Privacy Notice
Dear Customers,
KEX Express (Thailand) Public Company Limited ("Company", "we" or "our") values your privacy and strives to protect your personal data ("Personal Data") based on Thai law.
This Privacy Notice explains:
- what kind of Personal Data do we collect? This includes what you tell us about yourself or the individuals connected to your business (collectively referred to as "you", "your" or "yourself") and what we learn by having you as the customer.
- how do we use your Personal Data?
- who do we disclose the Personal Data to?
- what are the choices we offer? This includes how to access and update your Personal Data.
- what are your privacy rights and how does the law protect you?
1. What kind of Personal Data do we collect?
We collect many different kinds of the Personal Data, depending on various circumstances and nature of requested products, services and/or transactions performed.
We may collect the Personal Data about you from a variety of sources, including but not limited to:
- When you apply for our products and/or services;
- When you talk to us on the phone or in branch, including recorded calls, posts, e-mails, notes and other means;
- When you use our websites or mobile device applications. This includes cookies and other internet tracking software to collect the Personal Data;
- Insurance claims or other documents;
- Customer surveys; and
- When you take part in our competitions or promotions.
In some cases, we may engage third parties to collect the Personal Data about your online activities when you visit our online sources. We may also use the Personal Data collected across non-affiliated websites for the purpose of serving you advertisements related to your browsing behavior. While we engage in this practice, we will provide an appropriate notice and choice so that you can opt out such processing.
The categories of Personal Data about you that we process, subject to the applicable law, including but not limited to:
- Personal Details: Name, Surname, gender, date of birth, age, personal identification number, passport number, nationality, image of passport, driving license, signatures, photographs, CCTV images, call recording data and voice data of customer;
- Financial Details: The details of your bank account, billing address, credit card numbers, cardholder's name and other details;
- Family Details: Names and contact details of family members and dependents;
- Contact Details: Address, telephone number, mobile phone number, email address and social media profile details;
- Customer Records & Transaction Details: Our products and services you have purchased or used, transaction / transaction history (e.g., transaction ID, transaction amount, date and location of transaction, transaction timestamp), payment information;
- Electronic Data: IP address, cookies, online identifiers unique device identifiers and geolocation data.
2. How we use of your Personal Data?
We may collect, use and disclose your Personal Data only if we have proper reasons and it is lawful to do so. This includes sharing it outside the Company.
We will rely on one or more of the following lawful grounds when processing your Personal Data:
- When it is to fulfill the contract we have with you;
- When it is our legal duty;
- When it is in our legitimate interest; and/or
- When you consent to it.
The purposes for which we may process your Personal Data, subject to the applicable law, and the lawful basis on which we may perform such processing, are:
Purposes of data processing | Legal basis |
|---|---|
1. To develop the services in various fields e.g. the delivery of parcels and products, assistance providing and processing your complaints more efficiently as well as to survey and research your requirements in order to organize or create promotional programs that respond to your requirements. |
|
2. To develop the service channels for providing you the high quality, fastest and most convenient services. |
|
| 3. To enable you to access or transfer your Personal Data in your accounts via more than one computer and/or other electronic devices and allow us to be able to effectively monitor any accession to your accounts in order to prevent all of unauthorized usage, access by unauthorized users, fraudulent/abuse usage including to improve the services to be more appropriate and efficient. |
|
| 4. To propose an interesting news, promotional activities which would advocate you to get the highest quality services and benefits from us, our subsidiaries, affiliates and/or business partners. |
|
| 5. For the marketing and promotion, data analytics, digital marketing, loyalty and/or reward programs, and their related products and services, including your participation in any activities that we have organized to hand you the most benefits however depend on your satisfaction, thou can state your desire for setting the usage of your Personal Data for the said objectives through the channels specified by us, our subsidiaries, affiliates and/or business partners. |
|
| 6. To allow you to participate in loyalty and/or reward programs, and any related activities and communications, provided by us or our subsidiaries, affiliates and/or business partners |
|
| 7. To measure the effectiveness of our marketing policy and advertising through various online medias. |
|
| 8. To settle any disputes or conflicts which might be occurred between you and the Company about the services. |
|
| 9. Only for lawful and necessary purposes to achieve the services' objectives for you as the data subject including for comply with the laws and any regulations. |
|
When we rely on the legitimate interests as the reason for processing the Personal Data, it has considered whether or not your rights are overridden by our interests and has concluded that they are not.
3. Who do we disclose the Personal Data to?
We may collect, use, disclose, transfer, or otherwise make available your Personal Data to other persons or entities where it is lawful and necessary to do so, including where:
- It is necessary for the performance of a contract with you or for taking steps at your request before entering into a contract;
- We or the relevant recipient are required or permitted to do so under applicable laws, regulations, court orders, government orders, or lawful requests from competent authorities;
- It is necessary for regulatory reporting, audit, investigation, litigation, dispute resolution, or for establishing, exercising, or defending legal rights;
- It is necessary for our legitimate business purposes, including service operation, risk management, fraud prevention, identity verification, internal reporting, service improvement, security monitoring, business continuity, and corporate governance;
- It is necessary to enable another company, service provider, contractor, agent, or business partner to provide services requested by you or relating to our services; and/or
- You have given consent for such disclosure, where consent is required by applicable law.
We may disclose or share your Personal Data with the following persons or entities:
- Our subsidiaries, affiliates, and other companies within our group;
- Subcontractors, agents, couriers, transportation providers, warehouse operators, sorting centers, delivery partners, service providers, and other persons who provide services to us or on our behalf;
- IT service providers, cloud service providers, data hosting providers, cybersecurity service providers, system developers, platform operators, and other technology vendors;
- Banks, financial institutions, payment service providers, accounting service providers, tax advisors, auditors, insurers, loss adjusters, and claim-handling service providers;
- Business partners, marketplace platforms, ERP system providers, tracking platform providers, API integration partners, loyalty or reward program partners, and other parties involved in the products or services requested by you or our business customers;
- Persons or entities involved in any payment, delivery, transaction, claim, complaint, dispute, or service request;
- Persons acting on your behalf or under your instruction, including authorized representatives, attorneys-in-fact, legal representatives, intermediaries, or other persons authorized by you;
- Any person or entity involved in a proposed or actual corporate restructuring, merger, acquisition, sale, transfer of business, financing, investment, takeover, or similar transaction;
- Courts, government authorities, regulators, law enforcement agencies, dispute resolution bodies, tax authorities, customs authorities, postal or transportation authorities, and other competent authorities;
- External lawyers, legal advisors, consultants, auditors, investigators, and professional advisors; and
- Any other person or entity to whom we are required or permitted by law to disclose Personal Data, or to whom you have instructed or consented us to disclose Personal Data.
Examples of data sharing
For transparency, examples of circumstances where we may disclose or share your Personal Data include the following:
1. Delivery and logistics services
We may share sender and recipient names, addresses, telephone numbers, shipment numbers, delivery status, parcel information, proof of delivery, and related shipment information with our group companies, subcontractors, couriers, agents, transportation providers, sorting centers, warehouse operators, delivery partners, and service providers where necessary to pick up, sort, transport, deliver, return, track, or manage parcels.
2. Customer service, complaints, and claims
We may share shipment information, contact details, call records, complaint details, delivery evidence, photos, tracking records, claim documents, and compensation records with our customer service team, claims handling team, insurers, loss adjusters, external service providers, business partners, or relevant parties where necessary to handle complaints, claims, refunds, compensation, investigations, or service issues.
3. Payment, billing, accounting, and tax
We may share billing details, payment information, transaction records, tax invoice information, withholding tax information, account information, and outstanding balance records with banks, payment service providers, financial institutions, accounting service providers, auditors, tax advisors, and relevant government authorities where necessary for payment processing, billing, accounting, tax filing, audit, collection, reconciliation, or compliance with legal obligations.
4. IT systems, platforms, and security
We may share account information, login records, device information, IP address, cookies, online identifiers, geolocation data, tracking data, system logs, and service usage data with IT service providers, cloud service providers, cybersecurity service providers, system developers, data hosting providers, platform operators, and system maintenance providers where necessary to operate, maintain, secure, monitor, and improve our websites, applications, tracking systems, customer service systems, and other service platforms.
5. Business partners and system integrations
We may share shipment tracking data, delivery status, sender and recipient information, parcel information, order information, and related logistics data with business partners, marketplace platforms, ERP system providers, tracking platform providers, API integration partners, or other parties involved in the services requested by you or our business customers, including where such sharing is necessary to display delivery status, synchronize shipment information, manage customer orders, or support cross-border logistics services.
6. Fraud prevention, risk management, and business control
We may share identity information, transaction records, delivery records, payment records, system logs, and related information with our group companies, fraud prevention agencies, auditors, consultants, investigators, security service providers, and relevant authorities where necessary to detect, prevent, investigate, or respond to fraud, misuse of services, unauthorized access, financial crime, security incidents, or other unlawful activities.
7. Legal, regulatory, and dispute matters
We may share relevant Personal Data with courts, government authorities, regulators, law enforcement agencies, external lawyers, auditors, consultants, dispute resolution bodies, counterparties, or other parties involved in claims, disputes, investigations, regulatory reporting, enforcement actions, or legal proceedings where necessary to comply with laws or to establish, exercise, or defend legal rights.
Where we disclose your Personal Data to third parties, such third parties may act as data processors, data controllers, or independent persons under applicable data protection laws, depending on the nature of their role and the purpose of processing.
Where a third party processes Personal Data on our behalf as our data processor, we will require such party to process Personal Data only in accordance with our instructions, maintain confidentiality, implement appropriate security measures, and comply with applicable contractual and legal obligations.
Where a third party acts as an independent data controller, your Personal Data may also be governed by that third party's own privacy notice or privacy policy. You should review the relevant third party's privacy notice or privacy policy to understand how such third party collects, uses, discloses, or otherwise processes your Personal Data.
Except as described in this Privacy Notice, we will not use or disclose your Personal Data for purposes other than those notified to you, unless permitted or required by applicable law or unless we have obtained your consent where consent is required.
Cross-border Transfer of Personal Data
Your Personal Data may be transferred to, stored, accessed, or processed in countries outside Thailand where our group companies, affiliates, business partners, service providers, cloud service providers, IT system providers, data hosting providers, system maintenance providers, or other relevant recipients are located.
Such countries may have personal data protection standards that are different from, or may not provide the same level of protection as, those applicable in Thailand. Where we transfer your Personal Data outside Thailand, we will take appropriate steps to ensure that the transfer is lawful and that your Personal Data is protected by appropriate safeguards in accordance with applicable data protection laws.
These safeguards may include, where applicable:
- Intra-group data transfer arrangements or agreements;
- Data processing agreements, data transfer agreements, or other contractual arrangements with relevant recipients;
- Contractual obligations requiring the recipient to protect Personal Data, maintain confidentiality, process Personal Data only for specified purposes, and implement appropriate security measures;
- Technical and organizational security measures, such as access control, encryption, secure transmission, system monitoring, data minimization, and restricted access on a need-to-know basis;
- Transfer impact assessment, risk assessment, or review of data protection and security measures, where appropriate; and
- Other lawful transfer mechanisms, safeguards, or exceptions permitted under applicable data protection laws.
We may transfer your Personal Data outside Thailand where necessary for the performance of a contract with you, compliance with legal obligations, protection of public interest, establishment, exercise, or defence of legal claims, our legitimate interests, or where you have given consent, as applicable.
In some cases, foreign laws or competent authorities may require disclosure of Personal Data. In such cases, we will disclose Personal Data only where legally required or permitted and only to persons or authorities who are legally entitled to receive it.
4. Retention of Personal Data
We retain your Personal Data only for as long as necessary to carry out the purposes for which it was collected, used, or disclosed, including for service provision, business operations, contract performance, legal claims, regulatory compliance, audit, accounting, tax, security, and other legitimate business purposes.
We may retain your Personal Data for up to 10 years after you stop being our customer in order to comply with legal and regulatory requirements and to ensure that any contractual disputes, claims, complaints,investigations, or legal proceedings that may arise can be properly handled within the applicable limitation period.
The retention period may vary depending on the category of Personal Data and the purpose of processing. Examples include:
Record Category | Examples of Personal Data / Records | Retention Period |
|---|---|---|
Finance and Accounting Records | Invoices, tax invoices, receipts, purchase orders, payment records, billing information, bank account information, and other accounting or tax records | Up to 10 years, or as required by applicable laws |
Customer and Shipment Records | Customer name, sender and recipient information, address, telephone number, tracking number, shipment history, delivery status, proof of delivery, claim records, and service records | Up to 10 years after the last transaction or end of customer relationship |
Customer Service Records | Customer inquiries, complaints, service requests, claim records, call records, voice recordings, chat records, and correspondence | As long as necessary for customer service, claim handling, dispute resolution, legal compliance, or internal quality review |
IT System and Security Logs | System logs, transaction logs, access logs, login/logout records, IP address, device information, cookies, and security monitoring records | As long as necessary for system operation, cybersecurity, investigation, audit, legal compliance, or technical purposes |
CCTV Records | CCTV footage of customers, visitors, employees, contractors, vendors, and other persons entering KEX premises or service areas | Normally not more than 30 days, unless required for investigation, security, legal claims, or regulatory purposes |
Supplier, Vendor, and Business Partner Records | Name, contact details, ID card/passport information, company information, professional license information, bank account details, contract records, and transaction records | Up to 10 years after the end of the business relationship, or as required by applicable laws |
Legal, Compliance, and Dispute Records | Contracts, evidence, correspondence, investigation records, regulatory filings, court documents, legal claim records, and compliance records | As long as necessary for legal claims, dispute resolution, regulatory compliance, audit, or enforcement of rights |
KEX will review the retention of Personal Data from time to time to ensure that Personal Data is retained only for as long as necessary and in accordance with applicable laws, internal policies, and business requirements.
When the retention period expires, or when the Personal Data is no longer necessary for the purposes for which it was collected, used, or disclosed, KEX will delete, destroy, anonymize, or otherwise make such Personal Data non-identifiable, unless further retention is required or permitted by law.
Where applicable, KEX may also delete, destroy, or anonymize your Personal Data upon your request, subject to the conditions, limitations, and exemptions under applicable personal data protection laws. For example, KEX may not be able to delete Personal Data immediately if such data is still required for legal compliance, dispute handling, fraud prevention, audit, tax, accounting, security, or the establishment, exercise, or defense of legal claims.
5. Accuracy of your Personal Data
We need your help to ensure that your Personal Data is current, complete and accurate. Please inform us of any changes to your Personal Data by updating your information at/via Company Website/Application.
We will occasionally request an update from you to ensure that the Personal Data we use to fulfil the purposes of collection, use and/or disclosure are current, accurate and complete.
6. What are your privacy rights and how does the law protect you?
- Right to Withdraw: This enables you to withdraw your consent to our processing of your Personal Data, which you can do at any time. We may continue to process your Personal Data if we have another legitimate reason to do so;
- Right to Access: This enables you to receive a copy of Personal Data we hold about you and to check that we are lawfully processing it;
- Right to Correct: This enables you to have any incomplete or inaccurate information we hold about you corrected;
- Right to Erasure: This enables you to ask us to delete, destroy or anonymize your Personal Data where there is no good reason for us to continue processing it. You also have the right to ask us to delete your Personal Data where you have exercised your right to object to processing (see below);
- Right to Object: This enables you to object to the processing of your Personal Data where we are relying on the legitimate interest and there is something about your particular situation which makes you want to object to the processing on this ground. You also have the right to object where we are processing your Personal Data for direct marketing purposes and profiling activities;
- Right to Restrict Processing: This enables you to ask us to suspend the processing of your Personal Data, for example, if you want us to establish its accuracy or a reason for processing it;
- Right to Portability: This enables you to request for the transfer of your Personal Data to another party; and
- Right to Lodge a Complaint: This enables you to file the complaint with a related government authority, including but not limited to, the Thailand Personal Data Protection Committee.
Handling of Complaints
In the event that you wish to make the complaint about how we process your Personal Data, please contact us and we will try to consider your request as soon as possible.
7. Limitation
Website links and other services
The event that the service channels were linked to an external website or third-party website, we would not be responsible for any damage or violation that occurs to your Personal Data by the external website or third-party website. And you acknowledge that we do not have any power to control or determine or monitor the operations, services, privacy policy and data protection as well as the application or evaluation of your Personal Data on that website.
8. Policy for Children
This application/website is expressly designed and intended for use by adults. We explicitly refrain from intentionally collecting personal data from children under the age of 10. Should you become aware of any personal data collected from children under the age of 10 by us, please contact us through the contact information provided below. In addition, if we are aware of collecting the personal data from a child under the age of 10, we will take steps to delete such personal data as soon as possible.
9. Security of your Personal Data
Information is our asset and therefore we place a great importance on ensuring the security of your Personal Data. We regularly review and implement up-to-date physical, technical and organizational security measures when processing your Personal Data. We have internal policies and controls in place to ensure that your Personal Data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties. Our employees are trained to handle the Personal Data securely and with utmost respect, failing which they may be subject to a disciplinary action.
10. Your Responsibilities
You are responsible for making sure that the Personal Data you give us or provided on your behalf, is accurate and up to date, and you must tell us as soon as possible if there are any updates.
You have some responsibilities under your contract to provide us with the Personal Data. You may also have to provide us with the Personal Data in order to exercise your statutory rights. Failing to provide the Personal Data may mean that you are unable to exercise your statutory rights.
Certain Personal Data, such as contact details and payment details, must be provided to us in order to enable us to enter into the contract with you. If you do not provide such Personal Data, this will hinder our ability to administer the rights and obligations arising as a result of contract efficiently.
11. Revision of our Privacy Notice
We keep our Privacy Notice under a regular review and thus the Privacy Notice may be subject to changes. The date of last revision of Privacy Notice can be found on the top of page.
12. Contact us
If you have any questions in regard to the protection of your Personal Data or if you wish to exercise your rights, please do the followings, at your choice:
- KEX Express Call Centre Office at [email protected] or Tel. 1217
- KEX Express (Thailand) Public Company Limited at No. 548 One City Centre Building, 28th-29th Floor, Room 2801-2806, 2901-2906, Phloen Chit Road, Lumpini Sub-district, Pathumwan District, Bangkok 10330 Thailand Email [email protected] or Tel. 02 238 5558
- Contact us at Data Protection Officer
- Email us at [email protected]
Date 27 May 2026