Unless we clearly state differently, Max Exchange (1999) Co,. Ltd. (Authorized Money Changer License No. MC125620100) is the data controller of the Personal Data and process, protects the privacy and security of your data collected by or provided to Max Exchange during the business and is thus responsible for ensuring that the systems and procedures we use are consistent with data protection regulations, to the degree that they apply to us. The company’s employees, executives, agents, contractors, advisors, and data recipients when they deal with Personal Information must comply with this Privacy Policy and related Max Exchanges policies and be obliged to keep the Personal Data confidential in correspondence with the measure provided by the company.

If you have any questions, concerns or feedback about this Privacy Policy or would like to exercise your rights and choices, you’re welcome to email us at privacy@maxlawint.com, or you can reach us by mail at the address below:

Max Law Firm Co., Ltd.
No. RQ.1 302 Racquet Club, Building A 
Sukhumvit Soi 49/9 Klongtoey Nuea, Watthana
10110 Bangkok, Thailand

Phone: +(66) 22 5555 15

In order to provide services, we collect and may disclose certain personal and non-personal information we receive from you on registration or transaction forms about you and the beneficiary of the fund transfer.

We collect personal data from the client, individual, and business partners in the context of our business relationship, site users when operating our websites, apps, or other applications. We receive and collect personal data from a variety of sources, including data subjects themselves, clients, employees, and publicly accessible sources, when you visit our Sites or use of our services, when you contact call center, when you offer or provide us products and services when you request information from us by evaluating your products and services, or any data we obtain or accessed indirectly from sources such as the National Credit Bureau,  government bodies, financial Institutes, information and financial service providers, business associates, etc. We will collect data from such sources only when your consent is given in accordance with the laws unless where necessary for us and permitted by laws.

In case we obtain data from our clients, it is the client’s responsibility to ensure that any such data about staff, customers, or other persons are transferring to us comply with applicable data protection laws.

The categories of Personal Data that we collect and discloses are as follows:

• Basic data: Name surname, nationality, date of birth and age, gender, title, identification number and passport number, social security number, business interests, contact information such as phone number, home address, temporary address, workplace address, mailing address, email address, your Line account ID and information of all kinds from interactions with us that necessary to verify and process the request.

• Special categories of data: For the sake of verifying and confirming the identity of applicants for services and/or transactions via digital platforms, the website, call center, or other similar channels, we may also collect, use, and/or disclose information of all kinds such as facial recognition, voice recognition, fingerprint recognition, and retina recognition that is revealed to us in the course of our services or where you have provided us the information which may include special categories of sensitive data. Where your consent is needed for collecting and processing these sensitive data, we obtain your consent before.

• Client service’s data:  Personal data about clients, financial information such as financial statements, source of finance, invoicing information and payment history, bank account number, debit card numbers, credit card numbers, and client reviews.

• Compliance & Transaction data: Beneficial ownership data and due diligence data, dates of birth, Government identifiers, passports or other forms of identification, documents, correspondence, or other materials provided by or relating to transactions conducted by our clients in case they include personal data.

• Registration & Marketing data:  including registration for events/seminars, subscriptions, and subscriptions for newsletter, special types of data about preferences, username/passwords, downloads, individual conference and in-person seminar attendance data, credentials, affiliations, preferences, and interest in the products.

• Device data: We also collect your IP address (Computer Internet Protocol address), (UDID) unique device identifier, MAC address, information about the usage of our websites (usage data), and cookie ID.

• Other information that is known as Personal Data according to the Data Protection Laws such as voice, data related to website-visiting, moving picture, and still picture

We collect, use, and/or disclose your Personal Data in compliance with the applicable laws, in particular for the following reasons:

• For providing services (including, for instance, registration on the platform and creation of an account) under your contract with us and for responding to inquiries, or to take steps at your request prior to using our products and/or services (Contractual Basis), for example, to approve the use of services and to take measures in relation to service provision, such as membership, processing, contact, notification, outsource, right and/or duty assignment, notification of services, and informing the customers of changes in our services,

• To develop, optimize, and administer the platform and the website to make our Sites more intuitive and easier to use and offer better support to our Web users.

• To comply with legal and regulatory requirements or an order from an authority such as obligations under the Anti-Money Laundering Act, Tax law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Act, Bankruptcy Act, Computer-Related Crime Act, and any other laws and regulations to which we are subject in Thailand and outside of the country.

To take necessary measures for our legitimate interests or other individual or legal person that do not outweigh your Legitimate Interest, for example, for the following reasons:

• To maintain or enhance the relationship with customers, for example, handling the complaints, satisfaction surveys, customer service support, receiving and dispatching documents or parcels, notification or offer on our products and/or services that you are using, or you may be interested to use in the future.

• To manage risks, monitor, and manage inside the organization, including delegating such activities to the same corporate group in accordance with the company’s binding policies, to handle our company processes and administer our client relationships. This processing is required for us to perform our obligations in the contracts with suppliers (e.g. to manage to supply services or/and products to our company) and/or with our clients (e.g., issuing and processing invoices),

• To comply with legal obligations to which we are subject such as complying with the company’s tax reporting obligations, verifying the identity of new customers, to minimize, prevent and respond to potential risks from corruption, cyber threat, violation of laws such as terrorism and proliferation of weapon of mass destruction financing, money laundering and/or fraud, or offenses related to property, life, body, liberty, or reputation; including sharing Personal Data to raise work standards within the same corporate group in order to prevent, respond to and minimize such risks,

• To make your Personal Data anonymous,

• To record and retain your voice and video conversation over your call with our call center and your images from CCTV and to exchange your identification documents (ID), for contacting and recording images and voices during meetings, seminars, training, and workshops.

• To exercise our legitimate rights, defense, and other rights in disputes, litigation, or administrative proceedings, to protect the security and functionality of our Sites and information technology systems, for monitoring how our Sites are used to identify and deter fraud, other crimes, and abuse of our Sites which is important for our legitimate interests,
• For collecting, using, process and/or disclose the Personal Data of the ward, legal persons’ Personal Data such as representatives/agents, customers’ representatives, and directors.

To enable you to profit from using products and/or services in accordance with your consent, for example:

• For receiving offers, recommendations, privileges, and other information, such as eligibility for participation in special activities; regardless of whether the products and/or services, promotions, privileges, information, or special activities are provided by our company, a business partner, or a third party associated with our Company, and based on your consent.

• For providing you our products and/or services in a better and suitable way based on your requirements.

The purposes above are not exhaustive, and we may collect comparable or related data in accordance with local laws and regulations, with a subsequent notice supplied or displayed in accordance with applicable legal requirements.

With the following categories of recipients, Personal Data may be shared:

Service providers and Suppliers: We share Personal Data with suppliers and service providers so that they can execute tasks on our behalf and according to our directions in order to achieve the above-mentioned goals. Financial institutions, auditors, external auditors, competent authorities, Infrastructure and IT service providers, such as those that provide our client intake system, finance systems, and customer relationship management databases, are examples of these third-party consultants who assist us with business intelligence and marketing strategies, as well as external venue providers where we conduct conferences and events. By entering into the contract with these third parties, we require them to provide reasonable security for Personal Information and to use and process it solely on our behalf. Also, in order to process invoices and payments, we share Personal Data with financial institutions.

• Corporate purchasers: To the extent allowed by law, we may share Personal Data with any corporate purchaser or prospect as part of any sale of our company assets, merger, acquisition, or change of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which Personal Data will be transferred as a Max Exchange asset.

• Mandatory disclosures and legal claims: We share Personal Data to comply with the Max Exchange ‘s tax reporting obligations, any subpoena, court order, or other legal process, a request from our regulators, a governmental request, or any other legally enforceable demand. Personal Data is often shared to determine or secure our legal rights, property, or safety, as well as the rights, property, and safety of others, or to defend against legal claims.

Also, with the following categories of recipients we may share your Personal Data:

Any corporates or individuals under relationship or contract with us; including our staff, managers, consultants, contractors, representatives or agents, and other parties who require such data, that cooperate with us in the provision of product and  services to you and provide product and services to us or on our behalf.

In some cases, such above-mentioned parties may also provide certain data processing and data technology services to us in order that we may operate our business.

Both in and outside of your home country, we may share Personal Data with such parties and, as a result, your Personal information may be collected, used, processed, stored, or disclosed in jurisdictions outside of your home country.

When Max Exchange shares Personal Data with third parties, we demand that they only use or disclose it in accordance with this Privacy Policy ‘s use and disclosure restrictions, as well as the applicable laws.

Further, Personal Data may be disclosed or transferred to another party (including Third Parties) in the event of a change in ownership of, or a grant of a security interest in, all or a part of Max Exchange through, for example, an asset or stock sale, or another type of business combination, joint venture, or merger, provided that such party is bound by appropriate agreements or obligations and is required to use or disclose your personal information in accordance with the use and disclosure provisions of this Privacy Policy unless you consent otherwise.

In addition, your Personal Data may be disclosed:

• as required or permitted by regulatory requirements of applicable law.

In such instances, Max Exchange will endeavor to not disclose more personal data than is required under the circumstances;

• for complying with valid legal processes including search subpoenas, warrants, or court orders;
• to protect the property and rights of Max Exchange;
• as part of Max Exchange’s regular reporting activities to other parts of MAG World Co., Ltd.
• where necessary to protect the safety of a person or group of persons or during emergency situations;
• where such consent is required by law, with your consent. or
• where the personal data is publicly available;

We may need to collect Sensitive Personal Information, to a limited extent. The Data Subject’s explicit consent to the processing and particularly to the transfer of such Sensitive Personal Data to Third Parties will be obtained, where required by law. Appropriate protection measures and security will be provided depending on the nature of the data and the risks related to the intended uses.

Please contact us using the contact details provided in Section 2 if you have any questions concerning the parties with whom we share Personal Data.

We use security measures to protect the information we collect online from unauthorized access in accordance with applicable data protection requirements, however, data transmission over the internet or through a website cannot be guaranteed to be secure due to the inherent existence of the Internet as an open global communications vehicle and other risk factors.

To restrict access to sensitive data and private information we have taken preventative measures that Personal information is only accessible to those employees and agents that require it to deliver services relating to the processing of fund transfers. Also, all the company’s employees, executives, agents, contractors, advisors, and data recipients must comply with this Privacy Policy and related Max Exchange policies and be obliged to keep the Personal Data confidential in correspondence with the measure provided by MAG World Co., Ltd when they deal with Personal Information.

We suggest that you do not share your username, password, or other authentication details with others, and that you do not reuse passwords across several websites or applications. If you think your username or password has been compromised, please contact us at the details provided in Section 2 above.

We do not knowingly collect or store information (including Personal Data) from people under the age of 18, and no aspect of the Websites is designed to appeal to children under the age of 13. The children under the age of 13 should not use our site, if we discover that we have collected or obtained Personal Data from a child under the age of 13, we will delete that information.

You have discretion over how we use your personal information for direct marketing purposes. Before accessing ads in some countries, you would need to give your express consent. You can opt out of receiving such communications in any market at any time. If you no longer wish to receive marketing communications, stay on a mailing list to which you previously subscribed, or receive any other marketing communication, please unsubscribe using the connection given in the related communication or contact us using the details provided in Section 2 above.

We use cookies, and we allow third parties to place cookies on our Sites to provide the Sites and services, to collect information about your usage patterns as you visit the Sites to improve your personalized experience and understanding usage patterns in order to enhance our Sites, products, and services. To understand how and why we uses Cookies see our Cookie Policy.

You have the following legal rights that you should be informed are described below:

• Access: You have the right to request a copy of the Personal Data we are processing about you, which we will send to you in electronic form, subject to certain exceptions. We may require you to prove your identity at our discretion, before providing the requested information. If you want several copies of your Personal Data, we may charge a reasonable administration fee.

• Rectification: If we hold and process any inaccurate or incomplete Personal Data about you, you have the right to amend them to be updated, complete, and not misleading, please contact us at the details provided in Section 2 above and we will correct them.
• Deletion: We delete Personal Data that we process about you if you think we should not process your personal data anymore. Please note that this may not always be possible when we are forced to retain such data to comply with legal obligations or to create, exercise, or defend legal claims.
• Restriction: You are entitled to ask us that we restrict our processing of your Personal Data in the following situations:

• • You think the data is inaccurate.

• • Our processing is illegal or against applicable law.

or

• • We no longer need to process such data for a specific reason.
• Portability: You are entitled to ask us to send the Personal Data that we hold about you to another data controller if it is:
  • Personal information that you have given to us; and we are processing that data with your consent or to fulfil our contractual obligations to you.
• Objection: Objection: Where the legal justification for our processing of your Personal Data is our legitimate interest, you have the right to object to the processing of your Personal Data on grounds relating to your particular situation. If we can demonstrate “compelling legitimate grounds for the processing which override your interests, rights, and freedoms” or if we need to continue to process the information for the establishment, exercise, or defence of a legal claim, we will be allowed to continue to process your Personal Data. You also have the right to object where we process your Personal Information for scientific, historical, or statistical research and direct marketing.
• Withdrawing Consent: If you have given us your consent to our processing of your Personal Data, you have the right to withdraw your consent at any time. This involves situations where you want to opt-out of receiving marketing messages from us. Please be aware that your withdrawing consent may affect your service usage.

To exercise the rights listed above, you are required to be able to prove your identity ( e.g., by providing a copy of your identification documents if your identity isn’t obvious or can’t be validated in any other manner).  To assert these rights, please contact us by e-mail or mail at the details provided in Section 2 above.

If you request a copy of the information we possess about you, we will try to answer within 30 days; but, at a time of high demand, we may need to take more time to compile a thorough response, depending on the request.

The exercise of these rights may be restricted to comply with laws or court orders, public tasks, etc., and the Company may be required to refuse or not be able to respond to your requests.

You also have the right under relevant laws to lodge a complaint to authorities if you believe that collecting, using, and/or disclosing your Personal Data is violating or against relevant laws.

Personal Data may transfer to overseas jurisdictions including jurisdictions that do not have the same degree of data protection as your home country, or to other recipients as required for the reasons outlined above and to the extent necessary to perform our activities. Our Sites are hosted on servers in the United States.

In case of transferring Personal Data to overseas recipients or to the companies in the same business, we take measures to ensure data transferring is in corresponds with confidentiality measures. For instance, by signing a confidentiality agreement with the recipients of Personal Data and setting out a Personal Data Policy that is audited and certified by competent authorities under the relevant law as well as controlling the sending and transferring to comply with such policy rather than legal requirements.

If you are located outside of the United States, the transfer of Personal Data is required to provide you with the requested details and/or to complete any transaction you have requested. You are moving your data across borders when you send personal information to us.
You can request a copy of the appropriate mechanisms we have in place, if such laws require it, by contacting us in the details provided in Section 2 above.

Financial markets rules require us to retain account data for 5 years after an account is closed or the Anti-money Laundering Act, in the event of a dispute within the legal prescription for not exceeding 10 years, etc. We will normally retain Personal Data collected and processed in connection with purposes set out in this Privacy Policy as long as necessary during the time that you are our customer or binding on our company unless the laws permit a longer period of retention. We may also keep information if it is necessary to defend our interests, for instance in case of litigation. In some cases, such as when a law enforcement body inquires, we may need to keep it for a longer period of time.

We may delete Personal Data, when the period expires, or it is no longer necessary to retain it.  Personal Data relevant to marketing activities is usually retained for as long as you accept marketing messages from us. We will safely delete such data in compliance with applicable law upon request.

Links and references to other websites maintained by unaffiliated third parties may be found on the pages of our Sites. These third-party sites are not covered by this Privacy Policy. When you click a link to visit a third-party website, you are subject to the privacy policies of that website. Before presenting any Personal Data on any related third-party websites, we recommend that you familiarize yourself with their privacy and security practices.

The consequences of failing to provide Personal Data:

You are not expected to provide all Personal Data listed in this Privacy Policy in order to use our Sites or communicate with us offline, but if you do not provide Personal Data, such features may be unavailable. We may not be able to respond to your request, provide legal services to you, or provide you with marketing that we believe you would find valuable, if you do not provide Personal Data.

We may change this Privacy Policy from time to time. Our Privacy Policy is valid as of the date mentioned above the “Effective Date” at the top of the Privacy Policy, and we invite you to visit our Sites on a regular basis to stay updated about our privacy policies. If we make significant changes, we will try to notify you ahead of such changes, by a notice on our website www.maxexchangethailand.com.