Privacy Policy

T-Box (Thailand) Co., Ltd. ("the Company") respects your privacy and is committed to protecting your personal data. We comply with the Personal Data Protection Act ("PDPA") and related laws to ensure that your information is collected, used, and stored securely and only for lawful purposes.

Your personal data will be processed with care, transparency, and in line with this Policy. The Company will not use or disclose your information for any purpose other than those specified, unless required by law or with your consent.

We are committed to safeguarding your data and upholding your rights under the PDPA.

1. Definitions

Company

T-Box (Thailand) Co., Ltd., as a ICO Portal service provider to you

Personal Data

Personal data means any information that can identify you, either directly or indirectly. Please note that information about deceased persons is not considered personal data under the Personal Data Protection Act.

Sensitive Personal Data

Your personal data is defined under the Personal Data Protection Act and relevant laws. The Company does not intend to collect sensitive personal data from you. However, in certain circumstances, it may be necessary for the Company to collect such data in order to provide services or products. In these cases, the Company will collect, use, and/or disclose sensitive personal data only with your explicit consent or where required by law, on a case-by-case basis.

Website

https://versa.financial/

Application

Versa Application which you can download only from Google Play or Apple Store.

ICO Portal

The company that has been granted a license as an ICO Portal by the Securities and Exchange Commission (SEC).

Issuer

Companies that issue digital tokens to raise funds and invest in various products as specified in the digital token offering registration statement and white paper, which have been approved to offer digital tokens by the Securities and Exchange Commission (SEC).

The Company's Business Partners

Companies that partner with the Company for marketing or promotional purposes.

Third Party

Companies and/or government agencies that are external service providers of the Company related to the processing of personal data, including:

  • DAOL SECURITIES (THAILAND) PUBLIC COMPANY LIMITED
  • APOLLO WEALTH SECURITIES Co., Ltd.
  • Appman Co., Ltd.
  • Onemoby Co., Ltd. (Thaibulk SMS)
  • Digital token underwriters
  • and/or other companies or government agencies

Government Agencies and/or Agencies Responsible for Regulating the Company

  • The Securities and Exchange Commission
  • The Anti-Money Laundering Office
  • The Revenue Department
  • The Personal Data Protection Committee

The Company's Products or Services

Providing the digital token offering system, including any other services that enable you to receive the Company's services, in accordance with the service contract between you and the Company, such as problem solving, receiving complaints, or contacting to provide information about the Company, etc.

Individual Customers

Individuals who use and/or have used the Company's products, those who inquire about the Company's products and/or services, those who receive information about the Company's products and/or services through various channels, and those who are offered or invited by the Company's business partners and/or the Company to use or receive the Company's products and/or services. The Company does not accept individuals under the age of 20 as its individual customers, and the Company will not knowingly collect personal information from children under the age of 20.

Individuals Who Are Related to the Company's Corporate Clients

Individuals who are directly or indirectly related to the Company's corporate clients, which may include but are not limited to corporate clients interested in investing in various types of digital tokens and corporate clients interested in and/or are issuers of digital tokens.

Individuals Who Are Involved in the Company's Transactions or the Company's Customers

Individuals involved in the Company's or its customers' transactions, such as: Contacts/Coordinators, Employees/staff/officers/personnel, Family members, Individuals referred or referred by the Company's customers, Partners, Individuals who have made payments to or received payments from the Company's customers, and other individuals to whom the Company may obtain personal data in connection with customer transactions.

Juristic Person Customer

Legal entities established under Thai law who wish to open an account for use in conducting transactions and/or using the Company's products and services.

Employee, Staff, Officer, and Company Personnel Information

A detailed resume or CV, qualifications, employment history, background check, references, and/or any other documents the Company may request for use in entering into an employment contract.

2. Who Does This Policy Apply To? And Types of Personal Data We Collect

2.1 This Policy applies to:

  • Individual customers of the Company
  • Individuals who are related to the Company's corporate clients
  • Individuals who are involved in the Company's transactions or the Company's customers
  • Juristic Person customer
  • Visitors to our website, application, or communication channels
  • Employees, staff, and contractors of the Company

2.2 Types of Personal Data We Collect

Depending on your relationship with us, we may collect:

  • Identification details (e.g., name, ID/passport number, date of birth, nationality)
  • Contact information (e.g., address, phone number, email)
  • Financial details (e.g., bank account, income, investment source)
  • Verification data (e.g., KYC/KYB documents, investment knowledge test results)
  • Digital information (e.g., IP address, device ID, browsing activity, cookies)
  • Investment Understanding Information (e.g., Knowledge test results)
  • Transaction history related to digital tokens and services you use with us
  • Employment-related Information (for staff and applicants) (e.g., Resume details, qualifications, work history, background checks, references)

Note: In the event that you have provided a photograph or a copy of your ID card which contains sensitive personal information, such as religion, race, and/or blood type, the Company does not intend to collect, compile, use, or disclose such information. You may mask it using various methods before submitting it to the Company. In the event that you do not mask it, the Company reserves the right to mask it for you without any processing of such information.

Important: We do not knowingly collect data from anyone under the age of 20.

2.3 Sensitive Personal Data

The Company does not intend to collect sensitive personal data from you. However, in certain cases, it may be necessary for the Company to collect sensitive personal data in order to provide services or products to you. In such circumstances, the Company will collect, use, and/or disclose sensitive personal data only with your explicit consent, or as otherwise permitted by law, and only on a case-by-case basis.

2.4 Personal Data of Minors, Incompetent Persons, or Quasi-Incompetent Persons

The Company does not accept individuals under the age of 20 as Individual customers and has no intention of collecting, using, and/or disclosing the personal data of persons under the age of 20. Likewise, the Company does not intend to collect, use, and/or disclose the personal data of incompetent or quasi-incompetent persons unless the necessary consent has been obtained from a legal guardian, curator, or custodian, as the case may be.

If the Company becomes aware that it has collected, used, and/or disclosed the personal data of a minor, incompetent person, or quasi-incompetent person without the required consent of the legal guardian, curator, or custodian (as applicable), the Company will delete or destroy such personal data, or process such data only where another legal basis under the PDPA applies, without relying on consent.

3. Purpose of collecting, using and/or disclosing your personal data

3.1 Consent

3.1.1 Sensitive Personal Data

The Company will only collect, use, and/or disclose your sensitive personal data with your explicit consent. This includes biometric information, such as facial recognition (live selfie) processed by our system for identity verification, and signatures.

If you do not provide consent, the Company reserves the right to decline your application as a customer and to refuse any transactions with you without prior notice.

3.1.2 Marketing Activities

The Company may collect, use, and/or disclose your personal data for only marketing purposes with product and/or service different types as you have with the Company with your explicit consent. This may include:

  • Sending product and/or service offers
  • Invitations to participate in special activities, promotions, or events organized by the Company, business partners, or other entities
  • Sharing news, recommendations, and tailored promotions
  • Developing marketing strategies beyond products and/or services

Consent may be requested directly by the Company or through business partners and/or other entities on a case-by-case basis.

3.2 Other Legal Bases (Beyond Consent)

The Company may collect, use, and/or disclose your personal data without consent, relying on other lawful bases as permitted by applicable law, including:

  • Contractual Basis: Where processing is necessary for the performance of a contract or to take steps at your request prior to entering into a contract.
  • Legitimate Interest: Where processing is necessary for the Company's legitimate interests, provided such interests are not overridden by your rights.
  • Legal Obligation: Where processing is necessary to comply with applicable laws, regulations, or legal orders.
  • Other Legal Grounds: As otherwise permitted by relevant laws.

All processing activities will be carried out only as necessary and with due consideration to balance the Company's lawful rights and your rights as a data subject.

4. Disclosure of Personal Data

We do not sell or rent your personal data. However, we may share it with:

  • Regulatory Authorities: e.g., SEC, AMLO, PDPC, Revenue Department, courts.
  • Issuers: When you subscribe to or invest in their digital tokens.
  • Business Partners & Service Providers: Custodian of investors' digital token subscription funds, payment processors, IT/cloud providers (e.g., AWS), SMS/email service providers, KYC verification vendors.
  • Professional Advisors: Auditors, legal counsel, consultants.
  • Affiliated Companies: Within the same business group, where necessary and lawful.

For a detailed description of third parties, please refer to the definition of "Third Party" in the Definitions section of this Policy.

5. Cross-Border Transfer of Personal Data

The Company may need to transfer your personal data to information technology service providers for data storage on cloud systems. At present, the Company uses the services of Amazon Web Services (AWS), a leading international cloud computing provider with globally recognized standards for information security. AWS servers are located overseas and are certified under international standards for data management and personal data protection.

The Company has carefully selected service providers with proven expertise and adequate security measures in compliance with applicable laws. This ensures that your personal data will be stored securely, protected against unauthorized access, and safeguarded from leakage or misuse.

6. Retention of Personal Data

We will retain your personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by law.

  • If you do not complete your registration, your data will be deleted unless required by law.
  • If you terminate your account or relationship with us, we may retain your data for up to 10 years, depending on legal obligations (e.g., anti-money laundering requirements).

7. Cookies and Online Tracking

Our website and application use cookies and similar technologies to:

  • Improve your browsing experience
  • Remember your preferences and settings
  • Analyze traffic and usage patterns
  • Deliver services and promotions tailored to your interests

You can control cookies through your browser settings, but disabling them may affect your experience.

8. Your Rights Under the PDPA

As a data subject, you have the right to:

  1. Access – Request a copy of your personal data.
  2. Rectification – Correct or update your information.
  3. Deletion – Request deletion or anonymization of your data when no longer necessary.
  4. Restriction – Request suspension of data use under certain conditions.
  5. Data Portability – Request transfer of your data in a structured format (where applicable).
  6. Objection – Object to certain processing, such as direct marketing.
  7. Withdraw Consent – Revoke consent at any time, without affecting previous lawful processing.
  8. Lodge a Complaint – File a complaint with the regulator (PDPC) if you believe your rights have been violated.

When you submit a request to exercise your rights as set out in this Policy, the Company will carefully and thoroughly consider your request and will notify you of the outcome within 30 days from the date the request is received. The Company will not charge you any fees for exercising your rights, except in the case of a request to withdraw consent, where the Company will process your request as promptly as possible.

Please note, however, that exercising certain rights may affect your ability to access certain benefits, privileges, or services provided by the Company. In such cases, the Company will clearly inform you of the potential impact before proceeding with your request.

9. Contact Us

If you have questions or wish to exercise your rights, please contact:

T-Box (Thailand) Co., Ltd.

93/1 GPF Witthayu Building, Room 805, 8th Floor, Witthayu Road, Lumpini, Pathumwan, Bangkok 10330

Tel: 082-9899941

Email: cs@tbox.net with Topic: Questions about the Company's personal data protection or wish to exercise my rights

10. Updates to This Policy and Enforcement and Interpretation

We review and update this Policy regularly to reflect changes in practices, laws, or regulations. Updates will be announced through our website at https://versa.financial/legal/privacy-policy and/or Application.

This Policy shall take effect from the date it is first published on the Company's website and/or application. In the event of any doubt or ambiguity regarding the interpretation of this Policy, the Thai version shall prevail.

Last updated: October 10, 2025

Versa Logo

T-BOX (Thailand) Co., Ltd. (Head Office)

GPF Witayu Towers 93/1 Withayu Rd
Lumphini, Pathum Wan, Bangkok 10330
Tax ID # 0105561143424

© 2025 T-BOX (Thailand) Co., Ltd.