1. SS&C Thailand and Data Privacy
DST Worldwide Services (Thailand) LTD., Global Solutions (Thailand) LTD., SS&C Financial Services International Limited (Thailand) ("SS&C Thailand") is committed to protecting personal data and respecting your privacy.
This privacy statement describes how we collect, use, share, protect, and otherwise process personal information about you. This statement applies to personal information that you provide to us:
- as a visitor to our websites or as a user of our client portals;
- when you send us personal information in connection with an inquiry about SS&C Thailand providing products and services directly to you;
- as a visitor to our premises; and
- as a contact at one of our clients, potential clients, suppliers or other business partners.
Notice to Customers of SS&C Thailand Clients
2. What information do we collect from you?
We may collect and process the following information (personal data) about you:
- Information that you give us:
- This includes information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar), or corresponding with us by telephone, post, email or other means.
- It may include, for example, your name, address, email address, work telephone number, mobile telephone number, information about your business relationship with us, information about you necessary to complete anti-money laundering checks in order to comply with requirements relating to anti-money laundering and other legislation applicable to us; and information about your professional role, background and interests.
- Information that our website and other systems collect about you:
- If you visit our website, it will automatically collect certain information about you and your visit, such as your browser type and version. Our website uses Google Analytics (more info here), a web analytics tool provided by Google, Inc. that tracks and reports on the manner in which the website is used to help us to improve it and, with the setting anonymizeIp, guarantees anonymized data collection by masking the last part of your Internet protocol (IP) address. We may also collect information about the pages on our site that you visit. Our website may also download "cookies" to your device – this is described in our separate cookie statement.
- If you email, telephone, write, or exchange other electronic communications with our employees and other staff members, our information technology systems will record details of those conversations and exchanges, sometimes including their content.
- Some of our premises have closed-circuit TV systems which may record you if you visit our premises, for security and safety purposes.
- Other information: We may also collect some information from other sources. For example:
- If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you, such as your contact details or details of your role in the organization that you represent.
- We sometimes collect information from other third parties, which can include third party data providers, or from publicly available sources for anti-money-laundering, background checking and similar purposes, to protect our business and to comply with our legal and regulatory obligations.
3. How will we use your information?
We may use your information for the following purposes:
- to personalize and customize your experience with us; conduct research and analysis; and fulfill orders and requests for products, services, or information from you or the organization that you represent.
- to send you marketing communications regarding our products and services.
- for ordinary business purposes, including to operate and administer the products and services provided by SS&C Thailand in accordance with the terms of any agreements that we may have with our clients.
- to operate, administer and improve our website and premises and other aspects of the way in which we conduct our operations.
- to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes.
- to comply with our legal and regulatory obligations, and to bring and defend legal claims where the information is pertinent (including to allow us to pursue available remedies or limit the damages that we may sustain).
- to comply with our internal policies and maintain our records or as otherwise required by applicable data protection laws.
- to respond to requests from our clients that are not already addressed above.
We may from time to time be required to review information about you held in our systems – including the contents of and other information related to your email and other communications with us – for compliance and business-protection purposes as described above.
This may include reviews for the purposes of disclosure of information relevant to litigation and/or reviews of records relevant to internal or external regulatory or criminal investigations.
To the extent permitted by applicable law, these reviews will be conducted in a reasonable and proportionate way and approved at an appropriate level of management. They may ultimately involve the disclosure of your information to governmental agencies and litigation counterparties as set out below.
Your emails and other communications may also be accessed occasionally by persons other than the member of staff with whom they are exchanged for ordinary business management purposes (for example, where necessary when a staff member is out of the office or has left our organization).
We will only process your personal information as necessary to pursue the purposes described above.
In exceptional circumstances, we may also be required by law to disclose or otherwise process your personal information.
We will tell you when we ask you to provide information about yourself, if:
- provision of the requested information is necessary for compliance with a legal obligation, or
- it is purely voluntary and there will be no implications if you decline to provide the information.
If you are uncertain as to SS&C Thailand's need for information that we request from you, please contact the SS&C Thailand representative asking for the information, or contact us, with your query (for more details, please find in Section 8).
4. Disclosure and international transfer of your information
We may disclose personal information about you, in accordance with the various legitimate purposes set out above:
- to the other legal entities within SS&C Thailand.
- if we receive the personal information from you as a representative of one of our business partners or clients, to your colleagues within the organization that you represent.
- to third-party service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under substantially similar conditions of confidentiality and security.
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you.
- in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit; in accordance with our legal obligations, including to competent regulatory, prosecuting and other governmental agencies, or litigation counterparties, in any country or territory or where we are otherwise required by law to disclose.
These disclosures may involve transferring your personal information overseas. If you are dealing with us within Thailand, you should be aware that this may include transfers to countries outside Thailand, which do not have similarly strict data privacy laws and which may therefore afford a lower standard of personal data protection. In those cases, where we transfer personal data to other legal entities within SS&C Thailand or our service providers, we will ensure that our arrangements with them are governed by data transfer agreements, designed to ensure that your personal information is protected, on terms approved for this purpose by the Thailand Personal Data Protection Committee.
5. How we keep your personal information safe?
We are committed to protecting your personal information submitted to us. We maintain an information security program including internal policies addressing the acceptable use and access to confidential business information and personal information which may be contained within SS&C Thailand’s information systems. We maintain physical, electronic and procedural safeguards reasonably designed to guard personal information from loss, misuse or unauthorized access, disclosure, alteration or destruction of the information that has been provided to us through our online services.
6. How long do we keep your personal information?
We will retain your data as required by applicable law or our internal data protection policy.
We will delete the information that we hold about you when we no longer need it.
Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.
7. What are your rights?
Your rights under Thailand Personal Data Protection Act (PDPA)
Under the Thailand Personal Data Protection Act (PDPA), you (if you are a Thai resident) may have certain privacy rights in connection with your Personal Data (as such term is described in the PDPA). In addition, we collect the personal data, as defined in the Thailand Personal Data Protection Act, which we may disclose to other legal entities within SS&C, third party service providers who host our website or other information technology systems or otherwise hold or process your information on our behalf, under substantially similar conditions of confidentiality and security, and business partners, suppliers and sub-contractors for our operational business purposes.
If you are a Thai resident, subject to the PDPA and exceptions thereof, you may have the following rights to:
a. Right of Access: you may have the right to access or request a copy of the personal data we collect, use or disclose about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
b. Right of Rectification: you may have the right to have incomplete, inaccurate, misleading, or not up-to-date personal data that we collect, use or disclose about you rectified.
c. Right to Data Portability: you may have the right to obtain personal data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) personal data which you have provided to us, and (b) if we collect, use or disclose such data on the basis of your consent or to perform a contract with you.
d. Right to Object Processing: you may have the right to object to certain collection, use or disclosure of your personal data such as objecting to direct marketing.
e. Right to Restrict Processing: you may have the right to restrict the use of your personal data in certain circumstances.
f. Right to Withdraw Consent: for the purposes you have consented to our collection, use or disclosure of your personal data, you have the right to withdraw your consent at any time.
g. Right to Erasure: you may have the right to request that we erase or de-identify personal data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
If you wish to exercise any of these rights, please contact us as set out below.
8. Contact us
Please send them to the Data Controller, 6th Floor, RSU Tower, 571 Sukhumvit Road, North Klongton, Wattana, Bangkok 10110, Thailand or by email email@example.com .
We will respond to your request consistent with applicable data protection laws. Depending upon the type of business relationship that you have with us, we may need to notify you that additional information is necessary to authenticate your identity for your data security or that we will refer your inquiry to the financial services entity that holds the primary relationship with you.
For requests to delete your personal information as permitted under applicable data protection laws, we will work with you to accomplish your requests unless otherwise exempted under applicable data protection laws, such as compliance with applicable law or regulatory inquiry.
Last updated: June 2021