agreement, consider for

approval in relation to the provision of products and/or services, and

delivery our products and/or services to you including any activities that if

we do not proceed, then our operations or our services may be affected

or may be affected or may not be able to provide to you with fair and

ongoing services;

b) Verify your account;

c) Authenticate when entering into, doing or executing any transactions;

d) Carry out your instructions (e.g. to debit or credit amount from accounts

or respond to your enquiries);

e) Provide online services, mobile applications and other online product

platforms;

f) Track or record your transactions;

g) Produce reports (e.g. transactions reports requested by you or our

internal reports);

h) Notify you with transaction alerts; and/or

1.3. To optimise our platform

We rely on the basis of legitimate interests by considering our benefits or third

party’s benefits with your fundamental rights in personal data which we will

collect, use or disclose for the following purposes, which includes but not limited

to:

a) Conduct our business operations and our financial business group

companies’ business operations (e.g. to audit, to conduct risk

managements, to monitor, prevent, and investigate fraud, money

laundering, terrorism, misconduct, or other crimes, including but not

limited to carrying out the creditworthiness checks of any persons related

to our corporate customer);

b) Conduct our relationship management (e.g. to serve customers, to

conduct customer survey, to handle complaints);

c) Ensure security (e.g. to maintain CCTV records, to register, exchange

identification card and/or take photo of visitors before entering into our

building);

d) Develop and improve our products, services and system to enhance our

services standard and/or for the greatest benefits in fulfilling your needs,

including to conduct research, analyse data and offer products, services

and benefits suitable to you by considering the fundamental rights in your

personal data. If you do not wish to receive the offering of products,

services and benefits from us, you can contact us through our Call Center

Tel +66-2-032-9555;

e) Record images and/or voice recordings relating to the meetings, trainings,

seminars, recreations or marketing activities; and/or

f) In the case of our corporate customer, we will collect, use and disclose

personal data of directors, authorized representatives or attorneys.

1.4. With your consent

In certain circumstances, we may ask for your consent to collect, use or disclose

your personal data to maximise your benefits and/or to enable us to provide

services to fulfil your needs for the following purposes, which include but not

limited to:

a) To verify your identity through cross-checking your email address as a

part of Know Your Client/Customer Due Diligence (KYC/CDD) processes

with Bitkub Online Exchange platform in compliance with laws. Please

note that this is only to check whether you have completed Know Your

Client/Customer Due Diligence (KYC/CDD) processes with Bitkub Online

Exchange platform, we are NOT going to further collect, use, disclose,

request to collect, request to use, or request to disclose your information

and personal data from those processes with Bitkub Online Exchange

platform for other purpose other than the aforementioned without your

consent in advance;

b) To collect and use your sensitive personal data as necessary (e.g. to use

face recognition or your identification card photo, which contains your

sensitive personal data, namely religion and/or blood type) for verification

of your identity before continuing the transaction);

c) To access your camera and photos for the scanning of QR code to

receive tokens, NFT or any digital assets;

d) To access your Bitkub NEXT account, your Bitkub NFT account, your

Bitkub NEXT wallet, you Bitkub NFT wallet, data, or any digital wallet

provided on our Platform in order to revoke or destroy NFT which we

provided in connection with any marketing campaigns, marketing

activities, promotional, incentives, redemption, partnership, or any

activities relating to marketing and promotion, and STRICTLY in

accordance with an explicit rules of such activities you consent and agree

to participate in;

e) Collect and use your personal data and any other data to conduct

research and analyse for the greatest benefits in developing products and

services to truly fulfill your needs and/or to contact you for offering

products, services and benefits exclusively suitable to you;

f) Send or transfer your personal data overseas, which may have

inadequate personal data protection standards (unless the PDPA

specified that we may proceed without obtaining consent); and/or

g) When you are classified as a minor, incompetent or quasi-incompetent

whose consent must be given by their parent, guardian or curator (as the

case may be) (unless the PDPA specifies that we may proceed without

obtaining consent);

h) Disclose your personal data and any other data to our business group

companies as shown on and our trusted business partners for the

following purposes: (1) conducting research and analyzing your personal

data and any other data for the greatest benefits in developing products

and services to truly fulfill your needs; and (2) contacting you for offering

products, services and benefits exclusively suitable to you; and/or

i) Collect, use or disclose your personal data with our business group

companies,,prospective partners, perspective business partner, or in

collaboration with third party (together the “Prospective Partner”),

perspective business partner, or in collaboration with third party (together

the “Prospective Partner”) for (i) (i) conducting conducting marketing

campaigns, marketing activities, promotional, incentives, redemption,

partnership, or any activities relating to marketing and promotion of Bitkub

either solely solely by us or in collaboration with our Prospective Partners;

and (ii) conducting research and/or analyzing your personal data and any

other data for the analytics purposes, and/or monitoring traffic usage

either by solely us or in collaboration with our Prospective Partners.; and

(ii) conducting research and/or analyzing your personal data and any

other data for the analytics purposes, and/or monitoring traffic usage

either by solely us or in collaboration with our Prospective Partners.

1.5. Other lawful basis

Apart from the lawful basis which we mentioned above, we may collect, use or

disclose your personal data based on the following lawful basis:

a) Prepare historical data for the public interest, or for purposes related to

research or statistics;

b) Prevent or suppress a danger to a person’s life, body or health; and/or

necessary to carry out a public task, or for exercising official authority.

If the personal data we collect from you is required to meet our legal obligations or to enter into

an agreement with you, we may not be able to provide (or continue to provide) some or all of the

products or services to you if you do not provide such personal information when requested.

2. What personal data do we collect, use or disclose

The type of personal information, namely personal data and sensitive personal data,

which we collect, use or disclose, varies on the scope of products and/or services that

you may have used or had an interest in. The type of personal data shall include but not

limited to:

Category

Examples of Personal Data

Personal Details

● Given name, middle name,

surname, hidden name (if any)

● Gender

● Date of birth

● Age

● Educational background

● Marital status

● Nationality

Contact details

● Mailing address

● E-mail address

● Phone number

● Facsimile number

● Name of representatives or

authorised persons/directors

acting on behalf of our customers

● Social media accounts

Identification and authentication details

● ID card photo

● Identification number

● Passport information

● Driving license

● Signatures

Financial details and information about

your relationship with us

● Products and/or services you use

● Channels you use and ways you

interact with us

● Your customer status, your ability

to get and manage credit, your

payment history, transaction

records

● Information about your

transactions (e.g. type, number,

and other information relating to

your transactions)

Market research, marketing and sales

● Customer survey

information

● Information and opinion expressed

when participating in market

research

● Details of services you receive and

your preferences

Geographic information and information

about your device and your software

● Your GPS location

● IP address

● Technical specifications and

uniquely identifying data

Investigation data

● Data for due diligence checks (e.g.

information related to Know Your

Client (KYC) or Customer Due

Diligence (CDD))

● Data for risk management or Anti-

Money Laudering and Combating

the Financing Terrorism

(AML/CFT) checks

User login and subscription data

● Login information for using our

system, online internet transaction,

and applications

Information concerning security

● Visual images

● Personal appearance

● Detection of any suspicious and

unusual activity

● CCT images or recordings

● Video recordings

Sensitive personal data

● Biometric information (e.g. face

recognition, fingerprint, voice

recognition and retina recognition)

Transactions data

● Details about your purchases you

make through the service

● Transactions record between

Bitkub Exchange and Bitkub NEXT

● Display of public address and

transactions on Blockchain

Explorer

Camera and photos

Many of our services require us to

collect images and other

information from your device’s

camera and photos. For example,

users must scan the QR code

through their camera to receive

the tokens and NFT to store in the

Bitkub NEXT wallet.

Other information

● Records of correspondence and

other communications between

you and us, in whatever manner

and form, including but not limited

to phone, e-mail, live chat, instant

messages and social media

communications

● Information about insurance policy

and claim for compensation (e.g.

policy coverage, media records,

insurance claims history)

● Information that you provide to us

through any channels

3. Sources of your personal information

Normally, we will collect your personal data directly from you, but sometimes we may get

it from other sources, in such case we will ensure compliance with the PDPA.

a) Your personal information from Bitkub Online Exchange platform

b) Information obtained by us from financial business group companies, business

partners, and/or other persons who we have relationships with;

c) Information obtained by us from persons related to you (e.g. your family, friends,

referees);

d) Information obtained by us from corporate customers as you are directors,

authorised person, attorney, representative or contact person;

e) Information obtained by us from governmental authorities, regulatory authorities,

financial institutions, credit bureau and/or third-party service providers (e.g.

information that is publicly available, or that relates to transactions, credit

information); and/or

f) Information obtained by us from insurance companies and/or other persons in

relation to insurance policy or claim for compensation.

4. Your rights

The PDPA aims to give you more control of your personal information. You can exercise

your rights under the PDPA upon the effectiveness of the provisions in relation to rights

of data subjects, details are as follows:

4.1. Right to access and obtain copy

You have the right to access and obtain copies of your personal data held by us,

unless we are entitled to reject your request under the laws or court orders, or if

such request will adversely affect the rights and freedoms of other individuals.

4.2. Right to rectification

You have the right to rectify your inaccurate personal data and to update your

incomplete personal data.

4.3. Right to erasure

You have the right to request us to delete, destroy or anonymise your personal

data, unless there are certain circumstances where we have the legal grounds to

reject your request.

4.4. Right to restrict

You have the right to request us to restrict the use of your personal data under

certain circumstances (e.g. when we are pending examination process in

accordance with your request to rectify your personal data or to object the

collection, use or disclosure of your personal data, or your request to restrict the

use of your personal data instead of the deletion or destruction of your personal

data which is no longer necessary as you have necessity to retain it for the

purposes of establishment, compliance, exercise or defense of legal claims).

4.5. Right to object

You have the right to object the collection, use or disclosure of your personal

data in case we proceed with legitimate interests basis or for the purpose of

direct marketing, or for the purpose of scientific, historical or statistic research

unless we have legitimate grounds to collect, use or disclose your personal data,

or the collection, use or disclose your personal data is carried out for the

establishment, compliance, or exercise legal claims, or for the reason of our

public interests.

4.6. Right to data portability

You have the right to receive your personal data in case we can arrange such

personal data to be in the format which is readable or commonly used by ways of

automatic tools or equipment, and can be used or disclosed by automated

means. Also, you have the right to request us to send or transfer your personal

data to third parties, or to receive your personal data which we sent or

transferred to third parties, unless it is impossible to do so because of the

technical circumstances, or we are entitled to legally reject your request.

4.7. Right to withdraw consent

You have the right to withdraw your consent that has been given to us at any

time pursuant to the methods and means prescribed by us, unless the nature of

consent does not allow such withdrawal. The withdrawal of consent will not affect

the lawfulness of the collection, use or disclosure of your personal data based on

your consent before it was withdrawn.

4.8. Right to lodge a complaint

You have the right to make a complaint with the Personal Data Protection

Committee or their office in the event that we do not comply with the PDPA.

5. How we share your personal data

We may disclose your personal data to the following parties under the provisions of the

PDPA:

a) Our financial business group companies, business partners and/or other persons

that we have the legal relationship with, including our directors, executives,

employees, staffs, contractors, representatives, advisors and/or such persons’

directors, executive officers, employees, staffs, contractors, representatives, and

advisors;

b) Governmental authorities and/or supervisory or regulatory authorities (e.g. Bank

of Thailand, the Securities and Exchange Commission, Office of Insurance

Commission, Ministry of Digital Economy and Society);

c) Suppliers, agents and other entities (e.g. professional associations to which we

are member, external auditors, depository institutions, document warehouses,

overseas financial institutions, clearing houses) where the disclosure of your

personal data has a specific purpose and under lawful basis, as well as

appropriate security measures;

d) Any relevant persons as a result of activities relating to selling rights of claims

and/or assets, restructuring or acquisition of any of our entities, where we may

transfer their rights to; any persons with whom we are required to share data for

proposed sale, reorganization, transfer, financial arrangement, asset disposal or

other transaction relating to our business and/or assets held by our business;

e) Other banks, financial institutions and third parties where required by law to help

recover funds that have entered into your account due to misdirected payment(s)

by such third parties or trace funds where you are a victim of suspected financial

crime, or where suspect funds have entered your account as a result of financial

crime;

f) Debt collection agencies, lawyers, credit bureau, fraud prevention agencies,

courts, authorities or any persons whom we required or permitted by laws,

regulations, or orders to share personal information;

g) Third parties providing services to us (e.g. market analysis and benchmarking,

including but not limited to correspondent, agents and subcontractors acting on

our behalf, the companies which print and deliver credit card statements);

h) Social media service providers (in a secure format) or other third-party

advertisers so they can display relevant messages to you and others on our

behalf about our products and/or services. Third-party advertisers may also use

information about your previous online activities to tailor adverts to you;

i) Third-party security providers;

j) Other persons that provide you with benefits or services associated with our

products or services (e.g. insurance company); and/or

k) Your attorney, sub-attorney, authorized persons or legal representatives who

have lawfully authorised power.

6. International transfer of personal data

The nature of the modern cryptocurrency business is global and under certain

circumstances it is necessary for us to send or transfer your personal data

internationally. When sending or transferring your personal data, we will always exercise

our best efforts to have your personal data transferred to our reliable business partners,

service providers or other recipients by the safest method in order to maintain and

protect the security of your personal data, which includes the following circumstances:

a) Comply with legal obligations;

b) Inform you the inadequate personal data protection standards of the destination

country and obtain your consent;

c) Perform the agreement made by you with us or your request before entering into

an agreement;

d) comply with an agreement between us and other parties for your own interest;

e) Prevent or suppress a danger to your or other persons’ life, body or health and

you are incapable of giving consent at such time; or

f) Carry out activities relating to the substantial public interest.

7. Retention period of personal data

We will maintain and keep your personal data which you are our customer and once you

has ended the relationship with us (e.g. after you closed your account with us, or

following a transaction with us, or in case of your application to use our services is

disapproved, or you terminate the services provided by us), we will only keep your

personal data for a period of time that is appropriate and necessary for each type of

personal data and for the purposes as specified in the PDPA.

The period we keep your personal data will be linked to the prescription period or the

period under the relevant laws and regulations (e.g. Financial Institutions Businesses

Laws, Securities and Exchange Commission Laws, Anti-Money Laundering Laws,

Counter-Terrorism and Proliferation of Weapon and Mass Destruction Financing Laws,

Accouting Laws, Tax Laws, Labour Laws and other laws to which we are subject both in

Thailand and other countries). In addition, we may need to retain records of CCTV

surveillance in our head office, our branches or at ATM machines and/or voice records

of Call Center to prevent fraud and to ensure security, including investigating suspicious

transactions which you or related persons may inform us of.

8. Use of cookies

We may collect and use cookies and similar technologies when you use our products

and/or services. This includes when you use our websites and applications.

The collection of such cookies and similar technologies helps us recognise you,

remember your preferences and customise how we provide our products and/or services

to you. We may use cookies for a number of purposes (e.g. enabling and operating

basic functions, helping us understand how you interact with our websites or emails, or

enabling us to improve your online experiences or our communications with you,

particularly, to ensure that online adverts display to you will be more relevant to you and

of your interests.)

8.1. Cookies we use

8.1.1. Strictly Necessary Cookies: These Cookies are essential to our service in

order to facilitate our authentication, registration, log-in or navigate the

features of our services and cannot be switched off in our system.

Without these cookies, you may not be able to take full advantage of our

services or features, and our service will not perform as smoothly for you

as we would like.

8.1.2. Analytical/ Performance Cookies: These cookies allow us to measure and

improve the performance of our sites. The information will help us create

reports and statistics on visits and traffic sources. Performance cookies

collect information such as your IP address, type of device, operating

system, date and time of page visits, and pages visited. If you do not

allow these cookies we will not know when you have visited our site, and

will not be able to monitor its performance. The information allows us to

record any difficulties encountered you have with our services and show

us whether our advertising is effective or not.

8.1.3. Functional Cookies: Functional cookies collect information on the usage

of our website, including for instance users language preferences, theme

preferences or login sessions. Functional cookies service the purpose of

improving the user friendliness of a website and therefore ensuring the

user’s best experience.

8.1.4. Cookies for marketing purposes: Cookies for marketing purposes are

used to offer more relevant content to users, based on their specific

interests. They are also used to limit the display frequency of an ad and to

measure and control the effectiveness of advertising campaigns. They

were used.

9. Use of personal data for original purposes

We are entitled to continue collecting and using your personal data, which has

previously been collected by us before the effectiveness of the PDPA in relation to the

collection, use and disclosure of personal data, in accordance with the original purposes.

If you do not wish us to continue collecting and using your personal data, you may notify

us to withdraw your consent at any time.

10. How you information is secured

We endeavour to ensure the security of your personal data through our internal security

measures and strict policy enforcement. The measures extend from data encryption to

firewalls. We also require our staff and third-party contractors to follow our applicable

privacy standards and policies and to exercise due care and measures when using,

sending or transferring your personal data. Users of the services are responsible for

maintaining the security of any password, biometrics, user ID or other form of

authentication involved in obtaining access to the password protected or secure areas of

any of our digital services. In order to protect you and your data, we may suspend your

use of any of the services, without notice, pending on investigation, if any breach of

security is suspected.

11. How to contact us

If you have any questions or would like more information about our Privacy Policy or

would like to exercise your rights, please contact us through next@bitkub.com.

Alternatively, you can contact our Data Protection Officer by writing to email:

[email protected]m or contact our office located at 2525, FYI Center, Tower 2, 11th floor,

Unit 2/1101-2/1107, Rama 4 Road, Klongtoei Sub-district, Klongtoei District, Bangkok,

Thailand 10110.

12. Changes to this Privacy Policy

We may change or update this privacy notice from time to time and we will inform the

updated Privacy Policy notice via the application.