Personal Data Protection Policy

Sage Capital Co., Ltd. (“the Company”) recognizes the importance of protecting personal data and its responsibility to implement various measures to comply with the Personal Data Protection Act B.E. 2562 (2019), as well as the rules, regulations, and guidelines set by the Securities and Exchange Commission (SEC) in a strict manner.

This Privacy Policy (“Policy”) applies to the personal data of: 1) individual clients of the Company, including current clients, former clients, and prospective clients; 2) directors, executives, major shareholders, shareholders, persons with controlling power, beneficial owners, employees, and advisors of corporate clients; and 3) other individuals who engage in transactions with the Company but are not clients.

 

Purpose

The Company has established various primary and secondary policies regarding the protection of personal data to ensure that its personnel, including directors, executives, and employees, have the knowledge and understanding of personal data protection and are able to perform their duties appropriately and in compliance with the Personal Data Protection Act.

 

Definitions

Personal Data Protection Act means the Personal Data Protection Act B.E. 2562 (2019).
Person or You means an individual person.

 

  1. Collection of Personal Data

“Personal Data” refers to information related to an individual that identifies or can identify the person, as specified below, for the purpose of the Company providing services to customers and individuals engaged in transactions with the Company. The Company may collect personal data through various methods, either directly from the data subject or indirectly from other sources (e.g., social media, third-party online platforms, the Ministry of Commerce’s database (Corpus), or other public data sources).

The types of personal data that the Company collects, uses, discloses, and transfers internationally vary depending on the scope of the transaction and/or services provided by the Company, which are within the boundaries of professional standards and applicable legal requirements. This includes both general personal data and sensitive personal data.

However, if the Company receives personal data from someone other than the data subject (“Disclosing Party”), the Disclosing Party will be considered as a representative and must confirm to the Company that the personal data has been disclosed in accordance with the applicable personal data protection regulations by the Disclosing Party (e.g., a corporate client of the Company providing personal data of directors and major shareholders of the client to the Company). The details of how the Company receives such personal data will be properly recorded in the Company’s system.

“Sensitive Data” refers to personal data that the law categorizes as sensitive and is at risk of being used for unfair discrimination. The Company will collect, use, disclose, and/or transfer sensitive data internationally only when explicit consent is obtained from the data subject, or when permitted by law.

Types of Data

1.1 Personal Data of Individual Clients, Including Individuals Who Engage in Transactions with the Company but Are Not Clients

The personal data that the Company may collect, use, disclose, and/or transfer internationally includes, but is not limited to, the following categories of personal data:

Personal Information:

  • Title, first name, middle name, last name, alias (if any)
  • Gender, date of birth, age, nationality, education
  • Marital status, spouse’s information, details of minor children
  • Occupation, details of employer, position/job title, workplace location
  • Salary or income, compensation, bonuses
  • Information on government-issued identification cards, such as ID number, passport number, and driving license information, etc.

Contact Information:

  • Mailing address, email address, telephone number, mobile number, fax number
  • Name of representative or authorized person acting on behalf of the client
  • Social media account details, including profile photo and other identifiers for electronic communications, and business contact address
  • Telephone number for business contact

Asset and Financial Information (depending on the transaction):

  • Bank account information, account number, and account type
  • Securities holdings
  • Income and expenses

Details Used for Identification and Authentication:

  • Photograph of ID card, ID number, house registration, tax identification number
  • Passport information
  • Driver’s license
  • Signature and photograph

Transaction Data:

  • Depending on the type of transaction, for clients of the Company, the Company will provide a list of required documents (initially) that the client must prepare and submit to the Company for use in work within the scope of financial advisory/independent financial advisory services.

Verification Data:

  • Information for verification of facts, such as data related to Know Your Customer (KYC), Customer Due Diligence (CDD)
  • Information for risk management or anti-money laundering and counter-terrorism financing checks

Information about Other Individuals Related to the Client and/or Employees or Advisors:

  • For example, spouse, children, references, emergency contacts, beneficial owners
  • Securities holdings

Verification Data from Public Sources:

  • Information from government agencies and other similar sources

1.2 Corporate Customer Information, Including Entities Transacting with the Company but Not Customers of the Company

The information that the company may collect, use, disclose, and/or transfer abroad includes but is not limited to the following types of information:

Identification Data of Individuals Related to the Entity:

  • For example: directors, executives, shareholders, ultimate beneficiaries, controlling persons, authorized representatives, employees, and legal representatives of the organization, as well as any individuals authorized to act on behalf of the corporate customer or those closely related to such individuals. The company recommends that corporate customers/business partners ensure that directors, major shareholders, authorized representatives, or any relevant individuals are informed of the company’s privacy policy.
  • Personal identification data such as name, surname, title, age, gender, photograph, personal history details, education, employment information (e.g., status, responsibilities, occupation, job title, employer or company where they work as an employee/executive or shareholder), shareholding proportions, and government-issued identification data, depending on the transaction.

Contact Information:

  • Address, phone number, email address, and similar contact details.

Transaction Information:

  • Same as the data collected for individual customers.

Verification Information:

  • Same as the data collected for individual customers.

Data from Public Sources:

  • Information from government agencies and other similar public sources.

1.3 Sensitive Information and Other Information

Sensitive Personal Data:
The sensitive personal data that the company may collect, use, disclose, and/or transfer abroad includes:

  • Criminal records
  • Information obtained from checks against prohibited person lists

Other Information:

  • Records of interactions and communications between you and the company, in any form or method, including but not limited to telephone calls, emails, chat messages, and communications via social media.
  • Information you provide to the company through any channel.

 

  1. How the Company Collects, Uses, or Discloses Your Personal Data

The company collects, uses, or discloses your personal data only when necessary and relevant to fulfilling its duties as a financial advisory professional or complying with legal obligations. This includes cases where data collection, use, or disclosure is required to meet legal obligations, fulfill contractual agreements with you, pursue the legitimate interests of the company, act according to your consent, and/or comply with other legal bases. The purposes for collecting, using, or disclosing personal data are as follows:

2.1 The Company’s Legal Obligations

As the company is subject to supervision and must comply with relevant laws and regulations, it is necessary to collect, use, or disclose your personal data for various purposes to ensure compliance with laws and regulations imposed by government agencies and/or regulatory authorities, including but not limited to the following purposes:

1) To comply with the Personal Data Protection Act and its amendments.

2) To comply with other laws (e.g., securities and exchange laws, anti-money laundering laws, counterterrorism and proliferation financing laws, and other laws applicable to the company, both in Thailand and abroad). This includes:

    • Conducting identity verification.
    • Background checks.
    • Credit checks.
    • Customer identification procedures (Know Your Customer: KYC).
    • Customer due diligence (Customer Due Diligence: CDD).
    • Other verifications, including checks against public databases of regulatory agencies and/or lists of designated persons.
    • Continuous actions to ensure compliance with applicable laws.

3) To comply with regulations and/or orders from competent authorities (e.g., court orders, orders from government agencies, regulatory authorities, or authorized officers).

2.2 Contracts You Have Entered into with the Company

The company collects, uses, or discloses your personal data based on your requests and/or agreements made with the company, including but not limited to the following purposes:

  • Fulfilling your requests before entering into a contract with the company, delivering services to you, providing advice, and managing related services. This includes any actions required to ensure the company’s operations or services are not disrupted, unfair, or non-compliant with operational standards, business ethics, or applicable laws in providing financial advisory services.
  • Verifying your identity for any transactions.
  • Carrying out your instructions (e.g., sending information related to your orders or fulfilling the terms of the contract between you and the company, as well as responding to your inquiries or suggestions).
  • Monitoring or recording your transactions, rights, and benefits.
  • Preparing various reports (e.g., transaction reports agreed upon in the contract or internal company reports).
  • Collecting outstanding payments (e.g., in cases where you have not paid for services).
  • Enforcing the company’s legal or contractual rights.

2.3 Disclosure or Transfer of Your Personal Data

The company may disclose or transfer your personal data to third parties (including their personnel and agents) as follows, in compliance with the principles of the Personal Data Protection Act:

  1. The company and/or any other parties with whom the company has legal relations, including directors, executives, employees, staff, contractors, agents, consultants of the company and/or such parties. These relationships operate under advisory service agreements between the company and you and/or corporate clients who have provided your information to the company. Each agreement may have different purposes for conducting transactions.
  2. Government agencies and/or regulatory authorities overseeing the company, such as the Securities and Exchange Commission, the Stock Exchange of Thailand, the Investment Banking Club/Securities Association, the Ministry of Digital Economy and Society, the Anti-Money Laundering Office, and the Revenue Department.
  3. The general public, under disclosures made in the scope of work as an independent financial advisor and/or financial advisor in compliance with the rules, regulations, and directives of relevant authorities, such as the Securities and Exchange Commission and the Stock Exchange of Thailand.
  4. Lawyers, credit information companies, fraud prevention agencies, courts, agencies, or any persons whom the company is required or authorized to disclose personal data to under laws, regulations, or orders.
  5. Third-party service providers to the company, such as IT service providers, data storage providers (Cloud/Email Server Services), and providers for screening persons under anti-money laundering laws. This includes, but is not limited to, agents or subcontractors acting on behalf of the company.
  6. Other persons who provide benefits or services related to the company’s services to you.
  7. Authorized persons, sub-delegates, agents, or lawful representatives acting on your behalf with legal authority.

2.4 Legitimate Interests of the Company

The company relies on the legitimate interests basis while balancing the benefits of the company or other parties with your fundamental rights in personal data. This includes, but is not limited to, the following purposes:

  • Managing the company’s operations, such as audits, risk management, internal administration, monitoring, prevention, and investigation of fraud, money laundering, terrorism, misconduct, or other crimes. This may include verifying the credibility of individuals associated with the company’s corporate clients, even when not required by legal or regulatory authorities. It also includes identifying you to prevent such crimes.
  • For corporate clients, the company collects, uses, and discloses personal data of directors, major shareholders, authorized representatives, or agents.
  • Ensuring business continuity of the company.
  • Managing claims and disputes, filing lawsuits, and handling related legal processes.
  • Contacting you prior to entering into a contract with the company.
  • Evaluating suitability and qualifications, submitting claims for bids and tenders, and entering into contracts with you.
  • Mitigating security risks, such as identifying security incidents, conducting data security investigations, and preventing malicious, fraudulent, deceptive, or unlawful acts.
  • Complying with applicable foreign laws.
  • Administering corporate structure, including data storage, internal controls, business operations, and adherence to the company’s policies and procedures. This includes managing risks, ensuring security, auditing, finance and accounting, systems, and business continuity.
  • Facilitating audits conducted by external auditors.
  • Receiving services from legal, financial, accounting, and tax advisors, or any other consultants appointed by you or the company.
  • Maintaining and updating customer directories and records, including your personal data. This also includes storing contracts and related documents that may reference you.

2.5 Your Consent

In certain cases, the company may request your consent to collect, use, or disclose your personal data to ensure you receive maximum benefits and/or enable the company to provide services that meet your needs. These purposes include, but are not limited to, the following:

  • Collection, use, or disclosure of sensitive personal data (e.g., criminal records) for verification and identification purposes before transactions and for the Know Your Customer (KYC) process in cases where the company determines a high risk of money laundering or terrorism.
  • Transferring or transmitting personal data, including sensitive personal data, to foreign countries that may have insufficient data protection standards. (This applies unless the Personal Data Protection Act permits such actions under other legal grounds or without requiring consent.)
  • For minors, incompetent persons, or quasi-incompetent persons, consent must be obtained from parents, guardians, custodians, or legal representatives, as applicable. (This applies unless the Personal Data Protection Act allows the processing of personal data without requiring consent.)
  • Other actions that require your consent as specified by the company.

2.6 Other Legal Grounds

In addition to the aforementioned legal bases, the company may collect, use, or disclose your personal data under the following legal grounds:

  • To prevent or mitigate harm to life, body, or health of individuals.
  • To perform a task necessary for the public interest or to exercise official authority.

If the personal data that the company collects from you is required for compliance with legal obligations or for entering into a contract with you, the company may be unable to provide certain services (or continue providing services) or some or all of its services if you fail to provide such personal data upon request.

 

  1. Sources of Your Personal Data

Generally, the company collects personal data directly from you. However, in some cases, the company may obtain your personal data from other sources, in compliance with the Personal Data Protection Act. Personal data collected from other sources may include, but is not limited to, the following:

  • Data received from individuals or entities with whom the company has legal relationships.
  • Data received from persons related to you (e.g., your family, friends, or referees).
  • Data received from corporate clients where you hold positions such as director, executive, controlling person, major shareholder, authorized signatory, agent, assignee, or contact person.
  • Data received from service providers, authorities, legal entities, or third parties (e.g., your representatives, employers, sponsors, or investors), including third parties involved in providing services to you or acting on behalf of those entities. If you provide the company with personal data of other individuals during transactions or in any other context, you must inform those individuals of the details of the collection, use, and disclosure of personal data as outlined in this privacy policy. obtain their consent (if necessary) or rely on other legal grounds for sharing their personal data with the company.

 

  1. Your Legal Rights

The Personal Data Protection Act (PDPA) aims to provide you with more control over your personal data. You have the following rights under the PDPA, which you can exercise through the channels designated by the company:

4.1 Right of Access and Copy of Personal Data
You have the right to access and receive a copy of your personal data held by the company, except in cases where the company is legally permitted to deny your request or when it may impact the rights and freedoms of other individuals.

4.2 Right to Rectify Personal Data
You have the right to request that the company correct or update any inaccurate, incomplete, misleading, or outdated personal data.

4.3 Right to Erase Personal Data
You have the right to request that the company delete or destroy your personal data, or anonymize it so that it cannot be identified. However, this request may be denied if the data is necessary for ongoing processing, or if there is a legal basis for retaining it.

4.4 Right to Restrict Processing of Personal Data
You have the right to request that the company temporarily suspend the use of your personal data in certain cases, such as when the company is verifying the accuracy of the data or if you request that the company retain your data for the purpose of legal claims.

4.5 Right to Object to the Processing of Personal Data
You have the right to object to the collection, use, or disclosure of your personal data, particularly if it is based on the legitimate interests of the company or used for statistical research. However, the company may deny your request if it has a compelling legal justification.

4.6 Right to Data Portability
You have the right to request a copy of your personal data in a format that is machine-readable and can be transferred to another entity, provided it is technically feasible and the company does not have legal grounds to deny your request.

4.7 Right to Withdraw Consent
You have the right to withdraw any consent you have given to the company at any time, using the process and methods specified by the company. Withdrawing consent will not affect the lawfulness of any data processing based on consent before it was withdrawn, unless otherwise restricted by law.

4.8 Right to Lodge a Complaint
You have the right to file a complaint with the Personal Data Protection Commission or the Office of the Personal Data Protection Commission if the company fails to comply with the PDPA.

 

  1. Transfer of Your Personal Data to Recipients in Foreign Countries

The company may disclose or transfer your personal data to external parties or servers/computer systems located in foreign countries. The destination country may or may not have data protection standards similar to those in Thailand. However, the company will implement appropriate procedures and measures to ensure that your personal data is transferred securely, and that the recipient of the data adheres to suitable personal data protection standards. This data transfer will be conducted in compliance with applicable legal exceptions that permit such transfers under the law.

 

  1. Retention Period for Your Personal Data

The company will retain your personal data as long as you are a customer, employee, or business partner of the company, or as long as you engage in transactions with the company. Upon termination of the relationship (such as after completing a transaction with the company, or in cases where the company declines your service request, or you request to cancel your service), the company will retain your personal data for a period that is necessary and reasonable to fulfill the purposes outlined by the Personal Data Protection Act (PDPA) and any other applicable legal requirements. This retention period also includes the duration required by laws or regulatory authorities, such as securities and stock market laws, anti-money laundering laws, anti-terrorism financing laws, arms proliferation laws, accounting laws, tax laws, labor laws, and other relevant legislation that the company must comply with, both domestically and internationally (if applicable).

 

  1. Use of Cookies

Since the company does not collect data from visits to its website, no cookie policy has been defined at this time.

 

  1. Use of Personal Data for Original Purposes

The company has the right to continue collecting and using personal data collected before the enforcement of the Personal Data Protection Act (PDPA) for the original purposes. If you do not wish to allow the company to continue collecting and using your personal data for these purposes, you may request to withdraw your consent at any time.

 

  1. Security Measures for Personal Data

The company has implemented strict security measures and policies to ensure the safety of your personal data. These include preventing unauthorized access, ensuring employees and external contractors adhere to appropriate privacy standards, and taking measures to protect, use, or transfer your personal data securely.

 

  1. Contacting the Company

If you have any questions or would like to inquire further about the protection of your personal data, you can contact the company via the following channels:

Sage Capital Co., Ltd.
Contact Address: 25 Bangkok Insurance Building, 28th Floor, South Sathorn Road, Thung Maha Mek, Sathorn, Bangkok 10120
Phone: 02 679 2540

E-mail: mail@sage-capital.biz

 

  1. Changes to Privacy Policy

The company may review, amend, or update this privacy policy as appropriate. The current privacy policy will be posted on the website at https://www.sage-capital.biz/pdpa/

Follow us :