Privacy Policy

  1. Overview

Thank you for visiting our Privacy Policy. T-BOX (Thailand) Co. Ltd. (“Company”, “we”, “us” and “our”). As Company is a registered business in Thailand, the uses and controls of your Personal Data shall be regulated and in compliance with Thailand’s Personal Data Protection Acts and relevant regulations.

The Privacy Policy is provided for our clients (“User”, “you” and “your “) to understand the details and measures on how Company collects, manages, and other relevant processes which involve personal information (Personal Data) of our clients that we obtained under registration and other processes for the Company’s services (“Services”) of which related to digital assets (“Products”). As our services are based on our mobile application, if there should be any updates and/or amendments to this Privacy Policy, our clients shall be informed via mobile notifications.  

By agreeing to use our services, you agree that you have read, understood, accepted and consented to the Company’s data collection, use, storage, processing, and other activities as described in this Privacy Policy.


  1. Personal Data

“Personal Data” means any identified information about you which may be collected directly or indirectly from you, other sources, and our affiliates, service providers, business partners, official authorities, or third parties, including our service providers and public sources.

“Sensitive Data” means Personal Data classified by law as sensitive data which shall be collected, used, and/or disclosed if we have obtained your explicit consent or as permitted by law.


  1. Types of Data/Information

Personal identity details include but not limited to your full name, gender, age, occupation, work place, education, nationality, date of birth, marital status, information obtained from government-issued/official documents.

Contact details include but not limited to your residential address, telephone number, mobile number, email address, and other communication relevant information.

Account and financial details include but not limited to your passbook, credit card/debit card information, utility bills, bank account, proof for source of wealth and/or source of funds, personal assets details, payment details, and service/products details.

Transaction details include but not limited to a type of products, price, quantity, order number, code, trading history and balance, payment and transaction records relating to your assets, financial statements, liabilities, taxes, revenues, investments, trade information, and other relevant information which may be requested/obtained.

Technical details include but not limited to your IP address, web beacon, log, device ID, device type, network details, connection details, access details, single sign-on (SSO) details, video and voice recordings, transaction log, login log, access times, cookies, search and browsing details, browser type and version, geological information, browser plug-in types and versions, operating system and platform, and other technical information the Company collected through your usage of our application.

Profile details include but not limited to your account identifiers, username and password, PIN ID code for trading, interests and preferences, activities, investment objectives, investment knowledge and experience, and risk tolerance.

Communication or Usage details include but not limited to information on how you use the platform/application, products and services.

Sensitive Personal Data

Sensitive data is personal data which is categorized under laws and required the Company to obtain an explicit consent from clients in order to perform and/or provide services. Therefore, this shall be in relation to legal obligations, the information shall be specifically or regarding to ethnicity, race, political/philosophical opinions, sexual orientation, medical/criminal records, and other information may be considerably comparable as sensitive data.  


  1. Methods of Data Collection

The Company collects and receives your personal data; directly, indirectly, and via third parties.

A direct way of personal data obtained is by clients. As you input your personal data on our platform or by any means provided by us, such as; clients making inquiries, submitting forms, applying for services, and other communications interacting with the Company.

An indirect method is when the Company automatically collects clients’ personal data via the Company’s system or platform, such as; browsing history, cookies, or other technical methods.

The Company usually have third parties to provide personal data of clients in relation to legal obligation, regulatory requirements and other laws which related to Company’s services and products. Third parties can be an issuer of digital assets, asset management companies, service providers, government organizations, recruiters.


  1. The Purpose of collection, use or disclosure of Personal Data
  • An explicit consent must be provided to collect, use, and/or disclose Sensitive Data as known as Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner. Also, consent is required by you for us to provide promotion details, marketing communications, including special offers.
  • To cross-border transfer your Personal Data to a country which may not have an adequate level of data protection according to the rules on the protection of personal data for which consent is required by law.
  • For other legal grounds whereby we can collect, use, disclose and/or cross-border transfer your Personal Data by relying on the following grounds: (1) a contractual basis, when a contract is agreed upon and we are able to proceed further actions to initiate and/or fulfill our contractual conditions; (2) a legal obligation; (3) a legitimate interest of ourselves and third parties; (4) vital interest, for preventing or suppressing a danger to a person’s life, body or health; and (5) public interest, for the performance of a task carried out in the public interest or for the exercise of official actions.


  1. Disclosure or Transfer your Personal Data

The Company may disclose and/or transfer your personal data within Thailand and/or overseas to any of its affiliates, service providers, and/or third parties who are related in working with the Company to perform, provide, and/or fulfill Services, process the information on behalf of the Company, and in order to accomplish any purpose related to the services provided. Including, any request from government agencies, authorities, regulators, and courts, all in accordance with applicable laws.

For cross-border transfers, we may disclose or transfer your Personal Data to overseas third parties or servers, and may to those countries with different data protection standards from Thailand.


  1. Transfer and Off-Shore Clients’ Personal Data

In case user located outside Thailand and provide your Personal Data or information to us, such information (including Personal Data)  will be sending to Thailand and that we may, collect, transfer and, otherwise process your information outside Thailand and process it in any country in which we or any of our Affiliates operate, in which case we will ensure that your Personal Data transferred outside Thailand will be offered a standard of protection that is comparable to the protection under the data protection laws in Thailand. These countries (including Thailand) may not necessarily have data protection laws as comprehensive or protective as those in your country of residence; however, our collection, storage and use of your Personal Data will at all times continue to be governed by this Privacy Policy.


  1. Retention period of Personal Data

Your Personal Data will be retained as required by applicable laws and regulatory obligations. The information will be securely kept for necessary purposes of our Services provided and its continuation, therefore your Personal Data can be kept up to 10 years after you exit our services unless otherwise stated or required by laws. Once we decide not to retain personal data, we will destroy, or delete your Personal Data.


  1. Miscellaneous
  • Cookies

We use cookies in our website and/or application to automatically collect information, tracking, analyzing trends and memorizing our website’s settings and/or application’s users’ behaviors.

Most websites allow you to control, accept or not to accept Cookies. You can adjust the settings on your browser or within your mobile device so that you will be notified when you receive a cookie. You may, at any time, disable the cookies by changing the settings on your browser or via your mobile device.  If you reject Cookies, your access to our services or functions may be limited.


  • Personal Data related to third parties

Personal Data of any third party of clients; such as information of clients’ spouse and children, shareholders, directors, beneficiaries, contact info, for examples. You agree that you are entitled and/or have an authority to provide such information and permit us to use the Personal Data under this Privacy Policy. You acknowledge and are responsible to obtain a third party’s consent, if requested, in any occurrence.


  • Personal Data used by minorsincompetent persons or quasi-incompetent persons

Our activities are not allowed for minors, incompetent persons and quasi-incompetent persons. However, if we unintentionally receive these persons’ Personal Data in any cases, we do not knowingly collect Personal Data from customers who are minors without their parental or legal guardian consent, as a case maybe, when it is required, or from incompetent persons or quasi-incompetent persons without their custodian or the curator, as a case maybe. Moreover, if we learn that we have unintentionally collected Personal Data from any minor without parental or legal guardian, as a case maybe, when it is required, or from incompetent person or quasi-incompetent person without their custodian and curators’ consent, we will delete it immediately or continue to process such Personal Data if we can rely on other legal bases apart from consent.



We place great emphasis on ensuring the security of your personal data. We regularly review and provide reasonable and appropriate physical, technical and organizational security measures when processing your personal data.

Moreover, our employees are trained to handle the personal data securely and with respect, failing which they may be subject to disciplinary actions.




  1. The Rights to your Personal Data


  • Rights of Data Subject

In regards with the data subject, you have the rights of your Personal Data subject to the conditions under the Personal Data Protection laws. If you wish to make any request, you can contact us via information provided in this policy.

  • Right to Access

You have the right to access your Personal Data by making a request to us to provide you a copy of such Personal Data, by any means aligned with the requirements under the Personal Data Protection laws, including how the Company disclose, collect, or use your Personal Data without requiring your consent, as allowed under the Personal Data Protection laws.

  • Right to Data Portability

You have the right to obtain your Personal Data in the format which is readable or commonly used by ways of automatic tools or equipment, including to request to send or transfer your Personal Data to another Data Controller or to you, unless it is technically unfeasible to do so. Your rights to data portability shall be in accordance with the requirements under the Personal Data Protection laws.

  • Right to Object

You have the right to object a processing of your Personal Data, and the Company will conduct accordingly to the conditions under the Personal Data Protection laws.

  • Right to Erasure
    You have the right to request to delete, destroy, suspend, restrict, or anonymize your Personal Data in any deemed appropriate circumstances under the Personal Data Protection laws.
  • Right to Restriction

You have the right to request a restriction to the processing of your Personal Data in certain circumstances under the Personal Data Protection laws.

  • Right to Rectification
    You have the right to request a rectification of your Personal Data whereby the information is inaccurate, not up-to-date, incomplete, or misleading.


  • Right to Withdraw Consent
    You have the right to withdraw a consent provided to the Company for any processing on the legal basis whereby the Company is dependent on your consent and still taking a possession of your Personal Data.



  • Right to Lodge a Complaint
    If you have any concerns or questions of the Company’s mandates in relation to processing of your Personal Data, please contact Company via the Company’s contact info provided herein the policy. If there should be any suspect or alleged infringement in accordance with Personal Data Protection laws, you have the right to lodge a complaint.

The Company shall consider and proceed your request within 30 days after the Company received such request. Company will apply our best effort of the capability of the relevant systems to facilitate and carried out at your request.


  1. Amendment to Privacy Policy

The Company may modify and/or revise this Privacy Policy from time to time, and if necessary, when required by applicable laws. If there should be any material changes of which shall affect how we collect, use, process, disclose and/or transfer your personal information, we will notify you of such changes, updates, and obtain your consent again via mobile-based application or our main tool of communication with clients.


  1. Contact Us
  • If you wish to contact us any change to make in according to your rights relating to your Personal Data or if you have any queries or complaints about your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer via e-mail: [email protected]