Privacy Notice of Allianz Ayudhya
We care about your personal data
Allianz Ayudhya General Insurance Public Company Limited (“the Company“,”we”,”us”), a part of the Allianz Group, is an authorized insurance company providing general insurance products and services in Thailand.
We appreciate your interest in our services and products. Your privacy is important to us and we want you to feel comfortable using our services and products. This privacy notice explains how and what type of personal will be collected, why it is collected, with whom it is shared or disclosed, and your rights in this regards.
- Who is the data controller?
A data controller is the individual or legal person who controls and is responsible to keep and use personal data in paper or electronic files.
We are the data controller as defined by relevant data protection laws and regulations.
- What personal data will be collected?
We may collect and process various types of personal data about you as follows:
- Personal data that the Company obtained from you on applications, forms, or any other documents when you register or fill out to receive or request for our products/services, including electronic channels, such as
- Basic personal detail such as your name, surname, title, identification card number, passport number or other identification card number, addresses, gender, phone number or mobile phone number, email address, date of birth, username or marital status;
- Financial information such as source of income, credit/debit card number, bank account number, details of premium payment, or tax information;
- Employment information such as position, workplace, work experience, name and address of employer.
- Legal status such as status relating to laws on Anti-Money Laundering, Terrorism and Proliferation of Weapons of Mass Destruction Financing, Bankruptcy or Foreign Account Tax Compliance Act (FATCA);
- Any transactions relating to insurance policy such as premium payment history, insurance policy loan, claim, execution of rights or the use of our services including conversation records from all communication channels of the Company;
- Sensitive personal data such as health data, disabilities, race or ethnicity, genetic data, biometric data, sexual behavior, criminal records, trade union membership, health records, claim history, and important data obtained from third parties;
- Information on the social media platforms that we receive from other social media providers or from the subscription for our services, usage of our website or application such as My Allianz or Healthy Living;
- IP address, the type of browser software used, and the date, time and duration of your usage of our website or application, where such details are automatically recorded.
If you would like to purchase our products and services, we will need your personal data that is necessary, including sensitive personal data in order to offer products or services, to underwrite an insurance contract, to perform our obligations under an existing contract with you, or to meet any of your requests. If you do not wish to provide your personal data or sensitive personal data to us, we may not be able to perform our obligations under the existing contract with you, or may refuse to act on your requests.
If you provide personal data to us about other people (including but not limited to insured, family member premium payer or beneficiary), you acknowledge and affirm that you have the authority to act on their behalf regarding the processing of their personal data and provide this privacy notice for their acknowledgement.
- How will we obtain and use your personal data?
3.1 The Company obtains your personal data from:
- The Company collects personal data directly from you via your insurance application, your request submitted to the Company, your interaction with us from all of the Company’s communication channels, and your request to use the Company’s website or applications or your participation in marketing activities.
- We may also obtain your personal data from third parties or public databases, such as affiliated companies or Allianz group companies, business partners, financial advisors, insurance intermediaries or brokers, banks, other insurers, your doctors, hospitals, professional associations such as Thai General Insurance Association, public authorities, regulator, authorities under other applicable laws, employer or financial advisor of employer, and social media providers.
3.2 We will use your personal data for the following purposes:
- To fulfill your request or to perform our duties and responsibilities, or contractual obligations between you and the Company, such as providing the right product offerings, premium quotation, underwriting and the administration of your insurance policy, including the processing of your request or claim, our online service at present or in the future, and the communication related to your insurance policy such as invoicing for insurance premium, informing details about insurance policy or noticing about changes in the Company’s terms, conditions, and policies;
- For marketing purposes such as contacting you to inform about our product or service offerings, selling our product or service, and promoting our promotional activities, which range from privileges to marketing activities occasionally arranged by the Company. If you wish to not receive marketing from us, you can let us know anytime by contacting the Company through channels as specified in this privacy notice;
- To comply with laws relating to business operations or laws of authorities such as non-life insurance, anti-money laundering (AML), bankruptcy, or Foreign Account Tax Compliance Act: FATCA; to fulfill a mandate or cooperate with the operation of competent officers as requested from time to time; or to comply with the government report or regulations concerning personal data disclosure;
- To investigate, or prevent and detect fraud, corruption or financial crime for the benefit of the Company or for the compliance of applicable laws such as an investigation of suspected transactions of an offense, litigation, a check of personal identity to prevent money laundering, a check for sanctions, or the identification of political-related individuals. In such cases, the Company may either refuse to provide the service you requested or stop providing our services to you as well as report the offense and fraud to relevant authorities;
- To perform statistical analysis for the benefit of the Company such as conducting market research, data analysis, actuarial research, pricing, underwriting, claim payments; to formulate strategies related to product design and development, or service; to create customer profiling so that the Company can determine the suitability of various product offerings; to analyze the use of website, application, social media in order to cater the usability of website, application or social media to your usage;
- For the benefit of the Company in running the business efficiently and appropriately, including testing the Company's systems, managing our financial position, business capability, planning, communications, corporate governance, internal audit, and organizational restructuring. These activities would involve data management, record keeping, making copies, or the destruction of personal data;
- The Company may process sensitive personal data only to the extent necessary for legitimate purposes and within the scope of consent given, unless such processing of sensitive personal data is exempted by law from consent requests. In the event that the Company cannot process sensitive personal data or does not receive enough accurate and complete sensitive personal data to fulfil contractual or legal obligations, the Company may refuse to act on your requests;
- To disclose or share your personal data as necessary to perform contractual obligations, to complete your request, for the benefit of the Company, to comply with relevant laws and regulations, or for specific purposes according to your consent (where consent is required) to group companies, third parties, authorities, or individuals acting on behalf of the Company, whether inside or outside Thailand;
- For other purposed as specified by laws such as the prevention or suppression of dangers to your life, body or health (vital interest basis) or where the processing is necessary to carried out for the public interest or for the exercise of public power granted to the Company (public task basis);
- For any other purposes where consent is given from time to time, unless the Company can process for such purposes lawfully under applicable law or data protection law.
When you use our products or receive our services, the insurance application you filled out or the insurance contract made with us may have additional conditions related to how we collect, use, disclose, and process your personal data. These will be used in addition to the objectives specified in this privacy notice.
3.3 For the elderly and dependent customers
The Company may use personal data that you or other people close to you, such as father, mother, wife, children, provide to the company, or we may use the data recorded when the Company interacts with you to identify the status of being elderly and/or dependent, so we can offer appropriate products or services.
Service activities such as (a) personalized services, forms of communication, and/or online services such as my account; and (b) determining the appropriate time that we will communicate with you such as changes in your situation or personal lifestyle, including the use of appropriate communication channels.
The Company may derive these data from customer profiling, such as your economic status, interests, personal preferences, or behaviors to transactions. Such activities will not affect you in any way.
- Who will have access to your personal data? Or who do we share your personal data with?
The Company will ensure that your personal data is processed in a manner that is compatible with the purposes indicated above.
For the stated purposes, your personal data may be disclosed to the following parties who operate as third party data controllers or data processors under our instruction:
- Public authorities, regulatory bodies, other Allianz Group companies, other insurers, co-insurers, re-insurers, contracting parties, general insurance intermediaries/brokers, asset management companies, group policyholders, professional associations, and financial institutions;
- Technical consultants, experts, lawyers, auditors, loss adjustors, repairers, medical doctors, hospitals; and service companies to discharge operations (claims, surveyors, payment, IT, postal, document management, call center services, research companies, rating agencies); and
- Advertisers and advertising networks to send you marketing communications, as permitted under local law and in accordance with your communication preferences.
We do not share your personal data with other third parties who are not public authorities or are not specified above without your permission, but we may disclose your personal data in the following instances:
- In the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in any insolvency or similar proceedings); and
- To meet any legal obligations, to protect you us from financial crime, and to conform with requests from the relevant public authorities if you make a complaint about the product or service we have provided to you.
- Where will my personal data be processed?
Your personal data may be processed both inside and outside of Thailand by the parties specified in section 4 above, subject always to contractual restrictions regarding confidentiality and security in line with applicable data protection laws and regulations. We will not disclose your personal data to parties who are not authorized to process them.
Whenever we transfer your personal data for processing outside of Thailand by another Allianz Group company, we will do so on the basis of Allianz’ approved binding corporate rules known as the Allianz Privacy Standard (Allianz’ BCR) which establish adequate protection for personal data and are legally binding on all Allianz Group companies.
Allianz’ BCR and the list of Allianz Group companies that comply with them can be accessed under https://www.allianz.com/en/privacy-statement.html#TabVerticalNegative2523488475
- What are your rights in respect of your personal data?
Where permitted by applicable law or regulation, you have the right to:
- Access or request a copy of your personal data held about you and to learn the origin of the data;
- Withdraw your consent at any time where your personal data is processed with your consent;
- Update or correct your personal data so that it is always accurate, complete and not misleading;
- Delete, destroy or anonymize your personal data from our records if it is no longer needed for the purposes indicated above;
- Restrict the processing of your personal data in circumstances where you have contested the accuracy of your personal data, for the period enabling us to verify its accuracy;
- Object to the collection, use, and disclosure of your personal data in certain circumstances, including the case where personal data is being processed for direct marketing;
- Obtain your personal data in an electronic format for you or for your new insurer; and
- File a complaint with us and/or the relevant data protection authority if you believe that there is violation of applicable data protection laws.
You may exercise these rights by adjusting your privacy preference settings where you have created an online account with us. You can change privacy preferences by accessing online account and adjusting profile settings, or contacting us as detailed in section 13 below if you need any assistance.
Your withdrawal of any previously given consent, your request to delete, destroy and anonymize your personal data, your request to restrict or your objection to the processing of your personal data could mean that the Company is unable to perform our obligations under an existing contract with you, and that there may be restrictions on certain transactions or services, which may result in the loss of your privilege from the insurance contract or other agreements, and may restrict you from services offered by us.
The Company may refuse to comply with your request in the circumstances where there are legal restrictions, or the Company has compelling legitimate grounds for the processing of your personal data as permitted by applicable laws. The Company reserves the right to charge a reasonable fee to complete your request.
- How long is personal data retained for?
We will retain your personal data for at least ten (10) years from the date the insurance relationship ends, the date of obtaining arbitral award, or the date that the court issues the final judgement, depending on the circumstances. However, the Company may continue to retain your personal data after such period if it is necessary to store your data longer for the purpose for which it is collected, or for other reasons deemed appropriate e.g. to enforce our legal or contractual rights.
In the circumstance where the Company rejects to underwrite your application for insurance, where you withdraw your application for insurance, or where permitted by law, the Company may retain your personal data to the extent necessary to comply with our legal obligations, such as anti-money laundering, and the establishment, exercise or defense our legal claims.
We will not retain your personal data for longer than is necessary and we will hold it only for the purposes for which it is obtained.
- Are cookies used on the Company’s Website?
The Company uses tracking technology such as cookies or tags to gather usage information to understand how visitors use the Company’s Website.
Tracking technology helps us manage and improve the usability of the Company’s Website, for example by detecting whether there has been any contact between your computer and us in the past and to identify the most popular sections of the Company’s website.
When you save your cookie settings, they should also apply to your future visits to the Company’s Website. However, for technical reasons beyond our control of the Company, this cannot be guaranteed. For example, if you reset your browser, delete your cookies or access the Company’s Website from another browser or device, your cookie settings may be lost. To comply with applicable laws and regulations, in some countries you may be asked to confirm your cookie settings when you first visit the Company’s Website. If you are in a country where you are automatically required to set your cookie settings, you may be asked to set them again on a future visit.
In many cases you can also control tracking technologies using your browser. Please ensure that your browser setting reflects whether you wish to be warned about and/or accept tracking technologies (such as cookies) where possible. The specific capabilities of your browser and instructions on how to use them can usually be found in the manual or help file of your browser.
Refusing, disabling or deactivating of tracking technologies may result in a reduced availability of the services provided by the Company’s Website, or parts of the Company’s Website may no longer function correctly.
- How are social media plug-ins used on the Company’s Website?
The Company’s Website uses the following social media plug-ins ("plug-ins"):
|media plug-ins||Operator||Privacy Notice|
|Share button on Facebook
1601 S. California Ave., Palo Alto, CA 94304, USA
795 Folsom St., Suite 600, San Francisco, CA 94107, USA
|Share button on Instagram
1 Hacker Way, Menlo Park, California, United States
|YouTube Button (YouTube)||YouTube
901 Cherry Ave, San Bruno, CA 94066, United States
All plug-ins are indicated with the brand names of the respective operators: Facebook, Google, Twitter, Instagram, YouTube ("Operator"). To increase the level of data protection and in accordance with applicable laws and regulations, we have implemented the additional programs by means of a so-called 2-click solution. This procedure ensures that when you visit the Company’s Website, no direct connection of your browser to the servers of the Operator is established. Only if you activate the plug-ins by clicking on them and thereby grant your consent to the data transfer, your browser establishes a direct connection to the server of the respective Operator. The content of the plug-ins is then transmitted by the Operators directly to your browser and integrated by them into the website.
By accepting the plug-in, the Operator receives the information that your browser has accessed the Company’s Website. If you logged in to your account when you visited the Company’s Website, the Operator can connect your visit to your account directly. If you interact with the plug-in, e.g. by clicking on the Facebook button, the +1 button and the Tweet button, "Share" button, the data will be transferred directly from your browser to the Operator and saved by the Operator. In addition, the information will be published on the relevant social network or on your Twitter account and will be visible to your contacts. If you do not want this data transfer to the Operators, you must log out of your respective account before you click on the plug-ins and activate them.
- What security measures have we implemented to protect your information collected through the Company’s Website?
We have implemented reasonable technical and organizational security measures to protect your personal data collected by us via the Company’s Website against unauthorized access, misuse, loss or destruction.
- How do we treat electronic messages sent to and from the Company?
All electronic messages sent to and from the Company are protected by reasonable technical and organizational security measures and may only be accessed in justified cases in line with applicable laws and regulations (e.g. court order, suspicion of criminal conduct, violation of regulatory obligations) to specific persons in defined functions (e.g. Legal, Compliance, Risk). Every step of the process, as well as the search criteria used, are logged in an audit trail. All emails are disposed of after the applicable retention period has expired.
- What should you consider when sending data over the Internet?
The Internet is generally not regarded as a secure environment, and information sent via the Internet (such as to or from the Company’s Website or via electronic message) may be accessed by unauthorized third parties, potentially leading to disclosures, changes in content or technical failures. Even if both sender and receiver are located in the same country, information sent via the Internet may be transmitted across international borders and be forwarded to a country with a lower data protection level than in your country of residence.
The Company does not accept responsibility or liability for the security of your information whilst in transit over the Internet to the Company. In order to protect your privacy, you may choose another means of communication with the Company, where you deem it appropriate
- How can you contact us?
If you have any queries about this privacy notice or if you wish to exercise your rights in section 6, you can contact us by phone, email or post via the details specified below:
Allianz Ayudhya General Insurance Public Company Limited
898, 1st Floor, Ploenchit Tower, Ploenchit Road, Lumpini, Pathumwan, Bangkok 10330 - during Monday to Friday from 8.30 to 17.00; or
Allianz Ayudhya Customer Care Center at 1292 –available 24 hours every day; or
- How often is this notice updated?
We regularly review this privacy notice. We will ensure the most recent version is available on the Company’s Website at https://aagi.azay.co.th
The Company may revise or make changes to this privacy notice. In such cases, we will post a notice of those changes on the Company’s Website. If a change may significantly affect you, we will notify you about the change via the specified communication channels. The change thereof will be in force for personal data that we collect, use, or disclose after changes have been posted on our website.
This privacy notice is made in both English and Thai language. In the event of any conflict or discrepancy between the Thai and English versions, the Thai version shall prevail.
This privacy notice was last updated on 16 June 2020.