Information and Announcement
Read informationPrivacy Policy for Customers
Privacy Policy for Customers
Tokio Marine South East Servicing Co., Ltd.
We realize the importance of privacy rights and it is our responsibility to safely collect, use, and disclose (collectively as “Processing personal Information”) your personal information. The objective of this policy is to inform you regarding how company process your personal information in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”). The company strongly recommends you study and understand this policy thoroughly to acknowledge your rights as a data subject of your personal information.
1. Definition
“Personal Information” Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of deceased persons in particular and not including juristic person information.
“Data Subject” A person whom the personal information identifies but not including juristic person.
“Sensitive Data”Information stated in Section 26 of the Personal Data Protection Act and the amendments and other related laws and regulations including information regarding racial, ethnic origin, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or other data which may affect the data subject in the same manner.
“Personal Data Protection Act – PDPA” Personal Data Protection Act B.E. 2562 including subordinate laws which are published under the Personal Data Protection Act and its amendments.
“Committee” Personal Data Protection Committee.
“Business Partner” An individual person or Juristic person who sells goods or provides services to the Company including subcontractor of them.
“Company” Tokio Marine South East Servicing Co., Ltd.
2. Respecting the Personal Rights of the Data Subject
The company respects and realize the importance of your personal rights and protecting your personal information. As a customer, you would expect the company to protect the safety of your personal information while using our services.
Your personal information that the company receives, which can identify you, is complete and updated and will be used under the company’s objectives as informed to you before the company collect such information. The company will take highest measures to keep safe and protect your personal information and will prevent them from unauthorized uses other than for the purpose which has been previously informed to you.
3. Collecting of Personal Information
3.1 What kind of information does the company collect?
The company collect personal information which may include your sensitive data as following:
1) General Personal Information
(1) Your general personal information, for example, name, last name, ID card number, date of birth, age, occupation, gender, marital status, photo, telephone number, mobile phone number, registered address, address for postal, passport number, email, voice conversation recording, and other contact information.
(2) Your work information, for example, position, workplace, your career history which may include name and address of your employer.
(3) Your financial information, for example, income, source of income, bank account number, tax information, bank statement, loan information, investment information, credit card information and other information regarding payment.
(4) Product and /or service information, The information of product or service which you bought from the company or other insurance provider, for example, policy number, sum-insured, the changed or any transaction made to the policy, premium payment method, payment history, or loan information, beneficiary, claim including usage of rights under the insurance policy or product or other services from the company or other insurance providers.
(5) Legal status, for example, status according to the money laundering law or financing terrorism, bankruptcy, status according to Foreign Account Tax Compliance Act: FATCA
(6) Technical information and your personal preferences,
when you access our website or application which may including other social media platform providers, for example, social media username, IP address, cookies, type and version of browser, location and region of browser plug-in, operating system and platform, user profile, accessory information including mobile accessory, wireless network, and general network.
(7) VDO, photo and property photo (for example your vehicle) when you enter our security area in the building which is recorded through CCTV.
2) Sensitive Personal Data
It is necessary for the company to collect your sensitive personal data such as health history, disability, criminal record, genetic data, biometric data, medical history and other data according to the Personal Data Protection Committee notification.
In case the company needs to collect your personal information for entering into an insurance contract, contractual obligations, or compliance with the law, if you do not provide personal information which it is necessary to perform the company’s obligation, the company may not be able to perform as stipulated in this policy or provide our service completely and appropriately. It may also affect regulatory compliance which is your or the company’s obligation.
Furthermore, the company collects only necessary information for each type of insurance product to facilitate the issuing of the insurance policy and to comply with the insurance contract and other purposes which stated in this policy, which include but not limited to the followings:
1. General policy information, for example, quotation number, policy number, condition of insurance coverage, premium.
2. Information which necessary for health and accident insurance such as weight and height, medical history, smoking, alcohol, or other drug usage.
3. Information which necessary for assets insurance such as vehicle information (value of the vehicle, chassis number, license plate number, type and qualification of the vehicle, owner status or lessee or lessor), property information (value of the building or other property, address or geographic coordinates, type of usage, owner status or lessee or lessor), residents information (asset in the building, period of usage), golf information (model, quantity, and price of golf club) or other asset information which the company insured.
4. Information which necessary for travel insurance such as destination, arrival date, and departure date.
3.2 When does the company collect your personal information?
The company may collect your personal information from these following sources:
1. When you have the intention to purchase or use our insurance including other services (“product” or “service”) and / or when you access to our website or application and / or services online.
2. When you send documents or insurance application form or when you provide your information to the company while considering purchasing or using our products or services.
3. When you contact the company, whether in writing or verbally, regardless of who initiates the contact.
4. When you submit the request to change or upgrade to your purchased products or services or other requests made to your purchased products or services including requests for our products or services.
5. When you contact our personnel, officers, sales representatives, contractors, business partners, service providers, attorney-in-fact, or other person or section which relate to the company (collectively as “personnel and business partners”) through our website, application, social media, phone, email, face-to-face meeting, interview, SMS, Fax, postal or other channels.
6. When the company receives a recommendation about you or when the company collects your personal information from our employees and / or business partners.
7. When you send your personal information to the company to participate in marketing activities, awards, lucky draws, events, or contests held by the company and / or our personnel and our business partners.
8. When the company receives your personal information from third parties which include but are not limited to public sources, personal sources, or commercial sources, websites, social network sources, data providers, medical sources, healthcare providers, hospitals, doctors, other insurance providers, associations relating to your purchased products or services, applications for your purchased products or services, complaints regarding our products and services (“third party sources”).
9. When the company receives your personal information from third parties for the purpose of compliance with the regulations, for example, the company may receive your personal information from The Office of Insurance Commission (OIC).
10. When you contact the company at our head office or branch office, by CCTV recording inside and outside of the building and including visitor registration before entering the building.
When you send personal information, which relates to third parties to the company (the third party is including but not limited to insured, family members, premium payer, or beneficiary), you must comply with PDPA whether request their consent or inform this policy on behalf of the company. You have certified the correctness and completeness of such information and certified that you have informed the data subject regarding the usage of the personal information in accordance with this policy.
4. Purpose of Processing Personal Information
The company will process your personal information for the following purposes:
1) For the purpose regarding the insurance contract and other proceedings according to the insurance contract, namely:
(a) For offering, providing, managing, and proceeding according to the procedures to provide insurance products or services to you.
(b) For following procedures or completing the services or providing our products and recommending your suitable products. For following procedures regarding insurance application, managing your purchased product, collecting premium and remaining payment.
2) For communication with you including communication regarding products or other account with the company. For technical support for our website or application, or to communicate about the amendment of this policy which the company may have in the future.
3) For analyzing and statistic reports, such as marketing research, highly information analysis, statistic research or actuarial, report or financial evaluation by company, group companies, personnel or business partners or another regulator.
4) To prevent fraud, such as investigating or preventing any fraudulent act, concealing the truth, and any other wrongful act, whether confirmed or suspected. This is especially important for communication with other companies in financial services, insurance providers, and related regulators.
5) To adjust the company’s structure, for the purpose of adjusting the company’s structure and for company’s transaction which including purchasing or selling parts of the company (if any).
6) For communication service through electronic channels, such as accessing content on our website, application, or social media platform, or specific services. The company may analyze your behavior while using our website, application, or social media platform to understand your preferences. This helps us develop our website, application or social media platform or our products and / or services, for resolving problems, products and / or service suggestion and advertisement on our website, application or other channels according to the target.
7) For regulatory and internal policy compliance, namely:
(a) For regulatory compliance and our business inspection whether from internal and external or from regulators.
(b) For proceeding in accordance with regulations or policies which are stipulated by governing regulators who are responsible for law enforcement, governmental dispute resolution or insurance regulator.
(c) For law enforcement purpose or assisting, cooperating, investigating by the company or police officer or government officer or other domestic regulator, reporting according to the regulations or as agree with regulators domestically or as ordered by the government officers or sectors.
(d) For proceeding in accordance with company’s internal rules.
8) For information management, namely, for the purpose of managing, recording and disposing of personal information.
9) For product and service development including inspecting and quality improvement including training when communicating with the company.
10) 1For security purpose inside the head office and branch office for safety of employees and company’s assets including for your safety.
11) 1For marketing activities including products and services information which suitable to you, service suggestion which includes insurance and other marketing activities, such as award program, benefits, or exclusive loyalty program, charity program and events which you participate in.
12) To collect, use and / or disclose personal information to The Office of Insurance Commission (OIC)
for supervising and supporting insurance business conduct in accordance with Insurance Commission laws and non-life insurance laws as prescribed by Data Privacy Policy of OIC which is published on OIC’s website (https://www.oic.or.th)
13) Other; for other purposes which relate to the above purposes.
You may choose not to give consent to the company to process your personal information, however, please note that if you do not provide some certain information, we may not be able to provide our services or response to your request.
Unless stipulated by regulations or Personal Data Protection Act, the company will obtain your consent prior to processing your personal information for the purposes other than specify in this policy or relating to the purposes under this policy.
5. Disclosing your Personal Information to Third Party
In order to carry out the above purposes, the company may have to disclose your personal information to third parties as stated below. The company will take any necessary measures to protect your personal information according to Personal Data Protection Act or other relation regulations which relate to personal data protection.
1) Business partner, or third party which relates to insurance offering such as insurance company, bank, financial institution, car marker and car dealer.
2) Policyholder, in case of group insurance.
3) Employees and business partners which provide service regarding personal information processing, such as, business management service, payment service, debt collector, communication service, technology service, cloud service, outsourcing service, call center service, document and information management, document recording, scan service, postal service, printing service, delivering service, information analyzing service, marketing service, research service, emergency management service, or other service which relating to insurance business or our company’s business.
4) Service provider before entering into an insurance contract such as insurance inspector who evaluates properties or vehicles.
5) Claim service provider such as surveyor, garage, car dealer, hospital.
6) Insurance provider
7) Insurance association
8) Law enforcement regulator, commission which is established by law, government sector or regulators, dispute resolution or other party which the company or group company requires to disclose information (a) according to the laws or regulations in Thailand and may include government sectors which the group company is located or (b) according to agreement or corporate rules between the company and government sectors or other related parties.
9) Group companies
10) Company’s adviser such as lawyer, doctor, auditor or consultant.
11) Personnel or sector which you consent the company to disclose your personal information to.
12) A person who enters into or will enter into any transaction with the company which your personal information may be part of purchasing or selling or offering to purchase or sell of the company’s business. (If any)
13) A person or sector who have authority by applicable law.
The company will disclose your personal information according to the above purposes under the consent of the data subject or under regulations unless excepted by law.
6. Disclosing your Personal Information Outside of Thailand
Your personal information may be disclosed, stored or processed by the company or transferred to external parties which may provide service inside or outside of Thailand. However, your personal information will be transferred in accordance with the Personal Data Protection Act. If the transfer is between our group companies, the company will proceed in accordance with the Binding Corporate Rules which has been approved by the Personal Data Protection Commission.
7. Retention of Personal Information
The company will retain your personal information as necessary for proceeding in accordance with our purposes as aforementioned. However, the company will retain your personal information no longer than 10 years since the last date you have any transaction or contact with the company. The company may retain your personal information longer than 10 years if it is stipulated by laws. The company will take necessary measures in order to delete or dispose or anonymize your personal information in accordance with the retention period.
8. Use of Personal Information for the purposes for which it was collected
The company is entitled to continue collecting and using such personal information for its original purposes. If you do not want the company to collect and use your personal information, you may withdraw your consent by informing the company using the Request Form for Data Subjects to Exercise Rights. You can download this form from our website at www.tokiomarinesoutheast.com request it at our head office.
9. Security Measures and Data Quality
1) The company recognizes the importance of maintaining the security of data subjects’ personal data. Therefore, the company have established measures to maintain the security of personal data appropriately and consistently, and to keep data subjects’ personal data confidential to prevent loss, access, destruction, use, conversion, modification, or disclosure of personal data without rights or unlawfully, in accordance with the Information Security Policy.
2) Any personal information that the Company receives from data subjects, such as name, address, telephone number and identification card number which is complete and up-to-date relating to an identified or identifiable data subject, will be used in accordance with the objectives of the company. The company will carry out appropriate measures to protect data subjects’ rights.
10. Rights of Data Subject
You may exercise your rights regarding your personal information as follows:
1) Withdraw or request to change the scope of consent which you have given to the company.
2) Request access, obtain a copy of the personal information, or request the disclosure of the acquisition of the personal information obtained without your consent.
3) Correct your personal information to be accurate, up-to-date, complete, and not misleading. If the company is unable to process you request, you have the right to receive the requested form together with the reason from the company as stipulated by law.
4) Delete or dispose your personal information or make personal information anonymous as stipulated by law.
5) Object to the collection, use, or disclosure of the personal information, at any time, in the following circumstances:
(a) Where the personal information is collected with the exemption to consent requirements under section 24 (4) or (5), unless the company can prove that the collection, use, or disclosure of such personal information can be demonstrated by the company that there is a compelling legitimate ground or is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims
(b) The collection, use, or disclosure of such personal information is for the purpose of direct marketing.
(c) The collection, use, or disclosure of the personal information is for the purpose of scientific, historical or statistic research, unless it is necessary for the performance of a task carried out for reasons of public interest by the company.
6) Obtain your personal information or request to send or transfer your personal information to another data controller.
7) Restrain the processing of your personal information.
8) Complain to the Office of the Personal Data Protection Commission.
The company reserves the right to not follow your request at our discretion and in accordance with the laws. You may file a complaint to the Personal Information Commission as per the procedures provided in the Personal Protection Act. Furthermore, the company may collect fees for processing your request as the company sees suitable.
If you would like to exercise your personal information rights, you can ask for Request Form for Data Subjects to Exercise Rights at our head office or download it from our website at www.tokiomarinesoutheast.com. The company will consider your request and return the result to you within 30 days after the company received your request.
11. Data Controller and Data Protection Officer
According to the Personal Data Protection Act, the company as data controller has appointed a Data Protection Officer (DPO) for monitoring the company’s collection, use, and disposal of personal information in accordance with the Personal Data Protection Act B.E. 2562 and related regulations and to receive and process data subject’s requests. You may submit your request to:
Data Protection Officer (DPO)
Tokio Marine South East Servicing Co., Ltd. (Data Protection Officer)
Address: No. 302 S & A Building, 5th Floor, Room B1
Silom Road, Suriyawong, Bangrak, Bangkok 10500
Tel. 02 257 8000 at 8.30 am. – 4.45 pm.
Email: DPO@tokiomarine-se.co.th
12. Revision to this Policy
The company reserves the right to amend, revise, or make any changes to this policy as allowed by laws. If there is a major amendment to this policy, the company will inform you. The company reserves the right to amend this policy without informing you.
Privacy Policy for Business Partners
Privacy Policy for Business Partners
Tokio Marine South East Servicing Co., Ltd.
We recognize the right to privacy and the Company’s responsibility regarding the collection, use, and disclosure (“processing”) of personal data of data subjects. Therefore, the Company has established this Personal Data Protection Policy for partners (“Policy”) to inform details about the processing of partners’ personal data in accordance with the Personal Data Protection Act B.E. 2562 (“PDPA”).
1. Definition
“Personal Data” Any information relating to a person, which enables the identification of such person, whether directly or indirectly, but not including the information of the deceased persons in particular and not including juristic person information.
“Sensitive Data” Information stated in Section 26 of Personal Data Protection Act and the amendments and other related laws and regulations, including information regarding racial, ethnic origin, political views, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or other data which may affect the data subject in the same manner.
“Personal Data Protection Act – PDPA” Personal Data Protection Act B.E. 2562 including subordinate laws published under Personal Data Protection Act and its amendments.
“Data Subject” A person whom the personal data identifies, but not including juristic person.
“Business Partners” Individual person or Juristic person who sell goods or provide services to the Company, including subcontractors.
“Committee” The Personal Data Protection Committee.
2. Personal Data that the company shall collect
The company shall collect personal data which may include sensitive data as follows:
2.1 Data subject proceeding on behalf of themselves
(1) Any identification information of such person, for example, name-surname, house registration address, current address, phone number or mobile phone number or other contact information, gender nationality, marital status, date of birth, passport number or ID card number.
(2) Qualification and working experience, for example, education qualification from school or university which includes certificates and reference documents from school/university.
(3) Job application, for example, personal profile, job interview and other references.
(4) General working information, for example, workplace of data subject, work department, position, chain of command.
(5) Work performance history including work performance assessment, awards, complaint history, investigation record, disciplinary action including audit and risk assessment.
(6) Benefit and Compensation, for example, commission and/or other benefits which data subject received, bank account number.
(7) Bankruptcy history, money laundering or providing financial support to terrorists.
2.2 Data subject proceeding on behalf of a juristic person or for a juristic person
In case that the company’s contractor is a juristic person, the company may process personal data of data subject as an employee, contractor or authorized person on behalf of the juristic person
(1) Any identification information of such person, for example, name-surname, house registration address, current address, phone number or mobile phone number, email, passport number, or ID number.
(2) Personal data of data subject shown on company affidavit, shareholder list, or other documents relating to entity containing personal data of the data subject.
(3) Bankruptcy history, money laundering or providing financial support to terrorists.
(4) Any information which the company requested from juristic person of data subject or from the data subject for the purpose of entering into a contract, services, or any other related operations as the company notified or requested to the data subject.
Apart from the above mentioned personal data, the company may process sensitive data of data subject, for example, criminal record for due diligence before entering into a contract such as for anti-money laundering or providing financial support to terrorists.
In case personal data is necessary for entering into a contract, contractual obligations, or compliance with the law, if the data subject does not provide personal information which is necessary to perform company obligations, the company may not be able to perform as stipulated in this policy or provide service completely and appropriately. It may also affect regulatory compliance which is the data subject’s or the company’s obligation.
When the data subject sends personal data relating to a third party to the company, the data subject must comply with PDPA whether requesting their consent or informing this policy on behalf of the company. The data subject has certified the correctness of such data and certified that the data subject has informed such third party data subject regarding the usage of the personal data in accordance with this policy.
3. How does the company collect Personal Data of the Data Subject?
In general, the company collects personal data from the data subject directly. Except in some cases, the company may collect personal data from other persons, public resources, business information resources or commercial trade resources.
4. Purpose of Processing Personal data
(1) The company processes personal data of data subject for entering into a contract with the data subject and for performing obligations under a contract.
(2) To check and verify the identity of the data subject.
(3) For background checks before and during a contract and such details may be reviewed during the contract period.
(4) To collect, use and/or disclose personal information to The Office of Insurance Commission (OIC) for benefit of supervision and promotion of insurance business conduct in accordance with Insurance Commission laws and non-life insurance laws as prescribed by the Data Privacy Policy of OIC which is published on OIC’s website (https://www.oic.or.th)
(5) For compliance with laws, including but not limited to, announcements, regulations and lawful orders of government agencies and relevant government officials, for example, the Office of Insurance Commission (OIC) and the committee.
(6) For establishment, use, dispute or proceeding legal claims of the company.
(7) For contact and business operation during business relationship between the company and the data subject.
(8) For analyzing and statistical reports such as marketing research, high-level information analysis, statistical research or actuarial, report or financial evaluation by the company, group companies, personnel or business partners or another regulator.
Unless stipulated by regulations or the Personal Data Protection Act, the company will obtain data subject’s consent prior to processing personal data for purposes other than those specified in this policy or related to the purposes under this policy.
5. Third Parties who may receive Personal Data from the company
The company may disclose and/or transfer the personal data of the data subject to third parties as stated below where such persons may be located in Thailand or outside Thailand.
(1) Group companies
(2) Internal or external company advisers or experts such as lawyers, auditors or consultants.
(3) Service provider or representative of service provider (including subcontractors) such as, payment service, technology service, cloud service, outsourcing service, call center service, document and information management, document recording, scanning service, postal service, printing service, delivery service, information analyzing service, marketing service, research service, or other services relating to company’s business.
(4) Insurance business organization such as the Office of Insurance Commission (OIC), Thai General Insurance Association (TGIA) and The Federal of Thai industries.
(5) Law enforcement regulators, commissions established by law, government sectors, or regulators, dispute resolution entities, or other parties to whom the company or group company is required to disclose information: (a) according to the laws or regulations in Thailand, which may include government sectors where the group company is located, or (b) according to agreements or corporate rules between the company and government sectors or other related parties.
(6) A person or entity who enter into or will enter into any transaction with the company, where personal data may be part of purchasing, selling, or offering to purchase or sell the company’s business (If any).
(7) Personnel or sectors to whom the data subject consents for the company to disclose personal data.
6. Disclosing of Personal Data Outside of Thailand
Personal data of data subject may be disclosed, stored or processed by the company or transferred to external parties which may be located or provide services inside or outside of Thailand. However, personal data will be transferred in accordance with Personal Data Protection Act. If the transfer is between group companies, the company will proceed in accordance with the Binding Corporate Rules, which have been approved by the Personal Data Protection Commission.
7. Retention of Personal Data
The company will retain the personal data of data subject as necessary for proceeding in accordance with the aforementioned purposes. However, the company will retain personal data for no longer than 10 years from the last date the data subject had any transaction or contact with the company. The company may retain personal data for longer than 10 years if stipulated by laws. The company will take necessary measures to delete, dispose of, or anonymize personal data in accordance with the retention period.
8. Use of Personal Information for the purposes for which it was collected
The company shall be entitled to continue to collect and use such personal data for the original purposes. If data subject do not want the company to collect and use personal data, the data subject may inform the company to withdraw consent by requesting the “Request Form for Data Subjects to Exercise Rights” at our head office, or download from our website at www.tokiomarinesoutheast.com
9. Rights of Data Subject
Data subject may exercise the following rights regarding personal data:
(1) Withdraw or request to change the scope of consent given to the company.
(2) Request access to, obtain a copy of the personal data, or request the disclosure of the acquisition of the personal data obtained without consent.
(3) Correct personal data to be accurate, up-to-date, complete, and not misleading. If the company is unable to process the requested, the data subject has the right to receive the requested form along with the reason from the company as stipulated by law.
(4) Delete or dispose of personal data or make personal data anonymous as stipulated by law.
(5) Object the collection, use, or disclosure of personal data at any time, in the following circumstances:
(a) Where the personal data is collected with an exemption to consent requirements under section 24 (4) or (5), unless the company can prove that the collection, use, or disclosure of such personal data is justified by a compelling legitimate ground or is carried out for the establishment, compliance or exercise of legal claims, or defense of legal claims.
(b) The collection, use, or disclosure of such personal data is for the purpose of direct marketing.
(c) The collection, use, or disclosure of personal data is for the purpose of scientific, historical or statistical research, unless it is necessary for the performance of a task carried out for reasons of public interest by the company.
(6) Obtain personal data or request to send or transfer personal data to another data controller.
(7) Restrain the processing of personal data as stipulated by law.
(8) Complain to the Office of the Personal Data Protection Commission.
If the data subject would like to exercise personal data rights, they can request the “Request Form for Data Subjects to Exercise Rights” at the company office or download it from the website at www.tokiomarinesoutheast.com The company will consider the request and return the result to the data subject within 30 days after receiving the request.
The company reserves the right not to follow the request to exercise the rights of the data subject at its discretion and in accordance with applicable laws. The data subject may file a complaint with the Personal Information Commission as provided in the Personal Protection Act. Furthermore, the company may collect fees for processing the request as the company sees suitable.
10. Revision to this Policy
The company reserves the rights to amend, revise, or make any changes to this policy as allowed by laws. If there is a significant amendment to this policy, the company will inform to data subject and/or request consent from the data subject (if stipulated by laws).
11. Contact Information of Data Controller and Data Protection Officer
The company as data controller, if the data subject has any inquiries related to this policy, or needs more information, or would like to exercise data protection rights. Please contact at:
Data Protection Officer (DPO)
Tokio Marine South East Servicing Co., Ltd. (Data Protection Officer)
Address: No. 302 S & A Building, 5th Floor, Room B1
Silom Road, Suriyawong, Bangrak, Bangkok 10500
Tel. 02 257 8000 at 8.30 am. – 4.45 pm.
Email: DPO@tokiomarine-se.co.th