Personal Data Protection Policy for Shareholders and Directors
This privacy policy was prepared by Thaire Life Assurance Public Company Limited (the Company) with the objective of notifying the Data Subject (“Data Subject” or “You”) of the collection, use and/or disclosure of your personal data, including rights pursuant to laws concerning your personal data.
The Company recognizes the importance of maintaining data security. Therefore, the Company made this privacy policy in compliance with laws, regulations, criteria and practice guidelines in the area of personal data protection with approval from the Board of Directors’ Meeting on 17 November 2020. This policy is the main policy of the organization and is equal in importance to other main business policies. Every executive and employee are required to strictly follow this policy.
1. Personal Data Collected by the Company
The Company’s business is a business-to-business operation. The Company does not contact the insured directly. Therefore, acquisition of personal data of the insured or beneficiaries is acquisition from the disclosure of the life insurance company which is the insurer directly to the insured as reinsurance counterparty with the company, pursuant to Section 27 paragraph 2 of the Personal Data Protection Act B.E. 2562 (2019) (PDPA). The Company may use or disclose personal data according to objectives notified to the life insurance company when requesting that personal data.
As a reinsurer, the Company processes the following personal data:
2. Company Objectives in Collecting, Using, or Disclosing Personal Data
The Company’s main business is life reinsurance. This is a case where the direct insurer of the insured person transfers all or part of insurance risks to the Company. In a reinsurance contract, the life insurance company (reinsured) as a data controller needs to transfer or disclose all or part personal data of the insured or beneficiaries to the Company (reinsurer) in order to process that personal data according to the objectives of the reinsurance contract both underwriting and compensating for benefits and claims according to the reinsured proportion.
In other activities related to business operations, if the Company has the authority and duty to make decisions concerning personal data collection, the Company will not collect personal data without consent from the Data Subject except in the following cases where data collection is permitted by the law without requiring consent:
(1) To prevent or suppress hazards to life, body or health.
(2) Necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
(3) Necessary for the performance of a task carried out in the public interest.
(4) Necessary for the purposes of the legitimate interests by the Company.
(5) Necessary for compliance with a legal obligation of the Company.
In the case of personal data related to racial or ethnic origin, political opinions, ideological, religious or philosophical beliefs, sexual behavior, criminal background, health information, disability, labor union data, genetic data, biometric data or any other data with similar impact on the Data Subject which may cause feelings of unfair or unequal discrimination to individuals, the Company will not collect personal data without explicit consent from the Data Subject except in the following cases:
(1) To prevent or suppress hazards to the life, body or of natural person where the Data Subject is incapable of giving consent for any reason.
(2) Personal data was disclosed to the public with explicit consent from the Data Subject.
(3) Necessary for the establishment, exercise or defense of legal claims
(4) Necessary for purpose of achieve objectives related to employee performance assessment, labor protection, social security, national health security, treatment benefits of persons entitled under the law, protection for motor vehicle victims, social protection, or significant public interest.
The Company processes personal data based on professional standards and objectives of reinsurance contract for underwriting as well as payment of benefits and claims according to reinsurance proportion. Furthermore, the Company processes personal data for other objectives, such as design of new products and/or services, advanced data analysis, and statistical or actuarial research, financial reports or assessments, compliance with specifications under the Company’s internal policies including internal or external audits of the Company’s business including other necessary actions directly related to the abovementioned objectives. If objectives change after requests for personal data, the Company will notify to the life insurance company and make records of amendments as evidence.
The Company will not perform any actions apart from specified data collection objectives, except in the following cases:
(1) The Company notified the Data Subject of new objectives and gained consent from the Data Subject.
(2) The Company acts in compliance with PDPA or other related laws.
If the Company relies on your consent to collect, use and/or disclose personal data, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect on activities related to collection, use and/or disclosure of personal data based on consent prior to withdrawal.
3. Disclosure of Your Personal Data
The Company may disclose your personal data to other persons under these specifications:
(1) A limited number of the Company employees involved can access and process personal data. The Company checks the aforementioned access rights regularly to ensure that data is used only as necessary for the purpose of personal data processing.
(2) Government agencies or other agencies that carry out their duties or legal authorities, such as the Office of Insurance Commission, the Anti-Money Laundering Office, the Bank of Thailand, the National Anti-corruption Commission, the Securities and Exchange Commission, and the Royal Thai Police.
(3) In cases permitted by the law or cases where disclosure is necessary to achieve personal data processing purposes, the Company may disclose that personal data to the following persons: data processing service provider, such as information technology services, data analysis services, marketing services, research services, etc., and the Company’s consultants, such as lawyers, doctors and certified public accountants, etc.
Disclosure of personal data to the aforementioned persons, the Company will take action to direct the aforementioned persons to keep personal data confidential and not use personal data for other purposes outside the scope prescribed by the Company.
4. Transfers of Personal Data to Other Countries
Personal data may be transferred to any person or entity that provides services, storage or processing of personal data which are located outside Thailand. Personal data will be transferred to other places according to conditions regarding to personal data protection under PDPA.
5. Personal Data Collection Period
The Company will store personal data for only the period necessary for specified personal data collection and processing objectives, or until the relationship between the Data Subject and life insurance companies is terminated, or according to specifications of the law.
The Company takes appropriate action to erase, destroy, or anonymous upon the end of data storage period, or when requested by the Data Subject.
6. Data Subject Rights
Under limitations of personal data protection laws, the Data Subject has the following rights:
(1) Right to access: the Data Subject has the right to request access and copies of personal data relating to him or her which is the responsibility of the Company.
(2) Right to rectification: the Data Subject has the right to request the Company to rectify your data to be accurate, up to date, complete and not misleading. In cases where the Data Subject requests the Company to rectify and the Company does not comply with the request, the Company shall record the Data Subject’s request and specify reasons, to allow the Data Subject and the Office of the Personal Data Protection Commission to check.
(3) Right to data portability: In case that the personal data is in automatic machine-readable or usable format, the Data Subject has the right to request the Company to transfer the personal data in such format directly to other data controllers if doable by automatic means.
(4) Right to object: the Data Subject has the right to object to collection, use or disclosure of your personal data at any time under conditions prescribed by law.
(5) Right to processing suspension: the Data Subject has the right to request the Company to suspend use of personal data under conditions prescribed by law.
(6) Right to withdraw consent: the Data Subject has the right to withdraw consent at any time by withdrawing consent in writing or via electronic mail. However, may have limitations to the right to withdraw consent due to laws or agreements that grant benefits to the Data Subject. Withdrawal of consent does not affect on collection, use or disclosure of personal data based on consent before its withdrawal.
7. How to Contact the Company
In cases where you have questions concerning collection, use and/or disclosure of your personal data or you wish to exercise rights as the Data Subject, you can contact the Company at:
Data Protection Officer (DPO)
THAIRE LIFE ASSURANCE PUBLIC COMPANY LIMITED
48/15 Soi Rajchadapisek 20, Rajchadapisek Road,
Samsennok, Huaykwang Bangkok 10310
Tel: (662) 666 9000 Facsimile: (662) 277 6227
E-mail: pdpa@thairelife.co.th
The Company recognizes the importance of maintaining data security. Therefore, the Company made this privacy policy in compliance with laws, regulations, criteria and practice guidelines in the area of personal data protection with approval from the Board of Directors’ Meeting on 17 November 2020. This policy is the main policy of the organization and is equal in importance to other main business policies. Every executive and employee are required to strictly follow this policy.
1. Personal Data Collected by the Company
The Company’s business is a business-to-business operation. The Company does not contact the insured directly. Therefore, acquisition of personal data of the insured or beneficiaries is acquisition from the disclosure of the life insurance company which is the insurer directly to the insured as reinsurance counterparty with the company, pursuant to Section 27 paragraph 2 of the Personal Data Protection Act B.E. 2562 (2019) (PDPA). The Company may use or disclose personal data according to objectives notified to the life insurance company when requesting that personal data.
As a reinsurer, the Company processes the following personal data:
- Ordinary personal data, such as first name, last name, identification number, date of birth, age, occupation, gender, marital status, photograph, telephone number, address and passport number, etc.
- Financial Data: The Company may process data on income, income sources, bank accounts, bank account activity, loans, investments, credit cards or data related to other payments.
- Data in life insurance contract, such as life insurance information held by the Data Subject.
- Health and medical data, such as history of medical treatment, record of medical examinations, medication dispensing history including health-related questions and any data or matter concerning life insurance policies or claims.
2. Company Objectives in Collecting, Using, or Disclosing Personal Data
The Company’s main business is life reinsurance. This is a case where the direct insurer of the insured person transfers all or part of insurance risks to the Company. In a reinsurance contract, the life insurance company (reinsured) as a data controller needs to transfer or disclose all or part personal data of the insured or beneficiaries to the Company (reinsurer) in order to process that personal data according to the objectives of the reinsurance contract both underwriting and compensating for benefits and claims according to the reinsured proportion.
In other activities related to business operations, if the Company has the authority and duty to make decisions concerning personal data collection, the Company will not collect personal data without consent from the Data Subject except in the following cases where data collection is permitted by the law without requiring consent:
(1) To prevent or suppress hazards to life, body or health.
(2) Necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
(3) Necessary for the performance of a task carried out in the public interest.
(4) Necessary for the purposes of the legitimate interests by the Company.
(5) Necessary for compliance with a legal obligation of the Company.
In the case of personal data related to racial or ethnic origin, political opinions, ideological, religious or philosophical beliefs, sexual behavior, criminal background, health information, disability, labor union data, genetic data, biometric data or any other data with similar impact on the Data Subject which may cause feelings of unfair or unequal discrimination to individuals, the Company will not collect personal data without explicit consent from the Data Subject except in the following cases:
(1) To prevent or suppress hazards to the life, body or of natural person where the Data Subject is incapable of giving consent for any reason.
(2) Personal data was disclosed to the public with explicit consent from the Data Subject.
(3) Necessary for the establishment, exercise or defense of legal claims
(4) Necessary for purpose of achieve objectives related to employee performance assessment, labor protection, social security, national health security, treatment benefits of persons entitled under the law, protection for motor vehicle victims, social protection, or significant public interest.
The Company processes personal data based on professional standards and objectives of reinsurance contract for underwriting as well as payment of benefits and claims according to reinsurance proportion. Furthermore, the Company processes personal data for other objectives, such as design of new products and/or services, advanced data analysis, and statistical or actuarial research, financial reports or assessments, compliance with specifications under the Company’s internal policies including internal or external audits of the Company’s business including other necessary actions directly related to the abovementioned objectives. If objectives change after requests for personal data, the Company will notify to the life insurance company and make records of amendments as evidence.
The Company will not perform any actions apart from specified data collection objectives, except in the following cases:
(1) The Company notified the Data Subject of new objectives and gained consent from the Data Subject.
(2) The Company acts in compliance with PDPA or other related laws.
If the Company relies on your consent to collect, use and/or disclose personal data, you have the right to withdraw such consent at any time. Withdrawal of consent does not affect on activities related to collection, use and/or disclosure of personal data based on consent prior to withdrawal.
3. Disclosure of Your Personal Data
The Company may disclose your personal data to other persons under these specifications:
(1) A limited number of the Company employees involved can access and process personal data. The Company checks the aforementioned access rights regularly to ensure that data is used only as necessary for the purpose of personal data processing.
(2) Government agencies or other agencies that carry out their duties or legal authorities, such as the Office of Insurance Commission, the Anti-Money Laundering Office, the Bank of Thailand, the National Anti-corruption Commission, the Securities and Exchange Commission, and the Royal Thai Police.
(3) In cases permitted by the law or cases where disclosure is necessary to achieve personal data processing purposes, the Company may disclose that personal data to the following persons: data processing service provider, such as information technology services, data analysis services, marketing services, research services, etc., and the Company’s consultants, such as lawyers, doctors and certified public accountants, etc.
Disclosure of personal data to the aforementioned persons, the Company will take action to direct the aforementioned persons to keep personal data confidential and not use personal data for other purposes outside the scope prescribed by the Company.
4. Transfers of Personal Data to Other Countries
Personal data may be transferred to any person or entity that provides services, storage or processing of personal data which are located outside Thailand. Personal data will be transferred to other places according to conditions regarding to personal data protection under PDPA.
5. Personal Data Collection Period
The Company will store personal data for only the period necessary for specified personal data collection and processing objectives, or until the relationship between the Data Subject and life insurance companies is terminated, or according to specifications of the law.
The Company takes appropriate action to erase, destroy, or anonymous upon the end of data storage period, or when requested by the Data Subject.
6. Data Subject Rights
Under limitations of personal data protection laws, the Data Subject has the following rights:
(1) Right to access: the Data Subject has the right to request access and copies of personal data relating to him or her which is the responsibility of the Company.
(2) Right to rectification: the Data Subject has the right to request the Company to rectify your data to be accurate, up to date, complete and not misleading. In cases where the Data Subject requests the Company to rectify and the Company does not comply with the request, the Company shall record the Data Subject’s request and specify reasons, to allow the Data Subject and the Office of the Personal Data Protection Commission to check.
(3) Right to data portability: In case that the personal data is in automatic machine-readable or usable format, the Data Subject has the right to request the Company to transfer the personal data in such format directly to other data controllers if doable by automatic means.
(4) Right to object: the Data Subject has the right to object to collection, use or disclosure of your personal data at any time under conditions prescribed by law.
(5) Right to processing suspension: the Data Subject has the right to request the Company to suspend use of personal data under conditions prescribed by law.
(6) Right to withdraw consent: the Data Subject has the right to withdraw consent at any time by withdrawing consent in writing or via electronic mail. However, may have limitations to the right to withdraw consent due to laws or agreements that grant benefits to the Data Subject. Withdrawal of consent does not affect on collection, use or disclosure of personal data based on consent before its withdrawal.
7. How to Contact the Company
In cases where you have questions concerning collection, use and/or disclosure of your personal data or you wish to exercise rights as the Data Subject, you can contact the Company at:
Data Protection Officer (DPO)
THAIRE LIFE ASSURANCE PUBLIC COMPANY LIMITED
48/15 Soi Rajchadapisek 20, Rajchadapisek Road,
Samsennok, Huaykwang Bangkok 10310
Tel: (662) 666 9000 Facsimile: (662) 277 6227
E-mail: pdpa@thairelife.co.th