“Personal data” means that any information relating to an identified or identifiable natural person, directly or indirectly, excluding the information of deceased natural person. “Sensitive Data” means Personal Data which is truly personal, sensitive and risk for discrimination and shall be treated and conducted carefully. Sensitive Data such as race, ethnicity, political opinion, religion, criminal record, health history, labor union data, etc. (Both Personal data and Sensitive data will be herein collectively called “personal data”.)
Collected Personal Data and Source of Data
The Company shall collect your personal data including, but not limited to;
Personal Information which is name, surname, date of birth, status, sex, address, ID card no., passport no., occupation, position, working experience.
Contact Information which is e-mail, phone no, address, social media contact e.g. ID Line.
Financial Information which is bank account no., credit card, debit card, income, privilege, benefit, receive/payment, financial history, tax.
Sensitive Information which is race, religion, disability, health history, medical history, accident, drug record, medical certificate, treatment record, prescription record, medical expense, medical question, police daily report, police opinion, criminal record, offence record, photo/video clip of would or accident, court order/judgement.
Insurance Transaction Information which is information given in insurance application, purchase or service history, claim history, complaint, potential to purchase insurance product information.
Contact or Visiting Information which is website and system use/access data of the company, Affiliate Company or application developed by the Company, cookies, social media use data, service record, satisfaction assessment, statistic or analysis data, voice record, voice mail, video record (and voice record) through CCTV.
Other Information which are car plate, chassis no, interview and research data. In this regard, The Company has collected personal data directly from you or from performing our business, all sale channels, provide or receive service by the Company which the activities as follows;
Insurance application, claim, use any services or perform a transaction with the Company
Voluntary doing a survey or attending any activities, e-mail responding, or communication through any channels between you and the Company
Access to the Company’s website through your Browser’s Cookies
From insurance agent or broker
From hospital, clinic, garage, dealer or service provider relate to non-life insurance service
From government agency or regulators such as Office of Insurance Commission, Anti Money Laundering Office, Revenue department, etc.
From other Insurance company
Others source which the Company receiving legally
Providing personal data of others, such as Beneficiary, Incompetent person, employees, contractor etc. You are required to inform such person concerning rights specified on this policy by yourself and/or receive their consent prior to providing their personal data to Company. However, the Company would like to inform you that the incomplete to of providing all required data by Company, it also affects an ability of Company to consider making any transaction with you.
Objective of collection, usage or disclosure personal data
The Company shall collect, use and disclose your personal data for the following objectives;
To consider underwriting, claim payment, paying benefit according to insurance contract and providing service as Insurer to develop our product and service.
To collect premium and debt (if any), to check premium payment or expense, to pay claim and checking claim payment
To perform under insurance contract, co-insurance contract, reinsurance contract, Sub-reinsurance contract
To provide risk survey, claim assessment and/or loss adjuster
To provide Insurance contract renewal notice, service and take care customer and quality control
To perform legal proceeding, in case of liable to third-party or subrogation
To Compile information for statistical, analytics/research to enhance products and services, premium calculation matching with risk, investigate and prevent of fraudulent and/or violation of law
To comply with relevant laws and regulations or the order of regulator, government sector or any authorities
To communicate, receive/inform information relate to insurance service or any change.
To provide sale promotion, privilege and/or for cross selling/up selling or to develop the Company’s service
To assess the behavior of using the Company’s website, application, social media to analyze for creating, improvement and development.
Processing for other objectives within the scope of law
However, the Company shall collect, use and disclose your personal data under the above objectives within the following conditions;
Explicit consent given by you
Necessary for the performance of a contract to which you is a party, or in order to take steps at the request of you prior to entering into a contract (Contractual basis)
For preventing or suppressing a danger to a Person’s life, body or health
Necessary for the performance of a task carried out in the public interest by the Company, or Necessary for the exercising of official authority vested in the Company
Necessary for legal benefit of the Company or any other persons or juristic persons which it is not over your expectation with reasonable (Legitimate Interest)
Necessary to comply with law and regulation which the Company shall comply (Legal Obligation)
Other legally basis
Disclosure of Personal Data
The Company may need to disclose your personal data to other persons for the purpose of performing under insurance contract or providing service as follow;
Office of Insurance Commission for the benefit of governing insurance business
Any authorities governing Company, for instance, Anti-Money Laundering Office, Revenue Department, etc.
Thai General Insurance Association and/or assigned division for the purpose of analyzing the statistic and premium calculation;
Reinsurance company and/or Co-insurance company
Financial institute or Financial service regarding receipt and payment
Authorized person that Company legally authorize to provide service on behalf of the Company in regard of underwriting, loss survey, compensation, compliance, auditing any activities relating to insurance contract or business operation of Company as necessary.
Authorized agent or broker for the purpose of providing service to insured or beneficiary
Any third party which you provided us the explicit consent or any person with you can expect relate to insurance contract, or disclose for doing a transaction and/or use service as you requested other than above mentioned objectives.
The Company will transfer, transmit and/or deliver your personal data across countries only in case of the destination country have data security measure equally as stipulated by law and within the above objectives for collection, usage or disclosure.
Personal Data Protection
The Company will securely keep your personal data by implementing technical measures and organizational measures to ensure appropriate security in the personal data processing and preventing personal data breach. The company, therefore, aware of data security as well as compliance with data security standard according to the law and regulation of government agency and regulators.
Moreover, the Company has implemented security measurement to protect your privacy by restrict the right of access to personal data only for necessary person who need to process such personal data. Such person shall strictly comply with the Company’s security measurement and data confidentiality.
Retention Period of Personal Data
The Company will retain your personal data as long as it is necessary for performing the above objectives of processing your personal data which the Company will retain for 10 years from the date of termination the relationship with you or last contact. The Company may retain your personal data longer than such period under the permission of law. The Company shall collect your personal data in an appropriate form according to the type of data. However, the Company may necessary retain your personal data after the expiration of prescription such as during the litigation process, etc.
The Company shall conduct an appropriate process to delete or destroy or anonymize your personal data after end of period of the collection.
Right of Data Subject
You have rights as specified on Personal Data Protection Act B.E. 2562 as follows;
Right of Access: To access your Personal Data, or obtain a copy of your Personal Data
Right to Rectification: To request that your Personal Data be updated, corrected, completed, and not cause any misleading
Right to Data Portability: To receive the personal data / request to transfer to the third party
Right to Object: To object the collection and processing of Personal Data, withdraw the consent which has already been given, whenever needed under laws and regulations
Right to Erasure: To request that your Personal Data be deleted, destroyed or de-identified
Right to Suspension: To request the suspension of the processing of your Personal Data
Right to Lodge Complaint: To lodge complaint to the competent personal data protection authority
You can contact to DPO to request for exercising your right on personal data (contact information as shown below). The Company will consider and inform the result of performing your request within 30 days after receiving your request. However, the Company may deny or not be able to carry out pursuant to your requests, especially, to delete, destroy or anonymize your personal data if there is necessary for complying with laws or court orders. To delete, destroy or anonymize your personal data or withdrawal your consent can be done only under law stipulated, however, to exercise such right may affect us on performing under contract or providing service under insurance contract. Withdrawal of consent shall not affect to the collection, usage or disclosure of personal data under your prior consent provided.
Sunday Insurance (Thailand) Public Company Limited 100/24 Sathorn Nakorn Tower 16th Floor A, North Sathorn Road, Silom Subdistrict, Bangrak District, Bangkok 10500 Thailand Telephone: 02 022 1111 E-mail: DPO.firstname.lastname@example.org