FOR CUSTOMERS AND PROSPECTS

Personal Data Protection Policy of BSI Insurance Broker Limited

BSI Insurance Broker Limited (the “Company”) is aware of the importance of privacy and its responsibilities relating to the collection, use, and disclosure of (“processing” or “to process”) your personal data. The Company, therefore, issues this Personal Data Privacy Policy(the “Policy”) to describe the details of the processing of your personal data, as well as details of the retention period of personal data, the disclosure of personal data, the rights of data subjects with respect to their personal data, and the contact channels of the Company as prescribed in the Personal Data Protection Act B.E. 2562 (2019) (the “Personal Data Protection Act”) as follows.

1. Definitions

“Personal data” means any information that can be used to identify a natural person, directly or indirectly, but shall not include, in particular, any information about deceased persons.

“Sensitive personal data” means the personal data as specified in Section 26 of the Personal Data Protection Act, and other applicable laws and regulations, as well as personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, trade union information, genetic data, biometric data, or any other data that may affect the data subject in the same manner, as prescribed and notified by the Personal Data Protection Committee.

“Personal Data Protection Act” means the Personal Data Protection Act B.E. 2562(2019), including any notifications, rules, regulations, or secondary legislation issued by virtue of the Personal Data Protection Act, and any amendment thereto from time to time.

“Committee” means the Personal Data Protection Committee.

2. What personal data do we collect?

We will process personal data, which may include your sensitive personal data as follows

2.1 General Personal Data

(1) Personal data that relates to you in general, such as name, ID card number, national identity, date of birth, age, occupation, gender, marital status, photograph, number, landline phone; Mobile phone number, house registration address, delivery address, postal address, passport number, email, voice chat and other contact details.

(2) Information about your work, such as job title; Your place of work, your employment history, which may include your employer’s name and address.

(3) Financial information such as income, source of income, bank account number, information about taxes, details about bank account movements; Details about loans, information about investments, details about credit cards, and details or information about other payments.

(4) Product and/or service details, including details of products and/or services that you have purchased from us or other insurance business operators, such as policy number, sum assured, etc. Policy changes/transactions How to pay premiums, history of premium payment, or history of borrowing money. Beneficiaries, claims, including the exercise of rights under the policy or other products or services of our company or other insurance business operators.

(5) Legal status, such as money laundering status; Status on financing terrorism Bankruptcy Status under the U.S. Foreign Account Tax Compliance Act (FATCA)

(6) Technical information and personal activities/preferences of your users; When you use our websites, applications, and may include social media platforms of other service providers, such as the unique customer name used on the social media platform. IP Address: Types and versions of cookies Time zone settings, types of plugins in the browser. Operating system and user profile: Information about the device, including information about mobile devices, wireless network information, and general network information.

2.2 Sensitive Personal Data

The Company may need to collect sensitive personal data such as health information, disability information, criminal records, etc. Genetic information, biometric information, or any other similar information as announced by the Personal Data Protection Committee.

In the event that the Company needs to collect your personal data for the purpose of entering into an insurance contract. To comply with the contract or a legal obligation If you do not provide personal data as necessary for the Company’s administration. The Company may not be able to carry out the purposes set forth in this Policy or provide you with the full range of services, or you may not be able to use the Company’s services properly, or it may affect compliance with any laws that the Company or you are obligated to comply with.

3. When do we collect your personal data?

We may collect your personal data in the following ways: 

(1) When you express your intention to purchase or use personal insurance, group insurance, and/or when you access or use the website or application and/or services online; Mobile or telephone or our other services (“Products” or “Services”).

(2) When you submit insurance documents and application forms for purchase or use, or when you provide information when considering purchasing or using our products or services;

(3) When you communicate with us; Whether it is written or verbal communication, regardless of which party contacts that party first or not.

(4) When you submit a request for changes or improvements to the products you have purchased or the services you have used, or any other requests regarding the products you have purchased or the services you use, including the submission of forms and documents related to our products.

(5) When you contact personnel, customer service staff, sales staff, insurance agents, Insurance Intermediary Brokers Contractors, Suppliers Service Providers, Authorized Persons Representatives or other persons or other relevant departments of the Company (collectively referred to as “the Company’s personnel and partners”) through websites, applications, social media, telephone, email, face-to-face meetings, interviews, etc. Short message (SMS), fax, postal mail or by any other means.

(6) When we receive instructions about you, or when we collect personal information from our personnel and partners;

(7) When you submit personal data to us to participate in marketing activities; competition sweepstakes, events or competitions organised by or on behalf of us and/or our personnel and partners;

(8) When we receive personal information from third parties about you, including but not limited to obtaining information from verified information from publicly available sources. Personal or commercial sources, websites, Social Media Resources, Data Providers, Medical Resources. Public Health Facilities hospital Doctors, other public health professionals. Other insurance business operators associations or associations of businesses related to the products you purchase or the services you use; Insurance application form for the product you purchased or the service you used. Risk Guarantee for the Products You Purchase Complaints about our products and/or products and services purchased or used by you (“Third-Party Resources”).

(9) When we receive personal information about you from a third party for the purpose of complying with the law and for other regulatory purposes, as well as for other lawful purposes, for example, the Company may receive your Personal Data from the Insurance Commission (OIC).

When you provide us with any personal data relating to third parties (such third parties, including but not limited to the Insured, family members, insurance premium payers, or beneficiaries) You must comply with the Personal Data Protection Act, whether by obtaining consent or notifying a third party of this Policy on behalf of the Company. However, You represent and warrant the accuracy of such Personal Data and represent and warrant that you have fully informed them of the details in accordance with this Policy.

4. Purpose of Processing Your Personal Data

We will process your personal data for the following purposes:

(1) To carry out the execution of the insurance contract or the execution of the contract, namely:

(a) to offer, sell, arrange, manage; perform (b) to follow the process and manage our products and/or services to you; (b) to follow the process procedures, manage, complete the provision of our services or products, and recommend appropriate products and services to you; Fulfilling the process of applying for insurance for a product, handling the product you purchased. Collection of premiums and arrears from you Investigation, analysis, processing, policy surrender and payment of claims/ Payment of benefits under your policy and renewal and amendment Cancel your policy and exercise any rights under your policy, including the right to inherit and any rights that have been subrogated (if any).

(2) To carry out necessary actions for the legitimate interests of the Company as follows: 

(a) To manage our insurance, such as designing new products or services or complementing our existing products or services; To reinsurance our products or services to you.

(b) To communicate with you, including communications about administration and other information about any products or accounts you might have with us; Providing technical support on our websites and applications, or communicating about any future changes to this Privacy Policy.

(c) For the prevention of fraud/fraud, such as investigating or preventing fraud-related acts. concealment of true statements and other offenses, whether actual or suspected offenses. In particular, for communication with companies in the financial services and insurance business, as well as with other relevant regulatory authorities.

(d) For the purpose of restructuring the Company, for the purpose of restructuring the Company’s organization and for the Company’s transactions, including the purchase or sale of any part of the Company’s business (if any);

(e) To provide electronic communication channel services, such as to enable you to access content on a particular website, application or social media platform or service. We may process your usage habits of websites, applications or social media platforms for the purpose of analyzing your use of the websites or social media platforms and understanding your preferences in order to tailor those websites, applications or social media platforms to you in particular for the purpose of evaluating or implementing and improving those websites, applications or social media platforms or our products and/or services. Troubleshooting of related products and/or services, and placement of advertisements on websites, applications and other channels according to target audiences.

(f) For data management, e.g. for administrative purposes. Record-keeping, backing up, or destroying personal information.

(g) To improve our products and services, such as inspection and quality enhancement, as well as training. When our communications are recorded.

(h) For promotional purposes, such as providing you with information about suitable products and services, which may include providing advice and information on various matters, including insurance, as well as promotional activities for products and services, such as rewards/benefits programs for being a loyal customer/privileges. Charity/non-profit activities and marketing activities. Events and other activities that you choose to participate in.

(i) To comply with the Company’s policies, to comply with the requirements under our internal policies.

(3) For analysis and statistical purposes, such as conducting market research. Advanced data analysis and statistical or actuarial research. Financial reporting or evaluation prepared by the Company, its group of companies, its personnel and business partners, or regulatory authorities related to us.

(4) For compliance with the law, such as any actions. 

(a) For legal compliance or to audit our business; whether it is an internal audit or an external audit. 

(b) To comply with the requirements of the law; applicable rules, regulations, agreements, or policies established by state regulatory authorities. Agencies responsible for law enforcement, government agencies, agencies responsible for resolving disputes. The Office of the Insurance Commission or the agency in charge of the insurance business. Regardless of the agency. 

(c) For the purpose of law enforcement or providing assistance or cooperation; investigations by us or on our behalf, by police officers, or by other government or regulatory authorities in the country, and the performance of reporting obligations and requirements as required by law or as agreed with other government or regulatory authorities. in any country or administrative territory, or the lawful execution of an order of an official or government agency, and 

(d) To support the supervision and promotion of the insurance business in accordance with the Law on the Supervision and Promotion Commission.

Insurance Business and the Law on Non-Life Insurance of the Office of the Insurance Commission In accordance with the Personal Data Protection Policy of the Office of the Insurance Commission. This can be found on the website (https://www.oic.or.th).

(5) Other, i.e., for other necessary operations related to any of the above purposes, unless otherwise permitted by applicable laws and regulations, including the Personal Data Protection Act, we will notify and obtain your consent if we wish to use your Personal Data for any purpose other than those set out in this Personal Data Protection Policy or other than for purposes directly related to this Personal Data Protection Policy.

5. Who may receive your personal data from the Company? 

The Company will keep your personal data confidential. Where permitted by applicable law, or where such disclosure is necessary to achieve the purposes of the Company’s Personal Data Processing. As stated above, the persons to whom the Company may disclose personal data are: 

(1) Business Partners The Company’s partners or third parties related to the insurance products offered to you or products that may be of interest to you. 

(2) Policyholders in the case of group insurance products.

(3) Any of our staff members and suppliers who provide services on managing various matters, provide data processing services, provide services on the making of payments, debt collection or settlement of securities accounts, telecommunications services, technological services, cloud services, outsourcing services, call center service, storage services, documentation service, data recording service, document scanning service, mailing services, printing service, parcel delivery services or pick-up and delivery service by messenger, data analysis, marketing service, research, emergency service, legal service, or other services related to the operation of the Company or provision of the management, operations, or compliance with steps or administration in relation to our products or services to you; 

(4) ) Service provider before insuring, for example risk surveyors etc.

(5) Compensation service providers, such as accident surveyors; dealer or insurance garages, hospitals, etc.

(6) Other insurance business operators;

(7) Associations or associations in the insurance sector;

(8) Law enforcement agencies, committees established under the law, government agencies or regulatory authorities, dispute resolution agencies, or any other persons in the countries to which the Company or companies in the group disclose data: (a) in accordance with its duty under the law and/or its duty to comply with the regulations in Thailand, which may include government agencies in the countries in which its group companies are located; or (b) in accordance with the agreement or policies among the companies in the group and the government, regulatory authorities, or other relevant persons 

(9) Any company in the Group;

(10) Professional advisors of the Company, for example: lawyers, physicians, auditors, or advisors 

(11) Any person or entity to whom you have given your consent to disclose your Personal Data to that person or entity;

(12) Persons who enter into transactions or will enter into transactions with the Company in which your Personal Data may be a part; or as part of the offer or offering of the Company’s business (if any).

(13) Any other person or entity authorized by applicable law;

6. Cross-border personal data transfer

Your personal data may be transferred, retained, or processed by the Company or may be transmitted to any person or agency as stated above, who may have their establishments in Thailand or abroad, provided that your personal data shall be transferred to other establishments in accordance with the personal data protection provision in the Personal Data Protection Act. In the case of transfer of your personal data within our group of companies, we shall comply with our corporate personal data privacy policies (Binding Corporate Rules) which have been approved by the Committee (if applicable).7. Retention of Personal Data

7. Retention of personal data

We shall retain your personal data to the extent it is necessary to achieve the purpose of its process, but it shall be no longer than a period of 10 years from the end of your relationship or the last contact with the Company. The Company may retain your personal data for a longer period as specified if it is permissible by law or if it is a duty of the Company. The Company will take reasonable steps to erase or destroy or anonymize your personal data so that it is no longer identifiable for the retention period of personal data above.

8. Use of Personal Data for Original Purposes

The Company has the right to collect and use your Personal Data that the Company has collected before the date of the Act. Protect personal data in relation to the collection, use, and disclosure of personal data in force as per the original purpose. If you do not wish the Company to continue to collect and use such Personal Data, you will not be able to collect and use such Personal Data. You may notify the Company to withdraw your consent in accordance with the criteria prescribed by law. Please contact to bsi@bsibroker.co.th  

9. Security

The Company has implemented internal security measures and strictly enforced policies to keep your Personal Data safe, including data encryption and data access prevention measures, and the Company requires the Company’s personnel and external contractors to comply with appropriate privacy standards and policies, as well as to provide data preservation and appropriate measures for the use or transmission or transfer of your Personal Data.

10. Your rights in relation to your personal data

You have the right to process your Personal Data as follows:

(1) Withdraw or request to change the scope of your consent given to us;

(2) Request to access, obtain a copy of, or disclose the acquisition of personal data relating to you without your consent;

(3) Request to receive personal data relating to you or request the transmission or transfer of your personal data to another data controller;

(4) Object to the processing of personal data in the following cases:

(a) Where the Personal Data is collected without the exception of consent because it is necessary for the public interest or the legitimate interest under Section 24 (4) or (5) of the Personal Data Protection Act, unless we can prove that there are overriding legitimate grounds or it is necessary to establish a legal claim. Compliance or exercise of legal claims, or raising legal claims.

(b) Processing of personal data for direct marketing purposes;

(c) Personal processing for the purposes of research, scientific, historical or statistical studies, unless it is necessary for the performance of our public interest mission.

(5) Request for deletion, destruction, or making the Personal Data non-personally identifiable to the Personal Data Subject; According to the rules prescribed by law.

(6) Request to suspend the processing of your Personal Data in accordance with the rules prescribed by law;

(7) Request that any personal information relating to you be corrected to be accurate, current, complete, and not misleading. If we can’t do it, You have the right to request a record of your request and the reasons for doing so in accordance with the rules prescribed by law. We reserve the right to comply with your request to exercise your rights as appropriate and in accordance with the rules required by law. However, we may charge a reasonable fee to process the above exercise request, in addition to your rights as set forth above. You have the right to lodge a complaint about the Company’s breach or non-compliance with the Personal Data Protection Act to the Expert Committee in accordance with the procedures set out in the Personal Data Protection Act.

11. Amendment to this Policy

The Company reserves the right to make any amendment, addition, change, improvement, or adjustment to the Policy, to the extent permissible under the law. In the case of any material change to this Policy, the Company shall inform you of any such amendment, addition, change, improvement, or adjustment and/or may obtain your consent (if such consent is required by law). Please refer to the effective date of this Policy or the latest revision date of this Policy

12. Contact Channels

If you have any question relating to any part of this Personal Data Privacy Policy or require additional information relating to the Company’s guidelines in protecting your personal data, or if you would like to exercise the right as data subject, please contact us at: 

Details of the Company

Name: BSI Insurance Broker Limited 

Address: 152 Chartered Square Building 12 Ath Floor, Room 12A-11 North Sathorn Road, Silom, Bangrak, Bangkok 10500.

Telephone No.: +66 (0) 2 634 5200 (Monday-Friday: 8.30 – 17.30)

 

Details of the Data Protection Officer (DPO)

Data Protection Officer of BSI Insurance Broker Limited 

Address: 152 Chartered Square Building 12 Ath Floor, Room 12A-11 North Sathorn Road, Silom, Bangrak, Bangkok 10500.

Contact Channel: bsi@bsibroker.co.th