web analytics

Privacy Notice

Effective Date: from 1 November 2019

This Privacy Notice explains how Exsilium Company Limited collects, uses and discloses your personal data, and your rights in relation to the personal data it holds. In this privacy notice, “us’, “we’, “our” is the data controller of your personal data and is subject to the EU General Data Protection Regulation 2016/679 and the Personal Data Privacy Ordinance (Cap. 486).

If you have any questions about our privacy notice, please contact:
By email: privacy[at]exsilium.co.th
By fax: +66 76 628 001

Under the GDPR, you have the following rights:

  • To ask us for a copy of your personal data; to correct, delete, restrict or cease processing of your personal data; and to obtain your personal data you provided to us in a reasonable format specified by you, including for the purpose of you transmitting that personal data to another data controller;
  • To require us not to send you marketing communications;
  • To withdraw your consent at any time where we have asked for your consent. If you ask to withdraw your consent to us in processing your data, it will not affect any processing which has already taken place before or at that time.

These rights may be limited, for example, if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law or have compelling legitimate interests to keep. If you have any questions about how we use your personal data, or you wish to exercise any of the rights set out above, please contact us by referring to PRIVACY SUPPORT.

We collect your personal data in a number of ways, for example:

  • From the information you provide to us when you meet us at the event, enquiring about, registering for or using our services.
  • From information about you provided to us by your company or an intermediary.
  • When you communicate with us in writing, by sending or receiving email or other digital means.
  • When you complete (or we complete on your behalf) client on-boarding or application or various KYC and Due Diligence forms.
  • From your agents, advisers, intermediaries.
  • From publicly available sources or from third parties, most commonly where we need to arrange background checks.

We collect the following categories of personal data about you:

  • Your name and contact information such as email address, your business or home address.
  • An understanding of your goals and objectives in procuring our services.
  • Biographical information may confirm your identity including your date of birth, tax identification number and your passport number or national identity card details, country of domicile and/or your nationality.
  • Information about your employment, education, family or personal circumstances, where relevant.
  • Information relating to your financial situation such as income, expenditure, assets and
    liabilities, sources of wealth, as well as your bank account details, where relevant.
  • Information to assess whether you may represent a politically exposed person or money
    laundering risk.

Legitimate Interests
Where this is necessary for purposes that are in our, or another person’s legitimate interests. These interests are:

  • To provide users with access to our website and/or articles/features on the website.
  • To undertake all necessary commercial due diligence on existing or prospective clients.
  • To develop our business by managing our relationships with actual or prospective clients.
  • For marketing. Please refer to the Marketing section below.
  • To send individuals the information they have requested.
  • To send service messages to our clients.
  • To undertake internal analysis on, and improvements of, our business.
  • For the administration and management of our business, including recovering the money you owe to us, and archiving or statistical analysis.
  • To seek advice on our rights and obligations, such as where we require for our own legal advice.

In this respect, we may share your personal data with the following;

  • Our advisers or agents where it is necessary for us to obtain their advice or assistance.
  • With third parties and their advisers where those third parties are acquiring, or considering, acquiring, all or part of our business.

Where you ask us to send marketing information to you via a medium where your consent is given (for example, email marketing to private email addresses). We may rely on your freely given consent at the time you provided your personal data to us.

You can withdraw and have the right to withdraw consent at any time by written withdrawal at privacy[at]exsilium.co.th or by message opt-out link on all messages. Any processing of personal data will not be affected prior to the receipt of the withdrawal.

Legal Obligation
For purposes which are required by law:

  • To meet compliance and regulatory obligation including but not limited to anti-money
    laundering laws and other due diligence checks.
  • To monitor and report suspicious activity in accordance with our regulatory obligation.
  • In response to a request by government or law enforcement authorities conducting an investigation.
  • As required by tax authorities or any competent court or legal authority under the relevant laws.

In this respect, we may share your personal data with the following:

  • Our advisers where it is necessary for us to obtain their advice or assistance.
  • Our auditors where it is necessary as part of their auditing functions.
  • With third parties who assist us in conducting background checks.
  • With relevant regulators or law enforcement agencies where we are required to do so.

Fulfillment of a Contract
We process your personal data because it is necessary for the performance of a services agreement to which you are a party or in order to take steps at your request prior to entering into such agreement which we use your personal data:

  • To prepare a proposal for you regarding the services we offer.
  • To provide you with the services as set out in our Service Agreement with you or as otherwise agreed with you from time to time.
  • To deal with any complaints or feedback you may have.
  • For any other purpose for which you provide us with your personal data.

We may then share your personal data with:

  • Our agents, advisors, intermediaries who you tell us about.
  • Third parties whom we engage to assist in delivering the services to you, including other companies in Exsilium group.
  • Our professional advisers where it is necessary for us to obtain their advice or assistance, including IT, accountants or lawyers.
  • Debt collection agencies where it is necessary to recover the money you owe us if any.
  • Other third parties such as intermediaries who we introduce to you. We will wherever possible tell you who they are before we introduce you.

Where you ask us to send marketing information to you via a medium where your consent is given (for example, email marketing to private email addresses). We may rely on your freely given consent at the time you provided your personal data to us.

We will send you information about regulatory changes, corporate or financial institution update/news/alerts/analysis or newsletter on certain selective jurisdictions or about services we provide or invitations to events or functions which might be of interest or be relevant to you or in order to update you with information. We will communicate via a number of ways including email, post, telephone, SMS or other digital channels.

If you object to receiving marketing from us at any time, please contact us by email
at privacy[at]exsilium.co.th. If you give consent and wish to withdraw it at any time, please contact us on the above email.

Exsilium commits to following your wishes of consent withdrawal and always provides an opt-out link in all messages for you to withdraw at any time.

We will only retain your personal data for as long as we have a lawful reason to do so.
In particular,

  • Where we have collected your personal data as required by anti-money laundering
    legislation, including for identification, screening, and reporting, we will retain that
    personal data for five years after the termination of our relationship, unless we are
    required to retain this information by another law or for the purposes of court
  • We will in most cases retain your personal data for a period of seven years after the
    termination of our contractual or other relationship with you in case any claims arise out
    of the provision of our services to you.

Where we process personal data for marketing and client relationship management purposes or with your consent and you remain an active user of our website, we process the data until you ask you to stop and for a short after this (to allow us to implement your request). We also keep a record of the fact that you have asked us not to send you direct marketing. Your contact information and personal data are stored securely, using a mixture of encryption, password protection, firewall, regular anti-virus scanning, and servers/back-ups. We have put in place appropriate technical measures to protect personal data from loss, misuse, alteration or destruction. We restrict access to information to 2 limited officers who treat information with strict confidentiality.