PRIVACY NOTICE FOR CUSTOMER AND VISITOR
“Personal Data” means any information relating to a Person, which enables the identification of such Person, whether directly or indirectly, but not including the information of the deceased Persons in particular.
“Sensitive Data” means Personal Data pertaining to racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.
2. COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
Sources of Personal Data
We may collect your Personal Data from various and different sources, for instance:
- Your information directly provided to us e.g. electronic or hard copy application form, e-mail, social medias, telephone conversation, website, cookies etc.
- Information that we receive from third party e.g. insurance agent, insurance company, re-insurance company, your family member, our partner or alliance, your department or organization, your consultant, your authorized person assigned to contact with us, hospital, government authorities etc.
In case when we receive the Personal Data of third person from you, you agree to proceed with the followings:
- Notify the third person of the purposes of collection.
- The third person provides consent to us to process the Personal Data according to the prescribed purposes.
Type of Personal Data processed by us
Identification information e.g. name, surname, ID card number, passport number, tax ID card, social security number, other identification number issued by government authorities including Personal Data appeared on official documents issued by government authorities for identification purpose, signature, photograph and other information that can be used for identification etc.
Customer or visitor related information e.g. gender, nationality, date of birth, position, picture on ID card, passport, driving license, picture, voice and video recorded by CCTV installed in our area, coverage and claim record etc.
Contact information e.g. address, telephone number, e-mail, social media accounts etc.
Financial information e.g. bank account information, debit card, credit card, payment information etc.
Sensitive Data e.g. race, religion, medical record and medical history etc.
Processing of Sensitive Data
We may process certain types of the Sensitive Data. However, we shall not process this type of information without your explicit consent except in case when the law allows us to process such Sensitive Data.
- To process your Personal Data, you shall be notified of details, purposes and legal basis of the processing as provided in this Privacy Notice; or in case that the law regarding the protection of personal data allows us to process your Personal Data only when we need to obtain your consent, we shall request your explicit consent from you in such case.
- In case that we collected your Personal Data prior to the effective date of the law regarding the protection of Personal Data, we shall collect and use your Personal Data continually according to the purposes previously notified by us at the time of collection of your Personal Data. You are entitled to withdraw your consent by contacting us as detailed in Clause 9 of this Privacy Notice. In this regard, we reserve the right of consideration in withdrawing your request and proceed with the law regarding the protection of Personal Data.
Personal Data of Minor, Incompetent or Quasi-incompetent
We will not collect the personal data if you are a minor who is not legally competent by marriage or has no capacity as a legally competent person according to the law, incompetent or quasi-incompetent until the consent is given by your parent, guardian or curator (as the case may be).
Refusal of Providing your Personal Data
In case when we need to collect your Personal Data and you wish not to provide such Personal Data to us, the refusal may have legal effect or may cause us not to be able to proceed with any acts in relation to the processing of your Personal Data whether in whole or in part.
3. PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
We shall proceed with collecting, using and/or disclosing of your Personal Data only when it is necessary and/or it is allowed by the law including the disclosure of the Personal Data to third person. We shall process the Personal Data in accordance to the purposes and under the legal basis stipulated under the PDPA as follows:
|Purpose of processing personal data for customers and visitors||Legal Basis|
|Creating and storing database of customers and visitors for communication
Offering products of insurance, coverage, benefits and premium that is suitable to you
• Performance of contract
|Transferring data to insurance company, co-insurance company, re-insurance company including related individual or juristic person, such as, loss adjustor, lawyer, car service center, hospital etc. for the benefit of consideration of giving insurance and claiming compensation from the insurance company||• Performance of contract
• Consent (only for Sensitive Data)
|Processing of request for your payment||• Performance of contract|
|Public relations, marketing, customers contact to recommend or offer related products||• Legitimate interest
|Notification of insurance policy, insurance policy amendment and renewal, notifying of benefits, receiving of compliant and customer service||• Performance of contract
• Legitimate interest
|Sending the Personal Data or report to the supervisory authority and related government agencies, such as, the Revenue Department, Office of Insurance Commission, Lawyers Council etc.||• Performance of contract
• Legal obligation
|Maintaining safety of a person and our assets in recording of entry and exit of customers and visitors, such as, recording through CCTV||• Performance of contract
• Legitimate interest
4. CONSENT AND POTENTIAL EFFECT FROM REFUSAL OR WITHDRAWAL OF CONSENT
We may request your consent for processing of your Personal Data for the purposes of performing the related activities in Clause 3 in writing according to the consent form attached to this Privacy Notice (and as amended or changed) only.
If we collect and process the Personal Data by relying on your consent, you are entitled to withdraw the consent provided to us.
If you refuse or withdraw the consent provided to us or refuse to provide certain information, we may not be able to proceed with the purposes in whole or in part as declared in this Privacy Notice.
5. DISCLOSURE OF PERSONAL DATA
We may disclose or transfer your Personal Data to third person for processing of your Personal Data as follows:
Disclosure of Personal Data to Third Person
- We may disclose your Personal Data to insurance company, co-insurance company, re-insurance company, affiliated or group company, our business partner or alliance in Thailand and overseas for the purpose of the performance of contract.
- We may disclose your Personal Data to government authorities or independent organizations pursuant to the laws, for instance, the Revenue Department, Office of Insurance Commission, Lawyer Council, Royal Thai Police, Office of Attorney General, Court of Justice or in case that the law or regulation of the government authorities requires us to disclose your Personal Data.
- We may disclose your Personal Data to a person or company relating to company reorganization, merger or potential acquisition including transfer of right or duty which we have obligation under the contract with you.
- We may disclose your Personal Data to a person or juristic person whom we are instructed by you to disclose such Personal Data.
Overseas Transfer of Personal Data
We may send or transfer your Personal Data to overseas countries for storage and/or processing for the performance of contract between you and us. We will not allow irrelevant persons to access the Personal Data and will prescribe the appropriate security measure in accordance with the PDPA.
6. RETENTION OF PERSONAL DATA
We will retain your Personal Data as long as it is necessary considering from the purposes and necessities to collect and process; or for the legal purposes or as required or permitted by applicable laws. In most cases, we will keep the data for 10 years following our last interaction with you.
We will cease to retain your Personal Data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the Personal Data were collected, and are no longer necessary for legal or business purposes.
7. DATA SUBJECT RIGHTS
Right to Withdraw: This enables you to withdraw your consent to our processing of your personal data, which you can do at any time. We may continue to process your personal data if we have another legitimate reason or other law to do so.
Right to Access: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to Correct: This enables you to have any incomplete or inaccurate data we hold about you corrected.
Right to Erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Right to Object: This enables you to object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
Right to Restrict Processing: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Right to Portability: This enables you to request the transfer of your Personal Data to another party.
To exercise any of the rights, please contact us by using the information provided in Clause 9 of this Privacy Notice within 30 days unless otherwise agreed with you as the data subject in writing upon receiving the request.
However, according to the PDPA, we are entitled to refuse your request exercising the rights in case when the exercising is excepted under the law or the exercising will affect to the performance of contract, right or freedom of others.
8. SECURITY OF YOUR PERSONAL DATA
We regularly review and implement up-to-date physical, technical and organizational security measures when processing your Personal Data. We have internal policies and controls in place to ensure that your Personal Data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.
9. CONTACT AND DATA PROTECTION OFFICER
If you have any questions on the Privacy Notice, please contact us at:
Name: CHAZ INSURANCE BROKERS LTD.
CHAZ LIFE INSURANCE BROKERS LTD.
Address: 75/62-63 Soi Sukhumvit 19, Sukhumvit Road, Klongtoey-Nua, Wattana, Bangkok 10110
Telephone: +66 (0) 2661 6522 (Head Office)
10. AMENDMENT OF PRIVACY NOTICE
We reserve the right to amend this Privacy Notice in the future to comply with the laws and other related regulations. In this regard, you can review the Privacy Notice of us at CHAZ - Privacy Notice
Effective date of this Privacy Notice [1 June 2021]
Latest update [1 June 2021]
Date: 1 June 2021
To: Person whose Personal Data was collected by CHAZ
CHAZ Insurance Brokers Ltd. and CHAZ Life Insurance Brokers Ltd. (collectively “CHAZ”) values your privacy and strives to protect your personal data and personal data of persons related to your business (collectively referred to as “Personal Data”) in accordance with Thai law and in order to comply with the Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) which will come into effect on 1 June 2022. Therefore, CHAZ has prepared a notice regarding the processing of Personal Data you have provided to CHAZ before the effective date of the PDPA.
As CHAZ has collected, used and/or disclosed of your Personal Data provided to CHAZ in any means due to the relationship between CHAZ and you as employee, customer, vendor, business partner, shareholder, director or other relationships before the effective date of the PDPA. CHAZ would like to inform that CHAZ will continue to collect and use your Personal Data only for the same purpose that CHAZ has collected and used before the PDPA comes into effect. CHAZ will not disclose your Personal Data without your prior written consent unless it is permitted by the law. If CHAZ will collect, use and/or disclose of your Personal Data for any purposes other than the purpose CHAZ has originally collected of your Personal Data before the effective date of the PDPA, CHAZ will inform you and proceed with the collection, use and/or disclosure of your Personal Data in accordance with the principles and procedures as prescribed in the PDPA. Please see more details in the Privacy Notice.
If you no longer allow CHAZ to collect and/or use of your Personal Data, you are entitled to withdraw your consent that you have given to CHAZ before PDPA comes into effect at any time by notifying CHAZ of such withdrawal of consent through the following channels:
Our website uses both first party cookies and third-party cookies, which are set and set by third-party service providers such as the third-party companies that we use their service. To add functional features to our website.
Cookies we used can be classified into three types according to their storage:
- Session Cookies
Session Cookies are stored in the computer's memory only during a user's browsing session and are automatically deleted from the user's computer when the browser is closed. Session cookies are never written on the hard drive and they do not collect any data from the user's computer.
- Persistent Cookies
Persistent Cookies remain in operation even after the web browser is closed and remain for a specified period of time or until you delete it. These cookies can be used to provide data about numbers of visitors, the average time spent on a particular page and generally the performance of the website.
- Third-party Cookies
Third-party cookies are installed by third parties with the aim of collecting certain data from web users to carry out research into, for example, behavior, demographics or spending habits. They are commonly used by advertisers who want to ensure that products and services are marketed towards the right target audience.
To provide you with a good experience in using our website, CHAZ uses the following cookies by which such cookies cannot identify you. According to the purposes, we use 3 types of cookies:
- Strictly Necessary Cookies
These are cookies that are required for the operation of the website, and include, for example, cookies that enable you to log into secure areas of the website. Without these cookies, services you have asked for, such as obtaining a quote or logging into your account, cannot be provided. These cookies do not gather data about you that could be used for marketing or remembering where you have been on the internet.
- Performance Cookies
These cookies collect data about how visitors use the website, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors, all of which enables us to see how visitors use the website in order to improve the way that our website works. These cookies do not collect data that identifies a visitor, as all data these cookies collect is anonymous and is only used to improve how our website works.
- Functional Cookies
These cookies allow our website to remember choices you make (such as your username, language or the region you are in) and provide enhanced features. For instance, the website may be able to remember your log in details, so that you do not have to repeatedly sign into your account when using a particular device to access our website. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They do not gather any data about you that could be used for advertising or remember where you have been on the internet.
When you visit our website, CHAZ collects your Internet Protocol (“IP”) addresses to track and aggregate non-personal data. IP addresses will be stored in such a way so that you cannot be identified from the IP address.
Linking to the external website, applications and tools
To help enhance the website experience, we may link data to the external website, applications and tools such as Line, Youtube, Twitter, Facebook, Pinterest, Instagram when you view articles on our website.
Amendment of Cookies Policy
We may amend the Cookies Policy and encourage you to review this policy periodically to know how we use our cookies.
Latest update [1 June 2021]