Privacy Policy

Thaivivat Insurance Public Company Limited (“the Company”) and/or its affiliates have provided this Privacy Policy for customers who access the website or apply the service of the Company and/or its affiliates to acknowledge the guidance and personal data management of the Company and/or its affiliates. The collection, usage and disclosure of personal data of such customers are to be in line with laws, regulations and rules relevant to personal data protection with the following details:


1. Personal Data collected by the Company and/or its affiliates
2. Sources of Personal Data
3. Purpose and Basis of Processing of Personal Data
4. Processing of Personal Data
5. Period of Retention of Personal Data
6. Security Measures of Personal Data
7. Rights of Personal Data Subject
8. Cookies (Management)
9. Connectivity with an external website
10. Amendment of Privacy Policy
11. Contact Channel

Definition

Personal Data denotes the data of an individual who can be identified both directly or indirectly but not including the information of the deceased such as name, surname, age, date of birth, telephone number, identification number and/ or any data required by the law etc.



Sensitive Data denotes the data of a particular person which is sensitive and presents significant risks to the person’s fundamental rights and freedoms such as racial, ethnic origin, political opinions, religious or philosophical beliefs, data concerning health, disability etc.



Data Subject denotes the individual that the data refers to

  • “Individual” does not only limit to individuals who own the data or are the creator or collector
  • “Individual” means alive natural person only and does not include "Juridical Person" established by law such as corporation, association, foundation or any organization.


Data Processing denotes any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, utilize, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction



Application denotes program or sets of orders used to control the work of mobile computing and its components to work as per the order and satisfy the needs of the customers. The application would consist of User Interface or UI as the medium



IP Address denotes a numeric identifier of each devices such as computer or printer which uses internet protocol



Cookies denotes small computer data that websites of the Company and/or its affiliates send to other computers or electronic devices connected to internet in order to collect a data log of your internet usage or your behavior while visiting our website. Cookies would be sent to the origin website every time you visit the website.



Personal Data Protection Act B.E. 2019 Section 4
Personal Data Protection Act B.E. 2019 Section 26


1. Personal Data collected by the Company and/or its affiliates

The Company and/or its affiliates would collect your own personal data provided by you or personal data that provided for any services or managements of the Company and/or its affiliates by following channels:


  1. Data regarding insurance application, claim request, services or any activity participations of the Company and/or its affiliates such as name, surname, identity card number or any cards, telephone number, date of birth, gender, address, email, financial data, the property to be insured, health records, including historical purchase and past usage data
  2. Data regarding the news subscription from survey or any activity participations such as satisfaction, interest, or consumer behavior etc.
  3. Data regarding account registration with details of personal data provided to the Company and/or its affiliates to apply for services via the Company and/or its affiliates’ channel such as mobile application and/or website, also personal data provided for recruitment, activity and/or interaction with the Company and/or its affiliates via website or any channels defined by the Company and/or its affiliates.
  4. Data regarding the transactions between the Company and/or its affiliates or any transactions such as data of recruitment, product and service presentation, payment including credit or debit card, bank account number or banking transactions or any payments with date and time of payment depending on type of your transactions
  5. Data regarding criminal records, status of Anti-Money Laundering Office and Combating of Finance of Terrorism and bankruptcy
  6. Data regarding visits to any websites of the Company and/or its affiliates or application operated by the Company and/or its affiliates, usage and movement data accessing through the Company and/or its affiliates’ website or application, social media usage data and online advertisement correspondence of the Company and/or its affiliates such as browser type and version, type of devices (personal laptop or smartphone), operation system and platform, IP Address of device or destination equipment, location, products and services accessed or searched
  7. Data regarding the interaction between you and the Company and/or its affiliates in the form of aide-memoire of service recipient, satisfaction survey, research and statistic or voice recording or recording via CCTV when you contact with customer service center of the Company and/or its affiliates including providing data via any medias such as SMS, social media application or email etc.
  8. Data regarding your online profile data which requires social media credential such as Facebook, Instagram, Twitter, Line and other online platforms which is used to connect or use the company’s services i.e. social media account ID, interests, likes and friends list of the data subject which the data subject would have control of and keep it private via online settings provided by the service provider
  9. Data regarding the services provided to you that are:
    • Pay-Per-Use Motor Insurance Policy, the Company and/or its affiliates would collect data of your car usage when you turn on/off insurance via TVI Connect that are starting and turning off the engine, location, latitude, longitude, device datetime, direction of movement, vehicle speed and meters above sea level etc.
    • All types of motor insurance policy notifying an accident via Thaivivat Motor Application, the Company and/or its affiliates would collect the following data: location, latitude, longitude, device date time, direction of movement, vehicle speed, meters above sea level etc.
    • Active Health Insurance Policy: the Company and/or its affiliates would collect the following data: gender, age, height, weight and daily activity and exercise data obtained from your smartwatch which have been notified to the Company and/or its affiliates in the form of heart rate, number of walking steps and exercise duration. Examples of such data are female aged of 35 years, weight of 50, height of 160-centimeters, 10,850 walking-steps and heart rate at cardio zone equal to 45 minutes per day etc.
  10. Data regarding the sensitive personal data, it is necessary for the Company and/or its affiliates to collect sensitive personal data such as health records, medical treatment records including smoking behavior, alcohol consumption for purchasing or utilizing the products of the Company and/or its affiliates. The aforementioned data are required for policy underwriting as well as claim payment. Failure to consent the collection, accessing and processing your sensitive personal data, the Company and/or its affiliates would be able to insure you or offer you any services.

2. Sources of Personal Data

The Company and/or its affiliates may receive your personal data from the following channels:


2.1) When the Company and/or its affiliates directly receive your personal data the Company and/or its affiliates would collect and store your personal data from the step of services as below:

2.1.1) Procedures of applying for insurance or claims, any service with the Company and/or its affiliates via the Company and/or its affiliates’ website or documentation from any insurance application or services

2.1.2) From voluntarily taking survey, attending any activities, email correspondence or any communication between you and the Company and/or its affiliates

2.1.3) From visiting websites or access to the Company and/or its affiliates’ website via your Browser’s Cookies

2.1.4) From your contact both telephone call and/or email

2.1.5) From recruitment, recruitment guarantee and any relevant transactions


2.2) The Company and/or its affiliates would receive your personal data from the following third party:

2.2.1) Agent / General Insurance Broker

2.2.2) Affiliate

2.2.3) Medical Center, garage, contracted dealer, surveying company and any service providers relevant to the Company and/or its affiliates’ non-life insurance products

2.2.4) Government Agency or any regulators empowered by the laws such as the Office of Insurance Commission (OIC), the Anti-Money Laundering Office (AMLO), the Office of the National Anti-Corruption Commission (NACC), the Revenue Department, police station, District Office or the Bureau of Registration Administration (BORA), Land Office, medical center, the Department of Land Transport (DLT), Province Transport Office, organization, person or any juridical person empowered by the laws to collect your personal data and disclose to the Company and/or its affiliates.

2.2.5) Any General Insurers

2.2.6) The Stock Exchange of Thailand and Thailand Securities Depository Co., Ltd.

2.2.7) Employment Service Provider


3. Purpose and Basis of Processing of Personal Data

The Company and/or its affiliates would aim to collect, utilize and disclose the personal data with the following purposes:

3.1) To consider the underwriting, claims and benefit payment according to insurance contract and any services as insurer to improve the Company and/or its affiliates’ insurance products and services, including products or service launched in the future and utilize the details of products and services utilized by you for processing and offering products and services that you might additionally be interested in throughout supervision, maintenance and management regarding the such service

3.2) To manage the relationship between you and the Company and/or its affiliates and to communicate, inform and/or receive news from the company and/or its affiliates or any amendments of the Company and/or its affiliates

3.3) To confirm and/or identify your own identity to access services through any channels or communicate with the Company and/or its affiliates

3.4) To proceed as per your intentions which are given to the Company and/or its affiliates.

3.5) To propose benefits and/or services of the Company and/or its affiliates such as advising and/or proposing the products and services, including promotions and any transactions about the Company and/or its affiliates’ services.

3.6) To analyze and understand customer website usage behavior so that the Company and/or its affiliates would develop and improve the Company and/or its affiliates’ website to be more convenient and efficient from such findings.

3.7) To operate the business of the Company and/or its affiliates such as data analysis, data inspection, new product development, service improvement or amendment, service analysis, sale promotion survey, the consideration of the Company and/or its affiliate management and expansion

3.8) To proceed with necessary and suitable works as follows:

a) Inspect and prevent the violation against the laws

b) Respond to the request of the government or government agencies including international government where the data subject is residing

c) Enforcing the rules on services providing and the privacy policies

d) Protect the Company and/or its affiliates’ business

e) Protect the privacy rights, security and assets of the Company and/or its affiliates, personnel, data subject or any other persons

f) Remedy, protect or limit the damages that may occur

3.9) To act in accordance with the laws, investigation of the officers or the supervising agency to act in accordance with the rules, regulations or relevant laws such as the compliance with laws and requirement, regulations and contracts (including service conditions of the Company and/or its affiliates)

3.10) Communication related to service, service providing or customer care, quality control of services provided

3.11) Security of network and data

3.12) Research and development, website user experience improvement

3.13) Acquisition, amalgamation or organization restructuring

3.14) Marketing event participation etc.

Other purposes which are not specified, you would be informed when the Company and/or its affiliates would collect your personal data.

Whenever the Company and/or its affiliates have received your personal data, the Company and/or its affiliates would collect, utilize or disclose such personal data only under the purposes specified in no. 3 with the following conditions:

  • A consent is given by you to the Company and/or its affiliates in accordance with the laws. Withdrawal of consent would not affect any processing of personal data that you have given consent to in accordance with the laws. Furthermore, consent withdrawal might make the experience of our services less convenient and some services might not be available at all.
  • Necessity to act in accordance with the agreement where you are one of the counterparties or to act in accordance with your request prior to entering the agreement to complete the purpose of the agreement.
  • To prevent or stop danger to the live, body or health of a person
  • Necessity to proceed with the business for the Company and/or its affiliates’ benefit or to act in accordance with the authority provided by the government to the company or to comply with the laws regarding the Anti-Money Laundering Office and Combating of Finance of Terrorism etc.
  • Necessity to gain the lawful benefits as per the law for the Company and/or its affiliates or any other persons except the benefits are less important than the basic personal data as follows:
    • To prevent any frauds
    • To secure the network and system
    • To assist government officer regarding the form incompliance with confidentiality
  • Necessity to request the pretension, accusation, right preservation, subrogation in principle of legality
  • Necessity to comply with the law regarding the Non-Life Insurance Act B.E. 2535 or registrar order or notification of Office of Insurance Commission etc.
  • To issue a historic letter or letter for public benefit or research or statistics. The Company and/or its affiliates would suitably protect the rights and liberty

4. Processing of Personal Data

When receiving such personal data from mentioned sources of personal data, the Company and/or its affiliates would perform the following actions:

4.1) Collection: The Company and/or its affiliates would collect your personal data under the purposes in no. 3)

4.2) Usage: The Company and/or its affiliates would utilize your personal data under the purposes in no. 3). In some cases, to propose product offerings and services, the Company and/or its affiliates would have to collect sensitive personal data by explicitly requesting your consent from you to operate as per the company and/or its affiliates’ purpose.
Apart from the aforementioned purposes and under the law, the Company and/or its affiliates would utilize the personal data for the purpose of marketing such as to send promotion documents via the post, e-mail or any other methods including the direct marketing. This is to provide additional benefits to the data subject who is the customer of the Company and/or its affiliates.
You are able to opt out of the communication for the purpose of marketing except the necessary communication related to services provided by the Company and/or its affiliates.

4.3) Disclosure: The Company and/or its affiliates would disclose your personal data under the purposes in no. 3) to the following persons and organizations:

4.3.1) Permitted insurance brokers, agents, financial advisors and/or investment advisors to sell products and services of the Company and/or its affiliates.

4.3.2) Counterparty, business alliance, subsidiary and/or external service providers to offer you the privilege or any services of the Company and/or its affiliates. This includes developing and improving the products or services of the Company and/or its affiliates such as data analysis, data processing, credit card operation, IT and related infrastructure preparation, customer service platform, email/SMS sending, mobile application development, customer satisfaction survey and research, customer relationship management where Non-Disclosure Agreement will be provided. In case of juridical person, the Company and/or its affiliates are required to have appropriate personal data protection measures.

4.3.3) Government or its organization or any other agencies as per the law in order to act in accordance with the laws, orders, requests to coordinate with the agencies for the law relevant matters such as the Company and/or its affiliates would have to submit your personal data to Credit Bureau to verify and would utilize results from such verification to prevent any frauds etc.

4.3.4) External persons who are the counterparty of the Company and/or its affiliates both in Thailand or Foreign Countries such as Cloud Computing service, registrars, sales promotion service, research service, IT developer provided to the Company and/or its affiliates

4.3.5) External persons were given the consent by you or disclose for any transactions and/or services to be in line with your purposes


5. Period of Retention of Personal Data

The Company and/or its affiliates would only collect the privacy data as necessary in the appropriate format for each data type. The Company and/or its affiliates would identify the purpose and the necessity to collect and process the data that also be in accordance with required Personal Data Protection Act. The Company and/or its affiliates would collect the personal data for a period after the agreement has expired and would be in accordance with the period and prescription of laws. The Company and/or its affiliates would have a suitable location to collect the personal data for each type. The Company and/or its affiliates would have to collect the personal data even if the prescription has expired such as when there is a case etc.


6. Security Measures of Personal Data

To ensure that the management of the Company and/or its affiliates prevent the risk which would occur to the personal data from illegal access, information leakage, modification and loss of data, the Company and/or its affiliates would act in accordance with the international standard in securing the information technology and would continuously manage the business in accordance with the laws, requirements, regulations required by Government Regulator.

The Company and/or its affiliates would have the protection measures for privacy of data subject by limiting the accessibility to the personal data. The company and/or its affiliates would only allow the responsible person for proposing the service of the Company and/or its affiliates such as employees, agents, financial advisors, and investment advisors of the company and/or its affiliates. The person who are authorized to access the data would strictly act in accordance with the preventive measures and would keep the data confidential. The company and/or its affiliates would keep both physical and electronic forms of data secure in accordance with the measures.

When the company and/or its affiliates would enter into the contract or agreement with third party, the Company and/or its affiliates would define the security measures and confidentiality of personal data appropriately to ensure that your personal data that the Company and/or its affiliates is responsible for would be secured in line with the defined security measures of the Company and/or its affiliates.


7. Rights of Personal Data Subject

You have the right to take the following actions:

7.1) Right to Withdraw Consent: You would have the right to withdraw the consent for processing your own personal data that consented to the Company and/or its affiliates throughout the retention period of you own personal data collected by Company and/or its affiliates. The withdrawal of consent would not impact on data collection, usage or disclosure of your own personal data consented to the Company and/or its affiliates.

7.2) Right to be Informed: You would have the right to acknowledge the existing and type of personal data, objective of personal data using of the Company and/or its affiliates.

7.3) Right of Access: You would have the right to access your own personal data and to request the Company and/or its affiliates make a copy of your own personal data for you. This includes requesting the Company and/or its affiliates to disclose the acquisition of personal data that you would not give the consent.

7.4) Right to Rectification: You would have the right to request the Company and/or its affiliates to revise or amend your personal data to be up-to-date, complete, and not lead to misunderstanding.

7.5) Right to Erasure: You would have the right to request the Company and/or its affiliates to delete or destroy your own personal data or the data to be unidentifiable.

7.6) Right to Restriction of Processing: You would have the right to suspend using your own personal data for certain given reasons.

7.7) Right to Data Portability: You would have the right to transfer your own personal data provided to the Company and/or its affiliates to any data controllers or by your own in case that the Company and/or its affiliates would alter the personal data to be easily read or used via the automatic equipment or tools and would utilize the or disclose the data automatically.

7.8) Right to Object: You would have the right to object the Company and/or its affiliates to collect, utilize or disclose your own personal data including having the right to object the processing of your own personal data for some reason.


You would contact Personal Data Protection Officer of the Company and/or its affiliates in order to submit the application to take the mentioned rights (contact details would be seen in the topic of “Contact Channel” as below). The Company and/or its affiliates would consider and notify the consideration results to you by 30 days from the receiving date.

However, the Company and/or its affiliates would deny your personal data rights as required by the Law, especially deny deleting, destroying, changing the form of the data into an anonymous data in the case of the Company and/or its affiliates would have necessary to utilize your personal data or establish the legal claims compliance with or exercising legal claims or lift up to fight the claims of the company or to comply with the laws or any requirements as required by the laws.

To delete, destroy or change the form of the data into an anonymous data or to withdraw the consent would be done under the laws and agreements only. Such utilization of rights would have an impact on the performance of the agreements or services as the data subject would be anonymous. There would be limitations and would cause the data subject not receive benefits and news from the Company and/or its affiliates.


8. Cookies (Management)

The Company and/or its affiliates would utilize Cookies Software or any resemble software to collect your data usage and gather the statistics research, trend analysis in order that the Company and/or its affiliates would perform better, faster and more secured services. To ensure your privacy when applying such services and/or accessing through the Company and/or its affiliates’ platform the Company and/or its affiliates would automatically memorise and record the type of browser when you access to the Company and/or its affiliates’ website which following data would include:

  • IP Address of your own computer
  • Type of your browser
  • Visited websites before accessing through platform
  • Visited websites in platform
  • Duration of vising such website, products, service or searched data in platform, time and date of visiting and any statistic data

The mentioned data would be collected for analyzing and apprising the website visiting or internet accessing via internet for following cases:


  • To continuously log in your account in the Company and/or its affiliates’ website
  • To study your website accessing behavior for developing such platform to be more easily, rapidly, efficient and also providing appropriated contents with your interest to be more rapidly and advantageous

You would manage and delete Cookies Program via your browser or device setting. For additional data about the mentioned methods, please see the contents of browser and device setting assistance.


9. Connectivity with an external website

Website of the Company and/or its affiliates would connect to third party’s websites which might be different from the Company and/or its affiliates’ Privacy Policy, the Company and/or its affiliates would like you to study Privacy Policy of such websites thoroughly understand personal data protection and to consider the personal data disclosure. The Company and/or its affiliates would not take the responsibility to the content, policy, damage or any actions from third party’s website.


10. Amendment of Privacy Policy

The Company and/or its Affiliates would consider to review the Privacy Policy to be compliance with relevant guidelines and regulated laws. In case of the amendment of Privacy Policy, the Company and/or its affiliates would inform you about the amendment via the Company and/or its Affiliates’ website. You would see the mentioned amendment at https://www.thaivivat.co.th/th/policy_privacy.php which the Company and/or its Affiliates’ Privacy Policy is latest up-to-date on 13 November 2020.


11. Contact Channel

In case of any queries about Privacy Policy of the Company and/or its affiliates, data collected by the Company and/or its affiliates or would utilize any right as per Personal Data Protection Law mentioned in No. 7), you would contact:

Name: Thaivivat Insurance Public Company Limited
Contact Place: 71 Dindaeng Road, (Kwaeng) Samsen Nai, (Khet) Phayathai, Bangkok 10400
Contact Channel: Call Center Number 1231
www.thaivivat.co.th

Furthermore, you would contact Personal Data Protection Officer with following channel:


Contact Place: Headquarter Office, 71 Dindaeng Road, (Kwaeng) Samsen Nai, (Khet) Phayathai, Bangkok 10400
Contact Channel: Telephone Number: 02-6950800
dpo@thaivivat.co.th