Privacy policy

Privacy Policy under Thailand PDPA.

1. Data Controller

This Privacy Policy applies to services provided by:

The One Exchange Co., Ltd.
Thailand
Contact: info@the-one.exchange

The One Exchange Co., Ltd. acts as the data controller for personal data collected in connection with money exchange services, customer verification, transaction processing and related services.

2. Legal Basis

We collect, use, disclose and store personal data in accordance with:

  • Personal Data Protection Act B.E. 2562 (PDPA) of Thailand;
  • applicable AML/CFT requirements;
  • KYC and customer due diligence requirements;
  • accounting, tax and legal obligations;
  • legitimate business and security interests where permitted by law.

3. Personal Data We May Collect

We may collect the following categories of personal data:

  • full name;
  • passport or national ID details;
  • nationality;
  • date of birth;
  • contact information;
  • photographs or copies of identification documents;
  • transaction details;
  • payment and banking information;
  • wallet addresses where applicable;
  • CCTV recordings;
  • website usage and technical data.

4. Purposes of Processing

We may process personal data for the following purposes:

  • customer identification and verification;
  • KYC and AML/CFT compliance;
  • transaction execution and verification;
  • fraud prevention and risk management;
  • customer support and communication;
  • accounting, audit, tax and legal compliance;
  • internal security and protection of customers, staff and property;
  • responding to lawful requests from authorities.

5. Disclosure of Personal Data

Where necessary and legally permitted, personal data may be disclosed to:

  • Thai government authorities;
  • regulators;
  • law enforcement agencies;
  • banks and financial institutions;
  • payment service providers;
  • compliance service providers;
  • accounting, audit and legal advisors;
  • IT and security service providers.

We do not sell personal data.

6. International Transfers

Some systems, service providers or technical infrastructure may process or store data outside Thailand.

Where required by law, we apply appropriate safeguards for international transfers of personal data.

7. Data Retention

We retain personal data only for as long as necessary for:

  • the purposes for which it was collected;
  • AML/CFT and KYC requirements;
  • accounting, tax and audit requirements;
  • legal and regulatory obligations;
  • dispute resolution;
  • fraud prevention and security.

When personal data is no longer required, it will be deleted, destroyed or anonymized where legally and technically possible.

8. Data Subject Rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request a copy of your personal data;
  • request correction of inaccurate data;
  • request deletion or destruction where legally possible;
  • object to certain processing;
  • request restriction of processing;
  • withdraw consent where consent is the legal basis;
  • file a complaint with the relevant authority.

Requests may be sent to: info@the-one.exchange

Some requests may not be fulfilled if we are required to retain or process the data under AML/CFT, accounting, tax, legal or regulatory obligations.

9. Security Measures

We use reasonable technical and organizational measures to protect personal data against:

  • unauthorized access;
  • unauthorized disclosure;
  • loss;
  • alteration;
  • destruction;
  • misuse.

Access to personal data is restricted to authorized staff and service providers who need access for legitimate business, compliance or legal purposes.

10. CCTV

CCTV may be used inside and around our premises for:

  • security;
  • fraud prevention;
  • protection of customers, staff and property;
  • AML/CFT and transaction verification support;
  • dispute investigation.

CCTV recordings may be disclosed to authorities where legally required or permitted.

11. Cookies and Website Data

Our website may use cookies, analytics, security tools and technical data to:

  • operate the website;
  • improve website functionality;
  • protect the website from fraud, abuse and unauthorized access;
  • analyze general usage.

12. Updates to This Policy

We may update this Privacy Policy from time to time.

The latest version will be available on our website.

Last updated: May 2026