Privacy Notice

2023-08-29

Last updated: 1st September 2023

Gulf Binance Co., Ltd. (“Gulf Binance”, “we”, or “us”) is committed to protecting the privacy of our customers, and we take our data protection responsibilities with the utmost seriousness.

This Privacy Notice describes how Gulf Binance collects and processes your personal data through the Gulf Binance’s websites and applications that are referenced in this Privacy Notice. Gulf Binance refers to an ecosystem comprising Gulf Binance websites (whose domain names include but are not limited to www.binance.th), mobile applications, clients, applets and other applications that are developed to offer Gulf Binance services, and includes independently-operated platforms, websites and clients within the ecosystem. This Privacy Notice applies to all personal data processing activities carried out by us, across platforms and websites.

To the extent that you are a customer or user of our services, this Privacy Notice applies together with any terms of business and other contractual documents, including but not limited to any agreements we may have with you.

To the extent that you are not a relevant stakeholder, customer, or user of our services, but are using our website, this Privacy Notice also applies to you together with our Cookie Notice.

This Privacy Notice should therefore be read together with our Cookie Notice, which provides further details on our use of cookies on the website. 

1. Our relationship with you

Your personal data is processed by Gulf Binance Co., Ltd., a company registered in Thailand with its address at 87/2, CRC Tower, All Seasons Place, 8th Floor, Wireless Road, Lumpini, Pathumwan, Bangkok, Thailand. It is the data controller that determines the purposes for which and the means by which your personal data is processed in relation to the services provided to you.

2. What personal data do we collect and process? 

Personal data is any information relating to a natural person, which enables the identification of such person, whether directly or indirectly. This includes information you provide to us, information which is collected about you automatically, and information we obtain from third parties. 

Information you provide to us

To open an account and access our services, we will ask you to provide us with some information about yourself. This information is either required by law (e.g., for us to verify your identity and comply with “Know Your Customer” (“KYC”) obligations), necessary for the provision of the requested services (e.g., you will need to provide us your email address in order to open your account), or relevant for certain specified purposes, described in greater detail below. In some cases, if we provide additional or further services and/or features, you may be asked to provide us with additional information. Failure to provide the information required may result in us being unable to offer our services to you. 

We may collect the following types of information from you:

Category of personal data 

Type of personal data

Personal identification information 

Full name, gender, date of birth, nationality, email address, legal address, home address, phone number, and signature

Government identifiers  

Number and details on government-issued identity documents such as passports, national identification cards and/or driver licences

Sensitive and/or biometric personal data 

Photographs and video recordings of you (for identity verification purposes, e.g. by comparing facial scan data extracted with government-issued identity documents)

Institutional information

Full institutional name, type of business, business objective, address , phone number, tax ID, proof of legal formation and personal identification information for all material beneficial owners, board of directors and authorised persons responsible for the operations of the institution 

Financial information 

Bank account information, source of funding, source of wealth and bank statements 

Transaction information

Information about the transaction you make on our services, such as the name and payment details of the recipient   

Employment information 

Occupation, employer’s name, working address, salary wage rate

Contact information  

Email address, phone number, country

Communications

Surveys responses, information contained in surveys and event participation forms and communications with us including call recordings and chat messages with our customer services team

Information we collect about you automatically

To the extent permitted under the applicable laws, we may collect certain types of information about you automatically (e.g., when you interact with us or use our services). This information helps us address customer support issues, improve the performance of our sites, applications and services, maintain and improve your user experience, and protect your account from fraud by detecting unauthorised access. 

We may collect the following types of information about you automatically:

Category of personal data

Type of personal data

Browsing information

IP address, Device ID, advertising ID and browser information such as name and version

Usage data

Authentication data, security questions, click-stream data, public social networking posts, other data collected via cookies or similar technologies, and information about how our services are performing when you use them (e.g., error messages you receive and performance of the site information)

Marketing, profiles and research information 

Identifiers (e.g., name, address, email address if used for direct marketing, IP address and other online identifiers), demographic data (e.g. income, family status, age bracket, gender and interests), browser/ web history data and preferences expressed through selection/ viewing/ purchase of goods, services and content, information about your mobile device including (where available) type of device, device identification number and mobile operating system, analytics and profiles based on the data collected, interests or inferred interests and marketing preferences

Information we obtain from third parties

From time to time, we may obtain information about you from our affiliates or third-party sources as required or permitted by applicable laws. 

Category of personal data

Type of personal data 

Information from our affiliates

Personal identification information, transactional information, institutional information and usage information

Blockchain data

Public blockchain data, e.g., transaction identifiers, transaction amounts, wallet addresses, timestamps and events

Information from our marketing and advertising partners 

Data analytics and conversion rates

3. Why do we process your personal data?  What is the legal basis we are relying on for the collection and processing of your personal data?

We collect your personal data primarily to provide you with our services in a secure, efficient and smooth manner. We also generally use your personal data to deliver, provide, operate and improve our services, for content and advertising, for loss prevention and anti-fraud purposes and for compliance with the applicable laws and regulations. 

Purpose for which your personal data is processed 

Legal basis we rely on for the processing of your personal data

To manage our contractual relationship with you, e.g., to create and maintain your account and provide services to you

This includes when we use your personal data to take and handle orders or process payments. 

Type of personal data processed: personal identification information, government identifiers, sensitive and/or biometric personal data,  institutional information, contact information, employment information, communications, transactional information and financial information. 

We may be unable to open an account for you, provide our services to you or may have to terminate your account (where one is already opened) if this processing activity is restricted.

Processing is necessary for the performance of the contract of which you are a party and is necessary for the compliance with our legal obligations under applicable laws and regulations.

To maintain legal and regulatory compliance

Most of our core services, such as the digital asset exchange and broker services, are subject to strict and specific laws and regulations that require us to collect, use, process and store certain personal data. For example, we have to comply with our KYC obligations under applicable anti-money laundering laws and regulations. 

Type of personal data processed: personal identification information, government identifiers, sensitive and/or biometric personal data, institutional information, contact information, transaction information, financial information, employment information, browsing information and blockchain data.

We may be unable to open an account for you, provide our services to you, or may have to terminate your account (where one is already opened) if you do not provide us with the personal data required under law.

Processing is necessary for the compliance with our legal obligations under applicable laws and regulations

To communicate with you on service- and transaction-related matters

We use your personal data to communicate with you in relation to our services on administrative- or account-related matters. We will also communicate with you to keep you updated about our services, e.g., to inform you of relevant security issues and updates, or provide you with other transaction-related information. 

Type of personal data processed: personal identification information, contact information, transaction information, communications, browsing information and usage data.

Without such communications, you may not be aware of important developments relating to your account which may affect how you can use our services. You may not opt out of receiving critical service communications, e.g., emails or mobile notifications sent for legal or security purposes.

Processing is necessary for the performance of the contract of which you are a party. 

To provide customer services to you

We process your personal data when you contact us in order to provide support with respect to questions, disputes, complaints, and troubleshoot problems, etc. 

Type of personal data processed: personal identification information, institutional information, transactional information, financial information, contact information, communications, browsing information, usage data and blockchain data.

Without processing your personal data for this purpose, we cannot respond to your requests.

Processing is necessary for the performance of the contract of which you are a party and for our legitimate interests (e.g., to assist you in using our services and to manage any complaints) and the interests of our users (e.g., to protect the security of our users  and enhance users’ experience)

To promote safety and security of our platform 

We process your personal data in order to enhance security, monitor and verify identity or service access, combat malware or security risks, and to comply with applicable security laws and regulations. 

Type of personal data processed: personal identification information, institutional information, transactional information, financial information, contact information, browsing information and usage data.

Without processing your personal data for this purpose, we may not be able to ensure the security of our services.

Processing is necessary for the performance of the contract of which you are a party and our legitimate interests (e.g. to protect the platform)

To promote integrity of our platform and manage credit risks

We process your personal data to verify accounts and related activity, find and address violations of our Terms of Use, investigate suspicious activity, detect, prevent and combat unlawful behaviour or abuse of our services, detect, prevent and mitigate fraud, maintain the integrity of our services and protect you and others against account compromise or fund loss. We may use scoring methods to assess and manage credit risks. 

Type of personal data processed: personal identification information, institutional information, transactional information, financial information, contact information, browsing information, usage data and blockchain data.

Without processing your personal data for this purpose, we may not be able to ensure the integrity of our services.

Processing is necessary for our legitimate interests (e.g., to protect our platform) and the interests of our users (e.g., to protect the security of our users)

To improve our services

We use your personal data to provide functionality, analyse performance, fix errors, and improve the usability and effectiveness of our services, so that you can have a better user experience.

Type of personal data processed: personal identification information, institutional information, transactional information, browsing information and usage data.

Without processing your personal data for this purpose, we may not be able to ensure the quality of our services.

Processing is necessary for our legitimate interests (e.g., to improve our services) and the interests of our users (e.g., to enhance our users’ experience)

To conduct research and innovate

We carry out surveys to learn more about your experience when using our services. In that way, we can support research and development and drive innovations of our services and products.

Type of personal data processed: personal identification information, browsing information, usage data and marketing, profiles and research information.

Without processing your personal data for this purpose, we will not be able to continually develop our services and products.

Processing is necessary for our legitimate interests (e.g., to improve our services) and the interests of our users (e.g., to enhance our users’ experience)

To provide you with promotions


We use your personal data to provide you with promotions, including offers, rewards and other incentives for using our services.

 
Type of personal data processed: personal identification information, institutional information, transactional information, browsing information and usage data.

Without processing your personal data for this purpose, we will not be able to provide you with reward opportunities.

Processing is necessary for our legitimate interests (e.g., to promote our services) and the interests of our users (e.g., to obtain rewards or loyalty points). 

To provide you with recommendations and personalisation

We use your personal data to recommend features and services that might be of interest to you, identify your preferences and personalise your experience with us.

Type of personal data processed: personal identification information, transactional information, browsing information, usage data and marketing, profiles and research information.

Without processing your personal data for this purpose, we will not be able to provide you with a personalised experience.

Processing is necessary for our legitimate interests (e.g., to provide personalised services) and the interests of our users (e.g., to receive tailored services)

To provide you with marketing communications


We use your personal data (based on your consent) to send you targeted marketing communications through email, in-app mail, and push notifications. We also use your personal data to carry out profiling for marketing purposes.

Type of personal data processed: personal identification information, institutional information, transactional information, communications, browsing information, usage data and marketing, profiles and research Information.

Without processing your personal data for this purpose, we will not be able to provide you with marketing materials.

We rely on your consent to process your personal data for marketing purposes. 

You may withdraw your consent at any time and we will stop processing your personal data for marketing purposes. 

The withdrawal of your consent does not affect the lawfulness of any processing based on your consent before its withdrawal.

To host and organise events

We host many live, in-person events throughout the year. 

If you register for one of our events and you are a user, we will access the information in your account to provide you with information and services associated with the event. You may be asked to provide more information when signing up for an event.

If you are not a user and you sign up for one of our events, we will collect information about you including name, email, company, title, industry, address, phone number, meal preferences etc..

If you are a presenter at one of our events, we will collect information about you including name, employer, contact information and photograph. We may also collect information provided by the event attendees who evaluated your performance as a presenter. We may make and store a voice or video recording of yours in certain instances as well.

Type of personal information processed: personal identification information, institutional information and communications.

Without processing your personal information for this purpose, we will not be able to let you attend our events.

Processing is necessary for our legitimate interests (e.g., to host, organise and promote events) and the interests of our users (e.g., to allow you to attend our events)

To comply with legal or regulatory requirements

We may process, preserve or disclose your personal data when we believe it is reasonably necessary to comply with applicable laws and regulations, our legal obligations, law enforcement, government and other legal requests, court orders or disclosures to tax authorities. 

Type of personal data processed: personal identification information, institutional information, financial information, transactional information, contact information, browsing information, usage data and blockchain data

Processing is necessary for the compliance with our legal obligations under applicable laws and regulations.

We may also rely on our legitimate interests in responding to legal requests where we are not compelled by applicable laws but have a good faith belief that it is required by laws in the relevant jurisdiction.

4. Can children use our services?

We do not allow anyone under the age of 20 to use our services and do not knowingly collect personal data from children under 20.

5. What about cookies and other identifiers?

We use cookies and similar tools to enhance your user experience, provide our services, enhance our marketing efforts and understand how users use our services so that we can make improvements. For more information on how we use cookies, please refer to our Cookie Notice.

6. Do we process your personal data solely using automated decision-making tools?

We do not rely solely on automated tools to help determine whether a transaction or a user account presents a fraud or legal risk. 

7. With whom do we share your personal data?

We may share your personal data with affiliates and third parties if we believe that sharing your personal data is in accordance with, or required by, our contractual relationship with you, our legitimate interests, your consent, applicable laws, regulations or legal processes. When sharing your personal data with affiliates and third parties, we will use our best endeavours to ensure that such entities are either subject to this Privacy Notice or will follow practices at least as protective as those described in this Privacy Notice.

We may share your personal data with the following entities or in the following circumstances:

Entity

Justification

Affiliates

Your personal data may be shared with and processed by our affiliates in order for us to conduct business and offer our services to you.

Third-party service providers

We may employ other companies and individuals to perform functions on our behalf. Examples include analysing data, providing marketing assistance, processing payments, transmitting content, and assessing and managing credit risks. These third-party service providers only have access to the personal data they need to perform their functions and may not use the personal data for other purposes. Further, they must process the personal data in accordance with our contractual agreements and only as permitted by applicable data protection laws.

Legal authorities

We may be required by applicable laws or by courts to disclose certain information about you or any engagement we may have with you to relevant regulatory, law enforcement and/or other competent authorities. We will only disclose information about you to legal authorities to the extent we are obliged to do so according to the applicable laws. We may also need to share your information in order to enforce or apply our legal rights or to prevent fraud.

Business transfers

As we continue to develop our business, we might sell or buy other businesses or services. In such transactions, user information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy notices (unless, of course, the user consents otherwise). Also, in the unlikely event that we or substantially all of our assets are acquired by a third party, user information will be one of the transferred assets.

Protection of Gulf Binance and others

We release accounts and other personal data when we believe the release is appropriate to comply with the applicable laws or our regulatory obligations, to enforce or apply our Terms of Use and other agreements, or to protect the rights, property or safety of Gulf Binance, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

8. International transfers of personal data

To facilitate our operations and in accordance with this Privacy Notice, we may transfer your personal data outside of Thailand. In cases where we transfer your personal data out of Thailand, we put in place suitable technical, organisational and contractual safeguards to ensure that such transfer is carried out in compliance with applicable data protection laws. 

9. How secure is your personal data?

We design our systems with your security and privacy in mind. We have appropriate security measures in place to prevent your information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We work to protect the security of your personal data during transmission and while stored by using encryption protocols and softwares. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know.

Our security procedures mean that we may ask you to verify your identity to protect you against unauthorised access to your account. We recommend using a unique password for your account that is not utilised for other online accounts, use multi-factor authentication (where possible) and to sign off when you finish using a shared computer.

10. What about advertising?

In order for us to provide you with the best user experience, we may share your personal data with our marketing partners for the purposes of targeting, modelling, and/or analytics as well as marketing and advertising. 

You may, at any time, opt out of marketing communications via your device or notification settings, user preferences or the unsubscribe facility in our marketing messages.

11. What rights do you have in relation to your personal data?

Subject to applicable laws, as outlined below, you have a number of rights in relation to your privacy and the protection of your personal data. You have the right to request access to, correct, and delete your personal data. You may ask for data portability. You may also object to our processing of your personal data or ask that we restrict the processing of your personal data in certain instances. In addition, when you consent to our processing of your personal data for a specified purpose, you may withdraw your consent at any time. If you want to exercise any of your rights or have any questions in relation to how we process your personal data, please contact us at dpo@binance.th. These rights may be limited in some situations (e.g., where we can demonstrate we have a legal requirement or obligation to process your personal data).

  • Right to be informed: You have the right to be informed of the purposes or objectives for the collection and process of your personal data, the necessity for provision and the impact for not providing your personal data when entering into a contract, the retention period, the person the personal data will be transferred to and contact information of the data controller and DPO.  

  • Right to access: You have the right to access and obtain confirmation on whether your personal data is collected, used, processed and disclosed by us. You also have the right to obtain a copy of all your personal data that we are processing, subject to applicable fees at the rate approved by the relevant authority.  

  • Right to rectify: You can request to correct or supplement your personal data. You can also change your personal data in your account at any time.

  • Right to delete: You can, in some cases, have your personal data deleted or anonymised as follows: 

    • the personal data is no longer necessary for the processing purposes;

    • your consent has been withdrawn;

    • you object to the processing of your personal data by us based on our legitimate interests, and we do not have overriding legitimate grounds for the processing; and 

    • the processing activity is not in accordance with the applicable law. 

  • Right to object: You can object, for reasons relating to your particular situation, to the processing of your personal data. However, in certain circumstances we may exercise our legitimate rights to process your personal data.

  • Right to restrict processing: You have the right, in certain cases, to temporarily restrict the processing of your personal data by us, provided there are valid grounds for doing so. However, we may continue to process your personal data if it is necessary for the defence of legal claims, or for any other exceptions permitted by applicable laws.

  • Right to portability: In some cases, you can ask to receive your personal data which you have provided to us in a structured, commonly-used and machine-readable format, or, when this is possible, that we communicate your personal data on your behalf directly to another data controller. Where automated tools are used, you may have the right to ask for your personal data to be:

    • transferred automatically to other organisations; and 

    • directly transferred to other organisations, with the exceptions of cases where there are technological limitations.

  • Right to withdraw your consent: For processing requiring your consent, you have the right to withdraw your consent at any time if such withdrawal is not restricted by law or any contract that provides benefits to you. Exercising this right however does not affect the lawfulness of the processing based on your consent given before the withdrawal. For the avoidance of doubt, withdrawal of consent to give us consent to process your facial recognition, we would be obligated to refuse and retain such personal data for the period of time as prescribed under the applicable laws. 

  • Right to lodge a complaint with the relevant data protection authority or regulator: We hope that we can answer any queries you may have about the way in which we process your personal data. However, if you have unresolved concerns, you have the right to lodge a complaint with the Personal Data Protection Committee or the competent authorities in the case that we act unlawfully or not in compliance with the applicable laws in the processing of your personal data.

12. For how long do we keep your personal data?

We keep your personal data to enable your continued use of our services, for as long as it is required to fulfil the relevant purposes described in this Privacy Notice, as may be required by applicable laws such as for tax and accounting purposes and compliance with anti-money laundering laws, and to resolve disputes and/or legal claims or as otherwise communicated to you.

Our typical retention periods for different types of personal data are described below:

  • Personal identifiable information collected to comply with our legal obligations under financial or anti-money laundering laws may be retained after account closure for as long as it is required under such applicable laws.

  • Contact information such as your name, e-mail address and telephone number for marketing purposes is retained on an ongoing basis and until you unsubscribe or we delete your account. Thereafter, we will add your details to an unsubscribed list to ensure we do not inadvertently market to you.

  • Content that you post on our website or applications, such as support desk comments, photographs, videos, blog posts, and other content may be kept after you close your account for audit and crime prevention purposes.

  • Recording of voice calls (if any) with you may be kept for a period of up to six years for audit and compliance purposes and to resolve disputes and/or legal claims. 

  • Information collected via cookies, web page counters and other analytics tools is kept for a period of up to one year from the date of the collection by the relevant cookie.

13. Third Party Websites

If you visit any links to third party websites or platforms that are listed on our websites and applications or any link of any of our third-party partners, you shall agree to and comply with the separate and independent privacy notice of such third party website or platform. We will not bear any liability for the contents and activities of such websites or the partners.

14. Contact information

Our data protection officer can be contacted at dpo@binance.th, and will work to address any questions or issues that you may have with respect to the collection and processing of your personal data.

15. Notices and revisions

Our business changes regularly, and our Privacy Notice may also change. You should check our websites or applications frequently to stay informed of changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account.