Personal Data Protection Policy for Individual
Thaire Life Assurance Public Company Limited recognizes the importance of the personal privacy right and personal data right, which is the fundamental human right which shall be protected and respected. Therefore, the Company made this privacy policy to be a guidance in order to ensure the compliance with Personal Data Protection Act B.E. 2562 and to protect the privacy right of the Data Subject together with aiming to inform the method of the collection, use and/or disclosure of the Personal Data, including data subject’s rights pursuant to the laws.
Definition
| “Company” | means | Thaire Life Assurance Public Company Limited |
| “PDPA” | means | The Personal Data Protection Act B.E. 2562 |
| “Personal data” | means | any information relating to the person which can directly or indirectly identify the individuals, but does not include the data of the death. |
| “Data Controller” | means | individual or juristic person who is authorized to decide the processing of personal data according to Personal Data Protection Laws. |
| “Data Subject” | means | any natural person who can be identified by such personal data. |
1. Personal Data Collected by the Company
The Company will collect, use or disclose the following Personal Data:
The legal basis to process the Personal Data as follows:
3. Duration of Personal Data collection and the erasure or destroy of Personal Data
4. Disclosure of Your Personal Data
5. Transfer of Personal Data to Other Countries
6. Security measure in protecting the Personal Data
7. Data Subject Rights
8. Modification of the Policy
9. How to Contact the Company
Data Protection Officer (DPO)
The Company’s core business is a reinsurance business which is a business-to-business operation. However, in case any individual applies to any marketing promotion or campaign launches by the Company and/or business partners i.e. in case the Company and/or business partners arrange a marketing activity or privilege through a specific website, application or platform that the Company and/or business partners use as an advertising portal, in such cases, the Company may directly collect use or disclose the Personal data from the Data Subject pursuant to Section 19 of PDPA or indirectly collect, use or disclose the Personal data received from the business partner pursuant to Section 27 of PDPA.
The Company will collect, use or disclose the following Personal Data:
- Personal identifiable information i.e. first name, last name, occupation, gender, age, signature, marital status, photograph,
- Contact information i.e. telephone number, address, e-mail, and Data Subject’s social media.
- Technical information such as website and data system of the Company, computer traffic information (log), record of data, referring website, function used in system and data that collected through cookies or other similar technologies.
The Company shall process the personal data of an individual with the professional standard for business objectives as following:
- For collaborate with the business partner to offer the sell or decide a product or service relating to life insurance.
- For marketing research, data insight analysis and statistic research or actuary.
- For process the data subject website, application and online platform accessing behavior to analyze the using pattern and respond Data Subject’s interest for personalize marketing.
- For comply with internal regulation, including internal and external audit.
- For legal requirement which stipulated by the competent authority or enforcement body i.e. announcement of OIC, Anti-Money laundering Office.
- For perform contractual obligation or Data Subject’s request
- For manage the Personal data pursuant to IT security management and regulation.
- For security purpose of the employee, third party or Company’s asset.
- For other objective which the Company informs at the time of collecting the personal data.
- For other necessary purpose relating to the above objectives.
The legal basis to process the Personal Data as follows:
|
Legal Basis
|
Explanation |
| Legitimate interest | The Personal Data which the Company collects, uses or received by any third party, the Company shall process the Personal data for internal management purpose, develop product, service or pricing, risk management or internal and external audit. |
| Consent | The Personal Data which the Company obtains the consent from Data Subject to collect, use or disclose to business partners for marketing purpose, the Company shall process the Personal Data according to the consent of Data Subject or the consent that Data Subject given to the business partner. The Company will ensure that before the business partner transfers or discloses the Personal data to the Company, the Data subject has been properly consent on the disclosure. In the event that the Company uses the consent as a legal basis to collect, use or disclose the personal data for marketing purpose, the Data Subject is authorized to reject given the consent, however, if the consent is the condition to obtain a special privilege or marketing privilege (not relating to the core activity/transaction), the Company reserves the right to reject given such special privilege or marketing privilege to the Data Subject. |
| Legal obligation | The Company may collect, use or disclose the Personal Data of the Data Subject in order to comply with the regulatory requirement or comply with the regulation or an order of the competent authority I.e. authorized government body, supervisory body, Personal Data Protection Commission or other competent bodies |
In case the Company has to collect the Personal Data for the regulatory requirement or for contractual obligation, if the Data Subject rejects to provide the Personal Data or objects the processing of the Personal Data, the Company will not be able to complete the service as request. Furthermore, in general the Company will not collect, use or disclose the personal data of the children, incompetent person or quasi-incompetent person but in case of necessary, the Company will ask for the consent from the legal representatives as specified by law.
3. Duration of Personal Data collection and the erasure or destroy of Personal Data
The Company will store personal data as necessary to complete the processing’s objectives as mentioned above, or until the relationship between the Data Subject and the business partner is terminated, or according to the regulatory requirement on the establishment of the right of Data Subject or perform according to the Data Subject request.
The Company may take an appropriate action to erase, destroy, or anonymous upon the data retention period or the Personal Data is no longer necessary to collect, or when requested by the Data Subject, without prior notify to the Data Subject.
4. Disclosure of Your Personal Data
Upon a necessary basis, the specific employees shall be entitled to access and process the Personal Data. The Company shall regularly verify the access right of the employees to ensure that the Personal Data is processed on a necessary basis to complete the objective of data processing. The Company may disclose the Personal Data to other persons under these specifications:
- Government agencies or other competent agencies, such as the Office of Insurance Commission, the Anti-Money Laundering Office, Bank of Thailand, the National Anti-corruption Commission, the Securities and Exchange Commission, court and the Royal Thai Police.
- Related party such as data processing service provider, such as information technology services, data analysis services, marketing services, research services, etc., and the Company’s consultants, such as lawyers, doctors and certified public accountants, etc.
- Business partners such as life insurance broker and Life Insurance Company which collaborate in product or service development.
Disclosure of personal data to the aforementioned persons, the Company will take an action to ensure that the aforementioned persons has keep the confidentiality obligation and not use Personal Data for other purposes outside the scope prescribed by the Company.
5. Transfer of Personal Data to Other Countries
Personal data may be transferred to any person or entity that provides services, storage or processing of personal data which are located outside Thailand. Personal data will be transferred to other country according to conditions as stipulated in PDPA or other Personal Data Protection law.
6. Security measure in protecting the Personal Data
The Company realizes the important of protecting the personal data security, thus specified a technical and organizational measure, including physical measure to properly protect the personal data security by concerning 3 principles which are Confidentiality, Integrity and Availability i.e. the standard of IT security in personal data access control, which include the permission to access the personal data, user access control, the role and responsibility of the user, user access management, access log and physical security control to protect the loss, access, destroy, use, modify or disclose the personal data from an unauthorized persons.
The Company shall regularly review the security measure or promptly review the measure in case of a necessary change to the regulation or technology to ensure the efficiency of the security measurement.7. Data Subject Rights
Pursuant to PDPA, the Data Subject has the following rights:
|
Right of the Data Subject
|
Brief explanation |
| Right to withdraw consent | Data Subject has the right to withdraw consent at any time (no matter the consent has been given to the Data Subject prior to the enforcement of the law or not) except, there is a limitations by law or contractual obligation that grant benefits to the Data Subject. Withdrawal of consent does not affected on collection, use or disclosure of personal data based on consent before the withdrawal and by exercising the right to withdraw the consent, the Company might not be able to complete a part or the whole transaction as per the objective of the transaction as specified in this policy. |
| Right to be informed | Data Subject has a right to be informed of the purpose and obtain the information as specified by law before or at the time of Personal Data collection. |
| Right to access | Data Subject has the right to request access and copy of personal data relating to him or her which is under the possession of the Company. |
| Right to object | Data Subject has the right to object the collection, use or disclosure of Personal Data any time under conditions prescribed by law |
| Right to be forgotten | Data Subject has a right to request the Company to delete, destroy or anonymized the Personal Data. |
| Right to restriction of processing | Data Subject has the right to request the Company to suspend the use of Personal Data under conditions prescribed by law. |
| Right to rectification | Data Subject has the right to request the Company to rectify the Personal Data to be accurate, up to date, complete and not mislead. |
| Right to data portability | In case that the personal data is in automatic machine-readable or usable format, the Data Subject has the right to request the Company to transfer the personal data in such format directly to other data controllers if doable by automatic means. |
| Right to lodge a complaint | Data Subject has the right to file the complaint to the competent authorities in case the Data Subject has an evidence that the Company breaches the law or found any misuse of Personal Data |
The Company may modify or develop this policy in order to comply with the company activities and objective in collecting, using or disclosing the Personal Data or to comply with the change in regulatory requirement. In this regard, the Data Subject shall timely check the update version of this policy.
9. How to Contact the Company
In case the Data Subject has any questions concerning the collection, use and/or disclosure of the Personal Data or wish to exercise the rights as the Data Subject, The Data Subject may contact the Company at:
Data Protection Officer (DPO)
THAIRE LIFE ASSURANCE PUBLIC COMPANY LIMITED
48/15 Soi Rajchadapisek 20, Rajchadapisek Road,
Samsennok, Huaykwang Bangkok 10310
Tel: (662) 666 9000 Facsimile: (662) 277 6227
Email address: pdpa@thairelife.co.th
48/15 Soi Rajchadapisek 20, Rajchadapisek Road,
Samsennok, Huaykwang Bangkok 10310
Tel: (662) 666 9000 Facsimile: (662) 277 6227
Email address: pdpa@thairelife.co.th