Privacy Notice of Allianz Ayudhya
We care about your personal data
Allianz Ayudhya General Insurance Public Company Limited (“the Company“,”we”,”us”), a part of the Allianz Group, an authorized insurance company providing general insurance products and services in Thailand.
We appreciate your interest in our services and products. Your privacy is important to us and we want you to feel comfortable using our services and products. This privacy notice explains how and what type of personal will be collected, why it is collected, with whom it is shared or disclosed, and your rights in this regards.
- Who is the data controller?
A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files.
We are the data controller as defined by relevant data protection laws and regulations.
- What personal data will be collected?
We may collect and process various types of personal data about you as follows:
- Personal data that the Company obtained from you on applications, forms, or any other documents when you register or fill out to receive or request for our products/services, including electronic channels, such as your name, surname, title, identification card number, passport number or other identification card number, postal address, phone number or mobile phone number, email address, date of birth, location, username, financial information-credit/debit card and bank account details;
- Information from your visits to our website or applications;
- Conversation records from all communication channels of the Company;
- Special categories of data (Sensitive data) such as health data, disabilities, race or ethnicity, genetic data, biometric data, sexual behavior, criminal records, trade union membership, health records, claims, and important data obtained from third parties; and
- IP address, the type of browser software used and the date, time, and duration of your usage of the Allianz website including website usage when you use the Allianz website, our website server automatically records such details.
If you would like to purchase our products and services, we will need your personal data in order to offer products or services, to enter into an insurance contract, to perform our obligations under an existing contract with you, or to meet any of your requests. If you do not wish to provide your personal data to us, we may not be able to perform our obligations under the existing contract with you, or may refuse to act on your requests.
If you provide personal data to us about other people, you affirm that you have the authority to act on their behalf regarding the processing of their personal data and that you acknowledge this privacy notice on their behalf.
- How will we obtain and use your personal data?
3.1 The Company obtains your personal data from:
- The Company collects personal data directly from you via your insurance application, your request submitted to the Company, your interaction with us from all of the Company’s communication channels, and your request to use the Company’s applications.
- We may also obtain your personal data from third parties or public databases, such as affiliated companies or Allianz group companies, business partners, financial advisors, insurance intermediaries or brokers, banks, other insurers, your doctors, hospitals, professional associations, public authorities or authorities under other applicable laws, employers, financial advisors of employers, and social media providers.
3.2 We will use your personal data for the following purposes:
- To fulfill contractual obligations arising from general insurance contracts, co-insurance, reinsurance and retrocession;
- To carry out risk survey, claim investigation, and claim processing;
- To perform financial transactions related to insurance contracts;
- To take legal actions in the case of third-party liabilities or the right of subrogation to
- To conduct statistical analysis, which helps us price our products appropriately to the risk level;
- To comply with any applicable laws and regulations;
- To disclose and share your personal data with Allianz group companies, to third parties, or individuals acting on behalf of the Company, whether inside or outside Thailand;
- The Company may process special categories of data for public interests in accordance with applicable laws, which the Company will process the data necessary for a specific purpose only; and
- For any other purposes that the Company has agreed with you from time to time
When you use our products or receive our services, the insurance application you filled out or the insurance contract made with us may have additional conditions related to how we collect, use, disclose, and process your personal data. These will be used in addition to the objectives specified in this privacy notice.
3.3 For the elderly and dependent customers
The Company may use personal data that you or other people close to you, such as father, mother, wife, children, provide to the company, or we may use the data recorded when the Company interacts with you to identify the status of being elderly and/or dependent, so we can offer appropriate products or services.
Service activities such as (a) personalized services, forms of communications, and/or online services such as my account; and (b) determining the appropriate time that we will communicate with you such as changes in your situation or personal lifestyle, including the use of appropriate communication channels.
The Company may derive these data from customer profiling, such as your economic status, interests, personal preferences, or behaviors to transactions. Such activities will not affect you in any way.
- Who will have access to your personal data? Or who do we share your personal data with?
The Company will ensure that your personal data is processed in a manner that is compatible with the purposes indicated above.
For the stated purposes, your personal data may be disclosed to the following parties who operate as third party data controllers or data processors under our instructions:
- Public authorities, regulatory bodies, other Allianz Group companies, other insurers, co-insurers, re-insurers, contracting parties, insurance intermediaries/brokers, asset management companies, group policyholders, professional associations, and financial institutions;
- Technical consultants, experts, lawyers, auditors, loss adjustors, repairers, medical doctors, hospitals; and service companies to discharge operations (claims, surveyors, payment, IT, postal, document management, call center services, research companies, rating agencies); and
- Advertisers and advertising networks to send you marketing communications, as permitted under local law and in accordance with your communication preferences.
We do not share your personal data with other third parties who are not public authorities or are not specified above without your permission, but we may disclose your personal data in the following instances:
- In the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings); and
- To meet any legal obligations, to protect you us from financial crime, and to conform with requests from the relevant public authorities if you make a complaint about the product or service we have provided to you.
- Where will my personal data be processed?
Your personal data may be processed both inside and outside of Thailand by the parties specified in section 4 above, subject always to contractual restrictions regarding confidentiality and information security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.
Whenever we transfer your personal data for processing outside of Thailand by another Allianz Group company, we will do so on the basis of Allianz’ approved binding corporate rules known as the Allianz Privacy Standard (Allianz’ BCR) which establish adequate protection for personal data and are legally binding on all Allianz Group companies.
Allianz’ BCR and the list of Allianz Group companies that comply with them can be accessed under https://www.allianz.com/en/privacy-statement.html#TabVerticalNegative2523488475
- What are your rights in respect of your personal data?
Where permitted by applicable law or regulation, you have the right to:
- Access or request a copy of your personal data held about you and to learn the origin of the data;
- Withdraw your consent at any time where your personal data is processed with your consent;
- Update or correct your personal data so that it is always accurate, complete and not misleading;
- Delete, destroy or anonymize your personal data from our records if it is no longer needed for the purposes indicated above;
- Restrict the processing of your personal data in circumstances where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
- Object to the collection, use, and disclosure of your personal data in certain circumstances, including the case where personal data is being processed for direct marketing;
- Obtain your personal data in an electronic format for you or for your new insurer; and
- File a complaint with us and/or the relevant data protection authority if you believe that there is violation of applicable data protection laws.
You may exercise these rights by adjusting your privacy preference settings where you have created an online account with us. You can change privacy preferences by accessing online account and adjusting profile settings, or contacting us as detailed in section 13 below if you need any assistance.
Your withdrawal of any previously given consent, your request to delete, destroy and anonymize your personal data, your request to restrict or your objection to the processing of your personal data could mean that the Company is unable to perform our obligations under an existing contract with you, and that there may be restrictions on certain transactions or services, which may result in the loss of your privilege from the insurance contract or other agreements, and may restrict you from services offered by us.
The Company may refuse to comply with your request in the circumstances where there are legal restrictions, or the Company has compelling legitimate grounds for the processing of your personal data as permitted by applicable laws. The Company reserves the right to charge a reasonable fee to complete your request.
- How long is personal data retained for?
We will retain your personal data for at least ten (10) years from the date the insurance relationship ends, the date of obtaining arbitral award, or the date that the court issues the final judgement, depending on the circumstances. However, the Company may continue to retain your personal data after such period if it is necessary to store your data longer for the purpose for which it is collected, or for other reasons deemed appropriate e.g. to enforce our legal or contractual rights
In the circumstance where the Company rejects to underwrite your application for insurance, where you withdraw your application for insurance, or where permitted by law, the Company may retain your personal data to the extent necessary to comply with our legal obligations, such as anti-money laundering measures, and the establishment, exercise or defense our legal obligations.
We will not retain your personal data for longer than necessary and we will hold it only for the purposes for which it is obtained.
- Are cookies used on the Company’s Website?
The Company uses tracking technology such as cookies or tags to gather usage information to understand how visitors use the Company’s Website.
Tracking technology helps us manage and improve the usability of the Company’s Website, for example by detecting whether there has been any contact between your computer and us in the past and to identify the most popular sections of the Company’s website.
When you save your cookie settings, they should also apply to your future visits to the Company’s Website. However, for technical reasons beyond our control of the Company, this cannot be guaranteed. For example, if you reset your browser, delete your cookies or access the Company’s Website from another browser or device, your cookie settings may be lost. To comply with applicable laws and regulations, in some countries you may be asked to confirm your cookie settings when you first visit the Company’s Website. If you are in a country where you are automatically required to set your cookie settings, you may be asked to set them again on a future visit.
In many cases you can also control tracking technologies using your browser. Please ensure that your browser setting reflects whether you wish to be warned about and/or accept tracking technologies (such as cookies) where possible. The specific capabilities of your browser and instructions on how to use them can usually be found in the manual or help file of your browser.
Refusing, disabling or deactivating of tracking technologies may result in a reduced availability of the services provided by the Company’s Website, or parts of the Company’s Website may no longer function correctly.
- How are social media plug-ins used on the Company’s Website?
The Company’s Website uses the following social media plug-ins ("plug-ins"):
- Share button on Facebook, powered by Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA;
- Tweet button, powered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA;
- Instagram Button, power by Instagram Co., 1 Hacker Way, Menlo Park, California, United States.
- YouTube Button, power by YouTube, San Bruno, California, United States.
All plug-ins are indicated with the brand names of the respective operators: Facebook, Google, Twitter, Instagram, YouTube ("Operator"). To increase the level of data protection and in accordance with applicable laws and regulations, we have implemented the additional programs by means of a so-called 2-click solution. This procedure ensures that when you visit the Company’s Website, no direct connection of your browser to the servers of the Operator is established. Only if you activate the plug-ins by clicking on them and thereby grant your consent to the data transfer, your browser establishes a direct connection to the server of the respective Operator. The content of the plug-ins is then transmitted by the Operators directly to your browser and integrated by them into the website.
By accepting the plug-in, the Operator receives the information that your browser has accessed the Company’s Website. If you logged in to your account when you visited the Company’s Website, the Operator can connect your visit to your account directly. If you interact with the plug-in, e.g. by clicking on the Facebook button, the +1 button and the Tweet button, "Share" button, the data will be transferred directly from your browser to the Operator and saved by the Operator. In addition, the information will be published on the relevant social network or on your Twitter account and will be visible to your contacts. If you do not want this data transfer to the Operators, you must log out of your respective account before you click on the plug-ins and activate them.
For more information on the purpose and scope of data collection, processing and use, please refer to the privacy statements below:
- Facebook: https://de-de.facebook.com/about/privacy/
- Google: https://developers.google.com/+/web/buttons-policy
- Twitter: https://twitter.com/privacy
- Instagram: https://help.instagram.com/
- YouTube: https://www.youtube.com/about/policies/
- What security measures have we implemented to protect your information collected through the Company’s Website?
We have implemented reasonable technical and organizational security measures to protect your personal data collected by us via the Company’s Website against unauthorized access, misuse, loss or destruction.
- How do we treat electronic messages sent to and from the Company?
All electronic messages sent to and from the Company are protected by reasonable technical and organizational security measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g. court order, suspicion of criminal conduct, violation of regulatory obligations) to specific persons in defined functions (e.g. Legal, Compliance, Risk). Every step of the process, as well as the search criteria used, are logged in an audit trail. All emails are disposed of after the applicable retention period has expired.
- What should you consider when sending data over the Internet?
The Internet is generally not regarded as a secure environment, and information sent via the Internet (such as to or from the Company’s Website or via electronic message) may be accessed by unauthorized third parties, potentially leading to disclosures, changes in content or technical failures. Even if both sender and receiver are located in the same country, information sent via the Internet may be transmitted across international borders and be forwarded to a country with a lower data protection level than in your country of residence.
The Company does not accept responsibility or liability for the security of your information whilst in transit over the Internet to the Company. In order to protect your privacy, you may choose another means of communication with the Company, where you deem it appropriate
- How can you contact us?
If you have any queries about this privacy notice or if you wish to exercise your rights in section 6, you can contact us by phone, email or post via the details specified below:
Allianz Ayudhya General Insurance Public Company Limited
898, 1st Floor, Ploenchit Tower, Ploenchit Road, Lumpini, Pathumwan, Bangkok 10330 - during Monday to Friday from 8.30 to 17.00; or
Allianz Ayudhya Customer Care Center at 1292 –available 24 hours every day; or
- How often is this notice updated?
We regularly review this privacy notice. We will ensure the most recent version is available on the Company’s Website at https://www.azay.co.th/ for Allianz Ayudhya Assurance Public Company Limited or at https://gi.azay.co.th for Allianz Ayudhya General Insurance Public Company Limited
The Company may revise or make changes to this privacy notice. In such cases, we will post a notice of those changes on the Company’s Website. If a change may significantly affect you, we will notify you about the change via the specified communication channels. The change thereof will be in force for personal data that we collect, use, or disclose after changes have been posted on our website.
This privacy notice is made in both English and Thai language. In the event of any conflict or discrepancy between the Thai and English versions, the Thai version shall prevail.
This privacy notice was last updated on 1 April 2020.