(Collectively referred to as “You”)
1.1 Collection channels
(1) The Company may collect your personal data directly through any channels that you use to communicate with us (e.g., upon face-to-face meeting or communication online, letters, social media, email, website, or our application, our call center, or complaint center, through participation in marketing activities or customer relations management activities).
(2) The Company may collect your personal data from other sources (e.g., our group of companies and subsidiaries (“Chubb Group”), insurance agents, insurance brokers, other insurance companies, insurance-related services providers (e.g., damage appraisers/surveyors/adjusters for damages/adjusters for indemnities/detectives), healthcare providers, hospitals/medical facilities, business partners, service providers, relevant government agencies (e.g., Anti-Money Laundering Office, Office of the National Anti-Corruption Commission, Office of Insurance Commission, Royal Thai Police, Legal Execution Department, courts), juristic persons who are your employers or you work for, other third parties (e.g., beneficiaries, family members, witnesses) or public data sources, and third-part website (e.g., social media).
1.2 Types of your personal data collected
The Company may collect, use, and disclose, and/or transfer existing types of your personal data to other countries to the extent of your relationship with the Company as set forth below, including but not limited to:
(1) General data and contact data e.g., title, first name, last name, sex, date of birth, age, nationality, marital status, military service data, signature, photo, recorded audio, data from CCTVs, CCTV recordings, address, proximity, postal code, telephone number, email address, communication data (e.g., recorded audio, conversation, chat screenshot)
(2) Document data or copies, including the documents issued by government agencies e.g., personal identification, passport, driving license, US permanent resident permit, visa, work permit, government official identification, employee identification, student identification, other identification, company certificate, list of shareholders, or other documents related to the juristic person containing your personal data.
(3) Educational and work data e.g., educational background, certificates from school or university, certificates and references from educational institutes, occupation, position, details about employees, workplace, and/or work history, salary, remuneration, skills, experience, resume, work efficiency
(4) Financial data e.g., savings account number, credit or debit card number, credit or debit card data, and financial history, income, sources of income, financial status, credit data or credit bureau record, tax payer identification number, details of loans, details of investment, details and history of payment to the Company, insurance agents, insurance brokers, or other insurance companies in and outside Thailand, and other relevant documents (e.g., receipts, invoices), indemnity payment details, remuneration, pension, benefits, or other special rewards, social security fund data, and/or other details in Financial Need Analysis form
(5) Insurance application data e.g., data for consideration of insurance application, data of insurance risks, pricing consideration data, data and history of indemnity claims, data of products and services usage of our business partners (e.g., car loan application, motorbike loan application, home loan application, credit loan application, etc.), details of the policy you have made with us or other insurance companies (e.g., policy number, sum insured, insurance premium, dividend, change, policy-related transactions, investment, method of premium payment, premium payment history, loan history, indemnity claims data, data of relationship between you and the beneficiaries or policyholders, data of using the surrender value to automatically pay the premium, data of changing into Reduced Paid-Up, data of changing into Extended Term Insurance, and data of exercise of the rights under other policies or services or other insurance companies, etc.), memorandum of refusal of insurance application.
(6) Data of your relationship with the Company e.g., the Company’s products or services you have used, are using , or are interested in using, channels and methods of interaction with the Company, data of your transaction with the Company, other data used for analysis of products or services that suit your requirements (e.g., marital status, number of children, nature of living, environment, and/or other data for auditability assessment), result of data analysis, profiling result, history of product and service presentation
(7) Data of being insurance agent or insurance broker e.g., position, division, affiliation, chain of command, data of application for examination to obtain insurance agent or broker license, data of membership of life insurance industry, agreement on being insurance agent or broker, data of life insurance agent or broker license, identification number of life insurance agent or broker, monthly sales, returns or special rewards, data or history of training, work performance, achievements and awards, records of complaints, disciplinary punishment, as well as risk inspection and assessment
(8) Procurement data e.g., scope of work, details of contacts, quotations, and work results
(9) Offense data e.g., complaints, investigation, corruption data or history, insurance fraud, offences, grounds for offenses, history of bankruptcy, money-laundering, or financial support to terrorists, civil litigation history, reports, records, or documents of officers, and damage
(10) Technical data e.g., cookie, computer serial number, IP Address / MAC Address, wireless and general network data, website and application usage data, logs or social media records, user account data, social media username, types and versions of browsers, time zone setup, types of plug-in in browsers, operating systems, platforms used
(11) Other data e.g., Know-Your-Customer (KYC) preparation results, FATCA verification, activity and conference participation data, confirmation of activity and conference participation, interest, opinion survey, complaint data, CCTV recording, geographical data, and/or other data we may request from you or your employer to support the contract making, services or other actions related to usage of our products and services such as data, photos, or videos of activity and conference participation for publicity of the Company (e.g., the Company’s journal, poster, online media, and other print matters, etc.)
(12) Sensitive data, including:
- Religion (as specified in the personal identification)
- Health data e.g., medical treatment records, illness, treatments, or consultations, medical examinations, medical investigation, treatment, nursing records, prescription records, details of medical services received, medical reports, and medical expenses.
- Disability data
- Criminal record e.g., criminal offense data or history, including reports, records of criminal litigation of officers and/or related court orders
- Sexual behaviors e.g., spousal relationship confirmation data
If it is necessary for us to collect your personal data for compliance with the law or to enter into contracts with you, your refusal to provide us with your personal data may result in our inability to provide you with our products or services effectively or you may be unable to use our services appropriately and affect your compliance with any law we or you are required to comply with.
1.3 Personal data of the third party
1.4 Personal data of minors, incapacitated persons, or quasi-incapable persons
We will not collect, use, or disclose personal data of minors, incapacitated persons, or quasi-incapable persons, and we will not allow such persons to apply or use our products or services without other lawful basis or consent from the persons exercising guardianship and/or curators (as the case may be).
If we find that we have collected personal data of minors, incapacitated persons, or quasi-incapable persons without consent or other lawful basis, we will delete such personal data in accordance with our internal procedure and may cease providing products or services to such persons unless it is the case that we can rely on other lawful basis aside from the consent.
2.1 Objectives on consent
(1) General personal data for the purpose of marketing and communication which the Company cannot rely on other lawful basis: To notify marketing updates, re-marketing, benefit advertising, sale, special offers, notifications, newsletters, progress reports, announcements, sales promotional campaigns, news and information about the Company’s products and services, including Chubb Group and our business partners to you
(2) Sensitive data: for collection, usage, and/or disclosure of the sensitive data which the Company cannot rely on other lawful basis aside from consent:
- Religion (as specified in the personal identification) – for authentication
- Health data – for consultation and suggestion on insurance products and services, consideration of insurance application, consideration reinsurance application, calculation of insurance premium, refusal of the insurance application, indemnification under the insurance contracts, or other relevant actions under the insurance contracts
- Disability data – for consultation and suggestion on insurance products and services, consideration of insurance application, consideration reinsurance application, calculation of insurance premium, refusal of the insurance application, indemnification under the insurance contracts, or other relevant actions under the insurance contracts
- Criminal records – for consultation and suggestion on insurance products and services, consideration of insurance application, consideration reinsurance application, calculation of insurance premium, refusal of the insurance application, indemnification under the insurance contracts, or other relevant actions under the insurance contracts
- Sexual behaviors – for confirmation of spousal relationship, consideration of insurance application, and indemnification under the insurance contracts
If we rely on your consent for collection, usage, or disclosure of your personal data, you may withdraw your consent at any time. However, withdrawal of your consent will not affect the activities related to collection, usage, or disclosure of personal data on which you have given consent prior to such withdrawal.
2.2 Objectives on other lawful basis aside from consent
We may rely on the following lawful basis for collection, usage, or disclosure of your personal data: (1) Contracts or compliance with the provisions of contracts or to enter into contracts, (2) Legitimate Interest of the Company and the third party upon the proportion of benefits and basic rights and freedom related to protection of your personal data, (3) Legal Obligation for the Company to comply with the applicable law, (4) Vital Interest to prevent and suppress danger to individual life, body, or health, (5) Public Benefits to conduct missions for the public benefits or exercise the public authority, (6) Establishment and defense of the right of claim in the future, (7) Requirements to comply with the law to achieve the objectives related to key public benefits and/or other lawful basis that the Company is allowed to reply on under the applicable law.
Certain types of objectives may apply to you. Please consider the objectives related to our relationship between you and the Company.
2.2.1 If you are out customer,
(1) Pre-contractual actions e.g., consultation, suggestion, or data, options of products and/or services, facilitation in completion and delivery of insurance application form
(2) Verification and authentication e.g., to verify and authenticate your identity or other data for record and verification of customers (KYC) or customer due diligence
(3) Actions related to insurance e.g., assessment of financial data, assessment and consideration of insurance application form, consideration of insurance application, notification of insurance application result, risk assessment, determination of insurance terms and conditions, calculation of premium, other actions to provide services and prepare important documents, delivery of policy to manage and proceed in accordance with the policy, granting of benefits under the policy, compliance with the obligations to request essential details as reference, to manage accounts, to make financial transactions and payment-related transactions (e.g., to issue tax documents or receipts, to issue invoices and collect debts, to collect premium and due payment, refund), actions related to indemnification (e.g., assessment and examination of indemnification request, notice of the result, indemnity payment, refusal of indemnity payment, dispute management), renewal, revision of policy, surrender or cancellation of policy, subrogation, progress report on proceeding under the request, reinsurance.
2.2.2 If you are the insurance agent or insurance broker,
(1) Selection and actions as the insurance agent or insurance broker e.g., assessment and consideration of the insurance agent or insurance broker application, interview arrangement, notice of employment consideration, verification of data of insurance agent and insurance broker license
(2) Relationship management e.g., to update your personal data and to ensure correctness of your personal data, to retain contracts, contract references and evidence which may identify you, to plan, act, and manage relationships and rights (of contracts) (e.g., to facilitate license renewal or revocation, to arrange training for insurance agents or insurance brokers, delivery of equipment to facilitate the offer of products or services to customers, to verify status and performance of insurance agents or insurance brokers), to process payment results, to conduct accounting activities, auditing, payment, receipt, payment of benefits, remuneration, or incentives, commission fee, bonus, and/or granting of rights or special discounts in buying or using our products or services reimbursement of expenses, to manage your or customers’ requests or complaints, and to follow up and record
2.2.3 If you are business partners,
(1) Selection and actions as the insurance agent or insurance broker e.g., checking of business, directors, shareholders, or other relevant persons (e.g., conflict of interest checking), checking of publicly disclosed names related to the sanction list, assessment of suitability and qualifications under our requirements or needs, issuance of quotations and auction, procurement, facilitation for business partners to perform in accordance with the contracts, assessment of performance, inspection for acceptance of work
(2) Relationship management e.g., to update your personal data and to ensure correctness of your personal data, to retain contracts, contract references and evidence of business partners’ work which may identify you, to plan, act, and manage relationships and rights (of contracts) with business partners (e.g., to consider appointing, cancelling, or authorizing business partners for transaction making and purchase of products or services, to process payment results, to conduct accounting activities, auditing, payment, receipt, delivery of products or services), to manage your or customers’ requests or complaints for improvement and supporting service provision, and to follow up and record
2.2.4 The following objectives apply to all of you:
(1) General procedures for getting to know you or building relationship with you e.g., to verify and authenticate your identity, to record and check your data, to enter into contracts and/or relevant juristic acts and communication
(2) Communication e.g., communication about products and services of the Company or business partners (e.g., communication via document, questions and answers, replies of the requests, or progress reports)
(3) For expected communication and marketing activities e.g., to communicate and facilitate, for appropriate presentation and recommendation of products or services, notification of marketing updates and remarketing, advertising, benefits, sales, special deals, notifications, newsletters, progress reports, announcements, sales promotional activities, news and information about products or services of the Company, including Chubb Group, as well as our business partners, to you, public relations and invitation to attend activities, to grant rights and provide services upon receiving medical treatments and gifts on special occasions, satisfaction survey
(4) Internal management of the Company e.g., Company’s products and services management, control and follow-up of the insurance policy offers to ensure correctness and conformity with the rules or regulations determined by the law or the Company’s policy, management of complaints, suggestions, business continuity, records of data and preparation of relevant database, backlisting, document management, tax management, improvement and development of the Company’s products or services, design of new products or services, enhancement of customer experience, profiling, analysis and processing of website, application, or other platform user behaviors, analysis and expectation of sales of the Company’s insurance sales, or other statistical analysis and research, any actions to enable you to participate in and arrange the activities, the Company’s asset management, internal audit, maintenance of the Company’s legitimate benefits (e.g., investigation or prevention of fraud, truth concealment, and other offences), report of offences to financial service business network and insurance, and/or any other actions to facilitate the usage of our products or services, arrangement of corporate public relations activities, and compliance with appropriate business regulations, including but not limited to procurement, reimbursement, internal management, and training.
(5) Information technology management e.g., establishment of communication system and IT security system to control access to data and usage of the system, as well as IT security, storage and backup of data in the work system or on Cloud, management of IT structure, financial system, accounting, and debt collection, IT security, technological operations of the Company (e.g., online payment system, application, website, or other platform management), improvement and update of data on database
(6) For function of the website, application, and platform e.g., to take care of operation, observation, and management of the website, application, and platform for facilitation and certification that the website, application, and platform smoothly, effectively, and safely to facilitate website, application, and platform for improvement of work plan and content of the website, application, and platform
(7) Legal compliance e.g., compliance, facilitation, or collaboration with the court, government agencies, competent authorities, supervising the Company, and the agencies enforcing the law when there are reasons to believe that we are required to comply with the law and/or orders such as fraud database preparation to monitor frauds and enhance efficiency of fraudulent risk management as required by the relevant law, including but not limited to disclosing your personal data to comply with the law or to conduct legal proceedings, investigation, internal investigation, or to establish the right of claim under the law.
(8) Prevention or suppression of danger to life, body, health, or assets of individuals e.g., to control contagious diseases or pandemic, arrest of thieves, emergency responses, as well as usage of CCTVs, identification exchange and/or record of images of visitors prior to entering the building
(9) Business transfer e.g., in case of sale, transfer, merger, restructuring, or other incidents having similar nature, the Company may transfer your personal data to one or multiple third parties, which is part of such transaction, and/or
(10) Supervision and promotion of insurance business under the law on Office of Insurance Commission and the law on life insurance in accordance with Personal Data Protection Policy of Office of Insurance Commission (OIC) as detailed in the Personal Data Protection Policy of OIC which can be viewed on OIC’s website:
The Company may disclose your personal data to personal data receivers as follows:
3.1 Global Chubb Group in and outside Asia
We may disclose, transfer, or permit the companies under Chubb Group to access your personal data for the benefits specified hereunder. You may view the list of companies and scope of activities of the companies under Chubb Group at https://about.chubb.com/who-we-are/locations.html.
3.2 Service providers
We disclose your personal data to external service providers for conducting activities for or on behalf of the Company in support of the provision of our products or services only. such service providers may include but no be limited to (1) providers of insurance-related services (appraisers/ surveyors/adjusters of damages/adjusters of indemnities/detectives), (2) actuaries, (3) third party administration (TPA), (4) call center service providers, (5) investment consultants, credit rating agencies, (6) marketing service providers/product or service development service providers/advertising service providers (7) data analysts, (8) IT service providers, (9) archiving and Cloud service providers, (10) consultants, legal, financial, accounting, tax, medical experts, (11) seminar/event service providers, (12) translation/mailing service providers, (13) opinion surveying service providers, (14) debt collection service providers, and (15) investigation service providers
3.3 Business partners, including but not limited to other insurance companies, branch offices of foreign insurance companies, insurance agents, insurance brokers, reinsurance companies, retrocession insurers, actuaries, hospitals, rescue centers, investment management companies, credit rating agencies, banks or financial institutions, business partners who sell the Company’s insurance products, business partners proposing the mutual benefits to customers, CCTV management center.
3.4 Government agencies
If we believe that disclosure of your personal data is necessary for compliance with the orders of government agencies or authorized persons under the law, we may disclose your personal data to the agencies enforcing the law, committees established under the law, supervising agencies, dispute resolution agencies, and/or any other persons as necessary for compliance with the law and the Company’s protection of rights such as Office of Insurance Commission, Anti-Money Laundering Office, Bank of Thailand, National Anti-Corruption Commission, the Securities and Exchange Commission, royal Thai Police, the Medical Council of Thailand, courts, Public Prosecutor’s Office, embassies, consulates, etc.
3.5 Other relevant persons
We may disclose your personal data to persons related to your insurance or as requested or permitted , including the insured persons, policyholders, premium payers, witnesses, relevant persons, beneficiaries, family members, legal heirs, stakeholders, counterparties, victims, authorized persons, creditors or debtors of the Company, other persons having relationship or in contact with the Company, persons requesting to exercise the right to check CCTV recordings and general persons.
3.6 Legal transferees
If the Company conducts corporate restructuring, merger, acquisition, transfer of the right, dissolution of business, or any other actions in the similar natures, the Company may need to disclose your personal data to the persons interested in accepting the transfer or the transferees.
The Company may send or transfer your personal data to the companies under Chubb Group in other countries or other data receivers, which is part of the Company’s normal course of business (e.g., data storage on Cloud of which platform or server is aboard), foreign government agencies (e.g., FATCA case). However, in the case that the destination countries do not have the personal data protection standards equivalent to or have the personal data protection standards lower than that of Thailand, we will ensure that the transfer of your personal data is protected under appropriate protection standards, and the receivers of your personal data have appropriate data protection standard as required by the law. In some cases, we may request for your consent for transfer your personal data to other countries if we are required by the law to do so.
The Company will store your personal data as long as necessary in accordance with the objectives indicated herein and/or we may store such data longer than necessary for compliance with the law or as long as we are legally permitted.
Cookie is the data tracking technology that analyzes the trends and website management, monitors website users’ behaviors, or to recognize users’ setup. However, some cookie is necessary because, without the necessary cookie, the website may not be fully functional. On the other hand, some cookie may facilitate users in using our website because such cookie recognizes username (in a safe way) and language setup.
Cookie will store or follow up specific data related to your website usage and your computer only. Upon your website visit, cookie will recognize your username (in a safe way) and your language setup, enabling the Company to improve your user experience, adjust the content to meet our needs and facilitate your browsing.
To ensure privacy of your personal data, we arrange appropriate security measures which cover management preventive measures, technical preventive measures, and physical preventive measures regarding access or control of access to personal data to maintain confidentiality, correctness, and readiness of personal data usage to prevent losses, changes, correction, usage, disclosure of personal data without authorization or illegally as determined by the law.
We establish the measures to ensure safe and appropriate measures for collection, usage, and disclosure of personal data, measures to limit the access and use personal data, and usage of equipment for storage and processing of personal data by determining the right of access of users, right to permit authorized persons to access the data and manage the access restriction for authorized persons only. also, users’ responsibilities are determined to prevent unauthorized access, disclosure, knowing, or copying of personal data, or stealing equipment for storage or processing of personal data. In addition, there are measures for tracing access, change, deletion, or transfer of personal data to ensure conformity to the method and media used for collection, usage, or disclosure of personal data.
As the personal data owner, you have the following rights under the effective personal data protection law. However, your exercise of the rights may be subject to the legal exclusions.
(1) Right to access: You may request to access or obtain copies of your personal data in our possession, as well as disclosing acquisition of personal data without consent
(2) Right to rectification: You may have the right to have incomplete, inaccurate, misleading, or out-of-date personal data rectified to prevent misleading data.
(3) Right to data portability: You may have the right to obtain the personal data in our possession in a structured electronic format and to send or transfer such data to another data controller in some cases.
(4) Right to object/opt-out: You may have the right to object to certain collection, usage, and disclosure of your personal data such as objecting to direct marketing.
(5) Right to restriction: You may have the right to restrict the usage of your personal data in certain circumstances if you believe that such usage is inappropriate, collection, usage, and/or disclosure by the Company is illegal or such personal data is not necessary for certain objectives any longer.
(6) Right to erasure: You may have the right to request that we delete or de-identify their personal data except in scenarios where the Company is not obligated to do so in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
(7) Right to revoke the consent: For the objectives for which you have given consent to the Company for collection, usage, or disclosure of personal data, you may revoke your consent at any time.
Such consent revocation may cause us to be unable to provide full service to you. For more information about the effects on consent revocation, you may contact us though the channels below.
(8) Right to file complaints: You may file complaints to the agencies related to personal data protection. If you still believe that collection, usage, or disclosure of your personal data is not in accordance with personal data protection law.
You may exercise the above rights by sending the request form for exercise the right to dpo.chubblifeTH@chubb.com. For safety of your personal data, we may check and verify identity of the persons exercising the right and/or power to exercise the right on behalf of others prior to proceed with your request. Upon completion of the verification or authorization process, we will proceed your request immediately.
In the case that we consider your request to exercise the right is manifestly unfounded or excessive, we may charge the fee for proceeding such request.
Data Protection Officer
Chubb Life Assurance Public Company Limited
130-132, Sindhorn Building Tower III, 21st-22nd Floors, Wireless Road, Pathum Wan District,