AIA Company Limited, Thailand Branchand its affiliates ("AIA", "we", "us", "our") recognise our responsibilities in relation to the collection, use, disclosure and other processing and storage of personal data.
Among the most important assets of the AIA Group Limited group of companies ("AIA Group") is the trust and confidence placed on properly handling information. Customers expect us to maintain their information accurately, protected against manipulation and errors, secure from theft and free from unwarranted disclosure.
This personal information collection statement ("privacy statement") provides you with notice as to how your personal data is collected, what personal data is collected, for what purposes your personal data is collected, used, disclosed or transferred, to whom your personal data may be disclosed or transferred, and how to access, amend and otherwise exercise your rights in respect of your personal data. You are required to read and understand this statement, before giving your consent for us to collect, use, disclose and otherwise process of your personal data. If you are less than 20 years old, your parental consent is additionally required.
How we collect personal data
We may collect and store your personal data in the following ways:
when you purchase or use our individual insurance, group insurance and services, or when you access or use our or third parties’ websites, apps, and online, mobile, telephone or other services (“Products” or “Services”);
when you submit documents and application forms for the purchase or use, or in consideration of the purchase or use, of our Products or Services;
when you submit requests for changes or updates to your Product or any other requests in connection with your Product including through the submission of Product servicing forms and documents;
when you respond to our queries or when you request for us to contact you;
when you interact with personnel, customer service officers, sales representatives, agents, brokers, intermediaries, contractors, business partners, service providers or other associated persons or organisations of AIA or AIA Group, and representatives of any of these persons or organisations (collectively “AIA Persons and Partners”), via websites, apps, social media, phone, email, face to face meetings, interviews, SMS, fax, regular mail or otherwise;
when we receive referrals or collect personal data from AIA Persons and Partners;
when you submit personal data to us to participate in lucky draws, contests, events or competitions organised by or on behalf of AIA or AIA Persons and Partners; or
when we seek information from third parties about you, including without limitation from investigators, public, private or commercial information sources, websites, application, social media sources, data providers, medical sources, health facilities, hospitals, doctors, other healthcare professionals, other insurance organisations, or industry associations or federations, in connection with your product, product applications, underwriting the risks of your product, product claims and/or Products and Services of AIA used or purchased by you (“Third Party Sources”);
when we seek information from third parties about you for compliance and other regulatory purposes.
By providing us with any personal data relating to a third party (including without limitation insured persons, trusted persons, family members or beneficiaries), you represent and warrant the accuracy of such personal data and that you have fully informed our collection, use, disclosure and transfer of such third party’s personal data for the relevant purposes, and have obtained such third party’s prior consent, except to the extent that such consent is not required under applicable laws and regulations.
To the fullest extent permitted by law, you further agree to keep us fully indemnified from and against any and all damages, losses, costs, legal fees, penalties and proceedings, including any penalties or other amounts levied, imposed or charges by any regulator or regulatory authority, arising out of or in connection with your (or those of your officers, employees, advisors, agents or representatives) acts or omission, fault or negligence in performing these obligations or which result in us breaching any applicable laws.
What personal data do we collect, use or disclose
The personal data we collect, use and disclose (which includes sensitive personal data as provided in the Personal Data Protection Act B.E. 2562, as amended from time to time, and other relevant applicable laws and regulations), includes the following:
your personal data which enables your identification, such as your name, surname, identification numbers, passport numbers, phone numbers, email addresses, postal addresses and other contact details, date of birth, occupation, photographs, marital status and information about your dependants, Biometric data, and voice recordings;
your financial information such as income, source of income, tax information, bank account numbers, bank statements, credit card details, loan details, investment information and other payment details;
your employment information and employment history;
your health and medical information such as medical history, medical examination, medical investigation, consultation history, prescriptions, notes, treatments, description of medical services rendered medical reports, autopsy reports and medical billing;
information relating to your civil or criminal litigation background, such as criminal, civil and other litigation records;
details of the products and services you have purchased with AIA or other insurance organisations, such as policy numbers, amounts insured, policy alterations/transactions, premium payment method, premium payment history, or loan history, beneficiary, payer name, claims made, Anti-Money Laundering and Anti-Terrorist Financing and bankruptcy statuses, Foreign Account Tax Compliance Act (FATCA), police reports and court orders;
technical information and personal activities/preference collected when you use certain websites, apps and social media platforms, such as customer’s unique identification on social media platforms, IP address, browser type and version, time zone settings, browser plugin types, operating systems and platform, user profile, device information (including with respect to mobile devices the IMEI number, wireless networks and general network information); and
personal data of a third party that you provide to us in connection with the purchase or use of our Products and Services, or for referrals.
The provision of your personal data is voluntary. You may choose not to provide us with the requested data, but failure to do so may inhibit our ability to do business with you or to respond to your enquiries.
Purposes for which personal data is collected, used or disclosed
Personal data is collected or may be used, disclosed or transferred for the following purposes:
to offer, sell, provide, manage, operate, process and administer our Products and Services to you;
to process, administer, implement and effect the requests or transactions contemplated in this document or any other documents you may submit to us from time to time, including without limitation to evaluate your financial needs and provide recommendations of suitable products and services to you; to process Product applications; to administer your Product; to collect premiums and outstanding amounts from you; to manage provident fund, to investigate, analyse, process and pay claims/policy benefits made under your policies; and to renew, modify, cancel or reinsure your policy;
to exercise any right under your Product including right of subrogation, if applicable;
to design new or enhance existing Products and Services of AIA;
for reinsurance of our Products and Services to you;
to communicate with you, including to send you administrative and other communications about any Product or account you may have with us, to provide technical support for our websites and apps, or about future changes to this privacy statement;
for market research, advanced data analytics, and statistical or actuarial research, reporting or financial assessment undertaken by AIA, the AIA Group, AIA Persons and Partners, or our respective regulators;
for investigation or prevention of fraud-related activities and other actual or suspected misconduct, particularly to communicate with companies within the financial services and insurance industries, and our respective regulators;
for purposes of corporate reorganisations and corporate transactions
to provide you with access to the content on certain websites, apps or social media platforms;
to monitor your behaviour, such as your use of certain websites, apps and social media platforms, conduct analysis of your use of them and understand your preferences in order to personalise, operate, evaluate and improve them, our Products and our Services, troubleshoot any problems, provide recommendations of relevant Products and Services and provide targeted advertising on our websites, apps or other channels;
for regulatory compliance, and (internal and external) audit reviews of AIA’s business;
to meet requirements of prevailing internal policies of AIA;
for purposes of storage, archiving, back-up or destruction of personal data;
to meet requirements imposed by applicable laws, rules, regulations, agreements or schemes imposed by any government regulators, law enforcement agencies, government authorities, dispute resolution or industry bodies;
to assist in law enforcement purposes, investigations by us or on our behalf, by police or by other government or regulatory authorities in any jurisdiction, and to meet reporting obligations and requirements imposed by law or agreed to with government or regulatory authorities in any jurisdiction;
for quality and training purposes when our communications are recorded;
to conduct general administration in connection with the foregoing purposes; and
to perform other necessary activities directly relating to any of the above purposes.
Unless otherwise permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this privacy statement or a directly related purpose.
For our Product on using your personal data for promotional or marketing purposes, please see the section entitled “Use of Personal Data for Direct Marketing Purposes” below.
Who may be provided with your personal data
Personal data will be kept confidential but we may, where permitted by applicable law or where such disclosure is necessary to satisfy the purpose or a directly related purpose for which the personal data was collected, provide such personal data to the following parties:
any person authorised to act as an AIA Person and Partner for the sale, distribution or servicing of Products and Services offered by AIA or an AIA Group company to you;
Policyholder (in case of group insurance);
any person who is employed or contracted to work for such AIA Person and Partner for the sale, distribution or servicing of Products and Services offered by AIA or an AIA Group company to you;
any person authorised to act as an AIA Person and Partner to help deliver our Products or Services offered/sold to you, such as reinsurance companies, investment management companies, ratings agencies, investigation companies or other partners;
any AIA Persons and Partners who provide administration services, data processing services, business processing services, payment services, debt collection or securities clearing services, telecommunication services, technology services, cloud services, outsourcing services, call centre services, storage services, document processing, archiving services, scanning services, mailing services, scanning services, printing services, courier or messenger services, data analytics services, marketing services, research services, crisis management services or other services in connection with the operation of AIA's business or the provision management, operation, processing or administration of our Products or Services to you;
industry associations or federations;
any law enforcement agencies, statutory boards, government or regulatory bodies, dispute resolution bodies, or any other person in any jurisdiction to whom AIA or another member of the AIA Group must disclose data: (a) under a legal and/or regulatory obligation in that or any other jurisdiction applicable to that particular AIA Group company; or (b) pursuant to an agreement or scheme between the AIA Group company and the relevant government, regulatory body or other person;
any member of the AIA Group;
our professional advisors such as lawyers, auditors or consultants;
any party to whom you have consented the disclosure of your personal data; or
any other party permitted under applicable law;
Third Party Sources
From time to time, we may acquire or dispose of one or more of businesses (or portions thereof) and for this purpose, to the extent permitted by applicable law, your personal data may be transferred or disclosed as a part of the purchase or sale or a proposed purchase or sale.
In the event that we purchase a business, the personal data received with that business would be treated in accordance with this privacy statement, if it is practicable and permissible to do so. In the event that we sell a business, we will include provisions in the selling contract requiring the purchaser to treat your personal data in the same manner required by this privacy statement.
Third Country/Cross-Border Transfer
Your personal data may be transferred to, stored or otherwise processed by AIA, or provided to any of the above persons who may be located or who mayprovide services, in or outside Thailand. Where required under relevant law, we may seek your consent to the transfer of such information outside Thailand to our facilities or to those third parties with whom we share it as described above. Your personal data will only be transferred to other locations, where we are satisfied that adequate levels of protection exist to protect the integrity and security of your personal data, which as minimum are comparable to the jurisdiction or territory in which you provided such personal data.
Security and Retention of Personal Data
AIA applies reasonable security measures to prevent unauthorised or accidental access, processing, erasure, loss or use.
AIA may retain your personal data for as long as necessary to fulfil the purpose(s) for which it is collected or a longer period as otherwise required to ensure compliance with applicable laws and regulations.
Reasonable steps will be taken to delete or destroy your personal data when it is no longer necessary for any of the purpose above.
Your rights with respect to Personal Data and Point of Contact
You have the right to:
verify whether AIA holds any personal data about you, to access or obtain a copy of any such data, and/or to access information about how AIA uses or discloses your personal data;
require AIA to correct any personal data relating to you which is inaccurate;
request that the processing of your personal data be restricted under certain circumstances;
request deletion or destruction of your personal data under certain circumstances;
request a temporarily suspension of the processing of your personal data under certain circumstances;
withdraw your consent or request a change to your scope of consent;
request deregistration or deletion of your registered account (if any);
make a complaint about AIA's data handling; and
enquire about AIA’s policies and practices in relation to personal data.
Requests for access, correction, complaints or other queries relating to your personal data should be addressed to AIA Customer Service Center or AIA Call Center 1581 or email at email@example.com.
Under applicable laws and regulations, we may have the right to charge reasonable costs for the processing of the above personal data requests.
If you suspect any breach involving personal data, please notify Data Protection Officer (DPO) via AIA Call Center 1581 or email at firstname.lastname@example.org or contact at the following address.
AIA Company Limited 181 Thanon Surawong Khwaeng Suriya Wong Bang Rak, Bangkok 10500
Consequences of consent withdrawal
You may withdraw your consent to collect, use, maintain or disclose (part of) your personal data as set out in this privacy statement by giving us reasonable notice.
If you withdraw your consent for us to collect, use, maintain or disclose your personal data for non-marketing reasons, we may be unable to process, administer and/or manage your Product, relationship and/or account with us. In such event, you may be required to surrender or terminate all your policies or accounts or withdraw from any programmes in which you are participating. This may be to your disadvantage, as you may be losing valuable benefits from your policies or programmes, incur surrender charges or it may not be possible for you to obtain a similar level of protection on the same terms in the future.
Amendments to this Privacy Statement
AIA reserves the right, at any time and without notice, to add to, change, update or modify this privacy statement, to the extent permitted by law, simply by notifying you of such change, update or modification. The notification could be made by email or other common mode of communications.
Where required by applicable law, we may also notify you in the event of material changes to this privacy statement and, where required, seek your consent to those changes.
Should you have any questions on any part of this privacy statement or would like additional information regarding AIA's data privacy practices, please do not hesitate to contact us (see the section entitled “Your rights with respect to Personal Data and Point of Contact” above).
Use of Personal Data for Direct Marketing purposes
To provide you with information about our products and services, AIA Company Limited, Thailand Branch and its affiliates(“AIA”, "we", "us", "our") would like to use your name, surname, age, gender, email address, telephone (including mobile) number, and postal address you provide to us ("contact details") to,
- send you promotional materials and direct marketing communications about our products, services, advice and subjects, including insurance, annuities; wealth management; investment; banking; financial services; credit cards; medical/health treatment; health information; recruitment; training; reward/loyalty/privilege programmes; charitable/non-profitable causes ("Classes of Marketing Subjects"); and
- to administer contests, lucky draws, events and competitions to which you choose to participate.
We are required by law to obtain your explicit consent in order to do so.
We would also like to share your name and contact details with AIA Persons and Partners providing any of the Classes of Marketing Subjects and call centre, marketing or research services so that they can send you promotional materials and conduct direct marketing in relation to the products and services they offer, but we also cannot do so without your written consent.
If you do not want to receive any direct marketing communications, you may withdraw your consent at any time free of charge by contacting AIA Call Center 1581 or AIA iService (https://iservice.aia.co.th). Any such request should clearly state details of the personal data in respect of which the request is being made. Please note that in this section your latest declaration shall prevail all declaration that you gave earlier (if any).