Privacy Policy

1. Introduction

CryptoThailand Co., Ltd. ("we," "us," "our," or "Company") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us.

We comply with Thailand's Personal Data Protection Act (PDPA) 2562 (2019) and international data protection standards. Please read this Privacy Policy carefully. If you do not agree with our practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide Directly

• Registration Data: Name, email address, phone number, date of birth, and residential address
• Identification Documents: Government-issued ID, passport, or national identity number for KYC verification
• Financial Information: Bank account details, transaction history, and trading information
• Communication Data: Messages, support tickets, feedback, and customer service interactions
• Payment Information: Payment method details (processed securely, we don't store full card numbers)

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device type, and device identifiers
• Usage Data: Pages visited, features used, time spent, clicks, and interaction patterns
• Location Data: Approximate location based on IP address (we don't collect precise GPS location)
• Cookies and Tracking: Session identifiers, preferences, and analytical data

2.3 Information from Third Parties

• KYC verification providers and identity verification services
• Payment processors and financial institutions
• Regulatory bodies for compliance purposes
• Analytics and fraud prevention services

3. How We Use Your Information

We use collected information for the following purposes:

• Account Management: Creating and maintaining your account, processing transactions, and providing customer support
• Legal Compliance: KYC/AML verification, anti-fraud detection, and regulatory reporting required by Thai authorities
• Service Improvement: Analyzing usage patterns, improving platform features, and enhancing security
• Communication: Sending account updates, security alerts, promotional materials (with your consent), and support responses
• Risk Management: Detecting suspicious activity, preventing fraud, and protecting against security threats
• Legal Obligations: Complying with court orders, government investigations, and legal requirements
• Marketing: With your explicit consent, we send newsletters and promotional content about new features

4. Data Sharing and Disclosure

4.1 We Share Information With

• Service Providers: Payment processors, identity verification services, and IT infrastructure providers
• Regulatory Authorities: Thai SEC, Bank of Thailand, and other government agencies as required by law
• Financial Institutions: Banks and payment networks for transaction processing
• Security Partners: Fraud prevention and cybersecurity companies
• Legal Parties: Lawyers and accountants when necessary for legal compliance

4.2 We Do Not Sell Personal Data

We do not sell, trade, or rent your personal information to third parties for marketing purposes. Your data is shared only as necessary for providing services, legal compliance, and protecting our platform.

4.3 Data Transfers Outside Thailand

Your information may be transferred to and stored in countries other than Thailand as necessary for service provision. We ensure appropriate safeguards are in place for all international transfers, compliant with PDPA requirements.

5. Data Security

We implement comprehensive security measures to protect your personal data:

• Encryption: AES-256 encryption for data in transit (HTTPS/TLS) and at rest
• Cold Storage: Personal data backups stored in secure, offline facilities
• Access Control: Role-based access restrictions and multi-factor authentication for staff
• Regular Audits: Third-party security audits and vulnerability assessments quarterly
• Incident Response: Documented incident response procedures and breach notification protocols
• Employee Training: Regular data protection and security training for all staff members

Important: While we implement industry-leading security practices, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your information.

6. Your Privacy Rights

6.1 Rights Under Thai PDPA

You have the following rights regarding your personal data:

• Right to Access: You can request a copy of your personal data we hold
• Right to Rectification: You can request correction of inaccurate information
• Right to Erasure: You can request deletion of your data (subject to legal hold requirements)
• Right to Restrict Processing: You can request we limit how we use your data
• Right to Object: You can object to certain types of processing, particularly marketing
• Right to Portability: You can request your data in a portable format

6.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@cryptothailand.com with a clear description of your request. We will respond within 30 days as required by law.

7. Cookies and Tracking

Our website uses cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

8. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected information from a child, we will delete such information immediately.

9. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@cryptothailand.com
• Address: CryptoThailand Co., Ltd., Bangkok, Thailand
• Phone: +66 (0)2-XXX-XXXX
• Data Protection Officer: dpo@cryptothailand.com

Last Updated: November 24, 2024