Privacy Policy

Last Updated: April 17, 2025

Welcome to PayConnect ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal and corporate information through our compliance with this Privacy Policy. We are committed to protecting your personal information in accordance with the Personal Data Protection Act B.E. 2562 (2019) ("PDPA") of Thailand.

This Privacy Policy describes the types of information we collect from you or that you provide when you visit our website (the "Site") and use our Know Your Customer (KYC) verification services, and our practices for collecting, using, maintaining, protecting, and disclosing that information.

2. Information We Collect
2.1 Personal Information

We collect several types of information from and about users of our Site, including:

  • Personal Identifiers: Name, date of birth, residential address, email address, telephone number, government-issued identification numbers (such as Social Security Number, passport number, driver's license number), and biometric data where applicable.
  • Financial Information: Bank account details, credit card information, source of funds information, and financial transaction history.
  • Employment Information: Occupation, employer name, employer address, and employment history.
  • Identity Verification Documents: Copies of government-issued identification documents, utility bills, bank statements, and other documents used to verify your identity.
  • Corporate Information: Business name, business address, corporate structure, certificate of incorporation, articles of incorporation, business licenses, beneficial ownership information, director and officer information, and corporate financial documents.
  • Technical Information: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site.
  • Usage Information: Information about how you use our Site and services, including browsing actions and patterns.
2.2 Methods of Collection

We collect this information:

  • Directly from you when you provide it to us through forms on our Site.
  • Automatically as you navigate through the Site using cookies, web beacons, and other tracking technologies.
  • From third-party verification services and databases to validate the information you provide.
3. How We Use Your Information

We use the information we collect about you or that you provide to us:

  • To verify your identity and conduct KYC due diligence as required by applicable laws and regulations.
  • To screen against global watchlists and sanctions lists.
  • To establish and manage your account with us.
  • To process your transactions and fulfill our contractual obligations to you.
  • To comply with our legal and regulatory obligations, including anti-money laundering (AML) and counter-terrorist financing (CTF) regulations.
  • To provide you with notices about your account and updates to our services.
  • To respond to your inquiries and provide customer service.
  • To protect against and prevent fraud, unauthorized transactions, and other illegal activities.
  • To improve and optimize our Site and services.
4. Legal Basis for Processing

We process your personal data based on the following legal bases under the Personal Data Protection Act B.E. 2562 (2019) ("PDPA") of Thailand and other applicable data protection laws:

  • Contractual Necessity: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with our legal obligations (such as KYC, AML, and CTF requirements).
  • Legitimate Interests: Processing is necessary for our legitimate interests, provided these interests are not overridden by your rights and freedoms.
  • Consent: In some cases, we process personal information based on your consent.
5. Data Retention

We retain your personal and corporate information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of our business relationship with you
  • Legal obligations to retain data for certain periods
  • Relevant statutes of limitations
  • Ongoing or potential legal disputes
  • Guidelines issued by relevant data protection authorities
5.1 Retention of Uploaded Files and Documents

For documents, images, and files you upload to our platform:

  • Business registration documents and verification files will be retained for the duration of our business relationship plus 10 years after termination
  • Transaction-related documents will be retained for 10 years as required by Thai accounting and tax regulations
  • Temporary files uploaded for one-time verification may be deleted within 30 days after the verification process is complete
  • You may request deletion of certain uploaded files, subject to our legal obligations to retain specific documents

We implement automated systems to ensure files are securely deleted after the applicable retention period expires.

6. Disclosure of Your Information
6.1 Categories of Third Parties

We may disclose personal and corporate information that we collect or that you provide to the following categories of recipients:

  • Service providers and business partners who assist us in providing our services (including cloud storage providers, payment processors, and customer support services)
  • Affiliated companies within our corporate group
  • Government authorities, law enforcement agencies, or other third parties when required by law
  • Professional advisors such as auditors, lawyers, and consultants
  • Potential buyers or investors in the event of a business transition
6.2 Third-Party Data Sharing Policy

When sharing your data with third parties, we adhere to the following principles:

  • Limited Data Sharing: We share only the minimum amount of personal data necessary for the specific purpose
  • Data Processing Agreements: We establish formal agreements with all third-party service providers, ensuring they:
    • Process data only according to our instructions
    • Implement appropriate security measures
    • Assist us in fulfilling our PDPA obligations
    • Delete or return data once services are completed
  • Regular Assessments: We conduct regular assessments of our third-party providers to ensure compliance with data protection standards
  • Transparency: We maintain records of all data sharing activities and will provide information upon request
  • Cross-Border Controls: For international transfers, we implement additional safeguards as outlined in Section 9
6.3 Third-Party Access to Uploaded Files

For documents and images you upload:

  • Third-party service providers may have limited access only for specific processing purposes (e.g., document verification, cloud storage)
  • We implement access controls to ensure third parties can only access files necessary for their specific function
  • All third parties with access to your uploaded files are bound by confidentiality obligations

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive personal data
  • Regular security assessments
  • Access controls and authentication procedures
  • Staff training on data protection
  • Secure network infrastructure
  • Regular backups
  • Physical security measures for our facilities
7.1 File Storage and Security

For documents, images, and files you upload to our platform:

  • All uploaded files are stored in secure, encrypted storage systems
  • Access to your files is strictly limited to authorized personnel
  • Files are backed up regularly to prevent data loss
  • Automated scanning for malware and viruses on all uploaded files
  • Secure deletion protocols when files are no longer needed

However, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Site. Any transmission of personal information is at your own risk.

8. Your Data Protection Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • Right to Access: You may request access to your personal information.
  • Right to Rectification: You may request that we correct inaccurate or incomplete information.
  • Right to Erasure: You may request that we delete your personal information in certain circumstances.
  • Right to Restrict Processing: You may request that we restrict the processing of your information in certain circumstances.
  • Right to Data Portability: You may request a copy of your personal information in a structured, machine-readable format.
  • Right to Object: You may object to our processing of your personal information in certain circumstances.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. Please note that these rights may be limited by applicable laws and our legitimate interest in complying with regulatory requirements.

9. International Data Transfers

We may transfer, store, and process your information in countries other than Thailand. If we transfer your personal data to countries outside Thailand, we will ensure that adequate safeguards are in place to protect your data in accordance with the PDPA. These safeguards may include:

  • Transferring to countries deemed to have adequate data protection laws
  • Implementing standard contractual clauses approved by the Personal Data Protection Committee
  • Obtaining your explicit consent for the transfer
  • Other valid transfer mechanisms as recognized under applicable data protection laws
10. Children's Privacy

Our Site and services are not intended for children under 18 years of age, and we do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Site. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Site and to hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our Site may not function properly.

Our Cookie Policy, which is incorporated into this Privacy Policy, provides more detailed information about our use of cookies and similar technologies.

12. Third-Party Links

Our Site may contain links to third-party websites or services that are not owned or controlled by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly advise you to read the privacy policy of every website you visit.

13. Changes to Our Privacy Policy

We may update our Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the "Last Updated" date at the top of this Privacy Policy. We will notify you of any material changes by email or through a notice on our Site homepage.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

PayConnect.me
199 S-OASIS Building, 11th Fl., Vibhavadi-Rangsit Rd., Chatuchak, Bangkok 10900, Thailand
compliance@payconnect.me

15. Data Protection Officer

For inquiries related to data protection matters, you may contact our Data Protection Officer at:

James Hunter
compliance@payconnect.me
199 S-OASIS Building, 11th Fl., Vibhavadi-Rangsit Rd., Chatuchak, Bangkok 10900, Thailand

16. Complaints

If you have concerns about our data processing activities, please contact us first at compliance@payconnect.me. If you are not satisfied with our response, you have the right to lodge a complaint with the Personal Data Protection Committee of Thailand.