Tokio Marine Safety Privacy Policy

Tokio Marine Safety Privacy Policy

Privacy Policy for customer

1. Definition

“Personal Information”
means Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular and not including juristic person information.

“Data Subject”
means A person whom the personal information identifies to but not including juristic person.

“Sensitive Data”
means Information which stated in Section 26 of Personal Data Protection Act and the amendments and other relating laws and regulations including information regarding racial, ethnic origin, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or other data which may affect the data subject in the same manner.

“Personal Data Protection Act – PDPA”
means Personal Data Protection Act B.E. 2562 including subordinate laws which published under Personal Data Protection Act and its amendments.

“Business Partner”
means Individual person or Juristic person who sales goods or provides services to the Company including subcontractor of them.
 

2. Respecting the Personal Rights of the Data Subject

The company respect and realize the importance of your personal rights and protecting your personal information and as a customer, you would expect the company to protect safety of your personal information while using our services.

Your personal information that the company received which can identify yourselves is complete and updated and will be used under the purpose under the company’s objectives as informed to you before the company collect such information. The company will take highest measures to keep safe and protect your personal information and will prevent them from unauthorized uses other than for the purpose which has been previously informed you.

3. Collecting of Personal Information

3.1 Which kind information that the company collect?

The company collect personal information which may include your sensitive data as following:

1)    General Personal Information

(1) Your general personal information, for example, name, last name, ID card number, date of birth, age, occupation, gender, marital status, photo, telephone number, mobile phone number, registered address, address for postal, passport number, email, voice conversation recording, and other contact information.

(2) Your work information, for example, position, workplace, your career history which may include name and address of your employer.

(3) Your financial information, for example, income, source of income, bank account number, tax information, bank statement, loan information, investment information, credit card information and other information regarding payment.

(4) Product and/or service information namely product or service information which you bought from the company or other insurance provider, for example, policy number, sum-insured, the changed or any transaction made to the policy, premium payment method, payment history, or loan information, beneficiary, claim including usage of rights under the insurance policy or product or other services from the company or other insurance provider.

(5) Legal status, for example, status according to the money laundering law or financing terrorism, bankruptcy, status according to Foreign Account Tax Compliance Act: FATCA

(6) Technical information and your personal preferences When you access to our website or application which may including other social media platform provider, for example, social media username, IP address, cookies, type and version of browser, location and region of browser plug-in, operating system and platform, user profile, accessory information including mobile accessory, wireless network, and general network.

(7) VDO, photo and property photo (for example your vehicle) when you enter our security area in the building which recording through CCTV

2)    Sensitive Personal Data

It is necessary for the company to collect your sensitive personal data such as health history, disability, criminal record, genetic data, biometric data, medical history and other data according to Personal Data Protection Committee notification.

In case the company need to collect your personal information for entering into insurance contract, contractual obligations or compliance with law, if you do not provide personal information which it is necessary to perform company obligation, the company may not be able to perform as stipulated in this policy or provide our service completely and appropriately. It may also affect regulatory compliance which is your or the company’s obligation.

Furthermore, the company collect only necessary documents for each type of insurance product for the purpose of underwriting, premium adjustment, claim payment and other purposes which stated in this policy, which include but not limited to following:

1. General policy information, for example, quotation number, policy number, condition of insurance coverage, premium, insured history with other insurance provider, financial record, or credit record.

2. Information which necessary for health and accident insurance such as weight and height, medical history, smoking, alcohol, or other drug usage.

3. Information which necessary for assets insurance such as vehicle information (value of the vehicle, chassis number, license plate number, type and qualification of the vehicle, owner status or lessee or lessor), asset information (value of the building or other property, address or coordinates, resident information, type of usage, period of usage), golf information (model, quantity, and price of golf club) or another asset information which the company insured.

4. Information which necessary for travel insurance such as destination, arrival date, and departure date.

5. Information for claim such as previous claim record, present claim with other insurance provider, accident information, sickness, the damages to the asset, golf information. 

3.2 When do the company collect your personal information?

The company may collect your personal information from these following sources:

1. When you have intention to purchase or use our insurance including other services (“product” or “service”) and/ or when you access to our website or application and/ or services online.

2. When you send documents or insurance application form or when you provide your information to the company while considering of purchasing or using our products or services.

3. When you contact the company in notwithstanding by written or verbal and whoever contact first.

4. When you submit the request to change or upgrade to your purchased products or services or other requests made to your purchased products or services including requests our products or services.

5. When you contact our personnel, officers, sales representatives, agents, brokers, contractors, business partners, service providers, attorney-in-fact, or other person or section which relating to the company (collectively as “personnel and business partners”) through our website, application, social media, phone, email, face-to-face meeting, interview, SMS, Fax, postal or other channels.

6. When the company receive a recommendation about you or when the company collect your personal information from our employees and/ or business partners.

7. When you send your personal information the company to participate in marketing activity, awards, lucky draw, event, or contest held by the company and/ or our personnel and our business partners.

8. When the company receive your personal information from third party which including but not limited to public sources, personal sources, or commercial sources, website, social network sources, data providers, medical sources, healthcare providers, hospitals, doctors, other insurance providers, associations whom relating to your purchased products or services, application for your purchased products or services, complaint regarding our products and services (“third party sources”).

9. When the company receive your personal information from third party for the purpose of compliance with the regulations, for example, the company may receive your personal information from The Office of Insurance Commission (OIC).

10. When you contact the company at our head office or branch office, by CCTV recording inside and outside of the building and including, visitor registration before entering the building.

When you send personal information, which relating to third party to the company (the third party is including but not limited to insured, family members, premium payer, or beneficiary), you must comply with PDPA whether request their consent or inform this policy on behalf of the company. You have certified the correction and completeness of such information and certified that you have informed the data subject regarding the usage of the personal information in accordance with this policy. 

4. Purpose of Processing Personal Information

The company will process your personal information under these following purposes:

1)      For the purpose regarding the insurance contract and other proceeding according to the insurance contract, namely

(a) For offering, providing, managing, and proceeding according to the procedures to provide insurance products or services to you.

(b) For following procedures or complete the services or providing our products and recommending your suitable products. For following procedures regarding insurance application, managing our purchased product, underwriting, collecting premium and remaining payment, investigation, analysis, process, and claim payment under your insurance policy, renewal, amendment and cancel your policy and using any rights under your insurance policy, receiving any rights (if any).

2)      For managing our insurance product such as new insurance product/ service design or amending the existing products and/ or services including reinsurance.

3)      For communication with you including communicate regarding products or other account with the company. For technical support for our website or application, or to communicate about the amendment of this policy which the company may have in the future.

4)      For analyzing and statistic reports such as marketing research, highly information analysis, statistic research or actuarial, report or financial evaluation by company, group companies, personnel or business partners or another regulator.

5)      To prevent from fraud such as to investigate or prevent any fraudulent act, concealing the truth and any other wrongful act notwithstanding that it is a confirmed or only suspicion, especially, for communication with other companies in financial service or insurance provider and relating regulators.

6)      To adjust the company’s structure, for the purpose of adjusting the company’s structure and for company’s transaction which including purchasing or selling parts of the company (if any).

7)      For communication service through electronics channel, for example, for you to access the content in our website, application, or social media platform, or specific service. The company may analyze your behavior while using our website, application or social media platform and understand your preference for developing website, application or social media platform or our products and/ or services, for resolving problems, products and/ or service suggestion and advertisement on our website, application or other channels according to the target.

8)      For regulatory and internal policy compliance, namely

(a) For regulatory compliance and our business inspection whether from internal and external or from regulators.

(b) For proceeding in accordance to regulations or policies which stipulated by governing regulators who responsible for law enforcement, governmental dispute resolution or insurance regulator.

(c) For law enforcement purpose or assisting, cooperating, investigating by the company or police officer or government officer or other domestic regulator, reporting according to the regulations or as agree with regulators domestically or as ordered by the government officers or sectors.

(d) For proceeding in accordance with company’s internal rules.

9)      For information management, namely, for the purpose of managing, recording and disposing of personal information. 

10)  For product and service development including inspecting and quality improvement including training when communicating with the company.

11)  For security purpose inside the head office and branch office for safety of employees and company’s assets including for your safety.

12)  For marketing activities including products and services information which suitable to you, service suggestion which including insurance and other marketing activities such as award program, benefits, or exclusive loyalty program, charity program and events which you participate in.

13)  To collect, use and/or disclose personal information to The Office of Insurance Commission (OIC) for supervise and support insurance business conduct in accordance with Insurance Commission laws and non-life insurance laws as prescribed by Data Privacy Policy of OIC which published on OIC’s website (https://www.oic.or.th)

14)  Other; for other purposes which relating to the above purposes.

You may choose not to give consent to the company to process your personal information, however, please note that if you not provide some certain information, you may not be able to provide you services or response to your request such as the company may not be able to proceed your insurance contract or provide our service to you notwithstanding products or services or claim payment.

Unless stipulated by regulations or Personal Data Protection Act, the company will obtain your consent prior to processing your personal information for the purposes other than specify in this policy or relating to the purposes under this policy. 

5. Disclosing your Personal Information to Third Party

     In order to carry out the above purposes, the company may have to disclose your personal information to third party as stated below. The company will take any necessary measures to protect your personal information according to Personal Data Protection Act or other relation regulations which relating to personal data protection.

1)      Business partner, or third party which relating to insurance offering such as bank, financial institution, car marker and car dealer.

2)      Policyholder, in case of group insurance.

3)      Person who persuade, advice, offering to sale, sale products or services by the company or our group companies such as agents, brokers, including employees of juristic brokers.

4)      Employees and business partners which provide service regarding to personal information processing, such as, business management service, payment service, debt collector, communication service, technology service, cloud service, outsourcing service, call center service, document and information management, document recording, scan service, postal service, printing service, delivering service, information analyzing service, marketing service, research service, emergency management service, or other service which relating to insurance business or our company’s business.

5)      Service provider before entering into insurance contract such as insurance inspector who evaluate properties or vehicles.

6)      Claim service provider such as surveyor, garage, car dealer, hospital.

7)      Other insurance provider

8)      Insurance association

9)      Law enforcement regulator, commission which established by law, government sector or regulators, dispute resolution or other party which the company or group company require to disclose information (a) according to the laws or regulations in Thailand and may include government sectors which the group company located or (b) according to agreement or corporate rules between the company and government sectors or other relating parties.

10)   Group companies

11)   Company’s adviser such as lawyer, doctor, auditor or consultant.

12)   Personnel or sector which you consent the company to disclose your personal information to.

13)   A person who enter into or will enter into any transaction with the company which your personal information may be part of purchasing or selling or offering to purchase or sale the company’s business. (If any)

14)   A person or sector who have authority by applicable law.

The company will disclose your personal information according to the above purposes under the consent of the data subject or under regulations unless exception by law.

6. Disclosing your Personal Information Outside of Thailand

     Your personal information may be disclose, storage or process by the company or transfer to external parties which may provide service inside or outside of Thailand. However, your personal information will be transfer in accordance with Personal Data Protection Act. If the transfer is between our group companies, the company will proceed in accordance with the Binding Corporate Rules which has been approved by Personal Data Protection Commission.

7. Retention of Personal Information

     The company will retain your personal information as necessary for proceeding in accordance with our purposes as aforementioned. However, the company will retain your personal information no longer than 10 years since the last date you have any transaction or contact with the company. The company may retain your personal information longer than 10 years if it is stipulated by laws. The company will take necessary measures in order to delete or dispose or anonymize your personal information in accordance with the retention period. 

8. Use of Personal Information for the purposes for which it was collected

        The company shall be entitled to continue to collect and use such personal information for the original purposes. If you do not want the company to collect and use your personal information, you may inform the company to withdraw your consent by asking Request to Exercise Personal Information Rights Form at our head office and branch offices or you can download from our website at www.tokiomarine.com/th

9. Security Measures and Data Quality

1)         The company recognize the importance of maintaining the security of data subject personal data. Therefore, the company have established measures to maintain the security of personal data appropriately and consistency, and make Data Subject’s personal data confidential to prevent loss, access, destruction, use, conversion, modify or disclosure of personal data without rights or unlawful in accordance with the Information Security Policy.

2)         Any personal information that the Company received from data subject such as name, address, telephone number and identification card number which is complete and up-to-date relating to an identified or identifiable of data subject will be used in accordance with the objectives of the Company. The Company will carry out appropriate measures to protect data subject’s rights.

10. Rights of Data Subject

You may exercise your rights regarding your personal information as following:

1)      Withdraw or request to change the scope of consent which you have given to the company.

2)      Request access, obtain a copy of the personal information or request the disclosure of the acquisition of the personal information obtained without your consent.

3)      Correct your personal information to be accurate, up-to-date, complete, and not misleading. If the company is unable to process as you requested, you have right to get the requested form together with reason from the company as stipulated by law.

4)      Delete or dispose your personal information or making personal information to be anonymous as stipulated by law.

5)      Object the collection, use, or disclosure of the personal information, at any time, in the following circumstances:

(1) Where the personal information is collected with the exemption to consent requirements under section 24 (4) or (5), unless the company can prove that the collection, use, or disclosure of such personal information can be demonstrated by the company that there is a compelling legitimate ground or is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims

(2) The collection, use, or disclosure of such personal information is for the purpose of direct marketing;

(3) The collection, use, or disclosure of the personal information for the purpose of scientific, historical or statistic research, unless it is necessary to performance of a task carried out for reasons of public interest by the company.

6)      Obtain your personal information or request to send or transfer your personal information to another data controller.

7)      Restrain processing of your personal information.

8)      Complain to the Office of the Personal Data Protection Commission

The company reserve the right to not following your request under our discretion and in accordance with the laws. You may file a complaint to the Personal Information Commission as procedures provided in the Personal Protection Act. Furthermore, the company may collect fees for processing your request as the company see suitable.

If you would like to exercise your personal information rights, you can ask for Request to Exercise Personal Information Rights Form at our office and branch offices or download from our website at www.tokiomarine.com/th The company will consider your request and return the result to you within 30 days after the company received your request.

11. Data Protection Officer

According to Personal Data Protection Act, the company as data controller has appointed Data Protection Officer: DPO for monitoring the company’s in collecting, use and dispose of personal information in accordance with Personal Data Protection Act B.E. 2562 and related regulations and receive and precede data subject’s request. You may submit your request at:

Data Protection Officer

Tokio Marine Safety Insurance (Thailand) PCL. (Data Protection Officer)
Address: No. 302 S & A Building, 6th Floor, Silom Road, Suriyawong, Bangrak, Bangkok 10500
Tel. 02-257-8000

Email: DPO@tokiomarinesafety.co.th

12. Revision to this Policy

     The company reserve our rights to amend, revise, or made any change to this policy as allow by laws. If there is majority amendment to this policy, the company will inform to you. The company reserve our rights to amend this policy without informing to you. 

Privacy Policy for Business Partners and Agent/Broker

1. Definition

“Personal data”
means Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular and not including juristic person information.

“Sensitive Data”
means Information which stated in Section 26 of Personal Data Protection Act and the amendments and other relating laws and regulations including information regarding racial, ethnic origin, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or other data which may affect the data subject in the same manner.

“Personal Data Protection Act – PDPA”
means Personal Data Protection Act B.E. 2562 including subordinate laws which published under Personal Data Protection Act and its amendments.

“Data Subject”
means A person whom the personal data identifies to but not including juristic person.

“Business Partners”
means Individual person or Juristic person who sales goods or provides services to the Company including subcontractor of them.

“Agent”
means A person whom a company assigns to induce another person to enter into an insurance contract with the company.

“Broker”
means A person or juristic person who, with the expectation of a commission, direct or arrange for another person to enter into an insurance contract with the company.

“Committee”
means the Personal Data Protection Committee
 

2. Personal data that the company shall collect

The company shall collect personal data which may include sensitive data as follows:

2.1 Data subject proceed on behalf of themselves

 (1)   Any identification information of such person, for example, name, house registration address, current address, phone number or mobile phone number or other contact information, gender nationality, marital status, date of birth, passport number or ID card number.

 (2) Qualification and working experience, for example, education qualification from school or university which includes certificate and reference document from school/university

 (3)   Job application, for example, personal profile, job interview and other references

   (4)   General working information, for example, workplace of data subject, non-life insurance agent /broker license, work department, position, chain of command and agreement and condition for being non-life insurance agent/broker

(5)  Work performance history including work performance assessment, awards, complaint history, investigation record, suspension of agent/broker agreement and disciplinary action including  audit and risk assessment.

(6)  Benefit and Compensation, for example, commission and/or other benefits which data subject received, bank account number.

(7)  Bankruptcy history, money laundering or providing financial support to terrorists.

2.2 Data subject proceed on behalf of juristic person or for juristic person

        In case that the company’s contractor is a juristic person, the company may process personal data of data subject as an employee, contractor or authorized person on behalf of the juristic person

  (1) Any identification information of such person, for example, name-surname, house registration address, current address, phone number or mobile phone number, email, passport number or ID  number.

  (2) Personal data of data subject which shown on company affidavit, shareholder list or other documents relating to entity containing personal data of the data subject.

(3)  Bankruptcy history, money laundering or providing financial support to terrorists.

(4)  Any information which the company requested from juristic person of data subject or from data subject for the purpose of entering into a contract, services or any other related operations as the company notified or requested to the data subject.

If data subject offer for sales or act as non-life insurance agent/broker, the company will also process personal data of data subject as stipulated in clause 2.1.

        Apart from the above mentioned personal data, the company may process sensitive data of data subject, for example, criminal record for due diligence before entering into a contact such as for anti-money laundering or providing financial support to terrorists.

In case personal data is necessary for entering into a contract, contractual obligations or compliance with law, if data subject does not provide personal information which it is necessary to perform company obligation, the company may not be able to perform as stipulated in this policy or provide service completely and appropriately. It may also affect regulatory compliance which is data subject or the company’s obligation.

   When data subject send personal data, which relating to third party to the company (the third party is including but not limited to insured, family members, premium payer, or beneficiary). Data subject must comply with PDPA whether request their consent or inform this policy on behalf of the company. Data subject has certified the correction of such data and certified that data subject has informed such third party data subject regarding the usage of the personal data in accordance with this policy. 

3. How does the Company collect personal data of the data subject?

     In general, the company collects personal data from data subject directly. Except in some case, the company may collect personal data from other persons, public resources, business information resources or commercial trade resources.    

4. Purpose of Processing Personal Information

 (1) The company process personal data of data subject for entering into a contract with data subject  and for perform obligation under a contract.

 (2) To check and verification of identity of the data subject.

 (3) For background checks before and during a contract and such details may be reviewed during the  contract period.

 (4) In case that data subject proceed as non-life insurance broker/agent, personal data of data subject will be used for the purpose of agent/broker business management including but not limited to manpower planning, wages, payment of benefits, incentive, offers, awards, work performance assessment, report or internal audit, data analysis, sales competitions, communications, announcements, surveys, statistics, complaint and inappropriate behavior investigation or other disciplinary actions, checking in accordance with laws, work ability, any information requests by the government for whatever reason ,as well as for the operation of the group companies including but not limited to prepare agent/broker record, insurance application, reference and background checks by group companies or others, avoiding conflict of interest or avoid the tendency to conflict of interests and other inspections by group companies. In addition, personal data of data subject may also be used for the purpose of complying with applicable laws and regulations and compliance with the requirements of the regulator for both domestic and outside the country of the data subject.

 (5) To collect, use and/or disclose of personal information to The Office of Insurance Commission (OIC) for benefit of supervision and promotion of insurance business conduct in accordance with Insurance Commission laws and non-life insurance laws as prescribed by Data Privacy Policy of OIC which published on OIC’s website (https://www.oic.or.th).

 (6) For compliance with laws, including but not limited to, announcements, regulations and lawful orders of government agencies and relevant government officials, for example, the Office of Insurance Commission (OIC) and the committee.  

 (7)  For establishment, use, dispute or proceed legal claims of the company.

 (8) For contact and business operation during business relationship between the company and data subject.

 (9) For analyzing and statistic reports such as marketing research, highly information analysis, statistic research or actuarial, report or financial evaluation by company, group companies, personnel or business partners or another regulator.

Unless stipulated by regulations or Personal Data Protection Act, the company will obtain data subject consent prior to processing personal data for the purposes other than specify in this policy or relating to the purposes under this policy. 

5. Third party who may receive personal data from the Company

     The company may disclose and/or transfer the personal data of the data subject to third party as stated below where such person may be located in Thailand or outside Thailand.

1)      Group companies

2)      Non-life insurance agent/broker of the company

3)      Internal or external the company’s adviser or expert such as lawyer, auditor or consultant.

4)      Service provider or representative of service provider (including subcontractor) such as, payment service, technology service, cloud service, outsourcing service, call center service, document and information management, document recording, scan service, postal service, printing service, delivering service, information analyzing service, marketing service, research service, or other service which relating to company’s business.

5)      Insurance business organization such as the Office of Insurance Commission (OIC), Thai General Insurance Association (TGIA) and The Federal of Thai industries.

6)      Law enforcement regulator, commission which established by law, government sector or regulators, dispute resolution or other party which the company or group company require to disclose information (a) according to the laws or regulations in Thailand and may include government sectors which the group company located or (b) according to agreement or corporate rules between the company and government sectors or other relating parties.

7)      A person or entity who enter into or will enter into any transaction with the company which personal data may be part of purchasing or selling or offering to purchase or sale the company’s business. (If any)

8)      Personnel or sector which data subject consent the company to disclose personal data to.

6. Disclosing of Personal Data Outside of Thailand

     Personal data of data subject may be disclosed, stored or processed by the company or transferred to external parties which may be located or provide service inside or outside of Thailand. However, personal data will be transferred in accordance with Personal Data Protection Act. If the transfer is between group companies, the company will proceed in accordance with the Binding Corporate Rules which has been approved by Personal Data Protection Commission.

7. Retention of Personal Data

     The company will retain personal data of data subject as necessary for proceeding in accordance with purposes as aforementioned. However, the company will retain personal data no longer than 10 years since the last date data subject have any transaction or contact with the company. The company may retain personal data longer than 10 years if it is stipulated by laws. The company will take necessary measures in order to delete or dispose or anonymize personal data in accordance with the retention period. 

8. Use of Personal Information for the purposes for which it was collected

        The company shall be entitled to continue to collect and use such personal data for the original purposes. If data subject do not want the company to collect and use personal data, data subject may inform the company to withdraw consent by asking Request to Exercise Personal Data Rights Form at our head office and branch offices or data subject can download from our website at www.tokiomarine.com/th

9. Rights of Data Subject

Data subject may exercise the rights regarding personal data as following:

1)      Withdraw or request to change the scope of consent which have given to the company.

2)      Request access to, obtain a copy of the personal data or request the disclosure of the acquisition of the personal data obtained without consent.

3)      Correct data subject personal data to be accurate, up-to-date, complete, and not misleading. If the company is unable to process as data subject requested, data subject have right to get the requested form together with reason from the company as stipulated by law.

4)      Delete or dispose personal data or making personal data to be anonymous as stipulated by law.

5)      Object the collection, use, or disclosure of the personal data, at any time, in the following circumstances:

(1) Where the personal data is collected with the exemption to consent requirements under section 24 (4) or (5), unless the company can prove that the collection, use, or disclosure of such personal data can be demonstrated by the company that there is a compelling legitimate ground or is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims

(2) The collection, use, or disclosure of such personal data is for the purpose of direct marketing;

(3) The collection, use, or disclosure of the personal data for the purpose of scientific, historical or statistic research, unless it is necessary to performance of a task carried out for reasons of public interest by the company.

6)      Obtain personal data or request to send or transfer personal data to another data controller.

7)      Restrain processing of personal data as stipulated by law.

8)      Complain to the Office of the Personal Data Protection Commission

 If data subject would like to exercise personal data rights, data subject can ask for Request to Exercise Rights Form at the company office and branch offices or download from website at www.tokiomarine.com/th. The company will consider the request and return the result to data subject within 30 days after the company received the request.

      The company reserve the right to not following the request to exercise the rights of data subject under the company discretion and in accordance with the applicable laws. Data subject may file a complaint to the Personal Information Commission as procedures provided in the Personal Protection Act. Furthermore, the company may collect fees for processing the request as the company see suitable.

10. Revision to this Policy

    The company reserves the rights to amend, revise, or made any change to this policy as allow by laws. If there is significant amendment to this policy, the company will inform to data subject and/or request consent from data subject (if stipulated by laws). 

11. Contact Information of Data Controller and Data Protection Officer

  The company as data controller, if data subject have any inquiries related to this policy or need more information or would like to exercise data protection rights. Please contact at:

Data Protection Officer (DPO)

Tokio Marine Safety Insurance (Thailand) PCL.
Address: No. 302 S & A Building, 6th Floor, Silom Road, Suriyawong, Bangrak, Bangkok 10500
Tel. 02-257-8000 at 8.30 - 16.45
Email: DPO@tokiomarinesafety.co.th

Privacy Policy for Employees and Job applicants

Definition

“Personal Data”
means Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular and not including juristic person information.

“Sensitive Data”
means Information which stated in Section 26 of Personal Data Protection Act and the amendments and other relating laws and regulations including information regarding racial, ethnic origin, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or other data which may affect the data subject in the same manner.

“Personal Data Protection Act – PDPA”
means Personal Data Protection Act B.E. 2562 including subordinate laws which published under Personal Data Protection Act and its amendments.

“Committee”
means the Personal Data Protection Committee
 

1. Collecting of Personal Data

1.1 For Job applicants

1)  Any identification information of such person, for example, name, address or other contact  address, gender, age, nationality, marital status, date of birth, house registration, driving license, passport number, ID card number, person who is in the care of job applicant and photo.

2)  Qualification and working experience, for example, certificate from school/university, learning  history, academic or language test, professional license (such as agent/broker license) other certificate and reference.

3)  Sensitive data, for example, health data, criminal record which the company will collect such sensitive data when job applicant pass the job interview. It is necessary for the company to collect sensitive data for employment contract process and assessment readiness for work.

4)  Personal data of related person, for example, reference person and contact person.

1.2 For Employees

When job applicant pass the interview and sign the employment contract, the company will collect and process personal data which were collected during recruitment process and will collect additional personal data as follows:

1)   Employment details, for example, employee ID, job position, chain of command, working time, employment rule and condition.

2)  General work performance, for example, personal profile, military status, job interview, job interview assessment form and reference, in-out of workplace record, CCTV, phone record, email, internet usage data regarding work performance which is not illegal.

3)  Benefit and compensation, for example, bank account, details of salary and other benefits, social security, retirement/pension information, provident fund, tax and other third-party  beneficiary information.

4)  Work efficiency including assessment, response, rule and regulation for work or complaint annual leave record, sick leave record or absence record, workplace and security in workplace including audit and risk assessment.

5)  Sensitive data, for example, health record for providing welfare and benefit such as health   insurance or reimbursement of medical expenses.

  In case personal data is necessary for entering into a contract, work performance assessment, providing welfare and benefit or contractual obligations or compliance with law, if employees and job applicants do not provide personal information which it is necessary to perform company obligation, the company may not be able to perform as stipulated in this policy or provide service completely and appropriately. It may also affect regulatory compliance which is employees and job applicants or the company’s obligation.

   When employees and job applicants send personal data, which relating to third party to the company (the third party is including but not limited to insured, family members, relative, or reference person). Employee and job applicant must comply with PDPA whether request their consent or inform this policy on behalf of the company. Employees and job applicants have certified the correction of such data and certified that employees and job applicants have informed such data subject regarding the usage of the personal data in accordance with this policy. 

2. Personal Data Management

     Personal data collection of employee and job applicant. In general, the company collect personal data directly from employee and job applicant. In some case, the company may collect such personal data from other source or third party, for example, recommendation person, recruitment agency, hospital, government agency.

3. Purpose of Processing Personal Data

3.1 For job applicants

For recruitment process, such as profile consideration, interview, document preparation, health check management and other related conduct.

3.2 For employees

1)      For considering employment condition, employment contract preparation including signing such contract.

2)      For performing right and duty in accordance with employment contract between employee and the company.

3)      For management regarding working, welfare of employee or third party (if any) in accordance with employment contract including assessment, training and human resource management such as background checks in accordance with laws, physical information, providing assistance to employee for adjusting to new job, welfare management, employee information record, insurance application, medical record and insurance plan, recruitment and training management, promotion, transfer, assignment and for compliance with laws and regulations including manpower planning, wages, compensation, benefit, remuneration planning, future proposal, reward, account, remuneration, work performance assessment, internal report, data analysis and monthly/daily employment management, internal communication, making appointment both internal and external, consideration of job application form for new opportunity and making decision for employment including promotion assessment, work performance, and assessing equality of opportunity.

4)      For research, data analysis and making statistics in the field of employment, assessment or other related employment and human resource management process including making survey, government statistics or answering government request form.

5)      For proceeding in accordance with the company’s internal policy.

6)      For personal data management including collect, record, spare or dispose of personal data.

7)      For monitoring employee behavior which includes validation and investigation of complaint regarding inappropriate behavior, violation of the company rules and/or laws either for internal investigation or cooperation with government agency.

8)      For analysis and training to improve potential and ability of work performance.

9)      For compliance with laws and business audit both internal audit and external audit.

10)   For proceeding in accordance with laws, regulations or policies which stipulated by governing regulators, governmental law enforcement, governmental dispute resolution or insurance regulator and other related agency.

11)   For law enforcement purpose or assisting, cooperating, investigating by the company or police officer or government agency or other domestic regulator, reporting according to the regulations or as agree with government agency or regulators domestically or as ordered by the government officers or government agency.

12)   For security of employee or others who entering and leaving the office building.

13)   For the company restructuring and the company transaction.

14)   For purchasing or selling one or more than one business (part of business) of the company.

15)   For proceeding others if necessary which relating to the above purposes unless stipulated by laws and regulations including PDPA. The company will obtain consent prior to processing personal data for the purposes other than specify in this policy or relating to the purposes under this policy.

       Unless stipulated by regulations or Personal Data Protection Act, the company will obtain employees and job applicants consent prior to processing personal data for the purposes other than specify in this policy or relating to the purposes under this policy. 

4. Disclosing of Personal Data

        In order to carry out the above purposes, the company may have to disclose employee or job applicant’s personal data to third party as stated below. 

1)      Group companies.

2)      The company’s adviser, expert or Group Company’s adviser such as lawyer, auditor or consultant.

3)      Third-party service provider or service provider agent who need to perform according to above purposes such as agent/broker, insurance company, recruitment agency, support service provider for information technology system or recruitment system, accounting system, payroll system and other human resource information system.

4)      Law enforcement regulator, commission which established by law, government sector or regulators, governmental dispute resolution or other party which the company or group company require to disclose information (a) according to the laws or regulations in Thailand and may include government sectors which the group company located or (b) according to agreement or corporate rules between the company and government sectors or other relating parties.

5)      A person or entity who enter into or will enter into any transaction with the company which employee or job applicant’s personal data may be part of purchasing or selling or offering to purchase or sale the company’s business. (If any)

6)      Personnel or sector which employee or job applicant explicitly consent the company to disclose personal data to.

7)      Provident fund in order to achieve above purposes.

5. Disclosing Personal Data Outside of Thailand

Employees or Job applicants’s personal data may be disclosed, stored or processed by the company or transferred to external parties which may be located or provide service inside or outside of Thailand. However, personal data will be transferred in accordance with Personal Data Protection Act. If the transfer is between group companies, the company will proceed in accordance with the Binding Corporate Rules which has been approved by Personal Data Protection Commission.

6. Retention of Personal Data

The company will retain personal data as necessary for proceeding in accordance with above purposes.

6.1   For Job applicant who is not selected. Personal data will be retained for 2 years since the date of receipt from job applicant unless stipulated by laws.

6.2   For Employee who enter into service agreement with the company. Personal Data will be retained during employment and for 10 years since the date of valid resignation unless stipulated by laws.

7. Rights of Data Subject

Employees or Job applicants may exercise the rights regarding personal data as following:

1)      Withdraw or request to change the scope of consent which have given to the company.

2)      Access to, obtain copy of the personal data or request the disclosure of the acquisition of the personal data obtained without consent.

3)      Correct personal data to be accurate, up-to-date, complete, and not misleading. If the company are unable to do, employees or job applicants shall request the record together with reason from the company as stipulated by law.

4)      Delete or dispose personal data or making personal data to be anonymous as stipulated by law.

5)      Object the collection, use, or disclosure of the personal data, at any time, in the following circumstances:

         (1) Where the personal data is collected with the exemption to consent requirements under section 24 (4) or (5), unless the company can prove that the collection, use, or disclosure of such personal data can be demonstrated by the company that there is a compelling legitimate ground or is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims

        (2) The collection, use, or disclosure of such personal data is for the  purpose of direct marketing;

        (3) The collection, use, or disclosure of the personal data for the purpose of scientific, historical or statistic research, unless it is necessary to performance of a task carried out for reasons of public interest by the company.

6)      Obtain personal data or request to send or transfer personal data to another data controller.

7)      Restrain processing of personal data as stipulated by law.

8)      Complain to the Office of the Personal Data Protection Commission

The company reserve the right to not following the request under the company discretion and in accordance with the laws. Employee and Job applicant may file a complaint to The Personal Data Protection Committee (PDPC) as procedures provided in the Personal Data Protection Act (PDPA).       

The company may not follow the request if such request affect the processing of personal data for above purposes including status of employee or job applicant and in accordance with the laws. The company may collect fees for processing the request as the company see suitable.

8. Use of Personal Information for the purposes for which it was collected

         The company shall be entitled to continue to collect and use such personal data for the original purposes. If employees and job applicants do not want the company to collect and use personal data, employees and job applicants may inform the company to withdraw consent by asking Request to Exercise Personal Data Rights Form at our head office and branch offices or employees and job applicants can download from our website at www.tokiomarine.com/th

9. Revision to this Policy

The company reserve the rights to amend, revise, or made any change to this policy as allow by laws. If there is a significant amendment to this policy, the company shall inform employees or job applicants for such amendment and/or obtain consent from employees or job applicants (if stipulated by laws). 

10. Contact Information of Data Controller and Data Protection Officer

The company as data controller, if employees or job applicants have any inquiries related to this policy or need more information or would like to exercise data protection rights. Please contact at:

Data Protection Officer

Tokio Marine Safety Insurance (Thailand) PCL. (Data Protection Officer)
Address: No. 302 S & A Building, 6th Floor, Silom Road, Suriyawong, Bangrak, Bangkok 10500
Tel. 02-257-8000 at 8.30 - 16.45
Email: DPO@tokiomarinesafety.co.th

                                                                                                                     

Choose your country or region

Visit HQ Pages

Tokio Marine Holdings
Tokio Marine Asia

Visit Country Pages

Select your location and language

Select Region
  • All

  • All

  • Asia Pacific

  • Australia

  • Americas

  • Europe

Country icon

Singapore

MY Icon

Malaysia

Philippines

Philippines

Malayan Insurance Co., Inc.
indonesia

Indonesia

thailand

Thailand

India

India

IFFCO-Tokio General Insurance
Vietnam

Vietnam

Bao Viet Tokio Marine Insurance Company Limited
Myanmar

Myanmar

Australia

Australia

USA

USA

Tokio Marine Management Inc
USA

USA

First Insurance Company of Hawaii
USA

USA

Philadelphia Consolidated Holdings Corp
USA

USA

HCC Insurance Holdings
UK

UK

Tokio Marine Kiln Group Ltd
Cross

You are currently on a site outside of your country Switch to external site?

Visit your local page. If you change your mind, you can use the dropdown at the top navigation to visit other Tokio Marine country pages.

Icon-Phone-White
General Insurance
0 2257 8000
Cross

You are currently on a site outside of your country. Switch to local site?

Visit your local page. If you change your mind, you can use the dropdown at the top navigation to visit other Tokio Marine country pages.