Privacy Policy
Thaivivat Insurance Public Company Limited including head quarter, subsidiary and/or its affiliates (“the Company”) have provided this Privacy Policy for all service recipients who access the website or apply the service of the Company to acknowledge the guidance and personal data management of the Company. The collection, usage and disclosure of personal data of all service recipients and/or employees are in line with Personal Data Protection Act B.E. 2562 (“PDPA”) and any relevant laws with the following details:
1. Personal Data collected by the Company and/or its affiliates
2. Sources of Personal Data
3. Purpose and Basis of Processing of Personal Data
4. Use of Personal Data for Original Purposes
5. Retention Period of Personal Data
6. Security Measures of Personal Data
7. Personal Data Disclosure
8. International Transfer of Personal Data
9. Rights of Personal Data Subject
10. Cookies (Management)
11. Connectivity with an external website
12. Contact Channel
13. Amendment of Privacy Policy
2. Sources of Personal Data
3. Purpose and Basis of Processing of Personal Data
4. Use of Personal Data for Original Purposes
5. Retention Period of Personal Data
6. Security Measures of Personal Data
7. Personal Data Disclosure
8. International Transfer of Personal Data
9. Rights of Personal Data Subject
10. Cookies (Management)
11. Connectivity with an external website
12. Contact Channel
13. Amendment of Privacy Policy
Definition
Personal Data denotes the data of an individual who can be identified both directly or indirectly but not including the information of the deceased.
Sensitive Data denotes the personal data described in Section 26 in PDPA which are sensitive and may lead to the risk of unfair discrimination that has to be managed with specially caution such as racial, ethnic origin, political opinions, creed, religious or philosophical beliefs, sexual behavior, criminal record, health record, disability, labor union data, genetic data, biometrics data or any similar data impacted to data subject.
Data Subject denotes the individual or alive natural person who own such personal data not including deceased and such personal data collector.
Data Processing denotes any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, utilize, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Application denotes program or sets of orders used for controlling the work of mobile computing and its components to work as per the order and satisfy the needs of the customers. The application would consist of User Interface or UI as the medium.
IP Address denotes a numeric identifier of each device such as computer or printer which uses internet protocol.
Cookies denotes small computer data that websites of the Company and/or its affiliates send to other computers or electronic devices connected to internet to log data of your internet usage or your behavior while visiting website. Cookies would be sent to the websites of the Company and its affiliates every time you visit the website.
1. Personal Data processed by the Company and/or its affiliates.
The Company would collect your personal data that directly provided by you or personal data that provided for any services or managements of the Company by following channels:
1.1 Data regarding insurance application, claim request or any service participations as follows:
1.1.1 Personal Data such as name, surname, identity card number, laser code on the back of identity card, passport information, alien identity card, driving license, credentials information or any identity cards, telephone number, date of birth, gender, address, email, financial data, the property to be insured, including historical purchase and past usage data.
1.1.2 Sensitive Data such as nationality, racial, religious, criminal record, biometrics record such as fingerprint, face recognition, iris scanner, health records, medical treatment records including smoking behavior, alcohol consumption or any records impacted to data subject likewise the data specified in PDPA. It is necessary for the Company to collect such sensitive data for considering the policy underwriting as well as claim payment. Failure to consent the collection, accessing and processing your sensitive data, the Company would not be able to insure you or offer you any services.
1.2 Data regarding the news subscription, survey or any activity participations such as satisfaction, interest, or consumer behavior etc.
1.3 Data regarding account registration for creating your profile with details of personal data to apply for services of the Company via internet network such as application and/or website of the Company.
1.4 Data regarding the financial transactions between the Company and/or its affiliates such as payment history, bank account number, income information, source of income including credit or debit card usage, privilege from credit card usage, investment or any payments with date and time of payment depending on type of such transactions.
1.5 Data regarding criminal records for verifying the status of the anti-money laundering, financing of terrorism, proliferation of weapon of mass destruction and bankruptcy including history of committing an offense that is considered an offense by law.
1.6 Data regarding the recruitment or employment such as occupation, position, working experience, income, salary, academic background, reference person, contact channel, photo and any information related to such job position.
1.7 Data regarding the employee of the Company such as record of heath, disability, record of criminal, guarantor, emergency contact, spouse, parents, reference person, position, salary, allowance, tax, loan (if any), contact channel, and any information provided by such employee.
1.8 Data regarding visits to website of the Company, other websites of its affiliates or application operated by the Company, data of usage and movement accessing through the Company’s website and application, social media usage and online advertisement correspondence of the Company such as browser type and version, type of devices (personal computer, laptop, or smartphone), operation system and platform, IP Address of device or destination equipment, location, products and services accessed or searched.
1.9 Data regarding the interaction between you and the Company in the form of aide-memoire of service recipient, satisfaction survey, complaint, research and statistic or voice recording or recording via CCTV or showing the national identity card when you contact with customer service center of the Company including providing data via any medias for researches such as SMS, LINE, Facebook, Chat AI in website of the Company, social media, application or email etc.
1.10 Data regarding your online profile data which requires social media credential such as Facebook, Instagram, Twitter, and Line to connect or access to the company’s services i.e. social media account ID, interests, likes and friends list of the data subject who would have control and keep its private via online settings provided by such online social media service provider.
1.11 Specified data regarding the services of the Company’s insurance that are:
1.11.1 Pay-Per-Use Motor Insurance Policy, the Company would collect data of your car usage when you turn on/off insurance via TVI Connect that are starting and turning off the engine, location, latitude, longitude, device time, direction of movement, vehicle speed and meters above sea level etc.
1.11.2 All types of motor insurance policy notifying an accident via the Company’s Application, the Company would collect the data of location, latitude, longitude, device time, direction of movement, vehicle speed, meters above sea level etc.
1.11.3 Active Health Insurance Policy: the Company would collect the data of gender, age, height, weight and daily walking activity and exercise obtained from your smartwatch which have been notified to the Company in the form of heart rate, number of walking steps and exercise duration. Examples of such data are female aged of 35 years, weight of 50 kg, height of 160-centimeters, 10,850 walking-steps and heart rate at cardio zone equal to 45 minutes per day etc.
1.11.4 Data from application usage: to trade the privileges such as redeeming point for the discount of the service with marketing partnership that the Company provides the marketing promotion.
2. Sources of Personal Data
The Company would receive your personal data from the following channels:
2.1 When the Company directly receive your personal data, the Company would collect your personal data from the step of services as below:
2.1.1 Collect from procedures of applying for insurance or claims, any services through the Company’s website or documentation from any insurance applications, insurance application forms, filling out the forms by written with signature or service application which can be in the electronic form.
2.1.2 Collect from sending the request to change your data that provided to the Company including sending forms or any services of the Company.
2.1.3 Collect from voluntarily taking survey, attending any marketing activities, email correspondence or any communications between you and the Company.
2.1.4 Collect from visiting websites or accessing to the Company’s website via your Browser’s Cookies
2.1.5 Collect from your contact notified through telephone call, website, application email, face-to-face meeting, postal or any channels.
2.2 The Company would receive your personal data from the following third party:
2.2.1 Collect from general insurance agent, general insurance broker listed in the Company’s website.
2.2.2 Collect from parent company, subsidiary company and/or its affiliates.
2.2.3 Collect from garage, contracted dealer, surveying company and any service providers relevant to the Company’s general insurance product usage.
2.2.4 Collect from network medical center in case that you consent to such network medical center to disclose your personal data.
2.2.5 Collect from your closed person.
2.2.6 Collect from your company or organization provided you the insurance.
2.2.7 Collect from government agency or any regulators enforced by the laws such as the Office of Insurance Commission (OIC) which can study further details at https://www.oic.or.th/th/privacy-policy, the Anti-Money Laundering Office (AMLO), the Office of the National Anti-Corruption Commission, the Revenue Department, police station, District Office or the Bureau of Registration Administration (BORA), Land Office, medical center, the Department of Land Transport, Province Transport Office, organization, person or any juridical person enforced by the laws to collect your personal data and disclose to the Company.
2.2.8 Collect from any general insurers in case of reinsurance, considering the claims between insurance company including knock for knock agreement.
2.2.9 Collect from The Stock Exchange of Thailand and Thailand Securities Depository Co., Ltd.
2.2.10 Collect from employment service provider, recruitment or any relevant.
2.2.11 Collect from partners or business partnership.
3. Purpose and Basis of Processing of Personal Data
The Company would aim to collect, utilize, and disclose the personal data with the following purposes:
3.1 To consider the underwriting, claims and benefit payment according to insurance contract and any services as insurer.
3.2 To improve the Company’s insurance products and services, including products or service launched in the future that purchased and utilized by you.
3.3 To communicate between you and the Company for informing and/or receiving news from the company or any changes in the Company.
3.4 To confirm and/or identify your own identity to access services through any channels or communicate with the Company.
3.5 To proceed as per your intentions which are given to the Company.
3.6 To propose privileges and/or any other services of the Company such as advising and/or proposing the products and services, including promotions and any transactions about the Company’s services.
3.7 To analyze and understand the website and/or application usage behavior of users so that the Company would develop and improve the Company’s website and /or application to be more convenient and efficient from such findings.
3.8 To operate the business of the Company such as data analysis, data inspection, sale promotion survey, the consideration of the Company management and expansion.
3.9 To proceed with necessary and suitable works for legally benefits of the Company for:
(a) Inspect and prevent the violation against the laws.
(b) Respond to the request of the government agencies or government including international government agencies or government where the data subject is residing.
(c) Enforcing the rules on services providing and related privacy policies of the Company.
(d) Protect the Company’s business in compliance with the regulations under the required internal policy of the Company.
(e) Protect the privacy rights, security and assets of the Company, personnel, data subject or any other persons.
(f) Remedy, protect or limit the damages that may occur to data subject.
3.10 To comply with the law, audit by officers or any regulators both internal audit or external audit and to compliance with laws, rules, regulations, or commitment policy specified by government agencies.
3.11 For the security of network and data
3.12 For reorganization, acquisition or merger including expansion in some part of the business.
3.13 Marketing event participation etc.
Other purposes which are not abovementioned, you would be informed when the Company would collect your personal data.
Whenever the Company have received your personal data, the Company would collect, utilize, or disclose your personal data only for the purposes specified in no. 3 with the following conditions:
- A consent is given by you to the Company. Withdrawal of consent would not affect any processing of your personal data that you have given consent in accordance with the laws. Furthermore, consent withdrawal might make the experience of our services less convenient, and some services might not be available at all.
- Necessity to act in accordance with the agreement where you are one of the counterparties or to act in accordance with your request prior to entering the agreement to complete the purpose of the agreement.
- To prevent or stop danger to the live, body or health of a person.
- Necessity to proceed with the business for the Company’s benefit or to act in accordance with the authority provided by the government to the company or to comply with the laws regarding the Anti-Money Laundering Office and Combating of Finance of Terrorism etc.
- Necessity to gain the lawful benefits as per the law for the Company or any other
persons or any other juridical person except the benefits are less important than the
basic of your personal data as follows:
- To prevent any frauds
- To secure the network and system
- To assist government officer regarding the form incompliance with confidentiality
- Necessity to request the pretension, accusation, right preservation, subrogation in principle of legality
- Necessity to comply with the law regarding the Non-Life Insurance Act B.E. 2535 or order of the registrar or notification of Office of Insurance Commission etc.
- To issue a historic letter or letter for public benefit or research or statistics. The Company would suitably protect the rights and liberty.
3.14 To prepare securities registrar, shareholder meeting, dividend payment and any services related to security holding of the Company.
3.15 To operate as Insurance Bureau System of Office of Insurance Commission
4. Use of personal data for Original Purposes
The Company would has entitled to collect and use your personal data which has previously been collected by the Company before the effectiveness of the PDPA in relation to the collection, usage and disclosure of personal data, in accordance with the original purposes. If you do not wish the Company to continue collecting and using your personal data, you may notify the Company to withdraw your consent at any time.
5. Retention Period of Personal Data
The Company would only collect the personal data as necessary in the appropriate format of each data type by considering from the purpose and necessity to collect and process the data in accordance with PDPA and also comply with the regulations of such enforced law. The Company would collect the personal data not later than 10 years from the ended date of insurance contract or from the award of the arbitrator or the final judgement of the court and to be compliance with the period and prescription of the relevant laws as such case may be. However, unless there are any regulations from the laws, the Company must collect personal data longer than the specified period. The Company would have a suitable location to collect the personal data of each type. The Company would have to collect your personal data even if the prescription has expired such as when there is a case.
6. Security Measures of Personal Data
To ensure that the management of the Company preventing the risk which would occur to the
personal data from illegal access, information leakage, modification and loss, the Company would
act in accordance with the international standard in securing the information technology and
would continuously manage the business in accordance with the laws, requirements, regulations
required by regulated government agencies.
The Company would have the protection measures for the privacy of data subject by limiting the
accessibility to only necessarily person who use such personal data. The company would only
allow the responsible persons for proposing the service of the Company such as employees, agents
or brokers, financial advisors, and investment advisors of the company. The persons who are
authorized to access the data would strictly act in accordance with the preventive measures and
would keep the data confidential. The company would keep both physical and electronic forms of
data secure in accordance with the measures.
When the company would enter into the contract or agreement with third party, the Company would
define the security measures and confidentiality of personal data appropriately to ensure that
your personal data that under the responsibility of the Company would be secured in line with
the defined security measures of the Company.
7. Personal Data Disclosure
The Company wouldnot disclose your personal data to other persons unless to be complaince with the laws specfied in the PDPA and this Privacy Policy. The Company would disclose your personal data to other persons for the purposes mentioned in this Privacy Policy. The Company would disclose your personal data to external parties which are:
7.1 Law Enforcement Agency: Office of Insurance Commission, Anti-Money Laundering Office, any committees set up by the laws, government agency, or regulator, agency who responsible for dispute resolution, or any local individual who the Company or its affiliates should disclose to as having the law authority and/or legal duty to comply with the regulations in Thailand and might include local government that the consolidated group are located or there is any commitment or policy between the Company under consolidated group and government, regulator, or any relevant person.
7.2 Parent company, subsidiary company and/or its affiliates.
7.3 Association related to Thailand’s general insurance such as Thai General Insurance Association (TGIA), The Federation of Thai Industries (FTI) for calculating statistics and relevant advises.
7.4 Individual who is partner or business partnership such as reinsurance company/ co-insurance company, banks, insurance policy holder for group insurance product.
7.5 Individual who invites, persuades, suggests, offers, or provides services of the Company to data subject that are general insurance agent, general insurance broker including personnel of general insurance broker for juridical person.
7.6 External service providers who operate on behalf of the Company or its affiliates related to business operation at all events such as ervice provider before underwriting, service provider for claim compensation, custodian, any other insurance companies, telecommunication, technology, cloud service, advisory of the Company as professional etc.
7.7 External party who has relationship with you and involved in the condition or beneficial mentioned in the insurance policy such as leasing company, loan company, lessor, beneficiary, join insured.
7.8 Individual or any agencies who data subject consents to disclose the personal data to such individual or any agencies.
7.9 Transactor or who might do transaction with the Company by personal data of those data subject might be a part of purchasing, selling or a part of bidding and offering some business of the Company (if any).
8. International transfer of personal data
Under certain circumstances, it is necessary for the Company to transfer your personal data internationally such as reinsurance, transferring data to cloud server overseas for the purpose of the provision of services. When sending or transferring your personal data, the Company would always exercise our best effort to send or transfer your personal data to service providers or other recipients by the safest method to secure your personal data.
If the destination countries do not have adequate data protection standard, the Company would proceed to transfer such personal data as specified by the PDPA and will put in place the protection measures of such personal data as necessary and appropriate.
9. Rights of Personal Data Subject
You have the right to take the following actions:
9.1 Right to Withdraw Consent: You would have the right to withdraw the consent for processing your personal data that consented to the Company throughout the retention period of your personal data collected by Company. The withdrawal of consent would not impact on data collection, usage or disclosure of your personal data consented to the Company.
9.2 Right to be Informed: You would have the right to acknowledge the existing and type of personal data, objective of personal data using of the Company.
9.3 Right of Access: You would have the right to access your personal data and to request the Company making a copy of your personal data for you. This includes requesting the Company to disclose the acquisition of your personal data that you would not give the consent.
9.4 Right to Rectification: You would have the right to request the Company to revise or amend your personal data to be complete, up-to-date, and not lead to misunderstanding.
9.5 Right to Erasure: You would have the right to request the Company to delete or destroy your personal data or the data to be unidentifiable.
9.6 Right to Restriction of Processing: You would have the right to suspend using your personal data for certain given reasons.
9.7 Right to Data Portability: You would have the right to transfer your personal data provided to the Company to any data controllers or by your own in case that the Company would alter the personal data to be easily read or used via the automatic equipment or tools and would utilize the or disclose the data automatically.
9.8 Right to Object: You would have the right to object the Company to collect, utilize or disclose your personal data including having the right to object the processing of your personal data for certain given reasons.
However, the Company would deny your personal data rights as required by the Law, especially deny deleting, destroying, changing the form of your personal data into an anonymous data in the case of the Company would have necessary to utilize your personal data or establish the legal claims compliance with or exercising legal claims or lift up to fight the claims of the company or to comply with the laws or any requirements as required by the laws.
To delete, destroy or change the form of your personal data into an anonymous data or to withdraw the consent would be done under the laws and agreements only. Such utilization of rights would have an impact on the performance of the agreements or services as the data subject would be anonymous. There would be limitations and would cause the data subject to not further receive any privileges and news from the Company.
10. Cookies Management
The Company would collect and utilize Cookies and/or any same types of technology when you use products and /or services of the Company including website usage from internet or application of the Company.
The Company would utilize Cookies, or any resemble software to collect your data usage and gather the statistics research, trend analysis in order that the Company would perform better, faster, and more secured services. To ensure your privacy when applying such services and/or accessing through the Company’s platform, The Company would automatically memorize and record the type of browser when you access to the Company’s website which following data would include:
- IP Address of your own computer
- Type of your browser
- Visited websites before accessing through platform
- Visited websites in platform
- Duration of vising such website, products, service or searched data in platform, time and date of visiting and any statistic data
The mentioned data would be collected for analyzing and apprising the website visiting or internet accessing via internet for following cases:
- To continuously log in your account in the Company and/or its affiliates’ website
- To study your website accessing behavior for developing such platform to be more easily, rapidly, efficient and also providing appropriated contents with your interest to be more rapidly and advantageous
You would manage and delete Cookies Program via your browser or device setting. For additional information about the mentioned methods, please see the contents of browser and device setting assistance. You would set up Cookies here
11. Connectivity with an external website
Website or Application of the Company might connect to third party’s website or application which might have different Privacy Policy from the Company. The Company would like you to study privacy policy of such website or application for thoroughly understanding the details of personal data protection and considering the personal data disclosure. The Company would not take the responsibility to the content, policy, damage, or any actions from third party’s website or application.
12. Contact Channel
In case of any queries about Privacy Policy of the Company, data collected by the Company or would utilize any right as per PDPA Law mentioned in No. 9), you would contact:
| Name: | Thaivivat Insurance Public Company Limited |
| Contact Place: | 71 Dindaeng Road, (Kwaeng) Samsen Nai, (Khet) Phayathai, Bangkok 10400 |
| Contact Channel: | Call Center Number 1231 www.thaivivat.co.th |
Furthermore, you would contact Personal Data Protection Officer with following channel:
| Contact Place: | Headquarter Office, 71 Dindaeng Road, (Kwaeng) Samsen Nai, (Khet) Phayathai, Bangkok 10400 |
| Contact Channel: | Telephone Number: 02-6950800 dpo@thaivivat.co.th |
13. Amendment of Privacy Policy
The Company would consider frequently reviewing the Privacy Policy to be compliance with relevant guidelines, laws and regulations. In case of the amendment of the Privacy Policy, the Company would inform you about the amendment via the Company’s website as soon as possible. You would see the mentioned amendment at https://www.thaivivat.co.th/th/policy_privacy.php.
This Privacy Policy has been reviewed and approved from the Board of Directors of the Company No.2/2024 dated February 27, 2024.