Last Updated: September 2023
Your privacy matters to us as much as it does to you. We take great care in handling your personal data safely and responsibly.
- ACU PAY (Thailand) Co., Ltd. (hereinafter referred to as ‘the Company’) is a company incorporated in the Kingdom of Thailand under the laws of the Kingdom of Thailand, and operates the Website https://acuthai.com/ (hereinafter referred to as ‘this Website’ or ‘the Website’), which is a platform dedicated to e-money payment, e-commerce, currency exchange and the provision of related services (hereinafter referred to as ‘the Service’). For the convenience of wording in this Agreement, the Company and the Website are referred to collectively as ‘we’ or other applicable forms of first person pronouns in this Agreement.
- All natural persons or other subjects who log onto this Website shall be users of this Website. For the convenience of wording in this Agreement, the users are referred to as ‘you’ or any other applicable forms of the second-person pronouns.
- For the convenience of wording in this Agreement, you and we are collectively referred to as “both parties”, and individually as “one party”.
- These privacy terms apply to the Company products including ACU PAY and ACU PAY M.
3 Your consent
- 3.1 You, on the basis of your own free will and your requisite consent, agree to disclose your personal information to us;
- 3.4 You agree that our branches, affiliates and employees may contact you in connection with the products and services that you may be interested in (unless you have indicated that you do not want to receive such information).
4. What kind of data is being collected?
We may collect and process “Personal Data” (which is defined as any data that identifies or can be used to identify you) about you when you visit, install, download, access, register for or use our Services, or contact us in relation to the Services. The nature of the Personal Data that we may collect, and process will be determined by how you are using our Services. We will only use your Personal Data as set out below and always in accordance with applicable data protection laws.
We do not collect special categories of Personal Data, which means Personal Data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, genetic and biometric data, or data concerning health, sex life or sexual orientation. We do not expect our users to share or provide us special categories of Personal Data.
Information that you provide to us and personal data we may collect:
- basic Personal Data about you (such as first name; family name; mobile number; email address, country and your language);
- images. User can optionally upload an image as account avatar. During the eKYC process, user needs to upload ID photos for identity verification purpose.
- for eKYC (know your customer) process, we ask you to upload both the front and back sides of your ID card. Your ID card information will be sent to third party company for verification.
- If you link your credit card or debit card, your card information (such as card type and expiration date) and other financial data that we need to process your requests may be collected and sent to third party payment processors with which we work.
- when you use Services to do thing like send a message in Zendesk or do transactions, we store the information you create.
Information that we automatically collect or generate about you:
When you use our Services, we automatically receive and collect information about you and your device.
- any information regarding the Services accessed and/or used by you and our interactions with you;
- usage data when you use the Services, including application version and IP address;
- activity data relating to your usage of the Services, which reveal your preferences, interests, or manner of use of the Services and the times of use, e.g., IP address, device type, device brand, other unique device identification, language settings etc.
5. What is this data being used for?
Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
- in order to comply with and in order to assess compliance with applicable laws, rules and regulations, subpoenas, legal processes, governmental requests, and internal policies and procedures;
- to allow you to use and access the features and functionality provided by the Services;
- to set you up to use the Services, including creating and administering your account;
- for optimising the Services and your experience using the Services, and for ongoing review and improvement of the information provided on the Services to ensure that it is user friendly;
- to take measures to protect against and try to prevent any potential disruptions or cyber-attacks;
- to understand your needs and interests and, where you have provided your consent, to send you marketing communications about our Services;
- to provide you with technical and other support;
- for the management and administration of our business or in relation to a sale, reorganization, financing or other similar corporate transaction involving our business;
- for the administration and maintenance of our databases storing Personal Data; or
- to detect, prevent, or otherwise address fraud, security or technical issues.
However we use your Personal Data, we make sure that our usage complies with applicable data protection laws. The law allows or requires us to use your Personal Data for a variety of reasons. These include where:
- we need to do so in order to perform our contractual obligations with our customers and third-party providers;
- we have obtained your consent;
- we have legal and regulatory obligations that we have to discharge;
- we may need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or
- the use of your Personal Data as described is necessary for our legitimate business interests, such as:
- allowing us to effectively and efficiently manage and administer the operation of our business and the Services;
- maintaining compliance with internal policies and procedures;
6. Who is my data disclosed to?
- We may disclose your Personal Data to other companies within our group for the purposes set out in “What is this data being used for?” above, as well as to law enforcement and regulatory agencies as may be required by law.
- If you use certain features in the Services, for example linking your credit card or debit card, which will include any personal data contained in such content, will be shared to the payment processor. During identification verification, your ID card information will be shared to an eKYC provider that we work with.
- We may disclose and transfer your Personal Data to our agents, contractors or vendors (“Service Providers”). When we do this, we will ensure that they are under a duty of confidentiality to us and we have imposed contractual obligations to ensure they can only use your Personal Data to provide agreed services to us and to you. Such Service Providers may provide administrative, data processing or other similar services to us to enable us to better provide the Services.
- In particular, certain of the specific third parties that we disclose data to include:
- We use Zendesk by Zendesk Inc for handling customer support. In this case, messages you sent via Zendesk are stored in their system.
- We use third party service to collect and diagnostic and usage data and monitor the infrastructure for ACU Cloud.
- We may use JPush or other third party providers to notify your of important events about the Services and provide you with an enhanced user experience when using the Services. In this case, your device token for pushing notification is stored in JPush system.
7. Retention Process
How long we will hold your Personal Data for will vary and will be determined by the following criteria:
- the purpose for which we are using it – we will need to keep your Personal Data for as long as is necessary for that purpose; and
- legal obligations – laws or regulation may set a minimum period that we have to keep your Personal Data.
8. Data Deletion
The main principle of deleting user data is to disassociate the data retained by the system from the user’s true identity. System will either permanently delete user data or perform data masking.
- ACU PAY and ACU PAY M user can request to delete their personal data by contact us at firstname.lastname@example.org.
- ACU PAY user can also delete user data by using the account deletion function in the ACU PAY mobile application.
- Once user’s account is deleted, basic personal data ( mobile number, name, address, email, ID number. ID card photo, avatar photo) will be either permanently deleted or masked.
- When you visit our Website, we use Google stats via cookies to record our performance and check the effect of online advertising. Cookies are a small amount of data that is sent to your browser and stored on your computer hard drive. Only when you use your computer to access our Website can the cookies be sent to your computer hard drive.
- Cookies are usually used to record the habits and preferences of visitors in browsing the items on our Website. The information collected by cookies is non-registered and collective statistical data and does not involve personal data.
- Cookies, which enable the Website or service provider system to recognize your browser and capture and recall information, cannot be used to obtain data on your hard drive, your email address, or your personal data. Most browsers are designed to accept cookies. You can opt to set your browser to reject cookies, or to notify you as soon as possible if you are loaded on cookies. However, if you set your browser to disable cookies, it is possible that you may not be able to launch or use some functions of our Website.
10. Protection of Personal Data
- We adopt appropriate physical, electronic, management and technical measures so as to protect and safeguard the security of your personal data. We will, to the greatest extent possible, ensure that any personal data collected through our Services shall be free from being subject to nuisance by any third party unrelated to us. The security measures that we may take include but are not limited to:
- Physical measures: records of your personal data will be stored in a properly locked place.
- Electronic measures: The computer data that contain your personal information will be stored in computer systems and storage medias that are subject to strict login restrictions.
- Management measures: only staff members duly authorized by us can access your personal data, and these staff members shall comply with our internal code concerning personal data confidentiality.
- Technical measures: such encryption techniques as Secure Socket Layer Encryption may be used to convey your personal data.
- Other measures: our network servers are protected by proper ‘firewall ‘.
- If you are aware of any security flaws in our Services, please contact us immediately so that we can take appropriate action as soon as possible.
- Despite of the above-mentioned technical and security measures, we cannot guarantee that the information transmitted via the Internet is absolutely safe, so we cannot absolutely guarantee that the personal data that you provide to us through our Services will be safe at any time. We will not be held liable for any loss or damage arising from or caused by any event that may occur in connection with unauthorized access to your personal data, and we shall not be held liable for compensation for such loss or damage.
10. Communication with Us
- If you have any requests and comments, you can send an email to email@example.com, which is the only valid and official email through which we communicate with you, so we will not bear any liability for your failure to using effective contact information, any act or omission.
- We only publish announcements and information on the basis of the valid and effective contact information on this Website or post announcements on this Website; therefore, we shall not be held liable for any loss arising from your trust in the information that has not been obtained through the above-mentioned means.