Sage Capital Co., Ltd. (“the Company”) recognizes the importance of protecting personal data and its responsibility to implement various measures to comply with the Personal Data Protection Act B.E. 2562 (2019), as well as the rules, regulations, and guidelines set by the Securities and Exchange Commission (SEC) in a strict manner.
This Privacy Policy (“Policy”) applies to the personal data of: 1) individual clients of the Company, including current clients, former clients, and prospective clients; 2) directors, executives, major shareholders, shareholders, persons with controlling power, beneficial owners, employees, and advisors of corporate clients; and 3) other individuals who engage in transactions with the Company but are not clients.
Purpose
The Company has established various primary and secondary policies regarding the protection of personal data to ensure that its personnel, including directors, executives, and employees, have the knowledge and understanding of personal data protection and are able to perform their duties appropriately and in compliance with the Personal Data Protection Act.
Definitions
Personal Data Protection Act means the Personal Data Protection Act B.E. 2562 (2019).
Person or You means an individual person.
“Personal Data” refers to information related to an individual that identifies or can identify the person, as specified below, for the purpose of the Company providing services to customers and individuals engaged in transactions with the Company. The Company may collect personal data through various methods, either directly from the data subject or indirectly from other sources (e.g., social media, third-party online platforms, the Ministry of Commerce’s database (Corpus), or other public data sources).
The types of personal data that the Company collects, uses, discloses, and transfers internationally vary depending on the scope of the transaction and/or services provided by the Company, which are within the boundaries of professional standards and applicable legal requirements. This includes both general personal data and sensitive personal data.
However, if the Company receives personal data from someone other than the data subject (“Disclosing Party”), the Disclosing Party will be considered as a representative and must confirm to the Company that the personal data has been disclosed in accordance with the applicable personal data protection regulations by the Disclosing Party (e.g., a corporate client of the Company providing personal data of directors and major shareholders of the client to the Company). The details of how the Company receives such personal data will be properly recorded in the Company’s system.
“Sensitive Data” refers to personal data that the law categorizes as sensitive and is at risk of being used for unfair discrimination. The Company will collect, use, disclose, and/or transfer sensitive data internationally only when explicit consent is obtained from the data subject, or when permitted by law.
Types of Data
1.1 Personal Data of Individual Clients, Including Individuals Who Engage in Transactions with the Company but Are Not Clients
The personal data that the Company may collect, use, disclose, and/or transfer internationally includes, but is not limited to, the following categories of personal data:
Personal Information:
Contact Information:
Asset and Financial Information (depending on the transaction):
Details Used for Identification and Authentication:
Transaction Data:
Verification Data:
Information about Other Individuals Related to the Client and/or Employees or Advisors:
Verification Data from Public Sources:
1.2 Corporate Customer Information, Including Entities Transacting with the Company but Not Customers of the Company
The information that the company may collect, use, disclose, and/or transfer abroad includes but is not limited to the following types of information:
Identification Data of Individuals Related to the Entity:
Contact Information:
Transaction Information:
Verification Information:
Data from Public Sources:
1.3 Sensitive Information and Other Information
Sensitive Personal Data:
The sensitive personal data that the company may collect, use, disclose, and/or transfer abroad includes:
Other Information:
The company collects, uses, or discloses your personal data only when necessary and relevant to fulfilling its duties as a financial advisory professional or complying with legal obligations. This includes cases where data collection, use, or disclosure is required to meet legal obligations, fulfill contractual agreements with you, pursue the legitimate interests of the company, act according to your consent, and/or comply with other legal bases. The purposes for collecting, using, or disclosing personal data are as follows:
2.1 The Company’s Legal Obligations
As the company is subject to supervision and must comply with relevant laws and regulations, it is necessary to collect, use, or disclose your personal data for various purposes to ensure compliance with laws and regulations imposed by government agencies and/or regulatory authorities, including but not limited to the following purposes:
1) To comply with the Personal Data Protection Act and its amendments.
2) To comply with other laws (e.g., securities and exchange laws, anti-money laundering laws, counterterrorism and proliferation financing laws, and other laws applicable to the company, both in Thailand and abroad). This includes:
3) To comply with regulations and/or orders from competent authorities (e.g., court orders, orders from government agencies, regulatory authorities, or authorized officers).
2.2 Contracts You Have Entered into with the Company
The company collects, uses, or discloses your personal data based on your requests and/or agreements made with the company, including but not limited to the following purposes:
2.3 Disclosure or Transfer of Your Personal Data
The company may disclose or transfer your personal data to third parties (including their personnel and agents) as follows, in compliance with the principles of the Personal Data Protection Act:
2.4 Legitimate Interests of the Company
The company relies on the legitimate interests basis while balancing the benefits of the company or other parties with your fundamental rights in personal data. This includes, but is not limited to, the following purposes:
2.5 Your Consent
In certain cases, the company may request your consent to collect, use, or disclose your personal data to ensure you receive maximum benefits and/or enable the company to provide services that meet your needs. These purposes include, but are not limited to, the following:
2.6 Other Legal Grounds
In addition to the aforementioned legal bases, the company may collect, use, or disclose your personal data under the following legal grounds:
If the personal data that the company collects from you is required for compliance with legal obligations or for entering into a contract with you, the company may be unable to provide certain services (or continue providing services) or some or all of its services if you fail to provide such personal data upon request.
Generally, the company collects personal data directly from you. However, in some cases, the company may obtain your personal data from other sources, in compliance with the Personal Data Protection Act. Personal data collected from other sources may include, but is not limited to, the following:
The Personal Data Protection Act (PDPA) aims to provide you with more control over your personal data. You have the following rights under the PDPA, which you can exercise through the channels designated by the company:
4.1 Right of Access and Copy of Personal Data
You have the right to access and receive a copy of your personal data held by the company, except in cases where the company is legally permitted to deny your request or when it may impact the rights and freedoms of other individuals.
4.2 Right to Rectify Personal Data
You have the right to request that the company correct or update any inaccurate, incomplete, misleading, or outdated personal data.
4.3 Right to Erase Personal Data
You have the right to request that the company delete or destroy your personal data, or anonymize it so that it cannot be identified. However, this request may be denied if the data is necessary for ongoing processing, or if there is a legal basis for retaining it.
4.4 Right to Restrict Processing of Personal Data
You have the right to request that the company temporarily suspend the use of your personal data in certain cases, such as when the company is verifying the accuracy of the data or if you request that the company retain your data for the purpose of legal claims.
4.5 Right to Object to the Processing of Personal Data
You have the right to object to the collection, use, or disclosure of your personal data, particularly if it is based on the legitimate interests of the company or used for statistical research. However, the company may deny your request if it has a compelling legal justification.
4.6 Right to Data Portability
You have the right to request a copy of your personal data in a format that is machine-readable and can be transferred to another entity, provided it is technically feasible and the company does not have legal grounds to deny your request.
4.7 Right to Withdraw Consent
You have the right to withdraw any consent you have given to the company at any time, using the process and methods specified by the company. Withdrawing consent will not affect the lawfulness of any data processing based on consent before it was withdrawn, unless otherwise restricted by law.
4.8 Right to Lodge a Complaint
You have the right to file a complaint with the Personal Data Protection Commission or the Office of the Personal Data Protection Commission if the company fails to comply with the PDPA.
The company may disclose or transfer your personal data to external parties or servers/computer systems located in foreign countries. The destination country may or may not have data protection standards similar to those in Thailand. However, the company will implement appropriate procedures and measures to ensure that your personal data is transferred securely, and that the recipient of the data adheres to suitable personal data protection standards. This data transfer will be conducted in compliance with applicable legal exceptions that permit such transfers under the law.
The company will retain your personal data as long as you are a customer, employee, or business partner of the company, or as long as you engage in transactions with the company. Upon termination of the relationship (such as after completing a transaction with the company, or in cases where the company declines your service request, or you request to cancel your service), the company will retain your personal data for a period that is necessary and reasonable to fulfill the purposes outlined by the Personal Data Protection Act (PDPA) and any other applicable legal requirements. This retention period also includes the duration required by laws or regulatory authorities, such as securities and stock market laws, anti-money laundering laws, anti-terrorism financing laws, arms proliferation laws, accounting laws, tax laws, labor laws, and other relevant legislation that the company must comply with, both domestically and internationally (if applicable).
Since the company does not collect data from visits to its website, no cookie policy has been defined at this time.
The company has the right to continue collecting and using personal data collected before the enforcement of the Personal Data Protection Act (PDPA) for the original purposes. If you do not wish to allow the company to continue collecting and using your personal data for these purposes, you may request to withdraw your consent at any time.
The company has implemented strict security measures and policies to ensure the safety of your personal data. These include preventing unauthorized access, ensuring employees and external contractors adhere to appropriate privacy standards, and taking measures to protect, use, or transfer your personal data securely.
If you have any questions or would like to inquire further about the protection of your personal data, you can contact the company via the following channels:
Sage Capital Co., Ltd.
Contact Address: 25 Bangkok Insurance Building, 28th Floor, South Sathorn Road, Thung Maha Mek, Sathorn, Bangkok 10120
Phone: 02 679 2540
E-mail: mail@sage-capital.biz
The company may review, amend, or update this privacy policy as appropriate. The current privacy policy will be posted on the website at https://www.sage-capital.biz/pdpa/