Where you wish to exercise your rights as set out above, or if you have any queries, comments and/or questions about your Personal Data under this Privacy Policy, you can reach us or our Data Protection Officer (DPO) at:

• AIG Insurance (Thailand) Public Company Limited.
  • Address: 989, Siam Piwat Tower, 21^st and 23^rd  Floor, Rama I Road, Patumwan, Bangkok 10330, Thailand
  • Contact Details:
    • Phone number: 02-649-1999, during business hours: 8.30 a.m. – 5.00 p.m., Monday through Friday (except Public Holiday).
      
    • Email address: THDPO@aig.com
• Data Protection Officer (DPO)
  • Address: 989, Siam Piwat Tower, 21^st and 23^rd  Floor, Rama I Road, Patumwan, Bangkok 10330, Thailand
  • Contact Details:
    • Phone number: 02-649-1999, during business hours: 8.30 a.m. – 5.00 p.m., Monday through Friday (except Public Holiday).
    • Email address: THDPO@aig.com

“Personal Data” means any identified or identifiable information about you and relate to you or other individuals (such as your beneficiary or dependent) as listed below. Any reference to Personal Data in the text of this Privacy Policy also includes Sensitive Data, unless stated otherwise. If you do not provide your Personal Data when requested, we may not be able to provide (or continue to provide) our products and services to you. Depending on your relationship with us, Personal Data collected about you and your dependents may include, but not limted to the following:

1. Personal Data That We Collect (other than authorized persons, directors, shareholders and other contact persons of a Business Partner)

We offer both commercial line insurance products and consumer line insurance products to customers. For providing you with insurance products and services, we may collect the following Personal Data about you according to your request, relationship and / or interactions with us:

• General identification: such as your title, name, surname, gender, marital status, family status, date of birth, age, photograph, still or moving images created in connection with insurance or other business activities, physical attributes, occupation, position, your status as director or partner, or other ownership or management interest in an organization, company's name, copies of and/or information on government-issued documents (e.g., national identification card, passport, household registration, driving license, vehicle registration, vehicle license plate, vehicle plate details, tax identification, and business registration ID), employer's certificate, salary and income, educational background, signature, CCTV records, voice records and/or telephone call records between you and our representative and call center, and other identifiers;
• Contact information: such as your address, personal address, company's address, layout of address, telephone number, mobile phone number, business telephone number, fax number, email address, and social networking profile details;
• Financial information and account details: such as credit / debit card number, credit card type, credit / debit card or bank information, bank account number and account details, both local and overseas, payment details and records, credit card transactions, credit card spending history, asset, and financial status; and
• Sensitive Data: such as your religion (contained in national identification card), ethnicity, health data (e.g., current and former physical or mental or medical condition, health status, and medical record / history, and alcohol blood testing result), disability (e.g., injury), and criminal records (contained in police report).
  We will only collect, use, and/or disclose Sensitive Data, if we have received your explicit consent or as permitted by law.
• Information which enables us to provide services to you: such as details of insurance policy including insurance policy number and insurance premium, details of claim and claim history, details of goods or services purchased, travel details / plan, title deed of the insured property, location and identification of the insured property (e.g., property address, vehicle license plate, chassis number, or identification number), coverage of peril details, date and cause of death, injury or disability, prior accident or loss history, other insurance you hold, relationship to the policy holder, insured or claimant, circumstantial evidence which could contain Personal Data, and other information as specifically required by each type of insurance product;
• Behavior information: such as your marketing preferences, feedback, interest in participating in a contest or prize draw or other sales promotions, or response to a voluntary customer satisfaction survey;
• Social media account and information from Online Services: such as your social media account ID and profile picture, including other information that is part of your profile relating to those accounts or of your friends' profiles; and
• Technical information: such as your display name, password on our system, browser and electronic device information, app usage data, information collected through cookies, pixel tags, and other technologies, demographic information and other information provided by you, aggregated information, and any other technical information from the use our Sites or systems. For example:
  • Through your internet browser or electronic device: Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e., your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit, page(s) visited and the name and version of the Online Services you are using. We use this information to ensure that our Online Services function properly.
    
  • Through your use of the App: When you download and use the App, we and our service providers may track and collect App usage data, such as the date and time the App on your electronic device accesses our servers and what information and files have been downloaded to the App based on your device number.
  • Cookies: When you visit our Online Services, cookies are used to collect technical information about the services that you use, and how you use them. For more information, please see Sharing of Personal Information  of this Privacy Policy.

When we process anonymized data or in aggregated form which can no longer identify you, this Privacy Policy would not be applicable.

2. Personal Data That We Collect (with respect to authorized persons, directors, shareholders and other contact persons of a Business Partner)

• General identification: such as, first name, last name, title, age, gender, date of birth, photos, still or moving images created in connection with insurance or other business activities, physical attributes, nationality, information on CV, education, work-related information (e.g., position, function, occupation, job title, company you work for, branch, staff ID, employed at or holds shares of), information on government-issued cards (e.g., national identification number, passport number, household registration, and name change certificate where applicable), percentage of shares, signatures, CCTV records (i.e., moving or still images and belongings (such as vehicles, when entering the monitored spaces in our buildings and facilities) through the CCTV devices), voice records, and other identifier;
• Contact information: such as, address, company's address, telephone numbers, mobile phone number, business telephone number, fax number, email address, country, and social networking profile details;
• Financial information and account details: such as, bank account number and account details.
• Other information collected, used or disclosed in connection with the relationship between us and the Business Partner, such as, information in the company's affidavit; information you give us in contracts, invoice, purchase order, forms or surveys.
• Sensitive Data: such as religion (contained in national identification card).
• Technical information: same as the “Technical information” in “Personal Data That We Collect (other than authorized persons, directors, shareholders and other contact persons of a Business Partner)”.

When we process anonymized data or in aggregated form which can no longer identify you, this Privacy Policy would not be applicable.

We may also collect the Personal Data as specified in the Personal Information That We Collect of other persons (e.g., your dependents including spouse, children, and beneficiary, counter party, third-party claimant, and friends (in case we collect your friends' profiles in your social media accounts) in the course of the provision of our product or performance of our service. If you provide Personal Data of others to us, you represent and warrant that you have the authority to do so by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents where applicable or necessary to permit us to use such Personal Data in accordance to this Privacy Policy

We may collect, use or disclose your Personal Data for the following purposes:

• The purposes of which your consent would be required: We rely on your consent for the collection, use, and/or disclosure of your Personal Data by us, the companies in AIG Group and business partners for the purposes set out below.
  • For the purpose of authentication and verification of a person: Sensitive Data – religion (contained in national identification card); and ethnicity;
  • For the purpose of complying with foreign governments' laws, regulations, and request: any Sensitive Data under our possession;
  • For the purpose of marketing and communications: Personal Data - to provide you with marketing communications, tele-marketing, re-marketing, advertisement, privileges, sales, special offers, notice, newsletter, updates, announcements, promotions, campaigns, news and information, relating to the products or services from us, the companies in AIG Group and business partners which we cannot rely on other legal bases; and
  • For the purposes for disclosing/sharing your Personal Data to certain third parties as described under Sharing of Personal Information of this Privacy Policy where your consent is required.
    Please note that, for the collection, use, and/or disclosure of your Sensitive Data as necessary for the purpose of insurance policy underwriting consideration; for insurance premium calculation; for engaging in reinsurance relationship with third parties; for the purpose of the claim process and other relevant procedures, we, subject to the applicable laws, rules, regulations and guidelines in relation to insurance, can rely on the necessity to comply with a legal obligation to achieve the purpose relating to substantial public interest as a legal basis so that your consent might not be required. However, if your consent is required under the applicable laws, we will ensure that such requirement is satisfied.
    
    Where the legal basis for collection, use and/or disclosure of your personal data is consent, you have the right to withdraw consent at any time in accordance with the applicable laws. This can be done so, by contacting us as per the contact information stated in Who To Contact About Your Personal Information. The withdrawal of consent will not affect the lawfulness of the collection, use and/or disclosure of your Personal Data and Sensitive Data based on your consent before it was withdrawn. If you do not provide your consent, your personal data to us or later withdraw your consent, we may not be able to provide our services or products to you.

• The purposes for which we may rely on other legal bases and for which your consent is not required for processing of your Personal Data: 
  Apart from the purposes which your consent may be required under The purposes of which your consent would be required:, we (and third party who may be acting on our behalf) may rely on the following legal bases for the collection, use, and/or disclosure of your Personal Data without your consent in accordance with applicable law for purposes listed below in this The purposes for which we may rely on other legal bases and for which your consent is not required for processing of your Personal Data: (1) contractual basis, for our initiation or fulfilment of a contractual performance with you or requested by you prior to engage into a contractual performance with us; (2) legal obligation, for the fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms in relation to the protection of your Personal Data; (4) vital interest, preventing or suppressing a danger to a person’s life, body or health; (5) public interest, for the performance of a task carried out in the public interest or for the exercising of the State’s power by us as authorized by the State; (6) the reason for an establishment and defenses of legal claims in the future; (7) for necessity to comply with legal obligation to achieve the purpose relating to substantial public interest; and (8) for necessity to comply with legal obligation to achieve the purpose relating to public interest in public health.
  The purposes for which we rely on the other legal bases as described above in order to collect, use and/or disclose your Personal Data without obtaining consent as provided under law are as follows:
  • Providing insurance products or services, and other related products or services to you: such as, to process, determine and assess your application or request for insurance products or services; to issue quotation for our insurance products or service to you; to make decisions about whether to provide insurance and assistance services, and other products or services which we offer; to consider your application for underwriting and issuance of insurance policy; to execute insurance or commercial contract; to provide products or services; to discuss and negotiate commercial terms; to administer, maintain, manage and operate products or services including any renewals; to administer your insurance policy; to assess your eligibility for payment plans, and process your premium and other payments; to issue premium bill and/or invoice; to collect and process your premium payment; to check payment status; to issue insurance card to you; to issue premium return; and to issue statements or tax documents; 
  • Performing functions in connection with the claim process: such as, to provide products or services, including claim assessment, processing, and settlement; to consider, investigate, validate, administer, proceed, or manage claims made by you or any other person under any insurance products or services, including, making, defending, analyzing, investigating, processing, assessing, determining or responding to such claims; to recover claims; and to manage claim disputes;
  • Managing our relationship with you: such as, to contact and communicate with you as requested by you or in relation to the products and services you obtain from us or as part of our business; to send you important information regarding changes to our policies, other terms and conditions, our Online Services, renewal of policies and other administrative information; to handle any queries or complaint from you; to detect our own errors; to deal with technical issues; and to provide you with update on recent development;
  • Conducting and improving our general business operations, product and/or services: such as, to manage our infrastructure and business operations; to comply with our internal policies and procedures, relating to auditing, finance and accounting, billing and collections, business continuity, reporting and general servicing and maintenance of online and other services; to keep records and document; to manage internal flow of information; to perform our functions related to our businesses; to engage in reinsurance relationship with third parties; to develop products and/or service; to analyze competition in the market; to carry out surveys, data analytics, and market research, including analysis of customer base and other individuals whom we collect their Personal Data; to record your stills and moving footage, images, and/or voice for creation of public relations and marketing materials, such as for post on social medial or for live video; to conduct internal analysis for improvement; to assess and manage risks; to calculate commissions and service fees to our authorized brokers, agents, and business partners; to settle debts with foreign insurer or reinsurer; and to distribute information to our business partners, including related industry associations; and to manage our IT operations. For example, to manage our internal and external IT operations and communication system, including IT security, IT security audit, and IT recordkeeping; and to set system access authority;
  • Providing marketing communications: such as, to provide you with marketing communications, tele-marketing, re-marketing, advertisement, privileges, sales, special offers, notice, newsletter, updates, announcements, promotions, campaigns, news and information, relating to the products or services from us, the companies in AIG Group and business partners in accordance with preferences you have expressed directly or indirectly; to personalize, profile and analyze your personal data; to target and retarget potential customers; to manage campaigns and analysis; and to personalize your experience when using our Online Services or visiting third-party websites by presenting information and advertisements tailored to you, relating to the products or services offered by us, the companies in AIG Group and business partners in accordance with preferences you have expressed directly or indirectly. For example, to communicate with you, as our existing customer, about the products or services you obtain from us, similar products or services, or any other products or services belonging to us, other companies in the AIG Group, or our business partners, which may be beneficial to you or would assist you in obtaining our services, provided that you have never objected to receiving such communications;
  • Participating in contests, prize draws and similar promotion: such as, to allow you to participate in and administer these activities;
  • Compliance with legal obligations: such as, to collect, use, and/or disclose your Personal Data in compliance with our legal obligations, rights or duties and/or legal proceeding under the applicable laws (e.g. those in relation to insurance, including the collection, use, and/or disclosure of your Personal Data to the Office of Insurance Commission (“OIC”) for the purposes of regulating and promoting the undertaking of insurance business in accordance with the laws on insurance commission and on insurance as described in the OIC privacy policy, which is available at OIC's website (http://www.oic.or.th); those in relation to anti-money laundering, and sanction screening; those in relation to safety and environment in the workplace), including laws outside your country of residence; to respond to investigation requests from public and governmental authorities and to support regulatory investigations;
  • Protection of our interests: such as, to establish, protect or defend our legal rights; to protect our and our AIG's operations, privacy, safety or property, and/or that of the companies in AIG Group, you or others; to allow us to pursue available remedies or limit our damages; and to assess and ensure compliance with applicable laws, rule, regulations, and internal policies and procedures; to assist in the investigation or proceedings concerning a whistleblowing complaint; to assist in the effective resolution of disputes which arise in the course of disciplinary or grievance proceedings;
  • Fraud and crime detection: such as, to authenticate and verify your identity; to check the information provided; to carry out due diligence or other screening activities to comply with our legal or regulatory obligations or risk management procedures required by law or put in place by us; to detect, prevent and investigate fraud, or other breaches of applicable laws and regulations or unauthorized use of your personal data;
  • Transfer in the event of merger: such as, in sale, transfer, merger, reorganization or similar event we may transfer your Personal Data to one or more third parties, including the companies in AIG Group as part of that transaction;
  • Life and public health and safety: such as, to prevent or suppress a danger to a person’s life, body, or health or for the purposes of public health and safety such as protecting against cross-border dangerous contagious disease or epidemics which may be contagious or pestilent, or ensuring standards or quality of medicines, medicinal products or medical devices, on the basis that there is a provision of suitable and specific measures to safeguard the rights and freedom of the data subject, in particular maintaining the confidentiality of Personal Data in accordance with the duties or professional ethics; and
  • Any other purposes that allow us to collect, use and disclose Personal Data under the applicable law.

The table below describes the legal bases, except where we rely on consent, we may rely on for collecting, using and/or disclosing your Personal Data for the purposes stated above:

Except in limited instances when we indicate that certain information is based on your consent, we collect use, and/or disclose your Personal Data on the following legal basis (1) contractual basis, for performance of activity in relation to the our business relationship; (2) legal obligation, for fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms to the protection of your Personal Data; (4) vital interest, for the prevention or suppression of danger to a person's life, body, or health; (5) public interest, for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (6) the reason for an establishment and defenses of legal claims in the future.

The purposes for which we rely on the legal basis as described above in order to collect, use and/or disclose your Personal Data without obtaining consent as provided under law are as follows:

• Business communication: such as, to communicate with the Business Partners about products, services and projects 
• Business Partner selection: such as, to verify your identity and Business Partner status; to conduct due diligence or any other form of background checks or risk identification on the Business Partner (including screening against publicly available government law enforcement agency and/or official sanctions lists); to evaluate suitability and qualifications of the Business Partner; to issue request for quotation and bidding; and execute contract with the Business Partner;
• Business Partner data management: such as, to maintain and update lists/directories of Business Partners (including your Personal Data); and to keep contracts and associated documents in which you may be referred to;
• Relationship management: such as, to plan, perform, and manage the (contractual) relationship with the Business Partners, e.g., by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, and providing support services;
• Conducting our business operations: such as to comply with reasonable business requirements including but not limited to internal management, training, service quality, auditing, reporting, submissions or filings, data processing, control or risk management, statistical, trend analysis and planning or other related or similar activities;
• IT systems and support, such as to provide IT and helpdesk supports; to create and maintain Producer Code and profile for Business Partners; to manage Business Partners access to any systems to which we have granted access; to remove inactive accounts; to implement business controls to enable our business to operate; to enable us to identify and resolve issues in our IT systems; to keep our systems secure; and to perform IT systems development, implementation, operation and maintenance;
• Security and system monitoring, such as to authenticate and verify a person; to implement access controls and logs where applicable; to monitor system, devices and internet; and to ensure IT security;
• Dispute handling, such as to solve disputes; to enforce our contracts; to establish, exercise or defense of legal claims;
• Fraud Detection: such as, to authenticate and verify your identity; to check the information provided; to carry out due diligence or other screening activities to comply with our legal or regulatory obligations or risk management procedures required by law or put in place by us; to detect, prevent and investigate fraud, or other breaches of applicable laws and regulations or unauthorized use of your personal; to support law enforcement organizations in the deterrence, prevention, detection, and prosecution of crime;
• Compliance with legal obligations: such as to comply with internal policies and applicable laws, regulations, directives and regulatory guidelines; to liaise and interact with, and respond to government authorities or courts or tribunals; and
• Marketing communications: contacting you or the Business Partners for the purposes of informing Business Partners of news and publications which may be of interest, events, offering new services, conducting surveys.
• Transfer in the event of merger: such as, in sale, transfer, merger, reorganization or similar event we may transfer your Personal Data to one or more third parties, including companies in our AIG Group, affiliates and subsidiaries, as part of that transaction; 
• Life: such as, to prevent or suppress a danger to a person’s life, body, or health; and
• Any other purposes that allow us to collect, use and disclose Personal Data under the applicable law.

Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with Business Partners and failure to provide that data when requested, may result in our inability to fulfill the relevant purposes as listed above.

Where consent is required for certain activities of collection, use and/or disclosure of your Personal Data, we will request and obtain your consent for such activities separately

AIG is responsible for the management and security of used Personal Data. We may share your Personal Data within our internal business units for our business purposes. We are committed to protect your privacy by restricting the access to your Personal Data on a need-to-know basis.

Additionally, as a part of the AIG Group global network, we may disclose and/or transfer your Personal Data within the AIG Group systems in country and abroad including our affiliates, and subsidiaries or companies in AIG Group, which also include Universal Insurance Broker Co., Ltd. who is in Thailand (“the companies in AIG Group”) for the purposes set forth in this Privacy Policy. Where your consent is required, the companies in AIG Group will rely on the consent obtained by us to disclose/share your Personal Data (Please see "The purposes of which your consent would be required"  of this Privacy Policy and the last sentence of “Why We Collect, Use, And/Or Disclose Your Personal Data (for authorized persons, directors, shareholders and other contact persons of a Business Partner)” of this Privacy Policy.)

We may also make your Personal Data available to the following third parties, located both in Thailand and outside of Thailand, who collect, use and/or disclose Personal Data for the purposes set forth under this Privacy Policy. For more information, you can visit their privacy policies to learn more about how they collect, use and/or disclose your Personal Data:

• Our Business Partners, and Other Insurance and Distribution Parties
  In the course of marketing and providing insurance and processing claims, we may make Personal Data available to our business partners and third parties, including, but not limited to other insurers; reinsurers; local and overseas insurance and reinsurance brokers, other intermediaries and agents; appointed representatives; airlines and online ticket selling partners; affinity marketing partners; retail business partners; banks and financial institutions, securities firms; and other distributors and business partners.
• Our Service Providers
  We may share your Personal Data with external third-party service providers to enable or assist us in providing services to you or conducting our general business operations. These third-party service providers include, but not limit to: (1) call center service provider; (2) IT systems, support and hosting service providers; (3) payment service providers/ credit card companies; (4) banks and financial institutions who administer our accounts; (5) emergency assistance service provider; (6) document and records management providers; (7) AIG shared service providers; (8) car inspection companies and/or garages; (9) claim investigators, loss surveyors and adjusters; (10) third party administrators; (11) data management service providers; (12) data storage and cloud service providers; (13) advertising, marketing and market research and analysis service providers; and (14) similar third-party vendors and other outsourced service providers that assist us in carrying out business activities.
  In the course of providing such services, your Personal Data only to the extent necessary for them to perform the services, we will only allow external third-party service providers to access and we ask them not to use your Personal Data for any other purposes.
• Professional Advisors
  We may engage professional advisors who may have access to your Personal Data, including medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors.
• Governmental Authorities and Third Parties involved in Court Action
  We may also disclose your Personal Data with governmental, regulatory or other public authorities in Thailand and overseas as applicable (including, but not limited to the Office of Insurance Commission, Revenue Department, Bangkok, Provincial, Sub-district Administration Organization, National Police Bureau, criminal investigations agencies and/or any other law enforcement authorities, and courts); and third-party participants in legal procedures or other third party as we believe to be necessary or appropriate to comply with our legal obligations, defend legal rights or positions of us and the companies in  AIG Group, or otherwise the rights of any third party or individuals’ personal safety, and allow us to pursue available remedies or limit our damages.
• Assignee of Rights and/or Obligations
  In a normal course of business, we may disclose your Personal Data to third parties, including the companies in AIG Group as our assignee, in the event of any reorganization, merger, business transfer, whether in whole or in part, sale, purchase, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock or similar transaction. We take reasonable steps to ensure that such third party will comply with this Privacy Policy to respect your Personal Data.
• Other Third Parties
  We may share your Personal Data with beneficiaries; corporate insureds; emergency providers (such as fire, police and medical emergency services); CCTV Centers; hospitals; hotels; garage; Associations (such as Thai General Insurance Associations); rescue organizations; other people involved in an incident that is the subject of a claim; other third parties to deal with claims or for the protection of your own interest in case of emergency; and your friends associated with your social media accounts, other website users and your social media account providers, in connection with your social sharing activities.

Personal Data may also be shared by you, on message boards, chat, profile pages and blogs, and other services on our Channels to which you are able to post information and materials (including, without limitation, our Online Services). Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the Sites and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information, on any Channels.

Due to the global nature of our business, we may transfer your Personal data to third parties, such as the companies in AIG Group; service providers; business partners; and governmental or public authorities, located in other countries (including, but not limited to the United States, China, Hong Kong, Malaysia, Philippine, Indonesia and Singapore) in order to carry out the purposes specified above. Where there is such a transfer, it will be done based on your consent or other bases in compliance with the applicable laws.

Please be mindful that other countries may have a different data protection regime than is found in Thailand and that the data protection standard of the destination country may not be equivalent to the level afforded in Thailand. Where the data protection standard of the destination country is considered as inadequate by supervisory authority in Thailand, we will take reasonable steps to put in place appropriate safeguards to ensure that the Personal Data is adequately protected.

As required by law in certain cases, we cannot collect, use, and/or disclose the Personal Data of minors, quasi-incompetent persons, and incompetent persons in absence of their parental or legal guardian consents. If you are under the age of 20, quasi-incompetent persons, or incompetent persons, please ensure that consent from your legal guardians are obtained when it is required by law (e.g. when you are below the age of 10 or when you, the minor, conduct an act beyond minor's capacity specified under applicable laws). Where we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required by law, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete, destroy or de-identify it, as the case may be, or process only if we can rely on other legal bases apart from consent.

We will retain Personal Data for the period necessary to allow us to fulfil, satisfy or achieve the purposes outlined in this Privacy Policy, except where a longer retention period is required or permitted by law. After the expiration of the retention period, your Personal Data will be deleted or destroyed or de-identified, as the case may be. Where legal action or proceedings is initiated, we may retain until such action or proceedings are disposed of in accordance with the laws.

We understand the importance of your Personal Data security. We have taken appropriate security measures, which include administrative, technical, physical, legal and organizational safeguards in relation to access control, including appropriate review of such measures, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure of your Personal Data in accordance with our policies and guidelines. This is to ensure security of your Personal Data against confidentiality, integrity and availability breaches.

In particular, we have implemented access control measures which restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user access management to limit access to Personal Data to only authorized person, and implement user responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data. This also includes methods that enabling the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of the collection, use, and/or disclosure of Personal Data.

We use CCTV devices to monitor our designated space within and around our buildings and facilities to protect the life, health, and property of persons on our premises and for other purposes set forth in this Privacy Policy. We will install CCTV devices in plain sight. We will not install the CCTV devices in changing rooms, toilets, or shower rooms. Our CCTV devices are in operation 24 hours a day and 365 or 366 days a year. We will place signage at the entrance and exit points, and the monitored areas to alert you that CCTV is in use.

We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you. You can also contact us by e-mail at Thailand.cc@aig.co.th or by writing to: 23^rd Floor, Siam Piwat Tower, 989 Rama 1 Road, Patumwan, Bangkok 10330 Thailand to tell us your marketing preferences and to opt-out.

If you no longer want to receive marketing-related e-mails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by clicking on the link to “unsubscribe” provided in each e-mail or by contacting us at the above addresses.

Additional alternatives:

• Receiving mobile messages (for example SMS text messages) / telephone communications / postal mail from us:  If you no longer want to receive mobile messages / telephone communications / postal mail from us on a going-forward basis, you may opt-out of receiving these marketing-related communications by contacting us at the above addresses.
• Our sharing of your Personal Data with our AIG Group companies for their marketing purposes: If you would prefer that we do not share your Personal Data on a going-forward basis with our AIG Group companies for their own marketing purposes, you may opt-out of this sharing by contacting us at the above addresses.
• Our sharing of your Personal Data with selected third-party partners for their marketing purposes:  If you would prefer that we do not share your Personal Data on a going-forward basis with our third-party partners for their own marketing purposes, you may opt-out of this sharing by contacting us at the above addresses.

We will comply with your opt-out request(s) upon receiving your opt-out request in due course. Please note that if you opt-out as described above, we will not be able to remove your Personal Data from the databases of third parties with whom we have already shared your Personal Data (i.e., to those to whom we have already provided your Personal Data as of the date on which we respond to your opt-out request). Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important administrative communications from which you cannot opt-out.

Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to recognize your computer and to collect information such as internet browser type, time spent using the Online Services, pages visited, language preferences and relevant country website. We may use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using the Online Services, or to gather statistical information about the usage of the Online Services. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites.

Below is a description of all the cookies we use on our websites, what they do, what data about you they collect and what we use them for:

• Geo Location cookie – When a visitor visits one of our sites for the first time, we read their location from their IP address and use this information to assume the country site that they want to visit. This method is not entirely accurate, however, so when they navigate to a particular country site, we use a cookie to store this information and to store the language that they chose to view the site. The next time they visit the site, we read the cookie and present the same country and language version they used on their last visit. This has the intended benefit that they don’t need to reselect the country site they need each time they visit our websites. No Personal Data is collected or used by the cookie.
• Site Catalyst cookie (by Adobe) – This cookie enables us to collect and analyze data about how visitors arrive at our site and then how they interact with our site, including products they may search, content they may view, and the steps leading up to a completed or abandoned sale. We use this aggregated information to adapt our sites to better serve their and other users’ needs and interests, and to provide more relevant and useful information. The cookie is placed on a visitor’s PC on a temporary basis only. The cookie does not collect or use their Personal Data. Instead, it logs an anonymous code which identifies users and this code “follows” the user in their journey through the site. We use the aggregated and anonymous information for statistical analysis.
• DoubleClick cookies – We place a tracking pixel cookie on to all site visitors’ computers, for the purpose of our banner advertising activity. We use these cookies to know that a visitor has been on our site before which allows us to display an appropriate banner ad on to an affiliated network website. No Personal Data is collected. One of the advertisement companies that we use is Google, Inc, trading as DoubleClick. For more information on the DoubleClick cookie, or to opt out from the DoubleClick advertisement cookie please visit: http://www.google.com/privacy/ads/.
• Affiliate cookie – We use a tracking pixel cookie, which is put on a visitor’s PC and collects only the transaction ID (which identifies any affiliated website the visitor has come from) and a time and date stamp. This enables our affiliate network partners to track affiliated sales and ensure an affiliate is credited for a sale referred to us. It does not involve any passing of Personal Data.
• Optimost cookie – Optimost is a service provided by Hewlett-Packard to analyse customer behavior when visiting our site. This service allows us to test variations of our website pages or elements within the pages. The tests will usually result in improvements to the website and the user experience. The cookie has an anonymous “visitor ID” which is a random number generated to identify a visitor, to distinguish between unique and/or repeat visitors. These cookies do not collect Personal Data. To view the Optimost privacy policy, please visit: https://asp.optimost.com/avatar/privacy-policy
• Oracle Cookie - We use the services of www.oracle.com to serve a persistent cookie on visitors’ browsers when they first visit our web pages, unless there is already an Oracle cookie on their browser because they have visited a non-AIG site which is also using Oracle’s services. However, visitors’ browsing activity on our web pages will not be combined with visitors’ browsing behavior on other websites using Oracle’s services. We use visitors’ browsing activity on our web pages to understand which pages and content our visitors use or do not use so that we can monitor our site content to best meet our visitors' needs. For further information please read the Oracle privacy policy.
  You can refuse to accept the cookies we use by adjusting your browser settings. However, if you do not accept these cookies, you may experience some inconvenience in your use of the Sites and some online products.
• Using pixel tags, web beacons, clear GIFs or other similar technologies: These may be used in connection with some of the Online Services pages and HTML-formatted e-mail messages to, among other things, track the actions of the Online Services users and e-mail recipients, measure the success of our marketing campaigns and compile statistics about Site usage and response rates.
• Physical Location: Subject to applicable laws, we may collect the physical location of your electronic device by, for example, using satellite, mobile/cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content. Subject to your marketing preferences as indicated to us or applicable laws, we may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content.
• From you: Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with Personal Data, this information does not personally identify you.
• By aggregating information: We may aggregate and use certain information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code).

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which Online Services link. The inclusion of a link on Online Services does not imply endorsement of the linked site or service by us or by the companies in AIG Group.

Please note that we are not responsible for the collection, usage and/or disclosure policies and practices (including the information security practices) of other organizations, such as Facebook^®, Twitter^®, Apple^®, Google^®, Microsoft^®, RIM/Blackberry^® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Data you disclose to other organizations through or in connection with the Online Services.

Under some circumstances, we may require you to prove your identity before complying with data subject exercise of rights, for your own privacy and security. If you wish to exercise these rights, please contact us using the details under "Our Contact Details".

Subject to applicable laws and exceptions thereof, you may have the following rights to:

• Access: You may have the right to access or request a copy of the Personal Data we are collecting, using and disclosing about you. For your own privacy and security, we may require you to prove your identity before providing the requested information to you.
• Rectification:  You may have the right to have the incomplete, inaccurate, misleading, or not up-to-date Personal Data that we collect, use and disclose about you rectified.
• Data Portability: You may have the right to obtain Personal Data we hold about you, in a structured, electronic format, and to send or transfer such data to another data controller, where this is (a) Personal Data which you have provided to us, and (b) if we are processing such data on the basis of your consent or to perform a contract with you.
• Objection: You may have the right to object to certain collection, use and disclosure of your Personal Data, such as objecting to direct marketing.
• Restriction: You may have the right to restrict the use of your Personal Data in certain circumstances. 
• Withdraw Consent: For the purposes you have consented to our collecting, using and disclosing of your Personal Data, you have the right to withdraw your consent at any time to the extent permitted under the applicable laws.
• Deletion: You may have the right to request that we delete or de-identity Personal Data that we collect, use and disclose about you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise, or defend legal claims.
• Lodge a complaint: You may have the right to lodge a complaint to the competent authority where you believe our collection, use and disclosure of your Personal Data is unlawful or noncompliant with applicable data protection law where applicable. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.

Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order. If we decline your request under this section, we will notify you of our reason.

We reserve the right to make changes to this Privacy Policy at any time to take account of changes in our business and legal requirements. We will place updates on our Sites. Please review this Privacy Policy regularly for any updates. Any change will be effective immediately upon being posted on our Sites. We will notify you or obtain your consent again if there are significant updates to this Privacy Policy, or if we are required to do so by law. 

LAST UPDATED:  1 October 2022