Privacy Policy

Welcome to Dolfin mobile application (“Dolfin App”), a digital platform offering various financial and non-financial products personalized to your need such as payment, lending, insurance, wealth management as well as other lifestyle products. We provide you a smarter, simpler and safer digital lifestyle.

Dolfin App is operated by Central JD Fintech Co., Ltd., a member of Central JD Fintech Group (“CJD Fintech Group”) which is a leading fintech group in Thailand. Dolfin App is also a channel for an electronic wallet (“Dolfin Wallet”) operated by Central JD Money Co. Ltd. under the supervision of the Bank of Thailand. CJD Fintech Group consists of Central JD Fintech Holding Co., Ltd., Central JD Fintech Co., Ltd., and Central JD Money Co., Ltd.

At CJD Fintech Group, we fully respect your data privacy and we demonstrate our commitment to protecting your personal data through this Privacy Policy. We know you care how your personal data is handled so this Privacy Policy has been prepared to explain you how we manage your personal data under our secured data ecosystem. This Privacy Policy applies to mobile applications, call center, website, social networking sites, online communication channels, and other locations where we collect your data. We appreciate your trust and we will carefully and sensibly handle your data, including your personal data, while giving you the very best personalized experience and customer services. For the purpose of this Privacy Policy, “Personal Data” means “any information which can identify a natural person, whether directly or indirectly”.

 

1. What Data we collect

To deliver our services and build better personalized service that match your interests and concerns (such as special offers, privileges and discount coupons that will be most useful for you), we may collect or obtain various types of your data or by other means as permitted by applicable laws. This may include your Personal Data directly or indirectly collected from you, your device, public sources or other sources as you authorized or through companies in JD Group, Central Group, our affiliates, subsidiaries, business partners (such as financial institutions, insurance companies and securities companies), suppliers, contractual counterparty or other companies.

The specific type of data collected will depend on the context of your interactions with us, and the services or products you need or want from us; however, there are 12 broad categories of data that we collect.

2. • Personal information, such as title, full name, gender, age, occupation, company name, nationality, country of residence, date of birth, ID card photo, information on government-issued cards (e.g., national identification number, laser ID at the back of identification card, or similar identifiers), photograph, any other personal information you provided to us;
   • Contact information, such as postal address, living address, working address, address on the identification card, billing address, telephone number, mobile number, email address, and any other contact information you provided to us;
   • Membership information, such as account information, member card number, reward points, member ID (e.g. The 1 member card number, The 1 ID), member type, customer type, member join/registration date and month, membership period, bank account and payment information, service and product applications (e.g. membership application, insurance application,), and any other membership information;
   • Financial information, such as debit/credit card or bank information, credit/debit card number, credit card type, issuance/expiration date, cycle cut, bank account information, PromptPay ID, payment information and records, your information regarding the risk profile for the business partner, credit rating and solvency, information in accordance with the declaration of suitability, and any other financial information;
   • Transaction information, such as information about payment to and from you, payment date and/or time, payment amount, information about refund, refund amount, points, date of purchase, purchase/order number, acknowledgement of receipt, transaction, transaction history, location, transaction status, past sales transaction, status, transaction status, purchasing behavior, and any other information of products and services you have purchased;
   • Technical information, such as Internet Protocol (IP) address, cookies, media access control (MAC) address, web beacon, log, device ID (such as IMEI, ESN, MEID, and SN), device model and type, hardware and software models of such device, device activation time, network, connection information, access information, single sign-on (SSO), login log, access time and location, GPS, latitude, longitude, time spent on the page, login data, downloaded applications on device, search history, browsing information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on devices you use to access the platform, and any other technical information from the use on the platforms and systems;
   • Behavior information, such as information about your purchasing behavior and data supplied through the use of our products and services;
   • Profile information, such as your username and password, profile information and picture, purchases, historical orders, past orders, purchase history, items bought, item quantity, orders or product recalls made by you, orders via website, order ID, financial records, PIN, your interests, preferences, feedback and survey responses, satisfaction survey, social media engagement, participation information , loyalty programs, your use of discount codes and promotions, customer order description, customer service, and any other profile information;
   • Usage information, such as information on how you browse or use our websites, platform, application products and services, wish list record, remind me flash sale record, follow-shop record, and timestamp of last click and Q&A record, and any other usage information;
   • Marketing and communication information, such as your preference in receiving marketing from us, companies in JD Group, Central Group, affiliates, subsidiaries, business partners or other companies, your communication preferences, and any other marketing and communication information;
   • Sensitive data, such as race, selfie photo, religion, biometric, fingerprints, facial recognition, iris recognition, physical or mental health or condition, medical history, and criminal records; and/or
   • Other specific product data, any data that derived from the use of products/services through Dolfin App such as Dolfin Wallet, lending product, insurance product, wealth management product, etc.

Our products and services allow you to connect and communicate with others by sharing certain information with them and when you connect or communicate with others, each of you and your friends will be sharing to each other information i.e. name, profile picture and/or mobile number. Upon your consent or permission, we may access and collect Personal Data of any third party related to you. Such information includes name, family name, address, telephone number, family member income and any personal and contact information of your family, friends, beneficiary, emergency contact person, referral, and references from your device for the purpose of emergency contact, completing your application, executing and facilitating your transactions with us or uplifting the service and products; please provide this Privacy Policy for their acknowledgement and/or obtaining consents where applicable for us.

We will only collect, use, or disclose sensitive data on the basis of your explicit consent or where permitted by law.

Unless there is any other legal basis that we can rely on, we would not collect Personal Data of children, quasi-incompetent persons, and incompetent persons without their parents or guardians’ consent. We do not knowingly collect Personal Data from customers under the age of 20 without their parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardian’s consent. In the event we learn that we have unintentionally collected personal information from anyone under the age of 20 without parental consent when it is required, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete it immediately or process only if we can rely on other legal bases apart from consent.

2. Why we collect, use or disclose your Personal Data

To be able to provide you with our services and offer you with the best experience in using our Dolfin App, your Personal Data need to be collected, used and disclosed for multiple purposes. However, we will always keep you well-informed of the purposes. Below is the list of the purposes for which we collect, use and disclose your Personal Data:

• Identity verification and authentication: we collect, use, disclose and/or transfer your Personal Data, including your sensitive Personal Data e.g. your selfie photo, your biometric data and other data and photo as shown in the identification document for registration, identity authentication and verification. In addition, for your seamless using experience on Dolfin App and to ensure that your identity will always be updated and synchronized while using our services, we may need to share your Personal Data within CJD Fintech Group for this purpose.
• Providing products and services: to enable us to perform our contractual obligations in providing products and services that you subscribed in accordance with the relevant terms and conditions. This also include carrying out each transaction/action in or via Dolfin App.
• Loyalty programs, reward programs, prize draws, competitions, events: to ensure that you can participate in loyalty programs, reward program, sweepstakes, prize draws, competitions and other related campaigns that we offer.
• Communications: to contact you about products, services and related activities, mainly via our Dolfin App e.g. in-app push notifications and banners. We may also contact you about privileges, offers, updates, sales, special offers, promotions, advertisements, notices, news and information which we believe they are suitable or beneficial to you. Nevertheless, you can be assured that you will not be contacted by our affiliates, Central Group or business partners unless you expressly allow them to directly contact you.
• Customer service: to contact with you as requested by you or in relation to the products and services you obtain from us and business partners. We will also collect, use and disclose your Personal Data for handling customer service-related queries, request, feedback, complains, claims or disputes; to provide technical assistance and deal with technical issues; to process and update your information; to facilitate your use of the products and services;
• Personalization, profiling and data analytics: We will conduct data analytics services in order to recommend products and services that might be of your interest, identify your preferences and personalize your experience; to measure your engagement with the products and services, undertake data analytics, data cleansing, data profiling, propensity scoring, data insight and visualization, market research, surveys, assessments, behavior, statistics and segmentation, consumption trends and patterns. We will also conduct profiling based on the processing of your Personal Data, for instance by looking at the types of products and services that you use, how you like to be contacted; to know you better; to improve business performance; to better adapt our content to the identified preferences; to determine the effectiveness of the promotional campaigns, identify and resolve of issues with existing products and services; qualitative information development. Our data analytic services may also include calculation of scoring and creation of data modelling. Our data analytic services are our crucial activities and they enable us to serve you better and be able to customize our products and services to appropriately serve each customer. With our data analytic technology, we will also be able expedite many processes and reduce required documents in certain financial products that we offer.
• Improving business operations, products, and services: To evaluate, develop, manage, and improve, research and develop the services, products, system, and business operations for you and all of our customers, JD Group, Central Group, affiliates, subsidiaries and business partners; to identify and resolve issues; to create aggregated and anonymized reports, and measure the performance of our physical products, digital properties, and marketing campaigns; to develop our business models, including credit underwriting model, insurance model and collection model;
• Functioning of the sites, mobile application, and platform: To administer, operate, track, monitor, and manage the sites and platform to facilitate and ensure that they function properly, efficiently, and securely; to facilitate your experience on the sites and platform; improve layout, and content of the sites and platform;
• IT Management: For business management purpose including for IT operations, management of communication system, operation of IT security and IT security audit; internal business management for internal compliance requirements, policies, and procedures;
• Compliance with regulatory and compliance obligations: To comply with legal obligations, legal proceedings, or government authorities’ orders which can include orders from government authorities outside Thailand, and/or cooperate with court, regulators, government authorities, and law enforcement bodies when we reasonably believe we are legally required to do so, and when disclosing your Personal Data is strictly necessary to comply with the said legal obligations, proceedings, or government orders. This includes to provide issue tax invoices or full tax forms; record and monitor communications; make disclosures to tax authorities, financial service regulators, and other regulatory and governmental bodies, and investigating or preventing crime;
• Protection of our interests: To protect the security and integrity of our business; to exercise our rights or protect our interest where it is necessary and lawfully to do so, for example to detect, prevent, and respond to fraud claims, intellectual property infringement claims, or violations of law; to manage and prevent loss of our assets and property; to secure the compliance of our terms and conditions; to follow up on incidents; to prevent and report criminal offences and to protect the security and integrity of our business;
• Fraud detection: To verify your identity, and to conduct legal and other regulatory compliance checks (for example, to comply with anti-money laundering regulations, and prevent fraud). This may include to perform sanction list checking, internal audits and records, asset management, system, and other business controls;
• Corporate transaction: in the event of sale, transfer, merger, reorganization, or similar event we may transfer your Personal Data to one or more third parties as part of that transaction; and/or
• Risks: To perform risk management, audit performance, and risk assessments.

 

3. To whom we may share your Personal Data

Before sharing your Personal Data with any third party, we always ensure that such third party is committed to a high standard of protecting your Personal Data just like us and has secured system in place. We will only share your Personal Data to the following third parties in accordance with the purposes identified to you.

 

3.1         JD Group and Central Group

As CJD Fintech Group is part of JD Group and Central Group, we may need to share your Personal Data with, or otherwise allow access to such Personal Data by other companies within JD Group and Central Group for the purposes set out in this Privacy Policy. For example, we may be required to share your Personal Data to those affiliated companies for the purpose of internal reporting or other purposes as required by applicable laws. In addition, in case we will disclose your Personal Data to our affiliates for marketing purposes, we will obtain your relevant consent prior to such disclosure. Please see list of companies and scope of activities within JD Group and Central Group’s data ecosystem for further details JD Group and Central Group.

3.2        Our service providers

We may use other companies, agents or contractors to perform services on behalf or to assist with the provision of products and services to you. We may share your Personal Data to our service providers or third-party suppliers including, but not limited to (1) infrastructure, internet, infrastructure technical, software, website developer and IT service providers; (2) research agencies; (3) analytics service providers; (4) auditors; (5) marketing, advertising media, social media and communications agencies; (6) call center; (7) sale representative agencies; (8) telecommunications and communication service providers; (9) payment, payment system, authentication, and dip chip service providers and agents; (10) outsourced administrative service providers; (11) data storage and cloud service providers; and/or (12) verifying and data checking service providers such as Netbay and the Department of Provincial Administration.

As we aim to provide you with the best experience in using our Dolfin App, we always carefully select our service providers based their expertise and suitability. In this respect, our service providers include both domestic and international service providers. In the course of providing such services, our service providers may have access to your Personal Data. However, we will only provide our service providers with the Personal Data that is necessary for them to perform the service.

3.3         Our business partners

In order to offer you with wide range of products and services, we may share your Personal Data to our well-selected business partners in various businesses such as banking, finance, credit, loan, asset management, investment, insurance, credit cards, telecommunications, marketing, retail, e-commerce, wellness, lifestyle products and services, spa and fitness, reward and loyalty program, and data analytics, including platform sellers or providers whom we may jointly offer products or services, or whose products or services may be offered to you. However, you can be assured that you will receive offers, privileges, updates from our business partners only if you explicitly give consent to be reached by them.

3.4         Third parties required by law

In certain circumstances, we may be required to disclose or share your Personal Data in order to comply with legal or regulatory obligations. This includes any law enforcement agency, court, regulator, government authority or other third party where we believe it is necessary to comply with legal or regulatory obligations, or otherwise to protect our rights, the rights of any third party or individuals’ personal safety, or to detect, prevent, or otherwise address fraud, security, or safety issues.

3.5         Professional advisors

This includes lawyers, technicians and auditors who assist in running our business, and defending or bringing any legal claims.

3.6         Assignee of rights and/or obligations

Third parties as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction; will comply with this Privacy Policy to respect your Personal Data.

 

4. International transfers of your Personal Data

To ascertain that your Personal Data will be handled, at least, in the equivalent level of protection for Personal Data protection standards required under Thai law, we would not disclose or transfer your Personal Data to third parties or which the destination does not have the same data protection standards unless such disclosure is permitted by law. For example, we also use third party cloud services to ensure availability and continuity of our services; therefore, your Personal Data may be transferred to cloud servers outside Thailand. In addition, it is necessary that we allow our IT offshore service providers which include a member of JD Group located in China to access our IT system, including certain of your Personal Data. We always take steps and measures to ensure that your Personal Data is securely shared and that the relevant third parties have in place an appropriate level of protection standards or other derogations as allowed by laws. If your consent is required by applicable law for any particular purpose, we will request for your consent accordingly.

 

5. How long do we keep your Personal Data

We may retain your Personal Data for as long as is reasonably necessary to fulfil purpose for which we obtained it or to comply with our legal and regulatory obligations, whichever is longer.

 

6. Security of your Personal Data

CJD Fintech Group recognizes the importance of maintaining the security of your Personal Data. Therefore, CJD Fintech Group endeavors to protect your information by establishing security measures for your Personal Data appropriately and in accordance with the confidentiality safeguard of Personal Data, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure; provided, however, that CJD Fintech Group will ensure that the method of collecting, storing and processing of your Personal Data, including physical safety measures follow the information technology security policies and guidelines of CJD Fintech Group.

 

7. Modification of Privacy Policy

We may need to modify this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective when we post the revised Privacy Policy on our website or application. We will provide additional notice of significant updates. In case of any modification deprives your rights of sensitive data in relation to this Privacy Policy, the relevant Company will first obtain your consent, except as otherwise permitted by law.

 

8.            Cookies and how they are used

If you visit our websites, we will gather certain information automatically from you by using cookies.

Cookies are small pieces of information or text issued to your computer when you visit a website and are used to store or track information about your use of a website and used in analyzing trends, administering our websites, tracking users’ movements around the websites, or to remember users’ settings. Some cookies are strictly necessary because otherwise the site is unable to function properly. Other Cookies allow us to enhance your browsing experience, tailor content to your preferences, and make your interactions with the site more convenient: they remember your username in a secure way, as well as your language preferences.

Most Internet browsers allow you to control whether or not to accept cookies. If you reject, remove or block Cookies can affect your user experience and without cookies, your ability to use some or all of the features or areas of our websites may be limited.

In addition, some third parties may issue Cookies through our websites to serve ads that are relevant to your interests based on your browsing activities. These third parties may also collect your browser history or other information to determine how you reached our websites and the pages you visit when you leave our websites. Information gathered through these automated means may be associated with the Personal Data you previously submitted on our website.

 

9. Your data, Your choice

Even if we try our best to take care of your Personal Data, we truly understand that in certain circumstances you may not be comfortable and would like to take full control of your Personal Data. In such circumstances, we respect your decision. Subject to applicable laws and exceptions thereof, you are entitled to the followings:

• Access: You may have the right to access or request a copy of the Personal Data we are collecting, using or disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
• Rectification: You may have the right to have incomplete, inaccurate, misleading, or not up-to-date Personal Data that we collect, use or disclose about you rectified.
• Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are collecting, using or disclosing such data on the basis of your consent or to perform a contract with you.
• Objection: You may have the right to object to certain collection, use or disclosure of your Personal Data such as objecting to direct marketing.
• Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances.
• Withdraw Consent: For the purposes you have consented to our collecting, using or disclosing of your Personal Data, you have the right to withdraw your consent at any time.
• Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use or disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
• Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use or disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law.

In addition to the above, you can always select whether to receive news, updates, offers from our affiliates Central Group and our selected business partners or not under “Settings” menu in our Dolfin App.

 

10. Our Contact Details

If you wish to contact us to exercise the rights relating to your Personal Data or if you have any queries about your Personal Data under this Privacy Policy, please contact us or our Data Protection Officer at:

• Attention: Head of Legal and Compliance
• Telephone number: 02-255- 9225
• Mailing address: 87/2 CRC Tower All Seasons Place, 48th floor, Wireless Road, Lumphini
  Sub-District, Pathumwan District, Bangkok 10330.

We are always responsible for all your Personal Data that we collect or are in our control and we promise to adhere to this Privacy Policy. We enforce strict confidentiality obligations on our employees and service providers who will be granted access to your Personal Data. We also put in place a system to securely verify access, storing and using of your Personal Data in accordance with the legislation standard. Our system will be regularly updated and improved to ensure their reliability and accuracy as well as to prevent the leakage of the Personal Data, unauthorized access or misuse of Personal Data.