Thai Life insurance

Data Privacy Policy

Over 60 years, Thai Life Insurance Company's R&D department has been determined to create a variety of life insurance policies to suite all insured in order to be accordance with affordable premium payments for any gender, age or occupation.Today, we have established a set of well-known life insurance policies to insure all Thai families as follows:


  • Data Privacy Policy for Customers and Non-Customers

    Data Privacy Policy for Customers and Non-Customers


    Thai Life Insurance Public Company Limited (“Company”) highly value of personal data protection. As the data controller, the Company has established this Data Privacy Policy (“Policy”) to describe the details and procedures for managing and processing the personal data obtained directly from you or other sources. This includes the purposes of collecting, using, disclosing and/or processing your personal data, as well as the period for retaining such personal data and your rights as the data subject.


    The Company is committed firmly to valuing the preferences, trust and confidence that you have place in the Company as one of the most important things. Therefore, the Company is committed to ensuring the processing your personal data lawfully and properly in accordance with Personal Data Protection Law.


    1. Definition

    "Company" means Thai Life Insurance Public Company Limiteds
    "Personal Data Protection Law" means Personal Data Protection Act B.E. 2562 (2019) and its subordinate legislations, including any amendment or revision thereof.
    "Personal Data" means any information relating to a person, which enables the identification of such person, whether directly or indirectly, in accordance with the Personal Data Protection Law.
    "Sensitive Personal Data" means any information relating to race, ethnicity, political opinion, beliefs in ideologies, religion or philosophy, sexual orientation, criminal records, health information, disability, labor-union membership, genetic data, biometric data or any other information which may affect the data subject in the same manner as prescribed by the Authority under the relevant Law.
    "Personal Data Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, transfer, publication, or any other means of making the data available for use), alignment or combination, restriction, erasure or destruction.


    2. Policy Scope

    This Policy applies to natural persons described as follows:

    Types of Persons Description
    1) Customer
    • Insurance applicant, the insured.
    • Payor (excluding individuals covered under a payor benefit clause).
    • Assignee under a/an (Insurance) policy.
    • Beneficiary under a/an (Insurance) policy.
    • Joint borrower in case of loan protection insurance.
    • The insured under additional contracts in addition to the insured under an underlying contract e.g. the insured under a payor benefit clause (PB) or a critical illness insurance policy (CI).
    • Any person that used to be in a relationship described above e.g. the former policy holder.
    2) Group insurance customer
    • Membership of insurance group policy.
    3) Person acting on behalf of a customer
    • Authorized person or proxy of a customer or group insurance customer.
    • Legal custodian, legal representative, guardian, or custodian of a customer or group insurance customer, including any person involving in justice administration.
    • Any person having close relationship with a customer and group insurance customer e.g. family member, the insured under a policy or emergency contact.
    • Any person acting on behalf of the corporate clients e.g. authorized representative, authorized person, director, shareholder, partner, officer authorized by a corporate customer or client, etc.
    • Witness in a contract concluded by a shareholder.
    4) Prospects
    • Any person whose Personal Data have been collected directly or indirectly by the Company to suggest or offer the product/service of the Company or its business partner.
    5) Shareholder
    • Company’s Individual shareholder
    6) Person acting on behalf of a shareholder
    • Authorized person or proxy of a shareholder.
    • Legal custodian, legal representative, guardian, or custodian of a shareholder where he/she is a minor, incapacitated person, or quasi-incompetent person.
    • Any person related to a corporate shareholder e.g. authorized signatory, authorized person, director, shareholder, partner, officer authorized by a corporate shareholder, etc.
    • Witness in a contract concluded by a shareholder.
    7) Non-customer
    • Any person who has or used to have a relationship or any other types of interaction with the Company, or provides the Company with his/her Personal Data or whose Personal Data has been obtained directly or indirectly by the Company.

     

    3. Type of Personal Data To Be Collected

    3.1 Any Personal Data which are collected or intended to be collected by the Company under this Policy, whether such data that You provide directly to the Company, Personal Data that the Company automatically collects from You, or Personal Data that the Company receives from other sources, shall include the following:

    (1) Personal information e.g. current name and surname, former name and surname, date of birth, age, gender, weight, height, photograph, national ID card number, passport number, signature, nationality, marital status, and family member information, including official documents in which such information appears.

    (2) Contact information e.g. official address as household registration, address for postal delivery, phone number, e-mail, contact information from social media, and emergency contact.

    (3) Financial information e.g. occupation, income, source of income, bank account number, bank statement, credit/debit card number, record of history of credit card/debit card use, credit card or personal loan history, credit history, tax record, and/or other payment history.

    (4) Travel history e.g. date of travel, origin and destination country, location, and/or other details about the travel.

    (5) Technical data e.g. data on the usage of the Company’s websites and systems, access log, traffic log, information the interaction between you and other users, user log e.g. device locator, IP address, device serial number, types of device, mobile phone network, connection information, geographical location, browser types, login/logout information, referring website data, login log, transaction log, customer behavior, system access statics, access time, search data, usage of system functions, and data collected by the Company trough cookies or any other similar technologies.

    (6) Sensitive Data e.g. criminal records, biometric data, sexual behavior, health and disability data including medical treatment histories, consultation histories, medical examination reports, clinical investigation reports, nursing records, prescription and dispense records, details of received medical services, medical reports, details of medical expenses, health questions, and any information or documents contained in a file, report, book, layout, map, drawing, photo, film, image or voice recording, any recording using electronic device, or any other materials capable of displaying health information of an identifiable person, including any other information prescribed by authorized entities responsible for protecting and managing personal health information.

    (7) Information about the products/services You have purchased from the Company or any other insurance providers e.g. insurance policy number, insured sum, any change or transaction relating to the policy, payment of insurance premiums, payment history, loan history, beneficiary, claim for compensation, as well as any information about the exercise of the rights under a policy, product or other services provided by the Company or other insurance providers.

    (8) Shareholder details e.g. list of shareholders, shareholder contact information, shareholder’s financial information of shareholders, number of shares held by shareholders, share certificate numbers, shareholder registers, information about the payment and receipt of dividends, including any other Personal Data relating to any transaction performed by a shareholder and his/her authorized representative.

    (9) Information enabling the Company to comply with applicable laws e.g. Life Insurance Act, Personal Data Protection Act, Anti-Money Laundering Act, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Act, Emergency Decree on the Exchange of Information for Tax Purposes, Foreign Account Tax Compliance Act (FATCA), Securities and Exchange Act, so that the Company shall comply with its obligations under such legislations properly, e.g. submitting a report or providing required information and records or documents, maintaining the records thereof and submitting them to a competent authority, conducting audits and monitoring transactions, or taking any other related actions according to the Law.

    (10) Information about the transaction between you and the Company obtained from a contract or agreement between you and the Company or any acceptance of the terms and conditions with the Company, or engaging in any other communication and/or transaction with the Company e.g. your inquiry for information, your participation with the Company’s event, your news registration on a website or other electronic means.

    (11) Other information e.g. images and/or recordings being conducted using camera, CCTV or other electronic device, voice recording, your participation with the event held directly by the Company or jointly with other organizations, your comments, your biological data, etc.

    3.2 In order for the Company to perform certain transactions, e.g. entering into an insurance contract, with You, it is necessary for the Company to collect your Sensitive Personal Data e.g. health information, which may include smoking habits, alcohol drinking habits, disability, medical conditions, biometric data, information about criminal records, as they will be used for underwriting process including accessing insurance applications, providing services, making claim settlements, fulfilling the terms and conditions of the policy, or taking any other actions. In the event you do not consent to processing of such sensitive personal data, the company will unable to proceed with insurance assessment or provide any related services. If you withdraw your consent, object to the collection, use and/or disclosure or request for an erasure of such Sensitive Personal Data, the Company will not be able to perform its obligation, whether in part or in whole, under the policy or other services and you may need to surrender your policy.
    3.3 In case where the Company has collected your Personal Data before the Personal Data Protection Act B.E. 2562 (2019) comes into force, your Personal Data will continue to be collected and used by the Company in accordance with the existing purpose and you may withdraw your consent (please see Clause 10 for more details) for such processing from June 1, 2022. If you wish to exercise your right, please contact the Company via contact details provided in (Clause 13. Contact). In this regard, the use and/or disclosure and any other actions with regard to your Personal Data will be conducted in accordance with this Policy.

     

    4. How the Company Collects and Obtains Your Personal Data

    4.1 The Company may collect and obtain your Personal Data as follows:

    (1) Personal Data obtained directly from you : The Company may obtain your Personal Data directly via an application form or documents containing your Personal Data submitted directly to the Company or through the Company’s personnel or business partner as follows:
    • When you agree to apply for an insurance, or exercise your right under an individual policy, group policy, or submit a document or insurance application form, or any information given during the underwriting process or examination of your rights under the Company’s policy or service.
    • Your Personal Data may be obtained when you submit a request to change the products, services you have been purchased from the Company or any other requests relating to the products or services and its supporting documents related to the company’s insurance produce.
    • Your Personal Data may be obtained when you enter into a contract or agreement with, or request any other services from, the Company.
    • Your Personal Data may be obtained when you exercise your right under the law e.g. the right under the personal data protection law, filling a complaint.
    • Your Personal Data may be obtained when you interact with the Company, verbally or orally, regardless of who starts such interaction first.
    • Your Personal Data may be obtained when you reach out for the Company or make a registration with the Company or through its staff or partner via a website (e.g. www.thailife.comorwww.livetolife.com), application, social media, phone, e-mail, face-to-face interaction, interview, SMS, facsimile, postal service, or any other means.
    • Your Personal Data may be obtained during a marketing campaign, contest, lucky draw, event, questionnaire, competition or other events e.g. a CSR event held by, or on behalf of, the Company and/or its staff or partner.
    • Your Personal Data may be obtained upon your registration for a meeting or event held by the Company e.g. a shareholder’s meeting.

    (2) Personal Data Obtained Via a System or Electronic Device:
    • The Company may collect some technical data about the device, activities and browsing history automatically through use of cookies or other similar technologies upon your access or use the Company’s websites, applications or online services via computer, tablet, mobile phone, or any other devices. For more information, please visit our Cookies Policy at http://www.thailife.com/CookiePolicy and https://www.livetolife.com/cookies
    • The Company may obtain your Personal Data when you reach out for the Company or apply for a service in its area or contact the Company through channels that do not involve non-face-to-face transaction where your Personal Data may record image and/or sound through using CCTV, voice recording, or video call systems.

    (3) Personal Data Obtained from Third-Party Sources: The Company may obtain your Personal Data from third-party sources as follows:
    • The Company may obtain your information from any public, private or commercial sources, websites, social medias, data providers, medical records, public health facilities, hospitals, physicians, public health staff, other insurance providers, government agencies or regulators, or insurance business associations.
    • The Company may obtain your information when our staff or partner introduces you to us or when we collect your Personal Data from our staff or partner.
    • The Company may obtain your information when any person knowing you or authorized by you to the Company for the purpose of contacting and suggestion products or services.
    • The Company may obtain your information when a person entering into a transaction with the Company e.g. the insurance applicant, the insured, business partner, insurance agent, insurance broker, a person acquired a right by subrogation, authorized person, proxy, legal representative, is required to provide your Personal Data to the Company as contact information or for the purpose of entering into a contract, agreement or transaction.
    • The Company may obtain your information when a person acting on your behalf is entering into a transaction for your benefit e.g. payment of insurance premiums or nominating you as a beneficiary.
    • The Company may obtain your information from third-party sources for the purpose of compliance with the law, regulatory affairs, and other lawful purposes e.g. your information may be obtained from the Office of Insurance Commission (OIC) or other competent authority.
    4.2 When we collect your Personal Data, you will be notified about how we process your information under this Policy, including but not limited to the basis on which the collection, use and/or disclosure of the Personal Data is relied. If the personal data protection law requires your consent, the Company will obtain your express consent before processing.
    4.3 You may choose not to allow the Company to collect certain Personal Data. However, if you choose to opt-out, the Company may not perform a transaction, contact or respond to your request e.g. the Company may not enter into an insurance agreement, provide insurance services or products, process the claims or take any other actions under the insurance policy for your benefits, whether in whole or in part.
    4.4 While the Company is collecting your Personal Data, if we determine that any of your Personal Data is unnecessary to be collected, used, and disclosed, the Company may delete, destroy or take any other actions e.g. using a pen to cross out the information about religion on a copy of identification card to make such information no longer identifiable.

     

    5. Lawful Basis and Data Collected by the Company

    5.1 The Company may process your Personal Data in accordance with the following purposes (“Purposes”) and lawful bases:
    Purposes Lawful Basis Types of Information
    1) To improve the Company’s products or services, e.g. insurance products, website or application, to respond to customer’s requirements and to offer the products or services of the Company or business partners to its customers through various channels e.g. bank-based insurance, agents or brokers, phone calls, or electronic means.
    • Consent
    • Personal information
    • Contact information
    • Financial information
    • Sensitive data
    • Product/service information
    • Information about the transaction or service requests between you and the Company
    2) To offer or provide information about the products or services of the Company or its partner to you in case where you express a request for the response or notifying or proposing to renew a life insurance contract or offering a new product to replace the previous product.
    • Legitimate interest
    • Personal information
    • Contact information
    • Product/service details
    • Information or service requests about the transaction between you and the Company
    • Other information
    3) For the purpose of insurance application, insurance underwriting, compensation, or compliance with the obligations under an insurance policy.
    • Contract
    • Consent (in case of Sensitive Personal Data collection)
    • To establish, exercise, or defend a legal claim.
    • Personal information
    • Contact information
    • Financial information
    • Sensitive data
    • Travel history
    • Technical information
    • Criminal records
    • Product/service information
    • Information required for compliance with applicable law by the Company
    • Information about the transaction or service requests between you and the Company
    • Other information
    4) Disclosure of information to life insurance agents or life insurance brokers for the provision of policy-related services to customers and related persons.
    • Contract
    • Legitimate interest
    • Personal information
    • Contact information
    • Financial information
    • Sensitive Data
    • Information about the products/services
    • Information about the transaction or service request between you and the Company
    5) To comply with legal obligations (e.g. obligations under the laws on insurance, securities, money laundering, etc.) or orders issued by a competent authority e.g. submission of a report, information or documents containing Personal Data.
    • Legal obligations
    • Personal information
    • Contact information
    • Financial information
    • Product/service information
    • Information required for compliance with applicable law by the Company
    • Information about the transaction or service requests between you and the Company
    6) To comply with legal obligations or orders issued by a competent authority relating to shareholders e.g. preparing a share certificate, shareholder registry, holding a shareholder’s meeting, complying with shareholder’s rights, preparing balance sheet and reports, conducting an audit, performing a registration and providing required information to relevant authority.
    • Legal obligations
    • Legitimate interest
    • Personal information
    • Contact information
    • Shareholding structure
    • Information required for compliance with applicable law
    • Other information
    7) For the purpose of compliance with the instruction of a competent officer or authority to provide cooperation or information for the purpose of carrying out a public task.
    • Legitimate interest
    • Personal informatio
    • Contact information
    • Financial information
    • Product/service information
    • Information required for compliance with applicable law
    • Information about the transaction or service requests between you and the Company
    8) To conduct legal proceedings, defend a legal claim or explain about the matter disputed in a complaint, establish or defend a legal claim, or gather evidence for the purpose thereof.
    • To establish, exercise, or defend a legal claim.
    • Legitimate interest
    • Personal information
    • Contact information
    • Financial information
    • Product/service information
    • Information required for compliance with applicable law
    • Information about the transaction or service requests between you and the Company
    9) To enter into a reinsurance contract with a reinsurer, including reinsurance policies via reinsurance broker.
    • Legitimate interest
    • Consent (in case of Sensitive Personal Data collection)
    • Personal information
    • Product/service information
    • Sensitive data
    10) To analyse and process to improve and develop products or services using questionnaires or interviews, or for analysis and processing for internal audits and management. Preparation of future business plans. Organizational restructuring or divestitures/acquisitions.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information
    • Financial information
    • Product/service information
    • Other information
    11) Making available publication materials e.g. posting photos or video clips of the Company’s meetings or events on printed materials or via online publication.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information
    • Other information
    12) To maintain, manage and protect information technology infrastructure security and safety of employees and third parties, including their property and information.
    • Legitimate interest
    • Legal obligation
    • Personal information
    • Contact information
    • Technical information
    • Other information
    13) To create a database for the prevention of business risk faced by the Company and its insurance business group e.g. insurance fraud or complaint database, etc.
    • Legitimate interest
    • Public task
    • Personal informatio
    • Contact information
    • Financial information
    • Sensitive data
    • Travel history
    • Technical information
    • Criminal records
    • Product/service information
    • Information required for compliance with applicable law by the Company
    • Information about the transaction or service requests between you and the Company
    • Other information
    14) To carry out Company’s operations e.g. business planning, report making, business forecast, risk management, internal compliance or audit, making and developing internal system and management, recording a meeting as a photo and/or voicing, maintaining security, and sending the news and correspondence to the shareholder.
    • Legitimate interest
    • Personal information
    • Contact information
    • Shareholding structure
    • Information required for compliance with applicable law
    • Other information
    15) To manage a relationship or laisse with third parties on the Company’s behalf.
    • Legitimate interest
    • Personal information
    • Contact information
    • Shareholding structure
    16) To perform a transaction or respond to the request by a data subject.
    • Legitimate interest
    • Personal information
    • Contact information
    • Information about the transaction or service requests between you and the Company
    • Other information
    17) To analyse and process data, publicize a CSR activity, provide relevant information and facilitate participants and take other related actions as requested by a data subject.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information
    • Sensitive data
    • Technical information
    • Information about the transaction or service requests between you and the Company
    • Other information

    5.2 As your Personal Data processed in accordance with the above purposes for compliance with a law, contract or agreement e.g. insurance contract or your request submitted to the Company, or compliance with prior steps before entering into a contract with you are necessary to be obtained to satisfy such purposes. If you do not provide us with your Personal Data or your consent or withdraw your consent or object to the processing of such data when so required by the Company, legal consequences may ensue on the Company may not be able to comply with its obligations under an insurance contract or any other contracts with you, may not be able to provide related insurance services or products to you, or may not be able to comply with your request. In this regard, the Company may refuse to enter into a contract with you or terminate a contract, cease to provide its service to you, or decline to comply with your request whether in whole or in part.
    5.3 If it is necessary for the Company to use your Personal Data outside the scope of purposes described above, additional data privacy policy will be provided to explain how your Personal Data will be used. Therefore, it is advisable to read the additional data privacy policy together with this Policy.

     

    6. Disclosure of Personal Data

    6.1 The Company may disclose your Personal Data to the following entities and individuals in accordance with the Purposes and applicable laws:

    (1) Staff, employees, or personnel of the Company on a need-to-know basis for the purpose of processing your Personal Data in accordance with the Purposes under this Policy.

    (2) Insurance agent from the Company or its partner or contractual party e.g. insurance brokers, asset management companies, banks, financial institution, and/or any staff working for the Company’s partner or contractual party on a need-to-know basis for the purpose of processing your Personal Data to solicit, offer, distribute or provide insurance Company’s products and/or services to you, or to offer sale promotions, advertisements or take any action in accordance with the law.

    (3) Policy holders in case of group insurance.

    (4) Reinsurance brokers and reinsurers in case of reinsurance.

    (5) Business partners, contractual parties, third-party service providers, sub-providers and/or their staff providing services relating to the management, data processing, business process, payment system, debt collection, or security clearing and settlement, telecommunication, technology, Cloud, recruitment management, call center, storage service, document processing, data analysis, document scanning services, marketing and research, emergency management, legal service or other services relating to the Company’s business operation or any management, operation, procedure, or action taken in relation to the Company’s insurance product or service for your benefit. or any other Company’s operations.

    (6) The Thai Assurance Association, other insurance providers, associations or federations and/or other insurance-related businesses e.g. the Thai Association of Insurance and Financial Advisors.

    (7) Competent authority or officers, committees established by law, regulators, dispute resolution bodies including but not limited to the OIC, Department of Provincial Administration, Revenue Department, Ministry of Commerce, Anti-Money Laundering Office, Royal Thai Police Headquarters, Office of the Attorney-General, court of justice, or any other entities which may require the Company to disclose your Personal Data in accordance with the law and/or related subordinate legislations.
    (Note: You can read the Privacy Policy of the OIC at www.oic.or.th)

    (8) Company’s professional advisors e.g. lawyers, physicians, auditors, etc.

    (9) Clients or potential clients where your Personal Data may be included in the sale and purchase or proposed sale and purchase of the Company’s business (if any).

    (10) Individuals or entities authorized by law.

    (11) Individuals or entities to which you have given your consent to disclose your Personal Data to them.

    6.2 The Company will only disclose your Personal Data in accordance with the above Purposes or any other purposes prescribed by law. If your consent is legally required, the Company will obtain your consent before any processing.
    6.3 With regard to your Personal Data disclosed to third parties, the Company will take appropriate measures to protect your disclosed Personal Data and comply with required data protection standards.
    6.4 In case of cross-border transfer of your Personal Data, the Company will ensure that the destination country or third-party recipient have adequate data protection. The Company may also obtain your consent before transfer such data internationally in accordance with the personal data protection law.

     

    7. Retention Period

    7.1 The Company will retain your Personal Data for a period required by law in accordance with the purpose for collection and processing of such data. The retention period may vary depending on the purpose for processing and collecting of such data. In addition, the Company will retain such data for as long as required by relevant law (if any), taking into account a statutory limitation for potential legal actions arising from or related to the documents or each type of data collected and business practices relating to the retention of such data.
    7.2 The Company will retain your Personal Data for as long as necessary and appropriate for the collection, use and disclosure of such data in accordance with the Purposes, or not exceeding 11 years from the date of termination of a transaction between you and the Company. However, the Company may retain your personal data for longer period if permitted by law or necessary for the data processing, or for other reasons.
    7.3 If it is no longer necessary for the Company to process your Personal Data or the above-described period has expired, the Company will destroy your Personal Data or make it no longer identifiable without prior notice to you.

     

    8. Personal Data Relating to Minor, Incapacitated Person or Quasi-incompetent Person

    The Company may collect and process your Personal Data relating to a person below 20, incapacitated person, or quasi-incompetent person from time to time. In this regard, the Company is required to comply with the personal data protection law with regard to such person, including the requirement to obtain prior consent from his/her legal representative or guardian (in case of a minor), legal guardian (in case of an incapacitated person) and custodian (in case of a quasi-incompetent person) in accordance with the personal data protection law.

     

    9. Cross-Border Transfer of Personal Data

    9.1 The Company may transmit or transfer your Personal Data to any recipient in a third-party country for the purpose of providing our service to you e.g. transmitting your data to a Cloud server located abroad, or providing additional services in accordance with the terms of a policy or entering into a reinsurance contract with an insurer.
    9.2 At the time of this Policy, the Personal Data Protection Commission has not made a list of destination countries with adequate data protection measures. Therefore, if the Company is required to transmit or transfer a destination country, the Company will comply with international data protection standard or comply with conditions to enable the sending or transfer of data as required by law, including:

    (1) where it is for compliance with the law.

    (2) where the consent of the data subject has been obtained, provided that the data subject has been informed of the inadequate Personal Data protection standards of the destination country or international organization.

    (3) where it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract.

    (4) where it is for compliance with a contract between the Data Controller, and other Persons or juristic persons for the interests of the data subject.

    (5) where it is to prevent or suppress a danger to the life, body, or health of the data subject or other Persons, when the data subject is incapable of giving the consent at such time.

    (6) where it is necessary for carrying out the activities in relation to substantial public interest.

     

    10. Rights in Relation to Your Personal Data

    10.1 As a data subject, you will be entitled to the following rights under the personal data protection law:

    (1) Right to Access to Personal Data
    You may access, obtain a copy, or request a disclosure of your source of Personal Data collected and processed by the Company except where the Company has the right to refuse your request based on a lawful basis or court’s order or your request may potentially harm other people’s rights or freedoms.

    (2) Right to Data Portability
    You may request the Company to receive, transmit or transfer your Personal Data from the Company to the Data Controller or Data Processor in a format that can be automatically read and processed by a automated tools or devices, and allows for automatic use or disclosure of such Personal Data. However, the exercise of this right shall be in accordance with the law, and the insurance business sector, there are systems in place to support the exercise of this right.

    (3) Right to Object to Processing of Personal Data
    You may object to the processing of your Personal Data unless the Company has the right to refuse your request based on a lawful basis (e.g. legitimate interest, establishment of legal reason, exercise, or defense of legal claim, or public task).

    (4) Right to Erasure
    You may request the Company to erase, destroy or make your Personal Data no longer identifiable provided that the exercise of such right shall be in accordance with the law.

    (5) Right to Restrict Processing
    You may request the Company to restrict the processing of your Personal Data as follows:
    • (A) when the Data Controller is pending examination process in accordance with the data subject's request to keep his/her Personal Data complete and current.
    • (B) when your Personal Data are unlawfully collected, used or disclosed.
    • (C) when it is no longer necessary to retain your Personal Data for the purposes of collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims.
    • (D) when the Company is pending examination of a legal basis on which the collection of your Personal Data or the necessity to process your Personal Data for the purpose of carrying out a public task is based following your exercise of the right to object to the collection, use or disclosure of the Personal Data.

    (6) Right to Rectification
    If your Personal Data has been found to be incorrect, incomplete or not current, you may request for a rectification of your Personal Data to keep them correct, current, complete and not misleading.

    (7) Right to Withdraw Your Consent
    If you have given your consent to process your Personal Data (whether such consent is given before or after the enactment of the Personal Data Protection Act B.E. 2562 (2019)), you may withdraw your consent at any time as long as your Personal Data is retained with the Company unless there is a legal provision or a contractual obligation between you and the Company allowing the Company to retain your Personal Data. (e.g. life insurance contracts.)

    (8) Right to Lodge a Complaint
    If you found that the Company fails to comply with the personal data protection law, you may lodge a complaint to the Personal Data Protection Commission or any other competent authority authorized by the Personal Data Protection Commission or by law provided that you are encouraged to notify the Company first to allow the Company to explain and relieve your worries. In this regard, if you wish to exercise this right, you may contact us via contact information provided in Clause 12 (Contact Information).
    10.2 The Company will use its best effort to respond and comply with your request unless such request may cause undue burden to the Company or harm to other people’s data protection rights or is contrary to the law or beyond the Company’s ability to comply with.
    The Company may charge a reasonable fee for the processing of your request provided, however, that the rate shall not exceed a legal limit.

     

    11. Personal Data Security

    11.1 The Company has put in place appropriate technical and management measures to ensure its personal data security is at the level prescribed by the personal data protection law and other related laws.
    11.2 In the event that the Company is required to share personal data with another data controller, or in the case where the Company hires or assigns another person to process personal data on behalf of the Company, the Company will require the data controller or data processor to sign a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) and/or Non-Disclosure Agreement (NDA), as the case may be, with the Company to determine its rights and obligations under the Personal Data Protection Act.

     

    12. Link to Third-Party Websites, Products and Services

    There may be a link on Company’s website, application, or other electronic means directing you to third-party websites, products and services. If you click on the link, a third-party may collect certain information about your use of the service. Therefore, you should be careful and read the data privacy policy of such third-party providers. The Company will not be responsible for any harm to your privacy or any collection of your Personal Data by such third party and this Policy shall only apply to the processing of your Personal Data in accordance with the Purposes described by the Company.

     

    13. Contact

    13.1 Exercise of Your Legal Rights
    If you wish to exercise your legal right under the personal data protection law, you may contact us at:

    (1) Our headquarter.

    (2) Our branches.

    (3) The Company's website (https://www.thailife.com/PrivacyPolicy?lang=en&privacyType=withdraw-consent&integrate=n) for the exercise of the right to withdraw consent for marketing and publicity purposes of Corporate Social Responsibility (CSR) activities of customers, prospective customers or participants in CSR activities.
    13.2 Contact for Making an Inquiry
    Topics Contact
    • Inquiry about general information
    Call 1124
    • Inquiry about personal data protection policy
    Personal Data Protection Office

    Address : Thai Life Insurance Public Company Limited
    Personal Data Protection Office,
    No. 123, Ratchadapisek Street, Din Dang Subdistrict,
    Din Dang District, Bangkok 10400

    Email: dpo@thailife.com

     

    14. Amendment to This Policy

    The Company may update or modify this Policy from time to time to make it current with any change to your Personal Data and to comply with any changes in the personal data protection law and related laws. The Company will notify you about the change properly. However, we recommend that you should review this Policy from time to time.


    Data Privacy Policy published on 1 July, 2024


  • Data Privacy Policy for Insurance Agents or Insurance Brokers

    Data Privacy Policy for Insurance Agents or Insurance Brokers


    Thai Life Insurance Public Company Limited (“Company”) highly value of personal data protection. As the data controller, the Company has established this Data Privacy Policy (“Policy”) to describe the details and procedures for managing and processing the personal data obtained directly from you or other sources. This include the purposes of collecting, using, disclosing and/or processing your personal data, as well as the period for retaining such personal data and your rights as the data subject.


    The Company firmly in valuing the preferences, trust and confidence that you have place in the Company as one of the most important things. Therefore, the Company is committed to ensuring the processing your Personal Data lawfully and properly in accordance with Personal Data Protection Law.


    1. Definition

    "Company" means Thai Life Insurance Public Company Limited
    "Personal Data Protection Law" means Personal Data Protection Act B.E. 2562 (2019) and its subordinate legislations, including any amendment or revision thereof.
    "Personal Data" means any information relating to a person, which enables the identification of such person, whether directly or indirectly, in accordance with the Personal Data Protection Law.
    "Sensitive Personal Data" means any information relating to race, ethnicity, political opinion, beliefs in ideologies, religion or philosophy, sexual orientation, criminal record, health information, disability, labor-union membership, genetic data, biometric data or any other information which may affect the data subject in the same manner as prescribed by the Authority under the relevant Law.
    "Personal Data Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means ,including but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, transfer, publication, or any other means of making the data available for use), alignment or combination, restriction, erasure or destruction.


    2. Policy Scope

    This Policy applies to natural persons described as follows:

    Type of Person Meaning
    1) Prospective Insurance Agent

    Any person whom the Company, Company’s staff, or Company’s life insurance agent may approach for a life insurance agent or trainee life insurance agent application.

    2) Trainee insurance agent

    Any person applying to become a Company’s life insurance agent and is being trained for a life insurance agent license.

    3) Insurance agent

    Any person having possessed a life insurance agent license and is appointed as the Company’s life insurance agent.

    4) Insurance broker

    Any person who is a licensed life insurance broker and is authorized to offer a life insurance product.

    5) Guarantor for insurance agent

    Any person who enters into a guarantee agreement with the Company to provide assurance of payment for any liability or debt incurred from the performance of an insurance agent.

    6) Former insurance agent or insurance broker

    Any person who has been discharged as a life insurance agent or life insurance broker licensed to offer Company’s life insurance policy.


    3. Type of Personal Data to Be Collected

    3.1 Any Personal Data which are collected or intended to be collected by the Company under this Policy, whether such data that You provide directly to the Company, Personal Data that the Company automatically collects from you, or third-party sources, shall include the following:

    (1) Personal information e.g. Full name, date of birth, age, gender, photo, ID card number. Passport number, signature, nationality, religion, marital status, and family information, as well as official documents with such information appearing, etc.

    (2) Contact information e.g. official address as household registration, address for postal delivery, phone number, email, contact information from social media, and emergency contact.

    (3) Educational background information e.g. educational backgrounds and trainings, educational certificates or transcripts, scores, gradings, certificates issued by an educational institute, language proficiency, trainings and proficiency tests held by the Company or any other related organizations, certificates or diplomas, etc.

    (4) Information obtained from insurance agent application e.g. personal background, information obtained from an interview, reference documents, etc.

    (5) Basic job details e.g. information taken from insurance agent or insurance broker contract or any other contracts, information about your workplace, insurance agent/insurance broker license number, original affiliation, job position, supervisor, and the terms and conditions contained the insurance agent or insurance broker contract.

    (6) Work performance information e.g. work performance assessment, awards received, complaint history, investigation report, record of insurance agent or insurance broker license being revoked, record of insurance agent or insurance broker license being suspended, record of insurance agent or insurance broker contract being terminated and disciplinary actions being taken, risk assessment or evaluation, etc.

    (7) Financial information, benefits and remunerations e.g. information about your remunerations and/or benefits being provided, bank account number, tax record, third-party beneficiary, records of your guaranteed transactions, etc.

    (8) Sensitive data e.g. Criminal records, health and disability data, biometric data.

    (9) Technical data e.g. data on the usage of the Company’s websites and systems, access log, traffic log, information the interaction between you and other users, user log e.g. device locator, IP address, device serial number, types of device, mobile phone network, connection information, geographical location, browser types, login/logout information, referring website data, login log, transaction log, customer behavior, system access statics, access time, search data, usage of system functions, and data collected by the Company through cookies or any other similar technologies.

    (10) Other information e.g. images and/or recordings being conducted using camera, CCTV or other electronic device, voice recording, your participation with the event held directly by the Company or jointly with other organizations, your comments, your biological data, etc.
    3.2 The Company is required to obtain your Sensitive Personal Data e.g. criminal records, health records, race, nationality, or religion for the purpose of verification before entering into a contract with you or an entity of which you act on behalf, for obtaining or applying for a license renewal with a government agency, or money laundering or terrorist financing risk assessment, etc. In some cases, the Company needs to obtain consent to process your sensitive personal data. If you do not give consent to the Company or exercise your right to withdraw your consent, or object to the collection, use and/or disclosure of such sensitive personal data, or request the deletion or destruction of such sensitive personal data, the Company will not be able to enter into a contract with you, or perform pursuant to the contract with you, in whole or in part, or apply for or renew a license with a government agency.
    3.3 In case where the Company has collected your Personal Data before the Personal Data Protection Act B.E. 2562 (2019) comes into force, your Personal Data will continue to be collected and used by the Company in accordance with the existing purpose and you may withdraw your consent (please see Clause 8 for more details) for such processing from June 1, 2022. If you wish to exercise your right, please contact the Company via contact details provided in (Clause 11. Contact). In this regard, the use and/or disclosure and any other actions with regard to your Personal Data will be conducted in accordance with this Policy.


    4. How the Company Collects and Obtains Your Personal Data

    4.1 The Company may collect and obtain your Personal Data as follows:

    (1) Personal Data obtained directly from you: The Company may obtain your Personal Data directly via an application form or documents containing your Personal Data submitted directly to the Company or through the Company’s personnel as follows:
    • When you agree to become the Company’s life insurance agent, enter into a life insurance agent contract with the Company, and submit all supplementary documents to support relevant transaction or any other transaction with the Company.
    • When you enter into a contract or agreement with the Company or apply for a service e.g. product or service purchase agreement.
    • When you interact with the Company, verbally or orally, regardless of who starts such interaction first.
    • When you request for a service from the Company.
    • When you contact the Company or its staff or any person acting on behalf of the Company via a website, application, social media, phone, e-mail, face-to-face interaction, interview, SMS, facsimile, postal service, or any other means.
    • When you provide your Personal Data to the Company to register for an event held by the Company e.g. marketing campaign, sale promotion, CSR activity.

    (2) Personal Data Obtained Via a System or Electronic Device:
    • The Company may collect some technical data about the device, activity and how you access electronic devices or systems provided by the Company.
    • When you contact or apply for the Company’s service in its area, the Company may record your images and sound through system such as CCTV and voice recording.

    (3) Personal Data Obtained from Third-Party Sources: The Company may obtain your Personal Data from third-party sources as follows:
    • The Company may obtain your information when any person knowing you or authorized by you provide your information to the Company for your benefit or for the benefit of such person, such as to enable the Company to contact and persuade you to become a representative of the company, as a reference person, or for emergency contact person.
    • The Company may obtain your information from any public, private or commercial sources, websites, social medias, your business sources, or trade data sources, data source from government agencies or regulators, data sources from the insurance industry, financial business, or any other businesses related to insurance, associations or organizations.
    • The Company may obtain your information from third-party sources for the purpose of compliance with the law, regulatory affairs, and other lawful purposes e.g. your information may be obtained from the Office of Insurance Commission (OIC) or other authorities with legal power.
    4.2 When we collect your Personal Data, you will be notified about how we process your information under this Policy, including but not limited to the basis on which the collection, use and/or disclosure of the Personal Data is relied. If the personal data protection law requires your consent, the Company will obtain your express consent before processing.
    4.3 You may choose not to allow the Company to collect certain Personal Data. However, if you choose to opt-out, the Company may not perform a transaction, contact or respond to your request e.g. the Company may not enter into an insurance agreement, provide insurance services or products, process the claims or take any other actions under the insurance policy for your benefits, whether in whole or in part.
    4.4 While the Company is collecting your Personal Data, if we determine that any of your Personal Data is unnecessary to be collected, used, and disclosed, the Company may delete, destroy or take any other actions e.g. using a pen to cross out the information about religion on a copy of identification card to make such information no longer identifiable.


    5. Lawful Basis and Data Collected by the Company

    5.1 The Company may process your Personal Data in accordance with the following purposes (“Purposes”) and lawful bases:
    Purposes Lawful Basis Types of Information
    1) To offer you a proposal to become the Company’s life insurance agent.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information
    • Educational background and trainings
    2) To recruit, train, hold a license examination or other related tests, appoint trainee insurance agent, life insurance agent and life insurance broker.
    • Contract
    • Consent (in case where Sensitive Personal Data are being collected)
    • Legitimate interest
    • Personal information
    • Contact information
    • Educational background and trainings
    • Work performance information
    • Sensitive data
    3) To identify and verify before entering into a transaction with the Company.
    • Legitimate interest
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Contact information
    • Other information (biological data)
    4) To enter into a contract or agreement e.g. life insurance agent or life insurance broker appointment agreement, guarantee agreement, data processing agreement, etc. or to comply with the terms and conditions of any agreement.
    • To comply with a contract or prior steps before entering into a contract
    • Consent (in case where Sensitive Personal Data are being collected)
    • Legitimate interest
    • Personal information
    • Contact information
    • Educational background and trainings
    • Information obtained from an insurance agent application form
    • Basic job details
    • Work performance record
    • Financial, benefit and remuneration information
    • Sensitive data
    • Technical information
    • Other information
    5) To manage workforce and structure of a trainee insurance agent, life insurance agent and life insurance broker e.g. holding trainings and examinations, creating a structure of remunerations, benefits, or welfare, etc. to analyze data for organizational management e.g. work performance assessment and system enhancement.
    • To comply with a contract or prior steps before entering into a contract
    • Consent (in case where Sensitive Personal Data are being collected)
    • Legitimate interest
    6) To comply with the laws, regulations, related subordinate legislations and orders issued by competent officers e.g. registration or submission of a report, etc.
    • Legal obligations
    7) To conduct legal proceedings, defend a legal claim or explain about the matter disputed in a complaint, establish or defend a legal claim, or gather evidence for the purpose thereof.
    • To establish, exercise, or defend a legal claim.
    • Legitimate interest
    8) To maintain, manage and protect information technology infrastructure security and safety of employees and third parties, including their property and information.
    • Legitimate interest
    • Legal obligation
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Contact information
    • Technical information
    • Other information
    9) Making available publication materials e.g. posting photos of the Company’s meetings or events on printed materials or via online publication.
    • Legitimate interest
    • Consent
    • Personal information
    • Contact information
    • Other information
    10) To publicize a CSR activity, provide relevant information and facilitate participants and take other related actions as requested by a data subject.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information

    5.2 As your Personal Data processed in accordance with the above purposes for compliance with a law or contract e.g. life insurance agent agreement, business contract or your request submitted to the Company, or compliance with prior steps before entering into a contract with you are necessary to be obtained to satisfy such purposes. If you do not provide us with your Personal Data or your consent or withdraw your consent or object to the processing of such data when so required by the Company, legal consequences may ensue or the Company may not be able to comply with its obligations under an insurance contract or any other contracts with you, may not be able to provide related insurance services or products to you, or may not be able to comply with your request. In this regard, the Company may refuse to enter into a contract with you or terminate a contract, cease to provide its service to you, or decline to comply with your request whether in whole or in part.
    5.3 If it is necessary for the Company to use your Personal Data outside the scope of purposes described above, additional data privacy policy will be provided to explain how your Personal Data will be used. Therefore, it is advisable to read the additional data privacy policy together with this Policy.


    6. Disclosure of Personal Data

    6.1 The Company may disclose your Personal Data to the following entities and individuals in accordance with the Purposes and applicable laws:

    (1) Staff, employees, or personnel of the Company on a need-to-know basis for the purpose of processing your Personal Data.

    (2) Company’s life insurance agent, life insurance broker or business partner for the purpose encouraging for a competition to get the better performance and motivation, or to boost sales and/or offer Company’s products or manage the structure of a life insurance agent or life insurance broker.

    (3) Company’s professional advisors e.g. lawyers, physicians, auditors, consultants or experts.

    (4) Competent authority or officers, committees established by law, regulators, dispute resolution bodies including but not limited to the OIC, Department of Provincial Administration, Revenue Department, Ministry of Commerce, Anti-Money Laundering Office, Royal Thai Police Headquarters, Office of the Attorney-General, court of justice, or any other entities which may require the Company to disclose your Personal Data in accordance with the law and/or related subordinate legislations.
    (Note: You can read the Privacy Policy of the OIC www.oic.or.th)

    (5) The Thai Assurance Association, other insurance providers, associations or federations and/or other insurance-related businesses e.g. the Thai Association of Insurance.

    (6) Other insurance providers.

    (7) Tax authority, regulator or any other person having the authority to regulate the Company in accordance with the law, or as requested to be disclosed for Company’s benefit or public interest.

    (8) Business partners, contractual parties, third-party service providers, sub-providers and/or their staff providing services relating to the management, data processing, business process, payment system, debt collection, or security clearing and settlement, telecommunication, technology, Cloud, recruitment management, call center, storage service, document processing, data analysis, , document scanning services, marketing and research, emergency management, legal service or other services relating to the Company’s business operation, or any management, operation, procedure, or action taken in relation to the Company’s insurance product or service for your benefit. or any other Company’s operations.

    (9) Individuals or entities authorized by law.

    (10) Individuals or entities to whom you have given consent to disclose your Personal Data to them.
    6.2 The Company will only disclose your Personal Data to the any third parties in accordance with the above Purposes or any other purposes prescribed by law. If your consent is legally required, the Company will obtain your consent before any processing.
    6.3 With regard to your Personal Data disclosed to third parties, the Company will take appropriate measures to protect your disclosed Personal Data and comply with required data protection standards.
    6.4 In case of cross-border transfer of your Personal Data, the Company will ensure that the destination country or third-party recipient have adequate data protection. The Company may also obtain your consent before transfer such data internationally in accordance with the personal data protection law.


    7. Retention Period

    7.1 The Company will retain your Personal Data for a period required by law in accordance with the purpose for collection and processing of such data. The retention period may vary depending on the purpose for processing and collecting of such data. In addition, the Company will retain such data for as long as required by relevant law (if any) taking into account a statutory limitation for potential legal actions arising from or related to the documents or each type of data collected and business practices relating to the retention of such data.
    7.2 The Company will retain your Personal Data for as long as necessary and appropriate for the collection, use and disclosure of such data in accordance with the Purposes, or not exceeding 11 years from the date of termination of a transaction between you and the Company. However, the Company may retain your personal data for longer period if permitted by law or necessary for the data processing, or for other reasons.
    7.3 If it is no longer necessary for the Company to process your Personal Data or the above-described period has expired, the Company will destroy your Personal Data or make it no longer identifiable without prior notice to you.


    8. Rights in Relation to Your Personal Data

    8.1 As a data subject, you will be entitled to the following rights under the personal data protection law:

    (1) Right to Access to Personal Data
    You may access, obtain a copy, or request a disclosure of your source of Personal Data collected and processed by the Company except where the Company has the right to refuse your request based on a lawful basis or court’s order or your request may potentially harm other people’s rights or freedoms.

    (2) Right to Data Portability
    You may request the Company to receive, transmit or transfer your Personal Data from the Company to the Data Controller or Data Processor in a format that can be automatically read and processed by a automated tools or devices, and allows for automatic use or disclosure of such Personal Data. However, the exercise of this right shall be in accordance with the law, and the insurance business sector, there are systems in place to support the exercise of this right.

    (3) Right to Object to Processing of Personal Data
    You may object to the processing of your Personal Data unless the Company has the right to refuse your request based on a lawful basis (e.g. legitimate interest, establishment of legal reason, exercise, or defense of legal claim, or public task).

    (4) Right to Erasure
    You may request the Company to erase, destroy or make your Personal Data no longer identifiable provided that the exercise of such right shall be in accordance with the law.

    (5) Right to Restrict Processing

    You may request the Company to restrict the processing of your Personal Data as follows:

    • (A) when the Data Controller is pending examination process in accordance with the data subject's request to keep his/her Personal Data complete and current.
    • (B) when your Personal Data are unlawfully collected, used or disclosed.
    • (C) when it is no longer necessary to retain your Personal Data for the purposes of collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims.
    • (D) when the Company is pending examination of a legal basis on which the collection of your Personal Data or the necessity to process your Personal Data for the purpose of carrying out a public task is based following your exercise of the right to object to the collection, use or disclosure of the Personal Data.

    (6) Right to Rectification
    If your Personal Data has been found to be incorrect, incomplete or not current, you may request for a rectification of your Personal Data to keep them correct, current, complete and not misleading.

    (7) Right to Withdraw Your Consent
    If you have given your consent to process your Personal Data (whether such consent is given before or after the enactment of the Personal Data Protection Act B.E. 2562 (2019)), you may withdraw your consent at any time as long as your Personal Data is retained with the Company unless there is a legal provision or a contractual obligation between you and the Company allowing the Company to retain your Personal Data. (e.g. life insurance agent contracts, other business contracts)

    (8) Right to Lodge a Complaint
    If you found that the Company fails to comply with the personal data protection law, you may lodge a complaint to the Personal Data Protection Commission or any other competent authority authorized by the Personal Data Protection Commission or by law provided that you are encouraged to notify the Company first to allow the Company to explain and relieve your worries. In this regard, if you wish to exercise this right, you may contact us via contact information provided in Clause 12 (Contact Information).
    8.2 The Company will use its best effort to respond and comply with your request unless such request may cause undue burden to the Company or harm to other people’s data protection rights or is contrary to the law or beyond the Company’s ability to comply with.
    The Company may charge a reasonable fee for the processing of your request provided, however, that the rate shall not exceed a legal limit.


    9. Personal Data Security

    9.1 The Company has put in place appropriate technical and management measures to ensure its personal data security is at the level prescribed by the personal data protection law and other related laws.
    9.2 In the event that the Company is required to share personal data with another data controller, or in the case where the Company hires or assigns another person to process personal data on behalf of the Company, the Company will require the data controller or data processor to sign a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) and/or Non-Disclosure Agreement (NDA), as the case may be, with the Company to determine its rights and obligations under the Personal Data Protection Act.


    10. Link to Third-Party Websites, Products and Services

    There may be a link on Company’s website, application, or other electronic means directing you to third-party websites, products and services. If you click on the link, a third-party may collect certain information about your use of the service. Therefore, you should be careful and read the data privacy policy of such third-party providers. The Company will not be responsible for any harm to your privacy or any collection of your Personal Data by such third party and this Policy shall only apply to the processing of your Personal Data in accordance with the Purposes described by the Company.


    11. Contact

    11.1 Exercise of Your Legal Rights
    If you wish to exercise your legal right under the personal data protection law, you may contact us at:

    (1) Our headquarter.

    (2) Our branches.

    (3) The Company's website (https://www.thailife.com/PrivacyPolicy?lang=en&privacyType=withdraw-consent&integrate=n) for the exercise of the right to withdraw consent for the purpose of soliciting to become a life insurance agent of a prospective life insurance agent.
    11.2 Contact for Making an Inquiry
    Topics Contact
    • Inquiry about general information
    Call 1124
    • Inquiry about personal data protection policy
    Personal Data Protection Office

    Address : Thai Life Insurance Public Company Limited
    Personal Data Protection Office,
    No. 123, Ratchadapisek Street, Din Dang Subdistrict,
    Din Dang District, Bangkok 10400

    Email: dpo@thailife.com


    12. Amendment to This Policy

    The Company may update or modify this Policy from time to time to make it current with any change to your Personal Data and to comply with any changes in the personal data protection law and related laws. The Company will notify you about the change properly. However, we recommend that you should review this Policy from time to time.


    Data Privacy Policy published on 1 July, 2024


  • Data Privacy Policy for Business Partner

    Data Privacy Policy for Business Partner


    Thai Life Insurance Public Company Limited (“Company”) highly value of personal data protection. As the data controller, the Company has established this Data Privacy Policy (“Policy”) to describe the details and procedures for managing and processing the personal data obtained directly from you or other sources. This includes the purposes of collecting, using, disclosing and/or processing your personal data, as well as the period for retaining such personal data and your rights as the data subject.


    The Company is committed firmly to valuing the preferences, trust and confidence that you have place in the Company as one of the most important things. Therefore, the Company is committed to ensuring the processing your Personal Data lawfully and properly in accordance with Personal Data Protection Law.


    1. Definition

    "Company" means Thai Life Insurance Public Company Limited
    "Personal Data Protection Law" means

    Personal Data Protection Act B.E. 2562 (2019) and its subordinate legislations, including any amendment or revision thereof

    "Personal Data" means any information relating to a person, which enables the identification of such person, whether directly or indirectly, in accordance with the Personal Data Protection Law
    "Sensitive Personal Data" means any information relating to race, ethnicity, political opinion, beliefs in ideologies, religion or philosophy, sexual orientation, criminal record, health information, disability, labor—union membership, genetic data, biometric data or any other information which may affect the data subject in the same manner as prescribed by the Authority under the relevant Law.
    "Personal Data Processing" means

    any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including but not limited to, such collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, transfer, publication, or any other means of making the data available for use), alignment or combination, restriction, erasure or destruction.

    2. Policy Scope

    This Policy applies to natural persons described as follows:

    Type of Person Meaning
    1) Business Partner

    Suppliers, service providers or subcontractors engaged by the Company to participate in one of its business process e.g. data processing, payment or receipt of payment, telecommunication, technology, delivery service, or other services related to the Company’s business or any management, operation, procedure, or action being taken.

    2) Person Acting on Behalf of Business Partner
    • Business partner’s staff.
    • Business partner’s authorized person or proxy.
    • Person acting on behalf of a corporate business’s partner e.g. representative, authorized person, company’s director, shareholders, partners, staff, designated officers, etc.
    • Witness in a contract with the business partner.


    3. Type of Personal Data to Be Collected

    3.1 Any Personal Data which are collected or intended to be collected by the Company under this Policy, whether such data is that you provided directly to the Company, or Personal Data that the Company receives from third-party sources, shall include the following:

    (1) Personal Information e.g. currently name, date of birth, age, sex, profile photo, national identification number, passport number, signature, including official documents in which such information appears, etc.

    (2) Contact information e.g. official address as identification number, address for postal delivery, phone number, email, social media, etc.

    (3) Contract-related information e.g. information used for contract drafting, supplementary documents, delivery of products or services, product or service quality assessment, work performance assessment, etc.

    (4) Educational background information e.g. educational backgrounds and trainings, educational certificates or transcripts, scores, gradings, certificates issued by an educational institute, language proficiency, trainings and proficiency tests held by the Company or any other related organizations, certificates or diplomas, etc.

    (5) Sensitive data e.g. Criminal record.

    (6) Information used when you represent a corporate entity e.g. your information appearing on a company affidavit, list of shareholders, Power of Attorney, documents related to other corporate entities containing your Personal Data, information obtained by the Company from the entity of which you act on behalf or obtained directly from you for the purpose of entering into a contract, providing a service or taking any other actions as requested by the Company.

    (7) Technical data e.g. data on the usage of the Company’s websites and systems, access log, traffic log, information the interaction between you and other users, user log e.g. device locator, IP address, device serial number, types of device, mobile phone network, connection information, geographical location, browser types, login/logout information, referring website data, login log, transaction log, customer behavior, system access statics, access time, search data, usage of system functions, and data collected by the Company trough cookies or any other similar technologies.

    (8) Other information e.g. images and/or voices recorded by a CCTV or other electronic device, voice recordings, biological data, etc.
    3.2 The Company is required to obtain your Sensitive Personal Data e.g. criminal records, for verification during the course of entering into a contract with you or a legal entity acting on your behalf, or to prevent and suppress money laundering and terrorist financing or to act as required by law or under the order of an officer with legal authority, or to secure the Company's area or system, etc. However, The Company will process sensitive personal data with your prior consent, except in cases where the Personal Data Protection Law requires the processing of sensitive personal data without consent. In the event that the Company needs to obtain consent to process your sensitive personal data. If you do not give consent to the Company or exercise your right to withdraw your consent, or object to the collection, use and/or disclosure of such sensitive personal data, or request the deletion or destruction of such sensitive personal data, you will not be able to do so, the Company will not be able to perform the contract entered into with you, in whole or in part.
    3.3 In case where the Company has collected your Personal Data before the Personal Data Protection Act B.E. 2562 (2019) comes into force, your Personal Data will continue to be collected and used by the Company in accordance with the existing purpose and you may withdraw your consent (please see Clause 8 for more details) for such processing from June 1, 2022. If you wish to exercise your right, please contact the Company via contact details provided in (Clause 10. Contact). In this regard, the use and/or disclosure and any other actions with regard to your Personal Data will be conducted in accordance with this Policy.


    4. How the Company Collects and Obtains Your Personal Data

    4.1 Generally, the Company will collect your Personal Data directly from you unless it is necessary to obtain them from third-party sources e.g. your reference person, publicly available information, your business, or commercial sources.
    4.2 When we collect your Personal Data, you will be notified about how we process your information under this Policy, including but not limited to the basis on which the collection, use and/or disclosure of the Personal Data is relied. If the personal data protection law requires your consent, the Company will obtain your express consent before processing.
    4.3 You may choose not to allow the Company to collect certain Personal Data. However, if you choose to opt-out, the Company may not perform a transaction, contact or respond to your request e.g. the Company may not enter into an insurance agreement, provide insurance services or products, process the claims or take any other actions under the insurance policy for your benefits, whether in whole or in part.
    4.4 While the Company is collecting your Personal Data, if we determine that any of your Personal Data is unnecessary to be collected, used, and disclosed, the Company may delete, destroy or take any other actions e.g. using a pen to cross out the information about religion on a copy of identification card to make such information no longer identifiable.


    5. Purposes and Lawful Bases for Personal Data Processing

    5.1 The Company may process your Personal Data in accordance with the following purposes (“Purposes”) and lawful bases:
    Purposes Lawful Basis Types of Information
    1) To create a list of business partners
    • Legitimate interest
    • Personal information
    • Contact information
    • Contract-related information
    • Sensitive data
    • Information used when you represent a corporate entity
    2) To conduct procurements and other related actions e.g. submitting a bid proposal, providing a performance bond, entering into a contract with you or other corporate entities you are representing, recruitment, background check on you and/or corporate entities you are representing, work performance monitoring and quality assessment of products, services, performance, payment for the products or services.
    • To comply with a contract or prior steps before entering into a contract
    • Personal information
    • Contact information
    • Contract-related information
    • Educational background and trainings
    • Sensitive data
    • Information used when you represent a corporate entity
    • Technical information
    • Other information
    3) To identify and verify you and/or your corporate entity before or upon entering into a contract with you or your corporate entity, and during the term of such contract.
    • Legal obligations
    • To comply with a contract or prior steps before entering into a contract
    • Personal information
    • Contact information
    • Contract-related information
    • Sensitive data
    • Information used when you represent a corporate entity
    4) To comply with the laws, regulations, related subordinate legislations e.g. insurance law, money laundering law, tax law, personal data protection law, and orders issued by competent officers e.g. the Insurance Commission (IC) and Personal Data Protection Commission.
    • Legal obligations
    • Personal information
    • Contact information
    • Contract-related information
    • Sensitive data
    • Information used when you represent a corporate entity
    • Other information
    5) To maintain, manage and protect information technology infrastructure security and safety of employees and third parties, including their property and information.
    • Legitimate interest
    • Legal obligation
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Technical information
    • Other information
    6) To conduct legal proceedings, defend a legal claim or explain about the matter disputed in a complaint, establish or defend a legal claim, or gather evidence for the purpose thereof.
    • To establish, exercise, or defend a legal claim.
    • Legitimate interest
    • Personal information
    • Contact information
    • Contract-related information
    • Educational background and trainings
    • Sensitive data
    • Information used when you represent a corporate entity
    • Technical information
    • Other information
    7) To maintain business relationship with you or your corporate entity.
    • Legitimate interest
    • Personal information
    • Contact information
    • Information used when you represent a corporate entity

    5.2 As your Personal Data which are processed in accordance with the above purposes with regard to legal or contractual compliance e.g. service agreement or business agreement, or compliance with your request to the Company or all prior steps before entering into a contract with you are necessary to be obtained to satisfy such purposes. If you do not provide us with your Personal Data or your consent or withdraw your consent or object to the processing of such data when so required by the Company, legal consequences may ensue or the Company may not be able to comply with its obligations under an insurance contract or any other contracts with you, may not be able to provide related insurance services or products to you, or may not be able to comply with your request (as the case may be). In this regard, the Company may refuse to enter into a contract with you or terminate a contract, cease to provide its service to you, or decline to comply with your request whether in whole or in part.
    5.3 If it is necessary for the Company to use your Personal Data outside the scope of purposes described above, additional data privacy policy will be provided to explain how your Personal Data will be used. Therefore, it is advisable to read the additional data privacy policy together with this Policy.


    6. Disclosure of Personal Data

    6.1 The Company may disclose your Personal Data to the following entities and individuals in accordance with the Purposes and applicable laws:

    (1) Staff, employees, or personnel of the Company on a need-to-know basis for the purpose of processing your Personal Data.

    (2) Company’s internal or external advisors e.g. lawyers, physicians, auditors, consultants or experts.

    (3) Competent authority or officers, committees established by law, regulators, dispute resolution bodies including but not limited to the OIC, Department of Provincial Administration, Revenue Department, Ministry of Commerce, Anti-Money Laundering Office, Royal Thai Police Headquarters, Office of the Attorney-General, court of justice, or any other entities which may require the Company to disclose your Personal Data in accordance with the law and/or related subordinate legislations.
    (Note: You can read the Privacy Policy of the OIC at www.oic.or.th)

    (4) Business partners, contractual parties, third-party service providers, sub-providers and/or their staff providing services relating to the Company’s business operation or any management, operation, procedure, or provision of service to you.

    (5) Other insurance providers.

    (6) Clients or potential clients where your Personal Data may be included in the sale and purchase or proposed sale and purchase of the Company’s business (if any).

    (7) Individuals or entities authorized by law.

    (8) Individuals or entities to which you have given your consent to disclose your Personal Data to them.
    6.2 The Company will only disclose your Personal Data in accordance with the above Purposes or any other purposes prescribed by law. If your consent is legally required, the Company will obtain your consent before any processing.
    6.3 If your Personal Data are disclosed to third parties, the Company will take appropriate measures to protect your disclosed Personal Data and comply with required data protection standards.
    6.4 In case of a cross-border transfer of your Personal Data, the Company will ensure that the destination country or third-party recipient have adequate data protection. The Company may also obtain your consent before transfer such data internationally in accordance with the personal data protection law.


    7. Retention Period

    7.1 The Company will retain your Personal Data for a period required by law in accordance with the purpose for collection and processing of such data. The retention period may vary depending on the purpose for processing and collecting of such data. In addition, the Company will retain such data for as long as required by relevant law (if any) taking into account a statutory limitation for potential legal actions arising from or related to the documents or each type of data collected and business practices relating to the retention of such data.
    7.2 The Company will retain your Personal Data for as long as necessary and appropriate for the collection, use and disclosure of such data in accordance with the Purposes, or not exceeding 11 years from the date of termination of a transaction between you and the Company. However, the Company may retain your personal data for longer period if permitted by law or necessary for the data processing, or for other reasons.
    7.3 If it is no longer necessary for the Company to process your Personal Data or the above-described period has expired, the Company will destroy your Personal Data or make it no longer identifiable without prior notice to you.


    8. Rights in Relation to Your Personal Data

    8.1 As a data subject, you will be entitled to the following rights under the personal data protection law:

    (1) Right to Access to Personal Data
    You may access, obtain a copy, or request a disclosure of your source of Personal Data collected and processed by the Company except where the Company has the right to refuse your request based on a lawful basis or court’s order or your request may potentially harm other people’s rights or freedoms.

    (2) Right to Data Portability
    You may request the Company to receive, transmit or transfer your Personal Data from the Company to the Data Controller or Data Processor in a format that can be automatically read and processed by a automated tools or devices, and allows for automatic use or disclosure of such Personal Data. However, the exercise of this right shall be in accordance with the law, and the insurance business sector, there are systems in place to support the exercise of this right.

    (3) Right to Object to Processing of Personal Data
    You may object to the processing of your Personal Data unless the Company has the right to refuse your request based on a lawful basis (e.g. legitimate interest, establishment of legal reason, exercise, or defense of legal claim, or public task).

    (4) Right to Erasure
    You may request the Company to erase, destroy or make your Personal Data no longer identifiable provided that the exercise of such right shall be in accordance with the law.

    (5) Right to Restrict Processing

    You may request the Company to restrict the processing of your Personal Data as follows:

    • (A)when the Data Controller is pending examination process in accordance with the data subject's request to keep his/her Personal Data complete and current.
    • (B)when your Personal Data are unlawfully collected, used or disclosed.
    • (C)when it is no longer necessary to retain your Personal Data for the purposes of collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims.
    • (D)when the Company is pending examination of a legal basis on which the collection of your Personal Data or the necessity to process your Personal Data for the purpose of carrying out a public task is based following your exercise of the right to object to the collection, use or disclosure of the Personal Data.

    (6) Right to Rectification
    If your Personal Data has been found to be incorrect, incomplete or not current, you may request for a rectification of your Personal Data to keep them correct, current, complete and not misleading.

    (7) Right to Withdraw Your Consent
    If you have given your consent to process your Personal Data (whether such consent is given before or after the enactment of the Personal Data Protection Act B.E. 2562 (2019)), you may withdraw your consent at any time as long as your Personal Data is retained with the Company unless there is a legal provision or a contractual obligation between you and the Company allowing the Company to retain your Personal Data. (e.g. service contracts, other business contracts)

    (8) Right to Lodge a Complaint
    If you found that the Company fails to comply with the personal data protection law, you may lodge a complaint to the Personal Data Protection Commission or any other competent authority authorized by the Personal Data Protection Commission or by law provided that you are encouraged to notify the Company first to allow the Company to explain and relieve your worries. In this regard, if you wish to exercise this right, you may contact us via contact information provided in Clause 12 (Contact Information).
    8.2 The Company will use its best effort to respond and comply with your request unless such request may cause undue burden to the Company or harm to other people’s data protection rights or is contrary to the law or beyond the Company’s ability to comply with.
    The Company may charge a reasonable fee for the processing of your request provided, however, that the rate shall not exceed a legal limit.


    9. Personal Data Security

    9.1 The Company has put in place appropriate technical and management measures to ensure its personal data security is at the level prescribed by the personal data protection law and other related laws.
    9.2 In the event that the Company is required to share personal data with another data controller, or in the case where the Company hires or assigns another person to process personal data on behalf of the Company, the Company will require the data controller or data processor to sign a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) and/or Non-Disclosure Agreement (NDA), as the case may be, with the Company to determine its rights and obligations under the Personal Data Protection Act.


    10. Contact

    10.1 Exercise of Your Legal Rights
    If you wish to exercise your legal right under the personal data protection law, you may contact us at:

    (1) Our headquarter.

    (2) Our branches.
    10.2 Contact for Making an Inquiry
    Topics Contact
    • Inquiry about general information
    Call 1124
    • Inquiry about personal data protection policy
    Personal Data Protection Office

    Address : Thai Life Insurance Public Company Limited
    Personal Data Protection Office,
    No. 123, Ratchadapisek Street, Din Dang Subdistrict,
    Din Dang District, Bangkok 10400

    Email: dpo@thailife.com


    11. Amendment to This Policy

    The Company may update or modify this Policy from time to time to make it current with any change to your Personal Data and to comply with any changes in the personal data protection law and related laws. The Company will notify you about the change properly. However, we recommend that you should review this Policy from time to time.


    Data Privacy Policy published on 1 July, 2024


  • Data Privacy Policy for Company’s Staff

    Data Privacy Policy for Company’s Staff


    Thai Life Insurance Public Company Limited (“Company”) highly value of personal data protection. As the data controller, the Company has established this Data Privacy Policy (“Policy”) to describe the details and procedures for managing and processing the personal data obtained directly from you or other sources. This include the purposes of collecting, using, disclosing and/or processing your personal data, as well as the period for retaining such personal data and your rights as the data subject.


    The Company firmly in valuing the preferences, trust and confidence that you have place in the Company as one of the most important things. Therefore, the Company is committed to ensuring the processing your Personal Data lawfully and properly in accordance with Personal Data Protection Law.


    1. Definition

    "Company" means Thai Life Insurance Public Company Limited
    "Personal Data Protection Law" means Personal Data Protection Act B.E. 2562 (2019) and its subordinate legislations, including any amendment or revision thereof.
    "Personal Data" means any information relating to a person, which enables the identification of such person, whether directly or indirectly, in accordance with the Personal Data Protection Law
    "Sensitive Personal Data" means any information relating to race, ethnicity, political opinion, beliefs in ideologies, religion or philosophy, sexual orientation, criminal records, health information, disability, labor-union membership, genetic data, biometric data or any other information which may affect the data subject in the same manner as prescribed by the Authority under the relevant Law.
    "Personal Data Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, including but not limited to, collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, transfer, publication, or any other means of making the data available for use), alignment or combination, restriction, erasure or destruction.


    2. Policy Scope

    This Policy applies to natural persons described as follows:

    Type of Person Meaning
    1) Company’s staff

    Company’s director, employee whose employment may be restricted by a term or not e.g. full-time employee, contract employee, and any person engaged by the Company under a consulting service agreement.

    2) Job applicant

    Any person who submits a job application containing Personal Data to the Company for its review whether such application is submitted directly by such person or any person acting on his/her behalf.

    3) Discharged personnel

    Any person whose directorship, employment or consulting service agreement has been terminated for any reason.

    4) Guarantor

    Any person who enters into a guarantee agreement with the Company to provide assurance of payment when a Company’s staff defaults.

    5) Internship Applicants

    The person applying for an internship with the Company, regardless of whether the application for an internship is made by himself or through an agency or institution.

    6) Reference person
    • Any third party who is cited by the person in 1) to 4) as his/her reference person who can provide necessary information so that the qualification of the person in 1) to 4) can be reviewed by the Company.
    • Any person who can be contacted in case of emergency if the person in 1) to 4) cannot be reached.


    3. Type of Personal Data to Be Collected

    3.1 Any Personal Data which are collected or intended to be collected by the Company under this Policy, whether such data is directly provided by you or obtained automatically from you or third-party sources, shall include the following:

    (1) Personal Information e.g. name, nickname, date of birth, age, sex, weight, height, profile photo, national identification number, passport number, nationality, religion, marital status, and family household information, place of birth, driving license number, expiry date of a driving license, record of military service, including official documents in which such information appears, etc.

    (2) Contact information e.g. official address as household registration, address for postal delivery, phone number, email, social media, emergency contact person, etc.

    (3) Educational background information e.g. educational backgrounds and trainings, educational certificates or transcripts, scores, gradings, certificates issued by an educational institute, language proficiency, trainings and proficiency tests held by the Company or any other related organizations, certificates or diplomas, etc.

    (4) Information taken from a job application e.g. personal profile, professional experience, information obtained from an interview, supplementary or reference documents, work experience, position or work applying for, test results required by the Company (e.g. attitude or competency test), etc.

    (5) Information about the work and position e.g. employment Contract, employment in each period, your workplace, company you have worked for, employee ID number, position, internal contact number, supervisor, work period, comments on your work performance, etc.

    (6) Work assessment and performance e.g. performance evaluations, opinions, attitudes and behaviors at work, disciplinary records, records of meritorious, achievements and/or awards received, records of complaints, records of investigations and disciplinary penalties, letters of reprimand or termination of employment, etc.

    (7) Benefits and remunerations e.g. salary, remuneration, bonus, pensions, welfare benefits, health benefits (which cover family members), meeting allowance and/or benefits, bank account number, social security fund, provident fund, tax record, tax deduction, third-party beneficiary, etc.

    (8) Statistical records e.g. starting date of employment, annual leaves, work hours, overtime hours, absenteeism or tardiness, leave records and reason for leave, record of use of internal resources and record of meeting attendance, etc.

    (9) Sensitive Data e.g. health Information, religious information, criminal records, trade union information.

    (10) Technical data e.g. access log, traffic log, information the interaction between you and other users, user log e.g. device locator, IP address, device serial number, types of device, mobile phone network, connection information, geographical location, browser types, login/logout information, referring website data, login log, transaction log, customer behavior, system access statics, access time, search data, usage of system functions, and data collected by the Company trough cookies or any other similar technologies.

    (11) Information enabling the Company to comply with applicable laws including but not limited to Life Insurance Act, Personal Data Protection Act, Anti-Money Laundering Act, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Act, Securities and Exchange Act, so that the Company can comply with its obligations under such legislations properly, e.g. submitting a report or providing required information and records or documents, maintaining the records thereof and submitting them to a competent authority, monitoring transactions, or taking any other related actions.

    (12) Other information e.g. images and/or recordings being conducted using camera, CCTV or other electronic device, voice recording, your participation with the event held directly by the Company or jointly with other organizations, your comments, your biological data, etc.
    3.2 The Company may obtain your Sensitive Personal Data, e.g. criminal records for qualification review before entering into an employment contract, appointment contract or other types of contracts with you health records to assess your work ability, provide appropriate welfare scheme and manage human resources or biological data for self-identification and verification, etc. The Company will process your Sensitive Personal Data after obtaining your prior consent, except in cases where the Personal Data Protection Law requires the processing of sensitive personal data without consent. In the event that the Company needs to obtain consent to process your sensitive personal data, if you do not give consent to the Company or exercise your right to withdraw your consent, or object to the collection, use and/or disclosure of such sensitive personal data, or request the deletion or destruction of such sensitive personal data, the Company will not consider your information in the selection of the Company's personnel, or be unable to enter into a contract with you, or be unable to perform a contract with you, in whole or in part.
    3.3

    In case where the Company has collected your Personal Data before the Personal Data Protection Act B.E. 2562 (2019) comes into force, your Personal Data will continue to be collected and used by the Company in accordance with the existing purpose and you may withdraw your consent (please see Clause 9 for more details) for such processing from June 1, 2022. If you wish to exercise your right, please contact the Company via contact details provided in (Clause 11. Contact). In this regard, the use and/or disclosure and any other actions with regard to your Personal Data will be conducted in accordance with this Policy.


    4. How the Company Collects and Obtains Your Personal Data

    4.1 The Company may collect and obtain your Personal Data as follows:

    (1) Personal Data obtained directly from you : The Company may obtain your Personal Data directly from your job application and supplementary documents, or application for a position, or your contact information when filling out an online or documentary form, taking a job interview, entering into a contract and other documents submitted by you to the Company, etc.

    (2) Personal Data obtained from third parties: The Company may obtain your Personal Data from any third party e.g. recruitment agency, government agency, educational institute, bank, publicly available information, social media, and your business sources, etc. If third-party information is given to the Company, you represent and warrant that such third party, e.g. your reference person or emergency contact, has given his/her consent to the Company and been informed about the Company’s Data Privacy Policy.
    4.2 When we collect your Personal Data, you will be notified about how we process your information under this Policy, including but not limited to the basis on which the collection, use and/or disclosure of the Personal Data is relied. If the personal data protection law requires your consent, the Company will obtain your express consent before processing.
    4.3

    You may choose not to allow the Company to collect certain Personal Data. However, if you choose to opt-out, the Company may not perform a transaction, contact or respond to your request e.g. the Company may not proceed with the recruitment process, enter into a contract or take any other related actions for you, whether in whole or in part.

    4.4

    While the Company is collecting your Personal Data, if we determine that any of your Personal Data is unnecessary to be collected, used, and disclosed, the Company may delete, destroy or take any other actions e.g. using a pen to cross out the information about religion on a copy of identification card to make such information no longer identifiable.


     

    5. Purposes and Lawful Bases for Personal Data Processing

    5.1 The Company may process your Personal Data in accordance with the following purposes (“Purposes”) and lawful bases:

    Purposes Lawful Basis Types of Information
    1) To recruit and review qualifications for an employee or director position via Company’s channels, authorized person or authorized third party, and for the purpose of correspondence, interview, qualification review and conduct of relevant tests.
    • To comply with a contract or prior steps before entering into a contract
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Contact information
    • Educational background and trainings
    • Information taken from a job application
    • Work assessment and performance
    • Benefits and remunerations
    • Criminal records
    2) To enter into an appointment contract, employment contract, consulting service agreement or any other relevant agreement and comply with the terms and conditions contained therein.
    • To comply with a contract or prior steps before entering into a contract
    • Consent (in case where Sensitive Personal Data are being collected)
    3) To manage the training and work training for interns with the Company, as well as to keep records of their training or internship and send the information to the relevant educational institution or agency, or to issue documents to show the information of the training or internship to the Company.
    • Contract
    • Legitimate interest
    • Personal information
    • Contact informatio
    • Educational background and trainings
    • Information about the work and position
    • Work assessment and performance efficiency
    • Benefits and remunerations
    • Technical information
    4) For the purpose of human resource management e.g. internal correspondence, personnel structure, employee transfer, welfare scheme and compensation management, trainings, work assessment, operational supervision, disciplinary action, or implementation of company policies or regulations in the field of personnel management, including the collection of various statistics that occur in the course of operations.
    • To comply with a contract or prior steps before entering into a contract
    • Legitimate interest
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Contact information
    • Educational background and trainings
    • Information taken from a job application
    • Information about the work and position
    • Work assessment and performance
    • Benefits and remunerations
    • Statistical records
    • Criminal records
    • Technical information
    • Information enabling the Company to comply with applicable laws
    • Other information
    5) For the purpose of compliance with legal obligations under applicable laws e.g. the laws regarding labor protection, social security, provident fund, taxation, life insurance, money laundering, taxation, personal data protection, securities and stock exchange, or compliance with orders issued by competent officers e.g. the order to submit a report, provide information or notify when there is a change to registration record, etc.
    • Legal obligations
    • Consent (in case where Sensitive Personal Data are being collected)
    • Personal information
    • Contact information
    • Educational background and trainings
    • Information about the work and position
    • Work assessment and performance
    • Benefits and remunerations
    • Statistical records
    • Criminal records
    • Other information
    6) For the purpose of compliance with the instruction of a competent officer or authority to provide cooperation or information for the purpose of carrying out a public task.
    • Legitimate interest
    7) For entering into contracts with third parties, such as sending personal data of directors or persons authorized to act on behalf of the Company to the parties.
    • Contract
    • Legitimate interest
    • Personal information
    • Information about the work and position
    8) To conduct legal proceedings, defend a legal claim or explain about the matter disputed in a complaint, establish or defend a legal claim, or gather evidence for the purpose thereof.
    • To establish or defend a legal claim
    • Legitimate interest
    • Personal information
    • Contact information
    • Educational background and trainings
    • Information about the work and position
    • Work assessment and performance
    • Benefits and remunerations
    • Statistical records
    • Criminal records
    • Other information
    9) To maintain business relationship with you and take any other actions to protect your interest, including informing you about the news and interesting information.
    • Legitimate interest
    • Consent
    • Personal information
    • Contact information
    • Information about the work and position
    • Other information
    10) To maintain, manage and protect information technology infrastructure security and safety of employees and third parties, including their property and information.
    • Legitimate interest
    • Legal obligations
    • Consent
    • Personal information
    • Contact information
    • Other information
    11) To comply with your request, e.g. issuing a work certificate, submitted while you are Company’s staff or after you have been discharged or while your contract with the Company is still effective.
    • To comply with a contract or prior steps before entering into a contract
    • Legitimate interest
    • Personal information
    • Contact information
    • Information about the work and position
    • Benefits and remunerations
    12) To publicize a CSR activity, provide relevant information and facilitate participants and take other related actions as requested by a data subject.
    • Consent
    • Legitimate interest
    • Personal information
    • Contact information
    • Other information
    • Technical information
    • Information about the transaction between you and the Company
    • Other information

    5.2

    As your Personal Data which are processed in accordance with the above purposes with regard to legal or contractual compliance e.g. employment agreement, or compliance with your request to the Company or all prior steps before entering into a contract with you are necessary to be obtained to satisfy such purposes. If you do not provide us with your Personal Data or your consent or withdraw your consent or object to the processing of such data when so required by the Company, legal consequences may ensue or the Company may not be able to comply with its obligations under an insurance contract or any other contracts with you, may not be able to provide related insurance services or products to you, or may not be able to comply with your request (as the case may be). In this regard, the Company may refuse to enter into a contract with you or terminate a contract, cease to provide its service to you, or decline to comply with your request whether in whole or in part.

    5.3 If it is necessary for the Company to use your Personal Data outside the scope of purposes described above, additional data privacy policy will be provided to explain how your Personal Data will be used. Therefore, it is advisable to read the additional data privacy policy together with this Policy.


    6. Disclosure of Personal Data

    6.1 The Company may disclose your Personal Data to the following entities and individuals in accordance with the Purposes and applicable laws:

    (1) Staff, employees, or personnel of the Company on a need-to-know basis for the purpose of processing your Personal Data in accordance with this Policy.

    (2) Competent authority or officers, committees established by law, regulators, dispute resolution bodies other than the OIC, Department of Provincial Administration, Revenue Department, Ministry of Commerce, Anti-Money Laundering Office, Royal Thai Police Headquarters, Office of the Attorney-General, court of justice, or any other entities which may require the Company to disclose your Personal Data in accordance with the law and/or related subordinate legislations.
    (Note: You can read the Privacy Policy of the OIC at www.oic.or.th)

    (3) The Thai Assurance Association, other insurance providers, associations or federations and/or other insurance-related businesses e.g. the Thai Association of Insurance and Financial Advisors.

    (4) Company’s internal or external advisors e.g. lawyers, physicians, auditors, consultants or experts.

    (5) Business partners, contractual parties, third-party service providers, sub-providers and/or their staff providing services relating to the management, data processing, business process, payment system, debt collection, or security clearing and settlement, telecommunication, technology, Cloud, recruitment management, call center, storage service, document processing, data analysis, document scanning services, marketing and research, emergency management, legal service or other services relating to the Company’s business operation, or any management, operation, procedure, or action taken in relation to the Company’s insurance product or service for your benefit. or any other Company’s operations.

    (6) Potential customers, customers, purchasers of Company’s service or product.

    (7) Individuals or entities authorized by law.

    (8) Individuals or entities to which you have given your consent to disclose your Personal Data to them or an entity to which the Company may disclose your Personal Data under other legal bases, such as disclosure of internship information to the educational institution where the data subject is studying.
    6.2 The Company will only disclose your Personal Data in accordance with the above Purposes or any other purposes prescribed by law. If your consent is legally required, the Company will obtain your consent before any processing.
    6.3 If your Personal Data are disclosed to third parties, the Company will take appropriate measures to protect your disclosed Personal Data and comply with required data protection standards.
    6.4 In case of a cross-border transfer of your Personal Data, the Company will ensure that the destination country or third-party recipient have adequate data protection. The Company may also obtain your consent before transfer such data internationally in accordance with the personal data protection law.


    7. Retention Period

    7.1 The Company will retain your Personal Data for a period required by law in accordance with the purpose for collection and processing of such data. The retention period may vary depending on the purpose for processing and collecting of such data. In addition, the Company will retain such data for as long as required by relevant law (if any) taking into account a statutory limitation for potential legal actions arising from or related to the documents or each type of data collected and business practices relating to the retention of such data.
    7.2 The Company will retain your Personal Data for as long as necessary and appropriate for the collection, use and disclosure of such data in accordance with the Purposes, or not exceeding 11 years from the date of termination of a transaction between you and the Company. However, the Company may retain your personal data for longer period if permitted by law or necessary for the data processing, or for other reasons.
    7.3 If it is no longer necessary for the Company to process your Personal Data or the above-described period has expired, the Company will destroy your Personal Data or make it no longer identifiable without prior notice to you.


    8. Personal Data Relating to Minor, Incapacitated Person or Quasi-incompetent Person

    The Company may collect and process your Personal Data relating to a person below 20, incapacitated person, or quasi-incompetent person from time to time. In this regard, the Company is required to comply with the personal data protection law with regard to such person, including the requirement to obtain prior consent from his/her legal representative or guardian (in case of a minor), legal guardian (in case of an incapacitated person) and custodian (in case of a quasi-incompetent person) in accordance with the personal data protection law.


    9. Rights in Relation to Your Personal Data

    9.1 As a data subject, you will be entitled to the following rights under the personal data protection law:

    (1) Right to Access to Personal Data
    You may access, obtain a copy, or request a disclosure of your source of Personal Data collected and processed by the Company except where the Company has the right to refuse your request based on a lawful basis or court’s order or your request may potentially harm other people’s rights or freedoms.

    (2) Right to Data Portability
    You may request the Company to receive, transmit or transfer your Personal Data from the Company to the Data Controller or Data Processor in a format that can be automatically read and processed by a automated tools or devices, and allows for automatic use or disclosure of such Personal Data. However, the exercise of this right shall be in accordance with the law, and the insurance business sector, there are systems in place to support the exercise of this right.

    (3) Right to Object to Processing of Personal Data
    You may object to the processing of your Personal Data unless the Company has the right to refuse your request based on a lawful basis (e.g. legitimate interest, establishment of legal reason, exercise, or defense of legal claim, or public task).

    (4) Right to Erasure
    You may request the Company to erase, destroy or make your Personal Data no longer identifiable provided that the exercise of such right shall be in accordance with the law.

    (5) Right to Restrict Processing

    You may request the Company to restrict the processing of your Personal Data as follows:

    (A)when the Data Controller is pending examination process in accordance with the data subject's request to keep his/her Personal Data complete and current.

    (B)when your Personal Data are unlawfully collected, used or disclosed.

    (C)when it is no longer necessary to retain your Personal Data for the purposes of collection, but you have necessity to request the retention for the purposes of the establishment, compliance, or exercise of legal claims, or the defense of legal claims.

    (D)when the Company is pending examination of a legal basis on which the collection of your Personal Data or the necessity to process your Personal Data for the purpose of carrying out a public task is based following your exercise of the right to object to the collection, use or disclosure of the Personal Data.


    (6) Right to Rectification
    If your Personal Data has been found to be incorrect, incomplete or not current, you may request for a rectification of your Personal Data to keep them correct, current, complete and not misleading.

    (7) Right to Withdraw Your Consent
    If you have given your consent to process your Personal Data (whether such consent is given before or after the enactment of the Personal Data Protection Act B.E. 2562 (2019)), you may withdraw your consent at any time as long as your Personal Data is retained with the Company unless there is a legal provision or a contractual obligation between you and the Company allowing the Company to retain your Personal Data. (e.g. employment contract)

    (8) Right to Lodge a Complaint
    If you found that the Company fails to comply with the personal data protection law, you may lodge a complaint to the Personal Data Protection Commission or any other competent authority authorized by the Personal Data Protection Commission or by law provided that you are encouraged to notify the Company first to allow the Company to explain and relieve your worries. In this regard, if you wish to exercise this right, you may contact us via contact information provided in Clause 12 (Contact Information).
    9.2 The Company will use its best effort to respond and comply with your request unless such request may cause undue burden to the Company or harm to other people’s data protection rights or is contrary to the law or beyond the Company’s ability to comply with.
    The Company may charge a reasonable fee for the processing of your request provided, however, that the rate shall not exceed a legal limit.


    10. Personal Data Security

    10.1 The Company has put in place appropriate technical and management measures to ensure its personal data security is at the level prescribed by the personal data protection law and other related laws.
    10.2 In the event that the Company is required to share personal data with another data controller, or in the case where the Company hires or assigns another person to process personal data on behalf of the Company, the Company will require the data controller or data processor to sign a Data Sharing Agreement (DSA) or Data Processing Agreement (DPA) and/or Non-Disclosure Agreement (NDA), as the case may be, with the Company to determine its rights and obligations under the Personal Data Protection Act.


    11. Link to Third-Party Websites, Products and Services

    There may be a link on Company’s website, application, or other electronic means directing you to third-party websites, products and services. If you click on the link, a third-party may collect certain information about your use of the service. Therefore, you should be careful and read the data privacy policy of such third-party providers. The Company will not be responsible for any harm to your privacy or any collection of your Personal Data by such third party and this Policy shall only apply to the processing of your Personal Data in accordance with the Purposes described by the Company.

    12. Contact

    12.1 Exercise of Your Legal Rights
    If you wish to exercise your legal right under the personal data protection law, you may contact us at:

    (1) Our headquarter.

    (2) Our branches.
    12.2 Contact for Making an Inquiry
    Topics Contact
    • Inquiry about general information
    Call 1124
    • Inquiry about personal data protection policy
    Personal Data Protection Office

    Address : Thai Life Insurance Public Company Limited
    Personal Data Protection Office,
    No. 123, Ratchadapisek Street, Din Dang Subdistrict,
    Din Dang District, Bangkok 10400

    Email: dpo@thailife.com


    13. Amendment to This Policy

    The Company may update or modify this Policy from time to time to make it current with any change to your Personal Data and to comply with any changes in the personal data protection law and related laws. The Company will notify you about the change properly. However, we recommend that you should review this Policy from time to time.


    Data Privacy Policy published on 1 July, 2024


  • Withdraw consent
  • Information Security Policy