Security & Privacy

Personal Data Protection Statement "PDP Statement"


Direct Asia Insurance Holdings Pte Ltd and its subsidiaries including Direct Asia (Thailand) Co., Ltd., and Direct Asia Services (Thailand) Co., Ltd. (“DATH”) is committed to protecting the privacy of the individuals we encounter in conducting our business.

“Personal Data” refers to any data, whether true or not, about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access. This may include your name, Identification Number or Passport Number or other identification number, telephone number(s), residential address, email address, payment information etc. which you have provided to DATH previously.

The purpose of this PDP statement is to inform you of how DATH manages Personal Data which is subject to the Personal Data Protection Act B.E. 2562 (2019) of Thailand (including any amendments) ("the Act"). We would urge you to take a few minutes of your precious time to read this PDP Statement as it is designed to assist you in understanding why and how DATH collects, and uses your Personal Data, to whom such data is disclosed and to whom data access requests can be addressed. In particular, we will ensure that:

  • only fair, proper and legitimate means are employed to collect personal data;
  • personal data collected and used is accurate;
  • personal data is protected by appropriate safeguards and made available only to authorised persons;
  • and you have the right to access and request correction of your personal data.
  1. Who To Contact About Your Personal Data

    If you have any questions about our use of your Personal Information you can contact us at :

    Direct Asia (Thailand) Co., Ltd.,
    Attn: Head of Compliance (PDPA)
    173/21 Asia Centre Building 20th Floor,
    South Sathorn Road, Thungmahamek, Sathorn,
    Bangkok 10120 Thailand
    Tel. +66 2 767 7777
    Email: [email protected]
  2. How we collect Personal Data

    1. We collect Personal Data in the following ways:

      a. when you submit any form, including but not limited to application, declaration, proposal or referral forms;

      b. when you enter into any agreement or provide other documentation or information in respect of your interactions and transactions with us, or when you use our services;

      c. when you interact with our staff, including customer service officers and other representatives, e.g. via telephone call or text message, (which may be recorded), letters, fax, face-to-face meetings, digital platforms (including but not limited to any social media messaging platform) and email;

      d. when you use some of our services provided through online and other technology platforms, eg. websites and apps including when you establish any online accounts with us;

      e. when you use our electronic services, or interact with us via our websites or use services on our websites;

      f. when you request that we contact you, be included in an email or other mailing list; or when you respond to our request for additional Personal Data, our promotions and other initiatives;

      g. when you are contacted by, and respond to, our marketing representatives and agents, our sales and distribution partners and other service providers;

      h. when you submit an employment application or when you provide documents or information including your resume and/or curriculum vitae in connection with any appointment as an officer, director, representative or any other position;

      i. when we receive references from business partners and third parties, for example, where you have been referred by them;

      j. when your images are captured by us via CCTV cameras while you are within our premises, or via photographs or videos taken by us or our representatives;

      k. when we seek or receive information about you in connection with your policy, policy applications, claims or job applications, for example, from other insurers, insurance associations, hospitals, clinics, motor workshops, your ex-employer and the relevant authorities; and/or

      l. when you submit your Personal Data to us for any other reason.

    2. When you browse our website, you generally do so anonymously but please see the section below on cookies. We do not at our website automatically collect Personal Data, unless you provide such information or login with your account credentials.
    3. If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, and/or employees), including where you have named them as beneficiaries or as a life assured, or where you refer a third party to us for the purposes of us offering our products and/or services to that third party, by submitting such information to us, you represent to us that you have obtained the consent of the third party to you providing us with their Personal Data for the respective purposes.
    4. You should ensure that all Personal Data submitted to us is complete, accurate, true and correct. If there is a change to your contact information such as your home address, email address or telephone number, please promptly update us. This ensures that you will continue to receive communications from us without disruption or delay. Failure on your part to do so may result in our inability to provide you with products and services you have requested.
  3. Purposes for the Collection, Use and Disclosure of Your Personal Data

    1. The purposes for which Personal Data of our clients may be collected, used and/or disclosed will vary depending on the nature of your relationship with us. For example, we may use your Personal Data as follows:

      a. confirm your identity and uniquely identify you;

      b. offering and providing services and products to you, which may include, insurance services and products;

      c. responding to, processing and handling your queries, complaints, feedback, suggestions and requests;

      d. evaluate, underwrite and price your application, and assess the insurance risks we are assuming during any insurance coverage changes or renewals;

      e. properly administer the products and services we provide, including the investigation, review, assessment and settlement of claims;

      f. collecting premiums and debt collection;

      g. design, promote, improve and further the provision of our products or services;

      h. communicate with you, especially with respect to your policy, updates and changes;

      i. marketing services and products to you (please see further details in paragraphs 4 to 6 below);

      j. operating, maintaining and providing subsequent services in relation to the applications for services and/or products;

      k. detect, investigate and prevent fraud, or other unlawful or improper activities;/p>

      l. data compilations and statistical analysis;

      m. conducting checks with the Anti-Money Laundering Office, Criminal Records Division of the Royal Thai Police, National Credit Bureau Co., Ltd., Office of Insurance Commission, or any relevant governmental authorities (as applicable to the nature of your relationship with us) and our internal database;

      n. coaching employees and monitor for quality assurance;

      o. exercising any rights that DATH may have in connection with the services and/or products provided to you;

      p. reinsuring risks with other insurers;

      q. comply with all legal and regulatory requirements under applicable laws within and outside Thailand including disclosures to judicial, regulatory, government, statutory authorities and industry entities applicable to DATH or companies and members of the DirectAsia group;

      r. meeting commitments with any legal, regulatory, governmental, tax, law enforcement or other authorities, industry bodies in Thailand;

      s. resolve complaints, and handle requests for data access or correction;

      t. complying with policies and procedures applicable within the DirectAsia group; and

      u. any other purposes directly related to (a) to (t) above.

      These purposes may also apply even if you do not maintain any policy or relationship with us, or have terminated the policy or relationship with us.

    2. If you submit an application to us as a candidate for an employment or representative position, we may use your Personal Data as follows:

      a. processing your application including pre-recruitment checks, such as in relation to your credit standing and qualifications;

      b. providing or obtaining employee references and for background screening/vetting;

      c. facilitating and conducting interviews;

      d. assessing your suitability for the position applied for;

      e. communicating with you as required by DATH to comply with its policies and processes, including for business continuity purposes;

      f. processing staff referrals;

      g. any other purposes relating to the aforesaid.

    3. Subject to applicable laws, you may be required to provide your Personal Data in order to comply with law or contracts or there exists a need to provide your Personal Data for the purpose of entering into a contract. Please be informed that if you do not provide your Personal Data, DATH may not be in a position or able to provide or continue providing its products or services to you or administer any contractual relationship in place. This will inevitably result in the termination of any agreements or arrangement you have with us.
    4. To the extent permitted by applicable laws, we may collect, use, and/or disclose your Personal Data for any of the following purposes without your consent:

      a. if it is in order to comply with laws of DATH;

      b. if it is in order to prevent or suspend danger to life, body or health of a person;

      c. if it is in order to comply with the contract to which you are a party or in order to comply with your request prior to execution of the contract;

      d. if it is in order for DATH to comply with the duty to take actions for public benefit or to comply with the duty to exercise state power conferred on DATH;

      e. if it is in order to achieve legitimate interests of DATH or members of the DirectAsia group or other persons unless such interest has less weight than your basis right in the Personal Data; or

      f. if it is permitted by or falls under any circumstances prescribed by any applicable laws including the applicable data privacy laws.

  4. Disclosure of Personal Data

    1. DATH will take reasonable steps to protect your Personal Data against unauthorized disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in Thailand or overseas. Please note that the data protection and privacy laws of other countries may not be as protective as the laws in Thailand.

      a. members of the DirectAsia group;

      b. agents, contractors or third party service providers who provide operational services to DATH, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services, fulfillment and/or other services;

      c. where we require payment from and to you, your banks, credit card companies and their respective service providers;

      d. our professional advisers such as our auditors and lawyers;

      e. persons or companies carrying on insurance or reinsurance-related business engaged by DATH;

      f. surveyors, physicians, hospitals, clinics, medical practitioners, laboratories, technicians, loss adjustors, risk intelligence providers, claim investigation companies, private investigators, administrators, or other professional advisors engaged by DATH (“Our Partners”);

      g. credit reporting agencies, including National Credit Bureau Co., Ltd., or in the event of default or disputes, any debt collection agencies or dispute resolution centers;

      h. your family, relatives, appointed executors, and their professional advisors in connection with your will(s) or the administration of your estate;

      i. third parties, including distributors, intermediaries, agents, contractors, or service providers that provide services in relation to DATH’s businesses;

      j. relevant government regulators or authority or law enforcement agency to comply with any laws, rules and regulations or schemes imposed by any governmental authority such as, but not limited to, the Office of Insurance Commission, Bank of Thailand, Anti-Money Laundering Office, Ministry of Labor, Ministry of Health, Royal Thai Police, and Department of Land Transport; and

      k. any other parties to whom you authorize us to disclose your Personal Data to.

  5. Access, Correction and Withdrawal of Consent

    1. DATH will take reasonable steps to protect your Personal Data against unauthorized disclosure. Subject to the provisions of any applicable law, your Personal Data may be provided, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in Thailand or overseas. Please note that the data protection and privacy laws of other countries may not be as protective as the laws in Thailand.

      a. request access to, and to receive copy of your Personal Data;

      b. request for the disclosure of the acquisition of your Personal Data for which you have not given consent;

      c. object to the collection, use or disclosure of your Personal Data;

      d. request correction of any of your Personal Data which is incorrect;

      e. deletion or cause your Personal Data to be unable in identify you as the Personal Data owner;

      f. request to send or transfer your Personal Data to other data controller or to you when possible through automatic method and to receive your Personal Data that DATH send or transfer directly in automatic method to other data controller unless it is technically impossible;

      g. request to suspend the use of your Personal Data; and

      h. request to proceed as appropriate in order to ensure that your Personal Data is correct, up-to-date, complete, and not misleading.

       
    2. You may also withdraw consent for us to collect, use or disclose your Personal Data for any purpose (e.g. send you any marketing messages).

      Kindly complete the forms below and send it to [email protected] and we will reply to you within 5 business days.

      Please be informed that if you withdraw your consent to any or all uses of your Personal Data (depending on the nature of the request), DATH may not be in a position or able to continue providing its products or services to you or administer any contractual relationship in place. This will inevitably result in the termination of any agreements or arrangement you have with us.

      In the event that your Personal Data (e.g. being a beneficiary, appointed executor or as the life assured) is provided to us by the policy holder, you will not be allowed to access the data that is kept by us. You should contact the policy holder to liaise with us on your behalf instead.

      If you are of the opinion that your Personal Data is not being processed in accordance with the Act, you are entitled to contact or submit a complaint to the competent supervisory authority under the Act.

  6. Retention of Personal Data

    DATH takes reasonable steps to ensure that the Personal Data we process is reliable for its intended use, and as accurate and complete as is necessary to carry out the purposes described in this PDP Statement. DATH will destroy any Personal Data it may hold in accordance with its internal policy which accords the following principles:

    a. Personal Data will only be retained for the duration of commercial relationship between you and DATH or for as long as is necessary to fulfill the original or directly related purpose for which such data was collected, whichever is longer, unless the Personal Data is also retained to satisfy any legal obligations or a longer retention period is required by the applicable laws; and

    b. Personal Data is purged and/or anonymised from DATH’s electronic, manual, and other filing systems in accordance with specific schedules based on the above criteria and DATH’s internal procedures.

     
  7. Use of Cookies

    A cookie is an element of data that a website can send to your browser, which may then store it on your system. We use cookies in some of our pages to store visitors’ preferences and record session information. The information that we collect is then used to ensure a more personalised service level for our users.

    When you visit and browse our website, we also collect general information (like your internet protocol (IP) address) that won't personally identify you. This information allows us to maintain, evaluate and improve our site's performance. We may also collect and use aggregated non-personal information to assess our offerings and to consider improvements to our products and services. You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies.

    If you disabled the cookies, you may not be able to enter certain part(s) of our website.

  8. Governing Law

    This PDP Statement and your use of this website shall be governed in all respects by the laws of Thailand.

 

Updated: 20 May 2020