1.  Definition

User means customer, interested person, natural person acting on behalf of legal entity, which is the information owner, duly representative of the User as the case may be, such as, guardian of a minor, guardian of an incompetent person, etc., owner of the personal information who use the Company’s various service solutions through a contact channel which is a service directly provided by the Company, or use any other electronic services of the Company.

Processing means collection, use, and/or disclosure of personal information

2. Enforcement

This policy is applicable to Company executives, employees, partners, contractors, external service providers who have access to personal data.

3. Collection and Limited Processing of Personal Information

The Company collects personal information of the Users in accordance with legal requirement and fair manner. The Company will retain information as necessary for the provision of services in accordance with the Company’s operational purposes and as required by laws. The Company will get the consent from Users regardless of any Company’s means before the data collection unless prescribed by laws and/or as set forth in this policy. The Company shall retain such information confidentially.

4. Personal Information Collected by the Company

4.1 Personal Information means any information that enables the identity of the owner of the personal data, whether direct or indirect, including:

4.1.1 Personal data such as name, surname, gender, age, occupation, job title, type of business, nationality, date of birth, marital status and information on cards issued by government authority (such as ID card number, copy of ID card, passport number, driving license details)

4.1.2 Contact information such as e-mail, telephone number, address, workplace

4.1.3 Vehicle information such as license plate details, vehicle details (e.g. license plate number, vehicle number, chassis number, mileage), latitude and longitude while operating. The date and time of each start and stop of the vehicle.

4.1.4 Financial information such as bank account, credit/debit card information, payment details, and a copy of the bank account / bank passbook

4.1.5 Transaction information such as insurance claims, remuneration claims, changes in insurance policy information.

4.1.6 Technical data such as IP Address, Browser, Cookie ID

4.1.7 Any other information that is considered personal information under the Personal Data Protection Law, such as the use of the Company’s website, sounds, images, videos.

4.2 Sensitive personal information including personal information related to race, ethnicity, political opinions, belief in a cult, religion or philosophy, sexual behavior, criminal records, health information, disability, labor union information, genetic information, biological information, litigation history, or any other information that affect the owner of the personal information in a manner as imposed by law. The Company will collect, use and/or disclose sensitive personal information only when the Company has obtained the express consent of the User unless otherwise exempted by laws.

Note: This policy, if not specifically mentioned, will collectively refer the personal information and the above sensitive personal information as “personal information”.

5. Channels and Processes by which the Company Collects Personal Information

The Company collects personal information and sensitive information of users through the following processes:

5.1 Information that the User provides to the Company directly, such as information under the insurance application, including supporting documents for the insurance application, any other request related to the execution of the insurance contract, or related to the Company’s products/services, complaint information, information that users use to communicate with the Company whether in the form of writing, pictures and/or audio, information from electronic distance measuring devices that the Company has sent to Users, information that Users participate in the Company’s activities, or any other documents, including providing information through electronic channels when the data subject requests for the service or buy insurance products from the Company including contacting, visiting, searching through various channels such as website, applications, call centers, or any other channels that are directly provided by the Company.

5.2 Personal Information received by the Company or can be accessed from other sources that are not directly from the User, or from public sources, such as from insurance agents, insurance broker, other insurance companies, affiliates, or companies in the business group, business partners, consultants, clinicians, medical center, professional associations, social media providers, data provider, government agency, and/or other authorities under other laws. The Company will collect personal information of the data subject from other sources only with the consent of the User as required by law, unless otherwise legally exempted.

6. Purpose of Processing Personal Information

6.1 For the benefit of Users related to insurance products and/or using the services of the Company as well as to comply with any laws that the Company or the User must comply with, including:

6.1.1 Compliance with insurance contracts, joint insurance, reinsurance, and retrocession

6.1.2 Security survey, damage assessment and indemnification under insurance contracts

6.1.3 Financial transactions related to insurance contracts

6.1.4 Legal proceedings in an event of liability to third parties or novation of right or any claim with third parties

6.1.5 Statistical analysis for the benefit of calculating premiums to in line with the risks

6.1.6 Provision of services, facilitating and coordinating between the Company and the Users

6.1.7 Notification of information regarding the Company’s services

6.1.8 Compliance with other relevant laws

6.1.9 Necessary operation for the Company’s legitimate interests that the User can expect, such as recording a call center conversation, indoor and outdoor surveillance camera recording, verification process before entering the building, handling complaints, surveying or evaluating service satisfaction, alerting, or offering insurance products that are beneficial to users, video recording, sound recording of meetings, trainings, exhibition.

6.1.10 Risk Management, governance, internal audit, management within the organization, including transferring information to regulators, financial auditors, external auditors, and affiliated companies both domestic or abroad

6.1.11 Prevention as per measurements, or the Company’s policy to reduce the risks that may arise from fraudulent actions, cyber threat, default, or breach of contract, various illegal acts, including sharing personal data to uplift the protection standard, and to reduce the above risks of the Company, business group, or the same business.

6.1.12 Benefit from the use of insurance products and/or services of the Company according to the consent of the data subject, such as offers, special benefits, advice, and marketing news, including the right to participate in special events, whether it be insurance products and/or services of the Company or of companies in the same business group, or of business partners, or of third parties who provide services to the Company

6.2 For any other purposes that the data subject has agreed with the Company

However, if there is a change in the purpose of collecting personal information, the Company will notify the Users, and request consent from the User through the channels that previously contacted the User and will announce on the official website of the Company, and at the head office 30 days prior to the date of change.

7. Persons or Entities that may access or disclose personal information

The Company may disclose personal information of service users to third parties as follows:

7.1 The Office of Insurance Commission (OIC) for the benefit of insurance business supervision

7.2 Other legal regulatory agencies such as the Office of the Personal Data Protection Commission, Anti-Money Laundering (AMLO), the Revenue Department, etc.

7.3 Thai General Insurance Association and/or other assigned agencies for the purpose of statistical analysis, and calculation of the insurance premium rate

7.4 Reinsurance company and/or Co-insurance company

7.5 Financial institutions or financial service providers involved in receiving payments and payment.

7.6 Third party providers which the Company has assigned to be the Company representative in terms of insurance, survey, indemnification medical treatment, legal action, audit, and any other actions related to the insurance contract

7.7 Affiliated, or the same business, or other recipients of information, both domestic and abroad

7.8 Advertising and public relations companies that provide marketing information to data subjects as permitted by the data subject to provide marketing information or any information

However, the Company will not disclose, display, or make it appear in any other way that is inconsistent with the purpose of retention of the personal information of the data subject as mentioned above, provided the consent of the data subject in writing has been granted, or under the law.

8. Security Measures of Personal Information

The Company takes into account the security of the retention of the personal information by imposing information retention  measurement such as encryption, and restricting access to personal information, various risk control measures to prevent data leaks, including creating awareness of taking responsibility for information security for the Company’s staff to strictly follow and prevent data loss, access, destruction, use, modification, alteration or disclosure of personal information without permission. This is in accordance with the requirements of the Personal Data Protection Law, and other laws applicable to data protection.

The Company also has a regularly review, update the Company’s personal information security procedures and measures to encourage the confidence for the Users. If the User deems that the communication with the Company is insecure, please notify the Company immediately via “Contact Methods” at the end of this Policy.

9. Retention Period

9.1 The Company will retain the personal information of the Users for the period necessary to achieve the purpose of each type of personal information, not exceeding 11 years from the date of termination of the relationship, or last contacting information in order to comply with the time and prescription imposed by laws, unless the laws allow for any longer retention periods.

9.2 The Company provides an audit system for deletion, destruction, or non-identification of personal information after the retention period has expired or that is not related to or beyond the necessity for the purpose of collecting that personal information.

10. Transmission or transfer of information

The company may transmit or transfer personal information of the User to other parties both domestic or abroad in case of necessity in order to perform the contract to which the User is a party, or performing in accordance with the contract between the Company and other persons or juristic persons for the benefit of the Users, or to proceed with the request of the User before entering into the contract, or to prevent or to suppress danger to life, body or health of the User or other persons. In order to comply with the laws or necessity to carry out missions for the public interest, the Company has determined that the person who receives the User’s personal information has the appropriate measures to protect the User’s personal information as required by laws and process such personal information as necessary and will not allow the personal information to be disclosed or unlawfully leaked.

The Company may retain information on computers, servers, or the cloud provided by third parties, and may use third party programs or ready-made applications to process User information, but the Company will determine the rights of those who have access to such personal information and impose appropriate security measures for personal information.

11. Rights of Data Subject

Users have the rights as stipulated in the Personal Data Protection Act B.E. 2562 (2019) as follows:

11.1 Right to request access or request a copy of the User’s personal information or request to disclose the acquisition of personal information

11.2 The right to request the Company to take action to ensure that the User’s personal information is completely correct and up to date

11.3 Rights to obtain personal information of Users from the Company including the right to request the Company to transmit or transfer personal information to another data controller, or to obtain personal information that the Company provides or directly transfers to another data controller unless by technical condition it is not possible

11.4 The right to object to the collection, use, or disclosure of the personal information of the data subject at any time in accordance with the laws

11.5 The right to request the Company to delete or destroy or make the information non-personally identifiable of the data subject according to the laws

11.6 The right to request the Company suspend the use of personal information of the data subject according to the laws

11.7 The right to withdraw consent at any time unless there is a restriction on the right to withdraw consent by law or contracts that provide benefits to the data subject

11.8 Right to raise complaint in the event that the Company including employees or the Company’s contractor violates or fails to comply with the Personal Data Protection Act B.E. 2562 or sub-regulations issued under this Act

12. Withdrawal of Consent and Possible Effects of Withdrawal of Consent

To withdraw the consent previously given to the Company in the case of collecting, using and disclosing personal information with the consent of the User, the User has the right to request to withdraw all consents that have been given to the Company or partially at any time. This consent will not affect the collection, use and disclosure of which consent has been given.

To delete, destroy, object, withhold, or withdraw consent of the Users who have given their consent for reasons or other purposes other than marketing operations, may lead to an effect that the Company may not be able to perform various steps or services such as insurance consideration, compensation consideration, provision of insurance services and/or product management, or services, or relationship, and/or the User’s account with the Company. This may cause the User to lose benefit from receiving coverage under the insurance contract for the coverage that would be received in the future. In addition, the Company reserves the right to refuse or not act upon such request as it deems appropriate, and to the extent permitted by applicable laws.

13. Use of cookies

When the User uses the service on this website (https://www.falconinsurance.co.th) (“Website”). The Company assumes that the Users have given their consent to the use of  the “cookies” which serve to record information and settings such as saving settings, device language setting on the subscriber’s device, logs of the User’s current access status in order to help the Users to use the website, to improve the internet service continuously and suitable for using the service, including collecting information about the history of using the services that the Users favor. The cookies do not cause any harm to your device and the content in the cookies will only be retrieved for viewing or reading by the service that created them.

The cookie information that the Company collects is anonymous personal preference information, and no personally identifiable information will be collected. However, the User can disable the use of cookies in the settings of the User’s web browser, but disabling it may affect future use.

14. Policy Update

The Company reserves the right to amend or improve this policy in accordance with the changing of business context or laws in the future. The Company will notify the change through various channels such as websites, branches, applications, call center, or other channels.

If the policy change affects the processing of your personal information, the Company will notify you in advance for a reasonable period of time through the Company’s website in order to provide you with the opportunity to exercise your rights in relation to personal information in accordance with “Rights of Data Subject” in this Policy.

15. Contact Us

If the data subject wishes to inquire about this personal data protection policy or wishes to exercise the rights of the data subject, please contact:

Personal Data Protection Officer

The Falcon Insurance Public Co., Ltd.

33/4 Building A, The 9th Towers, 24th- 25th Fl., Rama 9 Rd., Huay Khwang, Bangkok 10310 Thailand

Email Fcicustomersevice@falconinsurance.co.th   Tel: 02 037 9988

This Policy will come into force with effect from 1 January 2022.