Privacy Policy Sompo Insurance (Thailand) PLC ( “Sompo”, “Our”, “We” or “Us” ) is an insurance Company that adheres to ethical business conducts and compliance with applicable legal framework. Sompo is aware of your trust in Our products and services and recognizes your need for security in transaction and the handling of your personal data. For prioritizing your privacy and safeguarding your personal data, Sompo has set out policies, regulations and rules for Our business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to Sompo will be processed to meet your needs and in accordance with the laws. Objective of the policy This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data. Personal Data As used throughout this Policy, “Personal Data” means any data that can directly or indirectly identify you whether you provide the Personal data directly to Us or available to Us by your use of products and/or services, contact, visit, search via digital channels, branches, website, call center, assigned persons or other means. Additionally, Sompo may receive or access through other sources. For example, the sale intermediary, business partners, government authority. In such case Sompo will collect data from other sources only when your consent is given as consistent with laws unless where considered necessary. For more information, please click here Sompo may collect, uses and/or disclose the personal data as following: Category of the Personal Data Personal data which We collect, uses and/or disclose Personal information Name, surname, age, date of birth, marital status, national identification number, passport number, professional, driving license no. Contact information home address, workplace, telephone number, E-mail, LINE account ID Financial information saving account numbers, credit card numbers, debit card numbers, financial history Transaction information Record of insurance product selected, claim history Data related to devices or machines IP address, MAC address, Cookie ID; and Other information website-visiting data, voice, still picture, moving picture, and other information that is collected and used in the insurance industry and necessary for provision of our underwriting (direct and reinsurance contract), claim consideration and adjudication, other related business activities Sensitive Data Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by Sompo only when Sompo has obtained explicit consent from you or where necessary for Sompo as permissible under law. Sompo may collect, uses and/or disclose the Sensitive data, for example, racial or ethnic origin, religious, disability, criminal records, health data for the purpose of proceeding the underwriting or claim verification process. Also, we may collect, uses and/or disclose the Sensitive data biometric identifiers (Biometrics), e.g., facial recognition, voice recognition for the purpose of verifying and confirming identity of applicants for services and/or transaction via digital channels, branches, website, call center or other channels, etc. However, the Sensitive Data also include any data which may affect you in the same manner, as further prescribed by the Competent authority. (Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “ Personal Data ”) 1. Purposes of collecting, using and/or disclosing your Personal data Sompo will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to Us or you; and for any purposes provided in this Policy, as follows; In order to serve your benefits in using Our products and/or services that meet your own purposes and for other purposes necessary under laws; a) To allow you to use Our products and/or services that meet your purposes under your contract with Us or to take steps at your request prior to using Our products and/or services (Contractual Basis), as following: (1) Approve the using of any products and/or services e.g. processing the application of customer; (2) To take any steps in relation to the providing of any products and/or service e.g. processing claim settlement investigation, administering and/or managing customers’ relationships, carrying out customers’ instructions or responding to any enquiries by customers, servicing the customer b) To comply with relevant or applicable law (Legal Obligation), i.e. comply with an order from a competent authority i.e. revenue department, the Office of Insurance, Commission; and/or, Non-life Insurance Law and relevant regulation, Tax Law, Anti-money Laundering Law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Law, Computer Law, Bankruptcy Law, and other laws to which Sompo is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws. If Sompo is required to collect, use and/or disclose your Personal Data to meet our legal obligations or enter into an agreement with you, Sompo may not be able to provide (or continue to provide) our products and/or services to you if Sompo cannot collect your Personal Data when requested. c) To take necessary steps for the Sompo legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance; (1) Investigating fraud, misconduct, any unlawful action or omission, whether relating to customers’ application, claims or any other matters relating to customers’notice, and any suspicious transaction; (2) Recording voice conversation with call center or images from CCTV; (3) Maintaining relationship with customers, e.g. complaint handling, satisfaction survey (4) Providing notification or offer on any products and/or services, promotion of the same types you are using for your benefits. Customers have the right to opt out of receiving such marketing information; (5) Seeking professional advice (including but not limited to obtaining legal advice and facilitating dispute resolution); (6) Compiling information for statistical analytics/research to enhance products and services, as well as for the purpose of reinsurance; (7) Fulfilling audit requirements and compliance supervision; (8) Disclosing to the Sompo’s parent company and/or related companies of the Sompo Group, agents, contractors, reinsurers or third-party service providers who provides administrative, telecommunications, payment, data processing or other services to Sompo in connection with the operation of its business (9) Anonymizing your Personal Data (Anonymous Data); (10) Preventing, responding, and minimizing potential risks arising from corruption, cyber threat, law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks; (11) Recording contact, voice or image during meetings, trainings, seminars or booth activities; (12) Complying the Personal Data under court’s receivership order; and (13) Receiving - dispatching parcels. To enable you to receive benefits from using products and/or services according to your given consent, for instance (1) For you to receive products and/or services that are better and suitable for your need; (2) For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities; regardless of being products and/or services, privileges, promotions, information or special activities of Sompo, or person of whom Sompo is a distributor, business partner or a third party associated with Sompo, depending on your given consent. When it is necessary, Sompo may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of our business, e.g. sending or transferring the Personal Data to be stored on server/cloud in other countries. If the receiving countries do not maintain adequate standard levels, Sompo will ensure that the sending and the transferring follow legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements. 2. Disclosure of Personal Data Sompo may disclose your Personal Data to other person to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy Sompo may disclose your Personal Data for various purposes, e.g. providing services to you; analyzing and developing products and/or services, conducting research or analyzing statistical data; promoting sales and advertising by Sompo; managing organization; preventing corruption; allowing the supporting service providers; verifying customers’ identity; providing reinsurance, etc. Sompo may disclose the data to other persons or entities. For example, Group, the Personal Data processors, business partners launching products with the Sompo, external service providers, the agents, broker, sub-contractors, auditors, external auditors, credit rating companies, reinsurance company, competent authority, any corporations or individuals under relationship or contract with Sompo; including executives, staffs, employees, contractors, agents, advisor and of those person or entity who receive the data, etc. In case of disclosing your Personal Data to other persons for the marketing purposes of the data receiver, e.g. sale promotions, advertisements or products and/or services offers for you, etc., Sompo will notify you of a list of the data receivers to take into consideration when making a decision to give consent. 3. Retention period of Personal Data Sompo will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with Us, or for as long as necessary in connection with the purposes set out in the Retention Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc. Sompo may erase destroy or anonymize the Personal Data when it is no longer necessary or when the period lapses. 4. Security of the Personal Data For retention of your Personal Data, Sompo implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. Sompo has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. Sompo has amended the policy, rule and regulation as frequently as necessary and appropriate. Moreover, the executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by Us. 5. Your rights related to Personal Data You may exercise any of these rights within legal requirements and any regulation set out by Sompo In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf. Your right Brief explanation Withdrawal of consent If you have given consent to Sompo to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the retention period, unless it is restricted by laws or you are still under beneficial contract. Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent. Data Access You may access your Personal Data, request Sompo to make a copy of such data for you, request Us to reveal as to how we obtain your Personal Data Data Portability You may obtain your Personal Data if We organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request to send or transfer the Personal Data in such format directly to other person or entity if doable by automatic means. Objection You may object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of Sompo. In this regard, Sompo will continue collecting, using and/or disclosing your Personal Data only when Sompo can establish a legal basis that doing so is more important than your fundamental rights or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis. Data Erasure or Destruction You may request Sompo to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; reasonable ground to believe that the Personal Data shall not be used or when you request to withdraw your consent or to object to the processing as earlier described. Processing Suspension You may request Us to suspend processing your Personal Data during the period where We examines your rectification or objection request; or when it is no longer necessary and We must erase or destroy your Personal Data pursuant to relevant laws but you instead request Us to suspend the processing. Data Rectification You may request Us to rectify your Personal Data to be updated, complete and not misleading. Complaint Lodging You may raise the complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws. However, Sompo may deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If We denies the request, We will inform you of the reason. 6. Contact information If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact Us via the following channel: The Data Protection Officer Sompo Insurance (Thailand) Plc. 990 Abdulrahim Place, 12th, 14th Floor, Rama 4 Rd., Silom, Bangrak, Bangkok, Thailand 10500 Call: 02-119-3000 E-mail: DPO@sompo.co.th 7. Changes to the Privacy Policy We will review our Privacy Policy periodically and reserve the right to make amendments at any time to consider of changes in our business and legal requirements. Policy of such revision will be indicated on our website and/or by such other means of communication deemed suitable by Sompo. If change to the Privacy Policy has a material adverse effects to the original purpose of collection of your personal data, or otherwise required by law, we will notify you of such change and new purpose and obtain your prior consent before proceeding further. This Privacy Policy is dated June 1, 2020.
Privacy Policy Sompo Insurance (Thailand) PLC ( “Sompo”, “Our”, “We” or “Us” ) is an insurance Company that adheres to ethical business conducts and compliance with applicable legal framework. Sompo is aware of your trust in Our products and services and recognizes your need for security in transaction and the handling of your personal data. For prioritizing your privacy and safeguarding your personal data, Sompo has set out policies, regulations and rules for Our business providing strict measures in protecting your personal data so that you can be assured that your personal data entrusted to Sompo will be processed to meet your needs and in accordance with the laws. Objective of the policy This Policy is to inform you, as a data subject, to be aware of the purposes and details of the collection, usage and/or disclosure of your personal data as well as your legal rights in connection with personal data. Personal Data As used throughout this Policy, “Personal Data” means any data that can directly or indirectly identify you whether you provide the Personal data directly to Us or available to Us by your use of products and/or services, contact, visit, search via digital channels, branches, website, call center, assigned persons or other means. Additionally, Sompo may receive or access through other sources. For example, the sale intermediary, business partners, government authority. In such case Sompo will collect data from other sources only when your consent is given as consistent with laws unless where considered necessary. For more information, please click here Sompo may collect, uses and/or disclose the personal data as following: Category of the Personal Data Personal data which We collect, uses and/or disclose Personal information Name, surname, age, date of birth, marital status, national identification number, passport number, professional, driving license no. Contact information home address, workplace, telephone number, E-mail, LINE account ID Financial information saving account numbers, credit card numbers, debit card numbers, financial history Transaction information Record of insurance product selected, claim history Data related to devices or machines IP address, MAC address, Cookie ID; and Other information website-visiting data, voice, still picture, moving picture, and other information that is collected and used in the insurance industry and necessary for provision of our underwriting (direct and reinsurance contract), claim consideration and adjudication, other related business activities Sensitive Data Sensitive Data is personal data that is specially categorized by law and will be collected, used and/or disclosed by Sompo only when Sompo has obtained explicit consent from you or where necessary for Sompo as permissible under law. Sompo may collect, uses and/or disclose the Sensitive data, for example, racial or ethnic origin, religious, disability, criminal records, health data for the purpose of proceeding the underwriting or claim verification process. Also, we may collect, uses and/or disclose the Sensitive data biometric identifiers (Biometrics), e.g., facial recognition, voice recognition for the purpose of verifying and confirming identity of applicants for services and/or transaction via digital channels, branches, website, call center or other channels, etc. However, the Sensitive Data also include any data which may affect you in the same manner, as further prescribed by the Competent authority. (Unless otherwise specified in this Policy, personal data and sensitive data about you above will be collectively called “ Personal Data ”) 1. Purposes of collecting, using and/or disclosing your Personal data Sompo will collect your Personal Data for your benefits in using products and/or services; for performing legal obligations required by any law applicable to Us or you; and for any purposes provided in this Policy, as follows; In order to serve your benefits in using Our products and/or services that meet your own purposes and for other purposes necessary under laws; a) To allow you to use Our products and/or services that meet your purposes under your contract with Us or to take steps at your request prior to using Our products and/or services (Contractual Basis), as following: (1) Approve the using of any products and/or services e.g. processing the application of customer; (2) To take any steps in relation to the providing of any products and/or service e.g. processing claim settlement investigation, administering and/or managing customers’ relationships, carrying out customers’ instructions or responding to any enquiries by customers, servicing the customer b) To comply with relevant or applicable law (Legal Obligation), i.e. comply with an order from a competent authority i.e. revenue department, the Office of Insurance, Commission; and/or, Non-life Insurance Law and relevant regulation, Tax Law, Anti-money Laundering Law, Counter-Terrorism and Proliferation of Weapon of Mass Destruction Financing Law, Computer Law, Bankruptcy Law, and other laws to which Sompo is subject both in Thailand and in other countries including regulations and rules issued pursuant to such laws. If Sompo is required to collect, use and/or disclose your Personal Data to meet our legal obligations or enter into an agreement with you, Sompo may not be able to provide (or continue to provide) our products and/or services to you if Sompo cannot collect your Personal Data when requested. c) To take necessary steps for the Sompo legitimate interests or other individual or juristic person which are not overriding your reasonable expectations (Legitimate Interest), for instance; (1) Investigating fraud, misconduct, any unlawful action or omission, whether relating to customers’ application, claims or any other matters relating to customers’notice, and any suspicious transaction; (2) Recording voice conversation with call center or images from CCTV; (3) Maintaining relationship with customers, e.g. complaint handling, satisfaction survey (4) Providing notification or offer on any products and/or services, promotion of the same types you are using for your benefits. Customers have the right to opt out of receiving such marketing information; (5) Seeking professional advice (including but not limited to obtaining legal advice and facilitating dispute resolution); (6) Compiling information for statistical analytics/research to enhance products and services, as well as for the purpose of reinsurance; (7) Fulfilling audit requirements and compliance supervision; (8) Disclosing to the Sompo’s parent company and/or related companies of the Sompo Group, agents, contractors, reinsurers or third-party service providers who provides administrative, telecommunications, payment, data processing or other services to Sompo in connection with the operation of its business (9) Anonymizing your Personal Data (Anonymous Data); (10) Preventing, responding, and minimizing potential risks arising from corruption, cyber threat, law violation (e.g. money laundering, terrorism and proliferation of weapon of mass destruction financing, offences related to property, life, body, liberty or fame); including sharing Personal Data to enhance work standards of affiliated companies/other companies in the same business in order to prevent, respond, and minimize the above risks; (11) Recording contact, voice or image during meetings, trainings, seminars or booth activities; (12) Complying the Personal Data under court’s receivership order; and (13) Receiving - dispatching parcels. To enable you to receive benefits from using products and/or services according to your given consent, for instance (1) For you to receive products and/or services that are better and suitable for your need; (2) For you to receive offers, privileges, recommendations and other information including eligibility to attend special activities; regardless of being products and/or services, privileges, promotions, information or special activities of Sompo, or person of whom Sompo is a distributor, business partner or a third party associated with Sompo, depending on your given consent. When it is necessary, Sompo may send or transfer your Personal Data to affiliated companies/companies in the same business located in other countries or to other receivers in ordinary course of our business, e.g. sending or transferring the Personal Data to be stored on server/cloud in other countries. If the receiving countries do not maintain adequate standard levels, Sompo will ensure that the sending and the transferring follow legal requirements and will put in place the Personal Data protection measures as necessary, appropriate and in consistent with confidentiality measures. For example, entering into confidentiality agreement with receivers in such country; or in case of affiliated companies/companies in the same business being the receivers, setting out the Personal Data policy that is audited and certified by competent authorities under relevant law and controlling the sending and transferring to comply with such policy instead of legal requirements. 2. Disclosure of Personal Data Sompo may disclose your Personal Data to other person to the extent permissible under your consent or law. The persons or entities receiving such data will collect, use, and/or disclose the Personal Data to the extent permissible under your consent or related to this Policy Sompo may disclose your Personal Data for various purposes, e.g. providing services to you; analyzing and developing products and/or services, conducting research or analyzing statistical data; promoting sales and advertising by Sompo; managing organization; preventing corruption; allowing the supporting service providers; verifying customers’ identity; providing reinsurance, etc. Sompo may disclose the data to other persons or entities. For example, Group, the Personal Data processors, business partners launching products with the Sompo, external service providers, the agents, broker, sub-contractors, auditors, external auditors, credit rating companies, reinsurance company, competent authority, any corporations or individuals under relationship or contract with Sompo; including executives, staffs, employees, contractors, agents, advisor and of those person or entity who receive the data, etc. In case of disclosing your Personal Data to other persons for the marketing purposes of the data receiver, e.g. sale promotions, advertisements or products and/or services offers for you, etc., Sompo will notify you of a list of the data receivers to take into consideration when making a decision to give consent. 3. Retention period of Personal Data Sompo will retain your Personal Data for as long as necessary during the period you are a customer or under relationship with Us, or for as long as necessary in connection with the purposes set out in the Retention Policy, unless law requires or permits longer retention period. For example, retention pursuant to Anti-money Laundering Law, retention for proving and examining in the event of dispute within legal prescription period of not over 10 years, etc. Sompo may erase destroy or anonymize the Personal Data when it is no longer necessary or when the period lapses. 4. Security of the Personal Data For retention of your Personal Data, Sompo implements technical measures and organizational measures to ensure appropriate security in the Personal Data processing and preventing Personal Data breach. Sompo has set out policies, rules and regulations on Personal Data protection, e.g. security standards of information technology and measures to prevent data receivers from using or disclosing the data outside the purposes or without authorization or unlawfully. Sompo has amended the policy, rule and regulation as frequently as necessary and appropriate. Moreover, the executives, staffs, employees, contractors, agents, advisers and data receivers are obligated to keep the Personal Data in confidence pursuant to confidentiality measure provided by Us. 5. Your rights related to Personal Data You may exercise any of these rights within legal requirements and any regulation set out by Sompo In case you are under 20 years old or your legal contractual capacity is restricted, your father and mother, guardian or representative may request to exercise the rights on your behalf. Your right Brief explanation Withdrawal of consent If you have given consent to Sompo to collect, use and/or disclose your Personal Data (whether before or after the effective date of the Personal Data Protection law), you have the right to withdraw such consent at any time throughout the retention period, unless it is restricted by laws or you are still under beneficial contract. Withdrawal of your consent may affect your use of products and/or services. For example, you may not receive privileges, promotions or new offers, products and/or services that are enhanced and consistent with your needs, or not receive beneficial information, etc. For your benefits, you are advised to learn and ask for consequences before withdrawing your consent. Data Access You may access your Personal Data, request Sompo to make a copy of such data for you, request Us to reveal as to how we obtain your Personal Data Data Portability You may obtain your Personal Data if We organizes such Personal Data in automatic machine-readable or usable format and can be processed or disclosed by automatic means; to request to send or transfer the Personal Data in such format directly to other person or entity if doable by automatic means. Objection You may object to collection, use and/or disclosure of your Personal Data at any time if such doing is conducted for legitimate interests of Sompo. In this regard, Sompo will continue collecting, using and/or disclosing your Personal Data only when Sompo can establish a legal basis that doing so is more important than your fundamental rights or to affirm legal rights; to comply with laws; or to defend a legal proceedings, depending on a case by case basis. Data Erasure or Destruction You may request Sompo to erase, destroy or anonymize your Personal Data if you believe that the collection, use and/or disclosure of your Personal Data is against relevant laws; reasonable ground to believe that the Personal Data shall not be used or when you request to withdraw your consent or to object to the processing as earlier described. Processing Suspension You may request Us to suspend processing your Personal Data during the period where We examines your rectification or objection request; or when it is no longer necessary and We must erase or destroy your Personal Data pursuant to relevant laws but you instead request Us to suspend the processing. Data Rectification You may request Us to rectify your Personal Data to be updated, complete and not misleading. Complaint Lodging You may raise the complain to competent authorities pursuant to relevant laws if you believe that the collection, use and/or disclosure of your Personal Data is violating or not in compliance with relevant laws. However, Sompo may deny or not be able to carry out your requests, e.g. to comply with laws or court orders, public tasks, your request in breach of rights or freedom of other persons, etc. If We denies the request, We will inform you of the reason. 6. Contact information If you have any suggestions or inquiries regarding collection, usage and/or disclosure of your Personal Data as well as a request to exercise your rights under this Policy, you may contact Us via the following channel: The Data Protection Officer Sompo Insurance (Thailand) Plc. 990 Abdulrahim Place, 12th, 14th Floor, Rama 4 Rd., Silom, Bangrak, Bangkok, Thailand 10500 Call: 02-119-3000 E-mail: DPO@sompo.co.th 7. Changes to the Privacy Policy We will review our Privacy Policy periodically and reserve the right to make amendments at any time to consider of changes in our business and legal requirements. Policy of such revision will be indicated on our website and/or by such other means of communication deemed suitable by Sompo. If change to the Privacy Policy has a material adverse effects to the original purpose of collection of your personal data, or otherwise required by law, we will notify you of such change and new purpose and obtain your prior consent before proceeding further. This Privacy Policy is dated June 1, 2020.