Where you wish to exercise your rights as set out above, or if you have any queries, comments and/or questions about your Personal Data under this Privacy Policy, you can reach us or our Data Protection Officer (DPO) at:
“Personal Data” means any identified or identifiable information about you and relate to you or other individuals (such as your beneficiary or dependent) as listed below. Any reference to Personal Data in the text of this Privacy Policy also includes Sensitive Data, unless stated otherwise. If you do not provide your Personal Data when requested, we may not be able to provide (or continue to provide) our products and services to you. Depending on your relationship with us, Personal Data collected about you and your dependents may include, but not limted to the following:
1. Personal Data That We Collect (other than authorized persons, directors, shareholders and other contact persons of a Business Partner)
We offer both commercial line insurance products and consumer line insurance products to customers. For providing you with insurance products and services, we may collect the following Personal Data about you according to your request, relationship and / or interactions with us:
When we process anonymized data or in aggregated form which can no longer identify you, this Privacy Policy would not be applicable.
2. Personal Data That We Collect (with respect to authorized persons, directors, shareholders and other contact persons of a Business Partner)
When we process anonymized data or in aggregated form which can no longer identify you, this Privacy Policy would not be applicable.
We may also collect the Personal Data as specified in the Personal Information That We Collect of other persons (e.g., your dependents including spouse, children, and beneficiary, counter party, third-party claimant, and friends (in case we collect your friends' profiles in your social media accounts) in the course of the provision of our product or performance of our service. If you provide Personal Data of others to us, you represent and warrant that you have the authority to do so by (i) informing such other person about this Privacy Policy; and (ii) obtaining consents where applicable or necessary to permit us to use such Personal Data in accordance to this Privacy Policy
We may collect, use or disclose your Personal Data for the following purposes:
The table below describes the legal bases, except where we rely on consent, we may rely on for collecting, using and/or disclosing your Personal Data for the purposes stated above:
Purposes |
Contractual Basis |
Legal Obligation |
Legitimate Interest |
Vital Interest |
Legal Claims |
Legal obligation relating to substantial public interest or public interest in public health |
Providing insurance products or services, and other related products or services to you (including Sensitive Personal Data). |
|
|
|
|
|
|
Performing functions in connection with the claim process (including Sensitive Personal Data |
|
(Only specific cases where the data subject is incapable of giving consent) |
||||
Managing our relationship with you |
|
|
||||
Conducting and improving our general business operations, product and/or services |
|
|
|
|
|
|
Providing marketing communications |
|
|
|
|
||
Participating in contests, prize draws and similar promotion |
|
|
|
|
||
Compliance with legal obligations (including Sensitive Personal Data).
|
|
|
|
|||
Protection of our interests (including Sensitive Personal Data). |
|
|
|
|
||
Fraud and crime detection (including Sensitive Personal Data). |
|
|
|
|||
Transfer in the event of merger |
|
|
|
|||
Life and public health and safety (including Sensitive Personal Data). |
|
|
|
|
Except in limited instances when we indicate that certain information is based on your consent, we collect use, and/or disclose your Personal Data on the following legal basis (1) contractual basis, for performance of activity in relation to the our business relationship; (2) legal obligation, for fulfilment of our legal obligations; (3) legitimate interest, for the purpose of our legitimate interests and the legitimate interests of third parties, proportionate to your interest and fundamental rights and freedoms to the protection of your Personal Data; (4) vital interest, for the prevention or suppression of danger to a person's life, body, or health; (5) public interest, for the performance of task carried out in the public interest or for exercising of official authorities or duties; and/or (6) the reason for an establishment and defenses of legal claims in the future.
The purposes for which we rely on the legal basis as described above in order to collect, use and/or disclose your Personal Data without obtaining consent as provided under law are as follows:
Where we need to collect your Personal Data as required by law, or for entering into or performing the contract we have with Business Partners and failure to provide that data when requested, may result in our inability to fulfill the relevant purposes as listed above.
Where consent is required for certain activities of collection, use and/or disclosure of your Personal Data, we will request and obtain your consent for such activities separately
AIG is responsible for the management and security of used Personal Data. We may share your Personal Data within our internal business units for our business purposes. We are committed to protect your privacy by restricting the access to your Personal Data on a need-to-know basis.
Additionally, as a part of the AIG Group global network, we may disclose and/or transfer your Personal Data within the AIG Group systems in country and abroad including our affiliates, and subsidiaries or companies in AIG Group, which also include Universal Insurance Broker Co., Ltd. who is in Thailand (“the companies in AIG Group”) for the purposes set forth in this Privacy Policy. Where your consent is required, the companies in AIG Group will rely on the consent obtained by us to disclose/share your Personal Data (Please see "The purposes of which your consent would be required" of this Privacy Policy and the last sentence of “Why We Collect, Use, And/Or Disclose Your Personal Data (for authorized persons, directors, shareholders and other contact persons of a Business Partner)” of this Privacy Policy.)
We may also make your Personal Data available to the following third parties, located both in Thailand and outside of Thailand, who collect, use and/or disclose Personal Data for the purposes set forth under this Privacy Policy. For more information, you can visit their privacy policies to learn more about how they collect, use and/or disclose your Personal Data:
Personal Data may also be shared by you, on message boards, chat, profile pages and blogs, and other services on our Channels to which you are able to post information and materials (including, without limitation, our Online Services). Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the Sites and to the general public. We urge you to be very careful when deciding to disclose your Personal Data, or any other information, on any Channels.
Due to the global nature of our business, we may transfer your Personal data to third parties, such as the companies in AIG Group; service providers; business partners; and governmental or public authorities, located in other countries (including, but not limited to the United States, China, Hong Kong, Malaysia, Philippine, Indonesia and Singapore) in order to carry out the purposes specified above. Where there is such a transfer, it will be done based on your consent or other bases in compliance with the applicable laws.
Please be mindful that other countries may have a different data protection regime than is found in Thailand and that the data protection standard of the destination country may not be equivalent to the level afforded in Thailand. Where the data protection standard of the destination country is considered as inadequate by supervisory authority in Thailand, we will take reasonable steps to put in place appropriate safeguards to ensure that the Personal Data is adequately protected.
As required by law in certain cases, we cannot collect, use, and/or disclose the Personal Data of minors, quasi-incompetent persons, and incompetent persons in absence of their parental or legal guardian consents. If you are under the age of 20, quasi-incompetent persons, or incompetent persons, please ensure that consent from your legal guardians are obtained when it is required by law (e.g. when you are below the age of 10 or when you, the minor, conduct an act beyond minor's capacity specified under applicable laws). Where we learn that we have unintentionally collected Personal Data from anyone under the age of 20 without parental consent when it is required by law, or from quasi-incompetent persons and incompetent persons without their legal guardians, we will delete, destroy or de-identify it, as the case may be, or process only if we can rely on other legal bases apart from consent.
We will retain Personal Data for the period necessary to allow us to fulfil, satisfy or achieve the purposes outlined in this Privacy Policy, except where a longer retention period is required or permitted by law. After the expiration of the retention period, your Personal Data will be deleted or destroyed or de-identified, as the case may be. Where legal action or proceedings is initiated, we may retain until such action or proceedings are disposed of in accordance with the laws.
We understand the importance of your Personal Data security. We have taken appropriate security measures, which include administrative, technical, physical, legal and organizational safeguards in relation to access control, including appropriate review of such measures, to prevent loss, unauthorized or unlawful access, destruction, use, alteration, or disclosure of your Personal Data in accordance with our policies and guidelines. This is to ensure security of your Personal Data against confidentiality, integrity and availability breaches.
In particular, we have implemented access control measures which restrict access to Personal Data as well as storage and processing equipment by imposing access rights or permission, user access management to limit access to Personal Data to only authorized person, and implement user responsibilities to prevent unauthorized access, disclosure, perception or unlawful duplication of Personal Data. This also includes methods that enabling the re-examination of unauthorized access, alteration, erasure, or transfer of Personal Data which is suitable for the method and means of the collection, use, and/or disclosure of Personal Data.
We use CCTV devices to monitor our designated space within and around our buildings and facilities to protect the life, health, and property of persons on our premises and for other purposes set forth in this Privacy Policy. We will install CCTV devices in plain sight. We will not install the CCTV devices in changing rooms, toilets, or shower rooms. Our CCTV devices are in operation 24 hours a day and 365 or 366 days a year. We will place signage at the entrance and exit points, and the monitored areas to alert you that CCTV is in use.
We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you. You can also contact us by e-mail at Thailand.cc@aig.co.th or by writing to: 23rd Floor, Siam Piwat Tower, 989 Rama 1 Road, Patumwan, Bangkok 10330 Thailand to tell us your marketing preferences and to opt-out.
If you no longer want to receive marketing-related e-mails from us on a going-forward basis, you may opt-out of receiving these marketing-related emails by clicking on the link to “unsubscribe” provided in each e-mail or by contacting us at the above addresses.
Additional alternatives:
We will comply with your opt-out request(s) upon receiving your opt-out request in due course. Please note that if you opt-out as described above, we will not be able to remove your Personal Data from the databases of third parties with whom we have already shared your Personal Data (i.e., to those to whom we have already provided your Personal Data as of the date on which we respond to your opt-out request). Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important administrative communications from which you cannot opt-out.
Cookies are pieces of information stored directly on the computer you are using. Cookies allow us to recognize your computer and to collect information such as internet browser type, time spent using the Online Services, pages visited, language preferences and relevant country website. We may use the information for security purposes, to facilitate navigation, to display information more effectively, to personalize your experience while using the Online Services, or to gather statistical information about the usage of the Online Services. Cookies further allow us to present to you the advertisements or offers that are most likely to appeal to you. We may also use cookies to track your responses to our advertisements and we may use cookies or other files to track your use of other websites.
Below is a description of all the cookies we use on our websites, what they do, what data about you they collect and what we use them for:
This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site or service to which Online Services link. The inclusion of a link on Online Services does not imply endorsement of the linked site or service by us or by the companies in AIG Group.
Please note that we are not responsible for the collection, usage and/or disclosure policies and practices (including the information security practices) of other organizations, such as Facebook®, Twitter®, Apple®, Google®, Microsoft®, RIM/Blackberry® or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or electronic device manufacturer, including any Personal Data you disclose to other organizations through or in connection with the Online Services.
Under some circumstances, we may require you to prove your identity before complying with data subject exercise of rights, for your own privacy and security. If you wish to exercise these rights, please contact us using the details under "Our Contact Details".
Subject to applicable laws and exceptions thereof, you may have the following rights to:
Your request for exercising any of the above rights may be limited by the applicable laws. There may be certain cases where we can reasonably and lawfully decline your request, for example, due to our legal obligation or court order. If we decline your request under this section, we will notify you of our reason.
We reserve the right to make changes to this Privacy Policy at any time to take account of changes in our business and legal requirements. We will place updates on our Sites. Please review this Privacy Policy regularly for any updates. Any change will be effective immediately upon being posted on our Sites. We will notify you or obtain your consent again if there are significant updates to this Privacy Policy, or if we are required to do so by law.
LAST UPDATED: 1 October 2022