Coral (the "Platform") is an e-marketplace for Non-Fungible Tokens ("NFT"), which connects NFT sellers and NFT buyersto buy and sell NFTsThe Platform is made available and owned by Kasikorn X Company Limited (the "Company", "KX", "we", "us", "our").
We take the protection of Personal Data seriously and this User Privacy Notice for Coral Users (the "Privacy Notice") describes how the Company collects, uses and discloses the Personal Data of the following persons and informs them of their data protection rights:
- NFT sellers and NFT buyers business partners, visitors and users of our Platform;
- Personnel and individuals under or related to a corporate entity who use the Platform (such as artists, employees, business contact persons, directors, shareholders); and
- Any other individuals about whom we obtain Personal Data.
The persons as listed in (1) - (3) above are collectively referred to as "Users", "you" or "your".
1. WHAT DATA DO WE COLLECT?
"Personal Data" means any data that relates to the User, which can directly or indirectly identify the User (excluding the data of deceased persons).
"Sensitive Personal Data" means any Personal Data pertaining to race, ethnic origin, political opinions, cults, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any data which may affect the data subject in the same manner.
In order to operate the Platform, we collect the following types of Personal Data:
- Identity Data: such as, first name, last name, title, date of birth, work-related information (e.g., occupation, job title), name of the User's country of citizenship (for foreigners), nationality, information on government-issued documents (e.g., copy of passport, tax identification number, certificate of juristic person registration), information to create user profiles (e.g., username, password), , and other identifiers;
- Contact Details: such as, telephone number, mobile phone number, billing address, residence details, delivery address, email address, social network account, and other similar information;
- Transaction Data: such as, details of NFTs and their underlying content which the Users have purchased, sold, exchanged and/or otherwise carried out a transaction via the Platform, including date and location of transaction, details of the seller and the buyer, purchase/order number, details about payments including tax information, address/date and time of transfer, Users' transactional frequency, highest amount of transaction, correlation between User's occupation and income], price difference between purchase and sale of NFTs, a large amount of connected or related parties transactions, transactions from officially watched or frozen persons and complaints and claims;
- Financial Data: such as, cryptocurrency accounts/electronic wallet addresses, trust wallets, and amounts associated with such accounts, bank accounts and payment card details, Thai mobile banking information,
- Usage Data: such as, login data, browser type and version, operating system, time zone and language preference settings, approximate geographical information, details of devices the User is using (e.g., IP address, name of internet provider, device serial number, unique identification number, cookie ID), Platform use information (e.g., date of visit, time and length of visit, frequency of visits, words input to search for information, interactions with features on the Platform);
- Marketing Data: such as, User preferences in marketing communications, User survey responses;
- Interests and Opinions: such as, interests (e.g., interests in specific types of content), spending behavior information, feedback, comments, recommendations and survey responses;
- Other Information: such as, information Users provide to the Company as part of registration, contact forms, surveys, and competitions for prizes or other activities;
- Additional Personal Data collected from seller:
- Additional Identity Data: such as, national ID card, self-portrait photos (for KYC purpose), signatures;
- Additional Contact Details: such as, workplace name, workplace address;
- Additional Financial Details: such as, source of income, purpose of engagement, true beneficiary.
If you provide Personal Data of others to us, you represent and warrant that you have:
- verified the accuracy and completeness of Personal Data provided by you and will update us on any changes to the provided Personal Data
- obtained consent if required or relied on other legal basis in order to allow us to use such Personal Data in accordance to this Privacy Notice; and
- informed such individual about this Privacy Notice.
2. HOW WE COLLECT PERSONAL DATA
We collect your Personal Data through the following means:
- Direct Interactions: Personal Data may be collected directly from the Users, by having Users fill in forms, provide biometrics information and verification to the Platform, by email or other direct interactions.
- Existing Personal Data: Personal Data we process about you may come from our own existing database of Users.
- Automated Technologies: The Company may automatically collect certain types of the User's Personal Data when the User interacts with the Platform by using various technologies, such as, cookies, and other similar technologies.
- Third Parties: The Company may collect the User's Personal Data from third party sources, such as publicly available sources (e.g., the User's public profile on third party social network platforms where the User allows their Personal Data to be shared publicly), other Users, government agencies, public blockchain network, or other publicly available information on the internet.
3. HOW WE USE PERSONAL DATA
The Company collects, uses or discloses the User's Personal Data on the following legal basis: legitimate interest; entering into or performance of a contract with the User; legal compliance; consent; or any other basis permitted by applicable laws. The purposes of collection, use and disclosure of the User's Personal Data are as follows:
- Account registration, identification and verification of the User's identity, and maintenance of User accounts;
- Conducting KYC (Know your customer), conducting CDD (Customer due diligence) on the Users;
- Delivering the Platform's services to the Users, including but not limited to executing, managing, and processing any instructions or orders, and providing support to the Users;
- Preventing Users from violating the Platform's terms and conditions through prohibited use of the Platform, and administering and protecting the Platform and other Users from such prohibited use by implementing measures such as; bans, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data;
- User interaction, including User provided reviews, and conducting surveys;
- Conducting data analytics for product and service improvements or for other marketing purposes;
- Managing, collecting and transferring payments, fees and charges on the Platform that are owed to the Company, and ensuring good management in the Company's collection of fees and charges;
- Authorizing the minting of NFTs to be sold on behalf of the seller;
- Facilitating the transaction process and the transfer of NFTs between sellers and buyers on the Platform;
- Displaying the username next to the seller's NFT;
- Making suggestions and recommendations about goods or services;
- Processing subsidy charge requests by our affiliates;
- Providing marketing communications, such as offers relating to the Company's recent products and services or other Users' NFTs;
- Authenticating and accessing controls and logs where applicable, monitoring of system, devices and internet, ensuring IT security and IT operations are well maintained, preventing and solving crimes, as well as risk management;
- Ensuring compliance with the Company's internal policies and applicable laws, regulations, and regulatory guidelines, including but not limited to, liaising and interacting with and responding to law enforcement agencies, courts, regulators and/or any other government authority; and
- Transferring and sharing of Personal Data in connection with or during business transitions, mergers and acquisitions, dissolution, reorganization, or any procedure involving the sale, transfer, divestiture, or disclosure of all or a portion of our business or assets, or in the event of insolvency, bankruptcy, or receivership, or any similar event.
Failure to provide us with the required Personal Data may result in our inability to perform the contract we have or are trying to enter into with you (for example, to provide the User with products or services). We would be unable to provide or continue to provide you any services, including those on the Platform, if the User fails to provide any requested Personal Data that is required by law.
If you have given us your consent to the use of your Personal Data for direct marketing purposes through an appropriate mechanism such as ticking a box, managing technical settings or any other action indicating your consent, we will use Personal Data collected from you through the Platform and through the other channels described in this Privacy Notice to send you communications (including electronic newsletters and mobile marketing) on our products and/or services. You may withdraw your consent at any time by contacting us as specified in the [“Contact Us”] section below or by changing your email preferences in the [“my account”] feature of this Platform or by using any other unsubscribe facilities provided in our electronic marketing communications.
Where consent is required, we will request and obtain your consent separately for certain activities pertaining to the collection, use or disclosure of your Personal Data.
We will only collect, use, or disclose Sensitive Personal Data on the basis of your explicit consent, for establishment, defense, compliance or exercise of legal claims, for satisfying legal obligations in relation to substantial public interest or where it is information that is disclosed to the public with the explicit consent from you or where otherwise permitted by law. Where consent is required, we will separately ask for your consent via the appropriate methods. For certain products, services or business transactions, we will need to process your Sensitive Personal Data as described above. To the extent that we need your explicit consent to process this category of Personal Data, we will provide details of this at the point of collection and seek your consent.
If minors, incompetent persons or quasi-incompetent persons ("Persons with Limited Capacity") use the Platform, the Company will only process their Personal Data provided that verifiable consent has been obtained from a parent or guardian, or as otherwise permitted by applicable laws. However, the Company does not intend to, and does not knowingly, collect Personal Data of Persons with Limited Capacity, and will stop processing such Personal Data until parental/guardian consent has been obtained or as otherwise permitted by applicable laws.
4. WHO DO WE SHARE PERSONAL DATA WITH?
We do not sell or otherwise disclose Personal Data about our Users, except as described in this Privacy Notice.
The Company may share User's Personal Data with other Users, our group of companies, affiliates, domestic and international third-party service providers, agents, subcontractors, and other associated organizations, to allow us to complete tasks and provide the Platform services (e.g. companies of organizations that assist the Platform in processing Personal Data, providing cloud storage or any backup database, verifying or refunding transactions, identity verification, processing payment transactions, electronic wallet extension, mobile banking, etc.) These entities are also obligated to follow the security measures surrounding the User's Personal Data and to treat it in accordance with applicable laws and regulations.
In some cases, the Company may share the User's Personal Data with any government authority, law enforcement agency, court, regulator, or other third party where necessary for compliance with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individual, personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
In the event of a corporate transaction, such as a corporate sale, transfer, reorganization, merger and acquisition, dissolution, or in the event of insolvency, bankruptcy, or receivership, or any similar event, the Company may disclose the User's Personal Data to another entity.
5. CROSS-BORDER DATA TRANSFER
The Company may need to transfer the User's Personal Data to other countries, which may have a higher or lower level of data protection standards than in Thailand, for the purpose of storing data on the servers of an overseas cloud storage provider, and for the purpose of data analytics by third-party service providers.
The Company will ensure an adequate degree of protection is afforded to the transferred Personal Data, or that the transfer is otherwise permitted in accordance with the applicable data protection law, when it is necessary to transfer any User's Personal Data to a third country with a level of data protection standards lower than those of Thailand. The Company may, for example, obtain contractual assurances from any third party given access to the transferred Personal Data that such data will be protected by data protection standards which are equivalent to those required in Thailand.
6. DATA RETENTION
A User's Personal Data may be detained for as long as it is reasonably necessary to comply with our legal and regulatory obligations, and to fulfil the purpose for which it was obtained.
It is possible that we may have to retain your Personal Data for a longer duration, for certain necessary reasons such as resolving disputes, enforcing agreements or other purposes of data retention as required by applicable laws.
We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the Personal Data was collected, and is no longer necessary for legal or business purposes.
7. DATA SECURITY MEASURES
We maintain appropriate security measures for Personal Data, which cover administrative, technical and physical safeguards in relation to access control to protect the confidentiality, integrity, and availability of Personal Data against any accidental loss or unlawful or unauthorized access, use, alteration, correction or disclosure of Personal Data, in compliance with the applicable laws.
In particular, we have implemented measures on controlling access to and use of devices for storing and processing Personal Data which are secured and suitable for our collection, use and/or disclosure of Personal Data. We also have measures on restricting access to Personal Data and the use of storage and processing equipment by imposing User access rights, User permission rights to the authorized personnel, and User duties and responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data, or theft of devices used to store and process Personal Data. This includes measures on re-examination in relation to access, alteration, erasure, or transfer of Personal Data, which are in accordance with methods and channels used to collect, use and/or disclose Personal Data.
8. DATA SUBJECT RIGHTS
A "Data Subject" is an individual who can be directly or indirectly identified by their Personal Data.
Data Subjects may request or exercise the following legal rights under the conditions prescribed by law and our procedures:
- to request access to and obtain a copy of your Personal Data, or for the disclosure of the acquisition of your Personal Data that was obtained without your consent, and information on the Platform's use of Personal Data;
- to have your Personal Data corrected, if it is inaccurate, not up to date or misleading, in order to help us comply with our obligation to have your up-to-date, complete and accurate data;
- to erase, destroy, or anonymize your Personal Data. Please note that we may not always be able to proceed for specific legal reasons, which we will inform you of as and when necessary;
- to request your Personal Data in a structured, commonly used and machine-readable format, to transmit it to other data controller, and to request the receipt of the Personal Data in such format transmitted by us directly to other data controller unless not technically feasible;
- to restrict / suspend or object to us collecting, using, or disclosing your Personal Data;
- to withdraw consent for the collection, use, or disclosure of your Personal Data that is based on your consent at any time. The consent withdrawal will not affect the lawfulness of the collection, use and/or disclosure of your Personal Data before it was withdrawn. If you withdraw your consent, we may not be able to provide our services or products to you.
If you would like to exercise any of these rights in this section, you may contact the Company at the address in the "Contact Us" section.
Your request may be reasonably and lawfully declined in certain cases, for example, due to our legal obligations or a court order. The applicable laws may limit your request for exercising any of the above rights, however, we will notify you of our reason if we decline your request under this section.
Please note that withdrawing consent does not affect our right to continue to collect, use and disclose Personal Data where such collection, use and disclose without consent is permitted or required under applicable laws.
Where applicable, you have the right to lodge a complaint to the competent data protection authority if you believe our collection, use or disclosure of your Personal Data violates any applicable data protection laws. The Company would, however, appreciate the chance to address your concerns before approaching the authorities, so please contact us in the first instance.
9. CHANGES TO PRIVACY NOTICE
We may update this Privacy Notice from time to time as our data protection practices may change due to changes in law or technological developments. Amendments to this Privacy Notice will be effective once published by the Company on https://coralworld.co.
10. CONTACT US
We are pleased to help with any relevant requests for information, suggestions or complaints. You can contact us using the details below if you have any questions about the Company's practices and activities relating to Personal Data.
Kasikorn X Company Limited.
[46/6 Popular Road, Ban Mai, Pak Kret, Nonthaburi 11120]
For GDPR Privacy Notice click