Privacy Policy

For the use of One Wallet Application
Effective Date: 1st July 2025Last Updated: 1st July 2025One Wallet Co., Ltd. (hereinafter referred to as the “Company”, “we”, “us”, or “our”), as the provider of the One Wallet Application (“Service”), recognizes and places the utmost importance on the protection of the personal data of our users (“you” or “your”).This Privacy Policy is established to inform you of how we collect, use, disclose, and process your personal data in compliance with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and other applicable laws.
1. Definitions
  1. Personal Data means any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of deceased persons in particular.
  2. Sensitive Data means Personal Data pertaining to race, ethnicity, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data (e.g., facial recognition data, fingerprints), or any other data which may affect the data subject in the same manner, as prescribed by the Personal Data Protection Committee.
2. Personal Data We Collect
We may collect your Personal Data from various sources, such as directly from you during registration, from your use of our Service, or from third parties. The data we collect includes:
  1. Identification Data: Such as first name-last name, date of birth, National ID number, laser code on the back of the ID card (Laser ID), a photo of your ID card, a facial photo (for Know Your Customer (KYC) processes), address, telephone number, and email address.
  2. Financial and Transactional Data: Such as your e-Wallet account number, bank account information (for linking accounts for top-ups/withdrawals), transaction history (e.g., date, time, amount, recipient/sender, merchant details), top-up and withdrawal history.
  3. Technical Data: Such as Internet Protocol (IP) address, device ID, device type, operating system, and browser type.
  4. Usage Data: Such as information about how you use our Service, usage patterns, features you select, and time spent in the application.
  5. Location Data: We may collect your location data upon your explicit consent for purposes of fraud prevention or to offer location-based services.
  6. Sensitive Data: We will collect Sensitive Data, such as biometric data (e.g., facial scans or fingerprints) for the purpose of identity verification before logging in or conducting a transaction, only upon receiving your explicit consent. Please note that while the "religion" field on a Thai national ID card might be incidentally collected during our KYC process, we have no intention to store or use this specific piece of information for any purpose.
3. Purposes and Lawful Basis for Processing Personal Data
We process your Personal Data for various purposes under the following lawful bases:
Purpose of ProcessingLawful Basis
1. For service registration, Know Your Customer (KYC/CDD) verification, and user account creation.Performance of a Contract and Legal Obligation (under the Anti-Money Laundering Act).
2. To provide core e-Money services, such as top-ups, funds transfers, payments for goods/services, withdrawals, and displaying transaction history.Performance of a Contract.
3. To comply with laws and regulations of governing bodies, such as the Bank of Thailand (BOT), the Anti-Money Laundering Office (AMLO), and the Personal Data Protection Committee (PDPC).Legal Obligation.
4. For security purposes, and to monitor, prevent, and mitigate risks of fraud, money laundering, or cybercrime.Legitimate Interest and Legal Obligation.
5. For communication, assistance, and providing customer support.Performance of a Contract and/or Legitimate Interest.
6. For data analytics, and to improve and develop the quality of our services and products.Legitimate Interest.
7. To provide news, marketing communications, promotions, privileges, and special offers related to the products and services of the Company and its partners.Consent.
8. To verify your identity using biometric data before login or transactions.Consent.
4. Disclosure of Personal Data
We may disclose your Personal Data to the following persons or entities within the scope permitted by law:
  1. Service Providers: Such as cloud service providers, KYC verification providers, payment gateway providers, and data analytics service providers.
  2. Financial Institutions and Business Partners: To facilitate transactions, such as bank top-ups or withdrawals, and payments to partner merchants.
  3. Government and Regulatory Authorities: Such as the Bank of Thailand (BOT), the Anti-Money Laundering Office (AMLO), the Royal Thai Police, the Personal Data Protection Committee (PDPC), and courts of law, where such disclosure is required by law or a lawful order.
  4. Assignees of Rights and/or Obligations: In the event of a corporate restructuring, merger, or sale of all or part of our business.
5. International Transfer of Personal Data
We may need to send or transfer your Personal Data to a foreign country (e.g., for using a cloud service with servers located abroad). We will ensure that the destination country or the receiving organization has an adequate level of data protection as prescribed by law and will take necessary steps to protect your data during such a transfer.
6. Data Retention Period
We will retain your Personal Data for as long as it is necessary to fulfill the purposes outlined in this Policy, taking into account our service obligations and legal requirements.
  1. Data related to financial transactions and identity verification will be retained for a period of at least 10 years from the termination of your relationship with us, as required by the Anti-Money Laundering Act.
  2. Personal Data processed under the basis of consent (e.g., for marketing) will be retained until you withdraw your consent.
7. Data Security Measures
The Company has implemented appropriate technical and organizational security measures consistent with industry standards, such as encryption of data both in transit and at rest, access control, firewalls, and employee training on the importance of personal data protection.
8. Rights of the Data Subject
You have the following rights under the PDPA:
  1. Right to Withdraw Consent: Where you have given consent, you have the right to withdraw it at any time.
  2. Right of Access: You have the right to access and request a copy of your Personal Data.
  3. Right to Rectification: You have the right to have your inaccurate or incomplete Personal Data rectified.
  4. Right to Erasure (‘Right to be Forgotten’): You have the right to request us to erase or destroy your data in certain cases.
  5. Right to Restrict Processing: You have the right to request us to restrict the processing of your data in certain cases.
  6. Right to Data Portability: You have the right to receive your Personal Data in a commonly used and machine-readable format and to have it transferred to another Data Controller.
  7. Right to Object: You have the right to object to the processing of your Personal Data in certain cases, such as for direct marketing.
You can exercise these rights by contacting us through the channels specified in Section 11. Please note that the exercise of your rights may be subject to legal limitations and may affect our ability to provide certain services to you.
9. Use of Cookies
In cases where our service involves a website, we may use cookies and similar technologies to help us provide the Service efficiently and to improve your user experience.
10. Changes to this Privacy Policy
We may review and amend this Privacy Policy from time to time to align with changing practices and laws. We will notify you of any significant changes through appropriate communication channels, such as an in-app notification or email.
11. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your rights as a Data Subject, you may contact us or our Data Protection Officer (DPO) at:
Data Controller
Company: One Wallet Co., LtdAddress: 11/2, 11th Floor, P 23 Building, Soi Sukhumvit 23, Sukhumvit Road, Khlong Toei Nuea, Watthana, Bangkok 10110, Thailand.Contact Channel: [email protected], +66979879664
Data Protection Officer (DPO)
Attention: Data Protection OfficerAddress: 11/2, 11th Floor, P 23 Building, Soi Sukhumvit 23, Sukhumvit Road, Khlong Toei Nuea, Watthana, Bangkok 10110, Thailand.Contact Channel: [email protected], +66979879664

One Wallet Co., Ltd.

11/2 P23 Building, Fl. 10 Room 1021, Soi Sukhumvit 23 Sukhumvit Road, North KlongToey, Wattana, Bangkok 10110

Phone: +66 979879664

One Wallet 2025. All rights reserved.