Privacy Notice
Lombard Asia Management Limited and Private Equity (Thailand) Co., Ltd.
Last updated: 27 May 2022
This Privacy Notice explains how Lombard Asia Management Limited and Private Equity Thailand Co., Ltd. (each a “Lombard entity” a Lombard Entity or “we”) collect, use and disclose personal data online and offline in connection with the services we provide to our clients. We refer to the individuals whose Personal Data (as defined below) we process, such as individuals who work for or are otherwise engaged by, are directors or legal representatives of, are ultimate beneficial owner of, are debtors of, are guarantors or security providers of, or interact with, us, our clients, their affiliates or other third parties, as “you” in this Privacy Notice.
Personal Data
“Personal Data” is information collected that identifies an individual or relates to an identifiable individual, including:
-
Name
-
Account details and related contact information
-
Postal address
-
Telephone or fax number
-
Email address and other identifying addresses for electronic communications
-
Date of birth
-
Details from passports and other government or state issued forms of personal identification (including social security, driver’s license, national insurance and other identifying numbers)
-
Photographic or video images
-
Signature
-
Telephonic or electronic recordings
We need to collect and process Personal Data in order to provide the services, or because it is on the basis of our legitimate interests or we are legally required to do so. If we do not receive the information that we request, we may not be able to provide the services.
Collection of Personal Data
We and our agents, affiliates, subsidiaries, and service providers collect Personal Data in a variety of ways, including:
-
Through the contractual agreements and transactions: We may collect Personal Data in accordance with the request and/or contractual agreement and transaction made by you with us and/or with our clients.
-
Other than through the contractual agreement and transaction: We may collect Personal Data about you other than through the contract and transaction, such as when you meet us ahead of transactions, receives pitches or proposals from us, or participate in a transaction or contractual arrangement, are referred to in a working party list provided by you or third parties, or in information obtained from deal-related data rooms.
-
From other sources: We may receive Personal Data from other sources, such as public databases, employers, the entity we provide the services to and from other third parties.
Keeping Personal Data secure is one of our most important responsibilities. We maintain physical, technical, electronic, procedural and organisational safeguards and security measures to protect personal data against accidental, unlawful, or unauthorised destruction, loss, alteration, disclosure, or access, whether it is processed by us in Thailand or elsewhere. Appropriate employees are authorised to access personal data for legitimate and specified business purposes. Our employees are bound by a code of ethics and other internal policies that require confidential treatment of personal data and are subject to disciplinary action if they fail to follow such requirements.
Use of Personal Data
We and our agents, affiliates, subsidiaries, and service providers may use Personal Data for our legitimate interests, including the following:
-
to verify an individual’s identity and/or location and to validate authorized signatories when concluding contracts and transactions;
-
to contact nominated individuals in connection with existing contractual agreements and transactions;
-
to respond to enquiries and fulfil requests from our clients and/or relevant third parties who require information as a necessary part of the provision of the services, and to administer account(s) and manage our relationships;
-
to inform you about potential business collaboration and transaction ideas which we believe may be of interest, including proposals or offers;
-
to protect the security of accounts and Personal Data;
-
for information and relationship management purposes, and business purposes, including data analysis, audits, developing and improving products and services and enhancing, improving or modifying our services;
-
for risk management, for fraud detection, prevention and investigation, including “know your customer”, anti-money laundering, conflict and other necessary onboarding and ongoing counterparty checks, due diligence and verification requirements, credit checks, credit risk analysis, and tax reporting;
-
to provide, and perform our obligations with respect to, the services or otherwise in connection with fulfilling instructions;
-
to send administrative information to counterparty, such as changes to our terms, conditions and policies; and
-
to otherwise comply with laws and regulations (including any legal or regulatory guidance, codes or opinions), and to comply with other legal process and law enforcement requirements (including any internal policy based on or reflecting legal or regulatory guidance, codes or opinions) that we are subject to both in Thailand in other countries.
Please note that Personal Data we collect in order to meet our legal and regulatory obligations related to the prevention of money laundering and terrorist financing is processed only for those purposes, unless otherwise permitted or agreed.
Disclosure of Personal Data
Personal Data may be disclosed to third parties in connection with the services we are providing. The recipients of any such information will depend on the services that are being provided. Subject to any restrictions around confidentiality that have expressly agreed with our and/or affiliates’ transaction parties, such disclosures may include disclosures:
-
to affiliates and subsidiaries of a Lombard Entity for the purposes described in this Privacy Notice;
-
to our third party service providers who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, e-signature collection and processing services and other services;
-
to third party experts and advisers (including but not limited to external legal counsel, notaries, auditors and tax advisers);
-
to payment, banking and communication infrastructure providers including SWIFT, financial institutions or intermediaries with which we may have dealings including correspondent banks, insurers, insurance brokers, clearing and settlement systems, exchanges, trading platforms, regulated markets, credit institutions, financial brokers, valuation agents, service agents and other service providers assisting on transactions;
-
to third party storage providers (including archive service providers, document repositories and deal sites which provide access offering circulars and other marketing materials);
-
to third party distribution platforms and to operators of private or common carrier communication or transmission facilities, and mail or courier services;
-
to other deal/transaction participants including issuers, borrowers, potential investors and syndicate members, advisers, other lenders, and translation service providers;
-
to counterparties, vendors and beneficiaries, and other entities connected with our client (including guarantors, investors, funds, accounts and/or other any principals connected);
-
to any regulators that we and our affiliates are subject to; and
-
to other persons as agreed with our client or as required or expressly permitted by any applicable law.
Disclosures of Personal Data which we make to our third party service providers, as described in this section, will be made subject to conditions of confidentiality as we may consider appropriate to the specific circumstances of each such disclosure.
Other Uses and Disclosures
We may also use and disclose Personal Data as we believe to be necessary or appropriate:
-
to comply with applicable law including treaties or agreements with or between foreign or domestic governments (including in relation to tax reporting laws), which may include laws outside the country you are located in, to respond to requests from public and government authorities, which may include authorities outside your country, to cooperate with law enforcement, governmental, regulatory, securities exchange or other similar agencies or authorities including tax authorities to which we or our affiliates are subject or submit, in each case of any country worldwide, or for other legal reasons, who may transfer the Personal Data to equivalent agencies or authorities in other countries;
-
to regulators which may be outside your country;
-
to courts, litigation counterparties and others, pursuant to subpoena or other court order or process or otherwise as reasonably necessary, including in the context of litigation, arbitration and similar proceedings to enforce our terms and conditions, and as reasonably necessary to prepare for or conduct any litigation, arbitration and/or similar proceedings; and
-
to protect our rights, privacy, safety or property, and/or that our affiliates, you or others.
In addition, we may use, disclose or transfer Personal Data to a third party (i) in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) and/or (ii) to third parties, as requested by clients or their representatives.
Collection of Other Information
“Other Information” is any information that does not reveal a person’s specific identity or does not directly relate to an identifiable individual.
We and our service providers may collect Other Information in a variety of ways, including:
-
Through a browser or device: Certain information is collected by most browsers or automatically through devices, such as a Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, device manufacturer and model, language, Internet browser type and version and the name and version of the Services (such as the App) being used. We use this information to ensure that the Services function properly.
-
IP Address: An IP address is automatically assigned to a computer by an Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses the Services, along with the time of the visit and the page(s) that were visited. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for purposes such as calculating usage levels, diagnosing server problems and administering the Services. We may also derive approximate location from IP address.
Uses and Disclosures of Other Information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. In some instances, we may combine Other Information with Personal Data. If we do, we will treat the combined information as Personal Data as long as it is combined.
Third Party Services
This Privacy Notice does not address, and we are not responsible for, the privacy information or other practices of any thirdparties, including any third party operating any website or service to which the Services link. The inclusion of a link on the Services does not imply endorsement of the linked site or service by us or by our affiliates.
Individual Rights
You may be entitled to make certain requests of a Lombard Entity under applicable data protection law. These rights may include, subject to applicable conditions or restrictions:
-
The right to withdraw your consent for a Lombard Entity to process your personal information, but only where a Lombard Entity relies on consent as the legal basis for processing your personal information;
-
The right to know when your personal information has been collected without your consent;
-
The right to object to or restrict processing of your personal information;
-
The right to request that a Lombard Entity maintain accurate records related to your personal information; and
-
The right to request erasure, destruction, or anonymization of your personal information.
How individuals can access, change or suppress their Personal Data
If you would like to request to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to request to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by applicable law), you may contact us by emailing dpo@lombardasia.com. We will respond to your request consistent with applicable law.
In your request, please make clear what Personal Data you would like to have changed, whether you would like to have the Personal Data suppressed from our database or otherwise let us know what limitations you would like to put on our use of the Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.
Please note that we may need to retain certain information for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion. There may also be residual information that will remain within our databases and other records, which will not be removed.
Receiving electronic communications from us
If you no longer want to receive marketing-related emails from us on a going-forward basis, you may opt-out by following the instructions in the relevant electronic communication.
We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing- related emails from us, we may still send you important administrative and/or transaction-related messages, which you cannot opt out of.
Use of Personal Data for Original Purposes
We are entitled to continue collecting and using your personal data which has previously been collected by us before the effectiveness of the PDPA in relation to the collection, use and disclosure of personal data, in accordance with the original purposes. If you do not wish us to continue collecting and using your personal data, you may notify us to withdraw your consent at any time.
Retention Period
We will retain Personal Data for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time we and our affiliates have an ongoing contractual relationship with counterparty; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Use of Services by Minors
The services we provide are not directed to individuals under the age of eighteen (18), and we do not knowingly collect Personal Data from individuals under 18.
​
Jurisdiction and Cross-Border Transfer
Personal Data may be stored and processed in any country where we and our affiliates have facilities or in which we engage service providers. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access Personal Data.
Except for the aforementioned circumstances, for transfers from Thailand to countries not considered having adequate data standard, we have put in place adequate measures, such as standard contractual clauses to protect Personal Data. Transfers may also be made pursuant to contracts in your interest or at your request.
By providing a Lombard Entity with your Personal Data, you recognise and understand that a Lombard Entity may collect, use, transfer, or disclose your Personal Data to the third parties and for the purposes identified in this Privacy Notice. In the event that a Lombard Entity seeks to disclose your information to promote or publicise products or services, a Lombard Entity will obtain specific consent for such marketing purpose prior to such disclosure.
Sensitive Personal Information
We do not typically collect sensitive Personal Data in connection with the services. Please do not send us any Personal Data which would be categorised as sensitive personal data under the Thailand Personal Data Protection Act or its implementing regulations (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background or trade union membership) (“Special Data”) through the services or otherwise, unless we specifically request this information from you or make a due diligence enquiry of you where the response necessitates you disclosing Special Data to us. In such a case, please ensure you notify us that you are providing Sensitive Personal Data.
We may receive Sensitive Personal Data from third party service providers and others in support of due diligence activities we undertake to satisfy various legal and regulatory requirements to which we are subject.
Updates to this Privacy Notice
We may change this Privacy Notice, from time to time. The “LAST UPDATED” legend at the top of this Privacy Notice indicates when this Privacy Notice was last revised. Any changes will become effective when we post the revised Privacy Notice. Use of the Services following these changes (or your continued provision of Personal Data to us) signifies acceptance of the revised Privacy Notice.
Contacting Us
A Lombard Entity entity which provides the Services in connection with which your Personal Data has been provided is the company responsible for collection, use and disclosure of your Personal Data under this Privacy Notice.
If you have any questions about this Privacy Notice, please contact our Data Protection Officer at dpo@lombardasia.com
To help us to manage your query, please include your full name and/or your contact detail.