Privacy Policy

Preface

​ Wipay Company Limited (“Company”) realizes the importance of personal data protection so we provide this Privacy Policy to inform our customer about our company’s policy about the collecting, using and disclosing customer’s personal data (“data subject”) due to the Personal Data Protection Act B.E. 2562, relevant laws and regulations. This privacy notice will inform the data subject how the Company collects, uses or discloses the data subject's personal data, types of data, and the purposes for doing so, including details and the period for which the Personal Data will be retained, Disclosure of personal data to third parties, Data Subject’s Rights, Confidentiality and Security of the personal data and how the data subject can contact the company.

1. Definition

“Customer” or “Data Subject” means Person or Juristic person who is a visitor, user, member, merchant, partner, service user, account opening requester or any other person using the website and application services and/or customers of Wipay Co., Ltd. whether such visit, use, membership, use of the service or access is done by any means, through the device. any through which channel and whether making a payment or not.
“Company” or “Data Controller” means Wipay company limited and/or its affiliates and/or the service provider of these website and application.
“Data Processor” means Any person or Juristic Person who operates in relation to the collection, use, or disclosure of the personal data pursuant to the orders given by or on behalf of a data controller.
“Affiliates” means Companies listed under this policy.
“Website and Application” means “www.wiwallet.app” and/or “Wi wallet” application provided by Wipay company limited However, in the case of an application, This Privacy Policy shall apply to the applications that have been changed, amended, updated, or supplemented by WiPay Co., Ltd. and/or its affiliates, as the case may be, except for the applications that have been Such changes, amended, updates or additions will be governed by terms and conditions other than in this Privacy Policy.
“Data” means Anything that conveys a story, facts, information or anything, whether such interpretation is made by the nature of the thing itself or through any means, and whether it is provided in the form of documents, files, reports. Books, diagrams, maps, drawings, photographs, film, audio or video recordings recording by computer by electronic means or any other way that the recorded material can be displayed or displayed.
“Personal Data” means Means personal data which can identify a person, directly or indirectly as per the Personal Data Protection Act B.E. 2562, its amendments and the related laws including the Sensitive Data.
“Sensitive Data” means Means racial or ethnic origin, political opinions, religious or philosophical beliefs, person’s sex life, criminal records, data concerning health, trade union membership, the processing of genetic data, biometric data or any other data for the purpose of uniquely identifying a natural person as per the Announcement of the commission.
“Data Protection Officer” means Officers or personnel provided by the Company to operate in accordance with the Personal Data Protection Law.
“Personal Data Protection Laws” means The Personal Data Protection Act B.E. 2562 (2019) and includes any future amendments under the Act.

2. Customer’s consent

For the providing services on the Website and Application, the customer agrees and gives consent to the collection, use, or disclosure of personal data as follows

(1) Purpose of the collection, using or disclosing personal data

The customer acknowledges, agrees, and consents to the Company and its data processors for collecting, using, or disclosing personal data. For the following purposes only

  • To ensure that the use of the service is following under the related laws, rules, and regulations related to the Company's business operations. Also, for the performance of duties under the law and rules related to or applicable to the Company, including but not limited to The Personal Data Protection Act B.E. 2562 and/or the Payment Systems Act B.E. 2560 and/or the Computer Crime Act B.E.2550 Will be revised or added in the future.
  • For the purpose of verifying or identifying the customer when accessing the company’s website and application or other services.
  • To ensure the customer's usage data for the development of security standards in using the service. Management and protection of information technology infrastructure in this respect, the Company may use the customer’s personal data only to the extent necessary and may proceed with encryption before using and/or arrange for a random check by hiring the out-source as the third-party to testing for the data leaking test for sake of using in risk management, detection, prevention and/or elimination of fraud or other potentials that tended to the law violation. Relevant usage regulations or the terms and conditions of Company’s website and application (“Terms and Conditions”).
  • For any other benefits related to the Company's business operations, such as education, research, statistics, service development and marketing or targeted advertising, including delivery content to the public activities and promotions, as well as providing appropriate suggestion in order to provide services which is matched to the customer’s interesting.

  • To operate the website and application and provide services, including to:

  • Initiate a payment, make a payment or charge. Add value to your account or pay your bill.

  • Verify access to the customer's account
  • Communicate with customer about the customer’s account, websites, applications, products or services.
  • Create the connection between a customer's account and the third-party’s account or platform.

  • Check the credibility and other financial status, evaluate the registration and compare the data for the purpose of authenticity and identity verification.

  • Update the User Account / Merchant Account and/or keep the customer's financial data up to date.

  • To manage the company's business needs such as monitoring, analytics, and service improvements and the efficiency performance and functionality of websites and applications. For example, the Company analyzes user behavior and conducts research on how customers use the Company's services.
  • To manage risks and protect the website and application, products or services from fraud or theft. To help detect and prevent fraud or theft and violation of the Company's services.
  • To make the market to customers about the Company's products and services, as well as the products and services of unrelated businesses. The Company may process Customer's personal data to tailor certain marketing content and services or experiences of website and application to customer’s interests on website and application or the third party’s websites and applications.
  • In order to provide personalized services offered by the company on third-party’s websites, applications and online services, the Company may use Customer's "personal data" and other data which is collected in accordance with This "Privacy Policy" in purpose of providing the customer with targeted result, features, products, services, or presentations on third-party’s websites and applications. The company may use cookies and other tracking technologies to provide these websites and applications and online services and/or collaborate with other third parties such as merchants, partners, advertising companies and/or analytics firms. These websites and applications and online services
  • To give options, functions or location-specific offers to customers, if customer chooses to disclose customer's geographic location data through the service. The company will use this data to increase the security of the website and application, products and services also provide location-based services to customers such as advertising, search results, and other personalized content.
  • To perform the duties of the company and to enforce the terms of the website and application, products and services including to comply with all applicable laws and regulations.
  • To make it easier for customers to find and connect with others. The company may use customer’s data that the customer has disclosed to the services to provide advice on connections between the customer and people that the customer may know. For example, the company may connect the customer’s data that the company already knew through the customer’s service using or the customer’s contact include the given data from the customer and other people for suggesting people who the customer may know or wish to conduct the transactions through the company's services. The functionality and social features designed to make it easier for customers to use the Service to others may vary by service.
  • To respond to customer requests, for example, to contact customer back and answer about questions that have sent to the Call Center or other department in the Company.
  • In order to increase the efficiency of services providing to customer in various fields even more.
  • To contact customers via telephone, text message (SMS), e-mail or post or through any channels to inquire or notify customers or check and verify information about the customer's account or make the poll to ask the customer’s opinion or provide any other information related to the Company's services as necessary

In this regard, the customer's communication with the company or the company's team is deemed that the customer acknowledged and agreed that Communications with the Company may include audio recordings. Conversation record or save contact details by any means

  • To achieve objectives related to the preparation of historical documents or archives for the public interest. or related to research studies or statistics which have provided appropriate safeguards to protect the rights and freedoms of customers as required by law.
  • It is for preventing or suppressing a danger to a Person’s life, body or health
  • it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.
  • It is necessary for the performance of a task carried out in the public interest by the company, or it is necessary for the exercising of official authority vested in the company.
  • It is necessary for legitimate interests of the company, data processor or any other Persons or juristic persons other than the Data Controller, except where such interests are overridden by the fundamental rights of the data subject of his or her Personal Data.

(2) The personal data list which the company collected, used and disclosed

​ The customer acknowledges, agrees and consents to the Company and its data processors collecting, using or disclosing personal data. the following only:

​ (2.1) Customer : Personal Data

  • Name
  • ID Card no.
  • Passport no. or other identification number issued by government or government agency of citizenship.
  • Date of birth
  • Address according to the ID Card
  • Address according to the house registration book
  • The current address
  • Occupation
  • Workplace name, Company name
  • Office address
  • Telephone number or Mobile number
  • E-mail
  • Signature or Electronic Signature
  • Photo of the ID card.
  • Personal photography
  • Information about the transaction
  • Communication records
  • Sensitive Data
  • Device information
  • Contact list

(2.2) Data related to Juristic Person customers

  • Name of the Juristic Person
  • Juristic ID
  • Taxpayer Identification No.
  • Authorized officer on behalf of the juristic person
  • Name list of all shareholders

  • Data of the last attorney to complete the transaction (if any)

  • (1)In the case that the authorized person is a Thai

  • Full name

  • Date of birth
  • ID card no.
  • Address according to the ID Card

v. Address according to the house registration book

vi. Current Address

(2) In the case that the authorized person is a foreigner

  1. Full name
  2. Date of birth
  3. Passport no.
  4. Address in the country of the customer’s nationality

  5. Current address in Thailand

  6. Address

  7. Telephone number
  8. Company seal
  9. Signature of the authorized person or the assignee

However, personal data not mentioned above shall also include the following data:

  • Data directly provided by the customer: The Company will collect the data that the customer sends to the Company, such as information that the customer enters when registering for the service or opening an account. Data the used for signing up for services and participating in activities on website and application. Survey or questionnaire data request information Customer account data (User Account / Merchant Account) or data that the customer has modified in the customer account data (User Account / Merchant Account) of the customer or data obtained from the customer's contact with the company or the company's team or data obtained from other User Account / Merchant Account that the Company has reason to believe that the Customer is using it including but not limited to All kinds of information displayed on the customer profile page and various subscription pages such as name-surname, address, date/month/year of birth, gender, age, photograph, email address, bank account number. Credit card number (if any) ID card number Taxpayer Identification Number phone number This includes information about the Customer Account, interests and all comments made by Customer through the Website and Application (if applicable) to be stored with the Account.
  • Information received from the service using by the customer: The company collects information about the services that the customer uses and how the customer uses them. This includes but is not limited to: Device’s data that the customer uses for accessing the website and applications. Computer traffic data (Log), contact information and communication between customers and other customers and data from usage logs such as device identifiers. Computer Identification Number (IP Address) Device Identification Number Device type mobile network data Connection information, voice data, geolocation information. Type of browser (Browser) Log data of websites and applications. Website and Application data that customers access before and after (Referring Website) data, record the history of using websites and applications Login log, transaction log, customer behavior, website and application traffic statistics. Time of visiting websites and applications (Access Time) information that customers search for. Use of functions on websites and applications and the information the Company collects through cookies or other similar technologies.
  • Data which the company received from the third party: government agencies, banks, financial institutions, business partners, data providers, credit information center, In the event that the authorized person by the law or the customer has already given consent and/or information that is publicly available

(3) The period for which the Personal Data will be retained.

The customer acknowledges, agrees and consents to the company and the data processor to collect, use or disclose personal data for a total period of 10 years from the date of giving consent to collect, use or disclose personal data in accordance with this policy or started from the date of termination of the relationship or closing the account between the customers and the company case by case and at the end of the retaining period or the company has no rights to collect, use or disclose the customer’s personal data the company has to destroy or delete such personal data within 14 days from the end of such period.

(4) Disclosing personal data to the third party

The customer acknowledges, agrees and consents to the company and the data processor to collecting, using or disclosing personal data to the third party, the data processor, the affiliates or the company’s partners and not limited to Person or Juristic Person in both domestic and international for sake of this policy and/or as required in Law In addition, the Company may be required to send the customer's personal data to the bank where the customer has linked their account with the company's customer account for investigation and prevention of illegal acts.

(5) Affiliate list

- Wi shop company limited

- Wi game company limited

- Gamify company limited

3. Connection or Sharing of the Personal Data to Third Party’s Website, Application and Product.

The Customer acknowledges, agrees and give the consent that the Company and its data processors may associate and share the personal data with third party website and application providers, products and/or services. By linking or sharing information with third party website and application providers, products and/or services from time to time. The Company will notify the customers whenever any personal data will be linked or shared with third party providers of websites and applications, products and/or services.

In this regard, when the customer expressly expresses their intention, Clear and Affirmative Consent to authorize the linking or sharing of such information. This includes, but is not limited to, accepting, authorizing, linking, sharing, or any act expressly acknowledging, agreeing to, and agreeing to link or share information with websites, applications, products and/or services of such the third party.

4. Tracking customer behavior on websites and applications

The customer acknowledges and agrees that the Company may use the following systems and/or technologies to track the behavior of the customer's use of the website and applications. The Company may collect, use and disclose other personal data that related to the customers. When a customer accesses, visits, uses the Services and/or uses the Company's website and application including social media usage and interactions on the Company's websites and application, such as the version and type of computer program used to view website and application. (Browser type and browser version) and/or device type information the Customer uses to access website and application. (Personal computer, laptop and/or smart phone) and/or information about the type of operating system and IP address of the terminal device or device and/or information about services and products. that customers visit or search for information

(1) IP Address is a set of numbers assigned to a customer's computer when it is connected to the Internet. This set of numbers is used to represent the customer's computer. Make servers and devices know each other and can communicate/connect with each other. The customer's computer set of number of the website and application may be recorded for the purpose of managing security and controlling the operation of the system smoother. And such information may also be used in other ways to analyze trends and performance of websites and applications.

(2) Cookies are short messages which put on each website and application. They are stored in a form known as a cookie file. To collect customer usage characteristics, such as displaying the language used on website pages and applications, etc., and record them on the customer's browser. When the customer visits that website and application and has authorized that website and application. Cookies do not perform any other function when a customer visits the Company's website. The Company uses cookies to collect certain information that customers have accessed the website and applications. The collection of such information can help the Company understand the needs and trends of visitors to its websites and applications.

Customer can choose whether to accept cookies or not also customer can set their browsers to notify customers when they receive cookies or to decline cookies. However, please note that if customer does not accept cookies, Customer may not be able to get the full experience to use of Company's website and application. This includes the sharing of personal data and/or transfers of personal data.

In addition, customers can learn more about cookies from https://www.allaboutcookies.org/

This is for the following purposes only.:

  • To manage security and control the operation of the system smoothly.
  • To process using of the data of the Company's website and application. This data can help the company understand the needs and trends of the website and application’s visiting
  • To provide customers with continuous access to the website and application.

5. User Account / Merchant Account

To use this website and application The Company may provide each Customer Account (User Account / Merchant Account) as requested by the Customer from time to time. The Company has the sole right to consider and approve the opening of a customer account. Define customer account types Assign access rights to each type of customer account, any costs associated with the customer account. Duties and responsibilities of the customer who owns the customer account.

The Customer agrees to keep their User ID, Password and any information strictly confidential. and agreed not to allow and use their best efforts to prevent anyone else from using the Customer Account. In the event that the customer account is used by another person, the Customer must agree and warrants that any use by any such third party is performed on behalf of the customer and is binding on the Customer's behalf (as the customer’s action).

6. Rights of the customer in the personal data

To give your consent to this Privacy Policy. The customer is well aware and understands his/her rights as a personal data subject in accordance with the Personal Data Protection Act. This includes but is not limited to the following customer rights:

(1) Right to withdraw consent: The customer has the right to withdraw his/her consent to the collection, use or disclosure of personal data that the customer has given his/her consent to the company throughout the period the customer's personal data is with the company

(2) Right of access: The customer has the right to access the customer's personal data and ask the company to make a copy of such personal data for the customer. Including asking the company to disclose the acquisition of personal data that the customer has not given consent to the company

(3) Right to rectification: The customer has the right to request that the company correct inaccurate data or complete the incomplete data.

(4) Right to erasure: The customer has the right to request that the Company delete the customer's personal data for some reason.

(5) Right to restriction of processing: The customer has the right to suspend the use of the customer's personal data for some reason.

(6) Right to data portability: The customer has the right to transfer the customer's personal data that the customer provides to the company to another data controller or the customer for some reason.

(7) Right to object processing of personal data: The customer has the right to object to the processing of the customer's personal data for some reason.

Customers can contact the call center or the Company's personal data protection officer in order to submit a request for action in accordance with the above rights (Contact details appear in the section "Contact the Company" below)

However, the customer does not need to pay any expenses for the customer’s right of the above performance. The company will consider and notify the result of the customer's request within 30 days from the date the company receives such request.

7. Marketing activities and marketing promotions

During the use of the Service or the conduct of a business relationship, the company will send information about marketing activities and promotion, products or services of Company that Company thinks that customers may be interested in for the sake of providing services to customers with full efficiency. If customer has acknowledged and agrees to receive such information from the company, customer has the right to cancel such consent at any time. Customers can cancel their consent to receive information by contacting the Call Center at Tel: 02-026-6679 or Email: customerservice@wipay.co.th within company's business hours: Monday - Sunday from 9:00 a.m. - 6:00 p.m.

8. Maintaining the security of Personal Data

The Company has created and/or has chosen a system to proper store the personal data with appropriate mechanisms and techniques. Including limiting the access to customer personal data from the company’s employees, employees and agents. To prevent the Customer's personal data from being used, disclosed, destroyed or accessed without permission, however, the Company cannot guarantee that no defects or errors will arise as a result of the implementation of such policy. The Company therefore reserves the right to deny liability for any damage or loss that occurs in any event, including controlling the data processors to maintain security in keeping personal data no less. than those specified in this policy.

9. Correction of personal data

The Company will correct and update the customer's personal data to be accurate, up to date, complete and not cause any misunderstanding in the collection, use or disclosure of personal data and delete or destroy personal data that exceeds the data collection period that the customer has given consent. and delete or destroy personal data that is not related to the collection, use or disclosure of personal data as customers have given their consent.

10. Collection, use and/or disclosure of personal data in accordance with the Personal Data Protection Law.

The Customer acknowledge that the Data Controller shall not collect Personal Data without the consent of the data subject, unless:

(1) it is for the achievement of the purpose relating to the preparation of the historical documents or the archives for public interest, or for the purpose relating to research or statistics, in which the suitable measures to safeguard the data subject's rights and freedoms are put in place.

(2) it is for preventing or suppressing a danger to a Person’s life, body or health;

(3) it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;

(4) it is necessary for the performance of a task carried out in the public interest by the Data Controller, or it is necessary for the exercising of official authority vested in the Data Controller;

(5) it is necessary for legitimate interests of the Data Controller or any other Persons or juristic persons other than the Data Controller, except where such interests are overridden by the fundamental rights of the data subject of his or her Personal Data;

(6) it is necessary for compliance with a law to which the Data Controller is subjected.

The Company will record the collection, use, and/or disclosure of the customer's personal data as stated above as important.

11. Collection, use and/or disclosure of Sensitive Personal Data

The customer acknowledges and agrees that in addition to collecting, using and/or disclosing personal data which the customer has expressly given consent to the company, The Company may collect, use and/or disclose Customer's Sensitive Data without prior consent of the Customer. Only in the following cases

(1) It is for preventing or suppressing a danger to a Person’s life, body or health of the Person, where the data subject is incapable of giving consent by wherever reason

(2) It is carried out in the course of legitimate activities with appropriate safeguards by the foundations, association or any other non-for-profit bodies with political, religious, philosophical, or trade union purposes for their members, former members of the bodies, or persons having regular contact with such foundations, association or not-for-profit bodies in connection with their purposes, without disclosing the Personal Data outside of such foundations, associations or not-for-profits bodies.

(3) It is information that is disclosed to the public with the explicit consent of the data subjects

(4) It is necessary for the establishment, compliance, exercise or defense of legal claims.

(5) It is necessary for compliance with a law to achieve the purposes with respect to:

  • Preventing medicine or occupation medicine, the assessment pf working capacity of the employee, medical diagnosis, the provision of health or social care, medical treatment, the management of health or social care system and services. In the event that it is not for compliance with the law, and such Personal Data is under the responsibility of the occupation or profession practitioner or person having the duty to keep such Personal Data as confidential under the law, it must be for compliance with the contract between the data subject and the medical practitioner
  • Public interest in public health, such as protecting against cross-border dangerous contagious disease or pandemic which may be contagious or pestilent, or ensuring standards or quality of medicines, medical product or medical services, on the basis that there is a provision of suitable and specific measures and safeguard the right and freedom of the data subject, in particular maintaining the confidentiality of Personal Data in accordance with the duties or professional ethics.
  • employment protection, social security, national health security, social health welfare of the entitled person by law, the road accident victim’s protection, or social protection in which the collection of Personal Data is necessary for exercising the rights or carrying out the obligations of the Data Controller or the data subject, by providing the suitable measures to protect the fundamental rights and interest of the data subject.
  • it is for the scientific, historical, or statistic research purposes, or other public interests which must be carried out only to the extent necessary to achieve such purposes, and the suitable measures have been provided to protect the fundamental rights and interest of the data subject.
  • the substantial public interest, by providing the suitable measures to protect the fundamental rights and interest of the data subject.

In the case of biometrics, this includes personal data arising from using of techniques or technologies related to the use of physical features or behavior of a person to be used to make it possible to confirm that person's identity is not the same as another person, such as face mockup data, iris simulation data or fingerprint data, etc.

The Company will record the collection, use, and/or disclosure of the customer's personal data as stated above as important.

12. Collecting, using and/or disclosing personal data that is in the custody, guardianship or escort of the customer.

The Customer agree that it is not and will not consent to the following persons visiting, using, becoming a member or using the services of website and application.

(1) a minor who is under the age of majority under the custody of the customer; Except in the case where the minor is over 10 years of age and has visited, used, subscribed or used the services of website and application in the following:

Any action that enough for the acquisition of any rights or in order to get out of one's duties

  • Any action which is to be completely done individually.
  • Any action which is worthy of one's status and it is necessary to live a reasonable life.

(2) An incompetent person who is in the care of the customer

(3) The quasi-incompetent person who is in the custody of the customer

In the care that the customer gives a consent to a minor, incompetent person or the quasi-incompetent person to visit, use, become a member or use the services of website and application; The Client acknowledges and agrees that the Client has exercised parental, guardianship or escort powers of minors, incompetent person or the quasi-incompetent person to agree and give consent to this Policy in all and on behalf of the minor, incompetent person or a quasi-incompetent person as well

13. Sending or transferring personal data abroad.

The Company may transmit or transfer the Customer's personal data to foreign countries in the following cases.

(1) The destination country or international organization receiving personal data has adequate personal data protection standards required by laws, rules, regulations, announcements or regulations on personal data protection

\2) Obtaining the consent from the customer, provided the notification to the customer as the owner of the personal data and informed of the inadequate personal data protection standards of the destination country or international organization receiving the data.

(3) It is a legal practice.

(4) It is necessary for the performance of a contract to which the Personal Data Subject is a party or for the execution of the Data Subject's request prior to entering into that contract.

(5) It is an act pursuant to a contract between the Company and another person for the benefit of the customer of the Data Subject.

(6) To prevent or suppress a danger to the life, body or health of a person whose the data subject is unable to give consent for whatever reason.

(7) It is necessary for the performance of duties for the company's public interest. or performing duties in the exercise of state authorities given to the company

14. Notification of Personal Data Breach

In the circumstances that the Company aware of a personal data breach, regardless of the breach by any person, the company will proceed as follows.

(1) In the circumstances of a personal data breach, there is a risk of affecting the rights and freedoms of the person. The Company will notify any such breach of personal data to the Office of the Personal Data Protection Commission as soon as possible within 72 hours from the fact that it is practicable.

(2) In the circumstances of a personal data breach, there is a high risk of affecting the rights and freedoms of the person. The Company will notify the owner of the breach to the Personal Data Subject with the remedying and fixing the problem as soon as possible within 72 hours from the fact that it is practicable.

15. Important Data’s recording

The Company will record important items regarding the collection, use and/or disclosure of personal data in accordance with this policy. which will be recorded in a written content or electronic system, as the case may be, at least as follows: Unless the personal data protection law stipulates that the company's rights are otherwise.

(1) Personal data collected

(2) The purpose of collecting each type of personal data.

(3) Information about the Personal Data Controller.

(4) The period for which the Personal Data will be retained.

(5) Rights and methods of accessing personal data including conditions relating to persons entitled to access to personal data and conditions of access to such personal data.

(6) Collecting, using and/or disclosing personal data that is exempt from obtaining the consent of the data subject.

(7) Rejection of any requests or any objections.

(8) Details of the standard of maintaining the security of personal data

16. Company’s contact

If customers have questions about the company or questions about this privacy policy or the customer want to make a complaint or report a problem with personal data or want to use the customer's rights as set forth in this privacy policy Customers can contact the company through the following:

- WiPay Company Limited, Address: 252/19(B), 15th Floor, Muang Thai-Phatra Building, Building A, Ratchadaphisek Road, Huai Khwang Sub-district, Huai Khwang District, Bangkok 10310.

- Website : https:// www.wiwallet.app

- Call Center tel: 02-026-6679 Monday-Sunday working time : 9.00 am – 6.00 pm

- Email: customerservice@wipay.co.th

- Data Protection Officer : Compliance Department Email : dpo@wipay.co.th

17. Enforcement of the Personal Data Protection Policy

The customer agrees and acknowledges that This Privacy Policy applies to all personal data which the Company collects, uses or discloses, and the Customer agrees that the Company has the right to collect, maintain and use the Customer's personal data that the Company has collected as well as the personal data which currently collected by the Company that will be stored in the future for used or disclosed under this Privacy Policy

18. Changes of the policy

The Company reserves the right to update, review, amend this Privacy Policy at any time

The Company will announce the revised policy on the Company's website and application. Any changes to the Privacy Policy are binding on the Customer when the Customer accesses the Website and the Company's applications or services after the announcement of any changing or amendment to the Privacy Policy has been posted. The Company encourages customers to regularly review the Company's personal data protection policy. To know the rules of conduct regarding the Company's personal data protection policy.

19.Personal Data Privacy Policy on the others’ Websites and Applications or Third Parties

This Privacy Policy is used only for the provision of the Company's services and the use of the Company's websites and applications. If the customer has clicked on links to other websites and applications (Even if the link is clicked through the channel on the Company's website and application), the Customer is required to study and comply with the Privacy Policy of that website and application or that third party separately from that company’s website and application.

20. Governing Law

The customer acknowledges and agrees to This policy is governed by and construed in accordance with Thai law. and the Thai courts are authorized to consider any disputes that may arise.

Become effective on June,1 2021

Mr. Noppadol Harnsirimeechai

Chief Executive Officer

Wipay Company Limited.