Privacy Policy

Privacy Policy

1. Objective and Purpose

Siam Cosmos Services Company Limited (“Company”) is committed to protect your privacy. Therefore, this Privacy Policy has been developed by the Company in order to set the effective and suitable management measures relating to the process of the personal data in accordance with the international standard under the framework of the Personal Data Protection Act B.E. 2562 (2019)

2. Definition

2.1 “Personal Data Protection Law” means the Personal Data Protection Act B.E. 2562 (2019) including regulation, rule, notification under the Personal Data Protection Act B.E. 2562 (2019) issued by Personal Data Protection Committee or other authorized authorities. This also covers any other laws relating to the personal data protection or any other laws that are required to be applied to the Personal Data Protection Act B.E. 2562 (2019) or regulation, rule or notification under to the Personal Data Protection Act B.E. 2562 (2019).

2.2 “Personal Data” means any information relating to a person that makes it possible to directly or indirectly identify that person, but not including the data of the deceased in particular.

2.3 “Data Controller” means a natural person or a juristic person having the power and duties to make decisions regarding the collection, use, or disclosure of the Personal Data.

2.4 “Data Processor” means a natural person or a juristic person which proceeds the collection, use or disclosure of personal data according to the order or on behalf of the Data Controller, however such natural of legal person who proceeds such activities is not Data Controller.

2.5 “Sensitive Data” means any Personal Data pertaining to race, religion, ethnic origin,

political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, data concerning health, disabilities, labour union membership, genetic data, biometric data or other data which may affect the data subject in the same way as announced by the Personal Data Protection Commission under the Personal Data Protection Act B.E. 2562 (2019)

2.6 “Processing” means the collection, use, or disclosure of the personal data

3. Scope of applicability

This Privacy Policy covers the entire processing of Personal Data performed by the Company as follows:

3.1. Customers who are natural persons and hereby refers to current, past or future customers;

3.2. Contractual parties, business partners, business alliances and distributors who are natural persons;

3.3. Shareholders, either ordinary persons or representatives of juristic persons who hold shares of the Company;

3.4. Natural persons or representatives of juristic persons who act on behalf of person under clause 3.1 - 3.3 in case such persons are juristic persons;

3.5. Managing directors, authorized person to act on behalf of juristic persons, authorized grantee of the Company;

3.6. Employees, personnel who currently work with the Company or those who had worked or has opportunity to work with the Company, regardless of whether the contracts concluded with the Company are permanent or temporary employment;

3.7. Outsourced workers;

3.8. Probationers and interns;

3.9. Persons who participate in the Company's activities or activities that the Company collaborated with other organizations and their personal data is processed;

3.10. Any other persons who are the co-owners of personal data with the persons specified in (3.1) - (3.9) and whose personal data are processed by the Company.

Additionally, this Privacy policy also applies to the processing of personal data on website pages, applications, mobile applications or any other means of personal data processed by the Company.

4. Purposes of collecting personal data

4.1. To enter into a contract and perform the obligation under the contract entered into between the Company and the data subject such as providing brokerage services for non-life insurance and life insurance, granting a power of attorney for receiving insurance premium, entering into various type of insurance contract, entering into pet insurance, entering into any type of contract which the Company acts as insurance broker, entering into sale-purchase agreement, entering into contract for extension of product warranty, entering into service contract, entering into appointment of various project membership, entering into immovable and immovable property contract with third parties, job application, internship application, checking work experience, checking work experience from reference persons, interview job, entering into employment contract, providing welfare to employee for complying with contract.

4.2. To adhere to legal requirement relating to the operation of the Company such as renewal of license with the Office of Insurance Committee, claiming medical reimbursement of insured person with the Social Security Office, work permit extension, visa extension, data storage for withholding tax purposes, value added tax or specific business tax collection, submission of employee list according to the law on labor protection and labor relations, etc.

4.3. To disclose the personal data to the group company, the Company’s partners, distributions and transfer or disclose to third country.

4.4. To manage human resource, evaluate the performance of the employees, record the exercise of rights related to work, such as absence, all types of leave of the company , the action relating to the Social Security, Social Security Fund, probation, reassignment, annual medical extermination, employees’ performance evaluation , payroll, entry and exit record, preparation of training, promotion, participation of the Company’s activities, preparation of personal record and receiving welfare of the Company record.

4.5. To examine, analyze and prepare required documents for agencies or other organizations that may relate to the operation of the Company.

4.6. To exercise a right in legal claims or defend in the context of contract or judicial proceedings.

4.7. To manage the access of restricted area, to enable people to access area and/or the system set by the Company.

4.8. To negotiate, communicate or manage relationship between the Company and customers, to hear the option or complaint from client including to resolve client’s compliant and insurance claim.

4.9. To develop and update the website or application or platform which is the channel for reaching and having interaction to customers’ needs.

4.10. To conduct a market research, promotion, customer behavior analysis.

4.11. To examine, analyze and prepare required documents for agencies or other organizations that may relate to the operation of the Company.

4.12. To manage compensation, welfares, arrangement for activities and promoting leaning and development

4.13. To collect the data of the data subject in case of requesting to exercise the rights under the Personal Data Protection Law.

5. Collection of Personal Data

The Company will collect only the Personal Data that is necessary to fulfil a lawful purpose which the Company will inform the data subject before or while collecting the Personal Data. The Company may collect the Personal Data as follows:

5.1. Personal Information: name, surname, date of birth, age, weight, height, nationality, marital status, national ID card number or passport number, insurance policy number, non-Thai ID card, Social Security number, work permit, or other official documents that can identify persons, photo, signature.

5.2. Contact information: address, email address, phone number, fax number, LINE ID and other similar information.

5.3. Financial information: bank account details.

5.4. Job information: starting date of work, starting date of probation, termination date of probation, termination date of work, professional status, work experience, position, professional license, training experience, salary, revenue, other benefits, department.

5.5. Educational records: GPA, graduation year, graduate major

5.6. Website use information: Username and password for accessing via online system and application, IP address, Log file.

5.7. Cookies

5.8. Marketing research information: marketing research statistics of data subject.

5.9. Sensitive data: religions, health-related data, medical history, criminal record.

5.10. Video record from closed circuit television (CCTV)

5.11. Information of the persons related with data subject: name, surname, date of birth of spouse, children, parents and beneficiary

5.12. Work manual: department, record of work performance or employer’s evaluation, position, staff number, years’ experience.

5.13. Information of contracting parties, business partners and distributors: contact information, position, number, e-mail, address, director information, shareholder information.

5.14. Other information: car plate number, car model.

6.1. The Company may receive Personal Data from 2 channels as follows:

6.1.1 Directly collect from the data subject, for example, collection of Personal Data by the Company’s employee or the insurance broker appointed by the Company, website, mobile applications, activities arranged by the Company, filling out personal information in Company’s application forms, either in paper or online form, usage of program or system in regard of human resource, responses to surveys conducted by the Company, or access to the Company’s website using Cookies and etc.

6.1.2 Collect from sources other than the data subject, for example, searches for Personal Data through a website, social media, online platforms of third parties or other publicly available information resources or inquiries made by service provider, consultant, business alliance, official agency or third party. In these cases, the Company will notify data subject without delay, but not more than 30 (thirty) days from the date the Company collects Personal Data from such sources, and request consent to collect the Personal Data from the data subject, except where exempted by law from the need to request consent from or notify the data subject.

6.2 The Company shall obtain explicit consent from the data subject prior to or at the time of collection of Personal Data, except under the following circumstances, where the Company may collect Personal Data without requesting consent.To fulfill purposes relating to the preparation of historical documents or archives on public

interest grounds or relating to research studies or statistics. In such cases, the Company will implement appropriate security measures to protect the fundamental rights and freedoms of data subject.

6.2.2 To prevent or to avoid danger to an individual’s life, body or health

6.2.3 To enter into a contract and perform the obligation under the contract entered into between the Company and the data subject s

6.2.4 To perform the obligation under the contract entered into with the data subject or in order to take steps requested by the data subject prior to entering into a contract

6.2.5 To carry out tasks, only to the extent that it is necessary to do so, for the public interest or in the exercise of official authority vested in the Company

6.2.6 For the purposes of legitimate interests pursued by the Company or by third parties or by other juristic persons, except where such interests are overridden by the fundamental rights and freedoms of data subject

6.2.7 To comply with laws

In general, the Company does not collect Sensitive Data. Unless it is necessary or unavoidable to process such Sensitive Data. If there is such case, the Company shall obtain explicit consent from data subject prior to or at the time of collection, except there is an exception under the Personal Data Protection Law.

7. Personal Data storage location and right to access

The Company has established guidelines and methods for appropriate data collection to prevent damage that may be caused by the leakage of Personal Data, access, erasure, destruction, transmission or disclosure of Personal Data without the permission of the data subject or from the company. In this regard, only those who is authorized by the Company or as required by law will have the right to access the storage location of such Personal Data.

If the company has hired an agency or third parties to process Personal Data for the purposes and on behalf of the Company. The Company will inform such agency or third parties to keep confidential of the Personal Data and secure such Personal Data, including preventing Personal Data from being collected, used or disclosed for any other activities that does not fall within the scope of service or against the law.

8. Retention period

The Company will retain Personal Data with the following period:

8.1 In the event that there is a law specifying a specific retention period, the Company will keep Personal Data in accordance with such timeframe, for example the Revenue Code, Accounting Act B.E. 2543 (2000), Non-Life Insurance Act B.E. 2535 (1992), Labor Protection Act B.E. 2541 (1998) and etc.

8.2 In the event that the law does not specify a specific period for retaining the Personal Data, the Company will set the retention period as necessary for the Company's operations.

After the above retention period, the company will delete, destroy or make the Personal Data anonymized.

9. Usage of Personal data

Only the authorized person as specified by the Company or as required by law will be able to access and use the Personal Data collected by the Company. The Company will set measures for accessing and using data in each type, situation, specific event or position in order to prevent damage or breach of the data subject's rights.

For any personal data that has been collected by the Company before Personal Data Protection law coming into force, the Company shall be able to process such personal data within the initial purpose of collection without obtaining any consent from data subject.

10. Disclosure and transfer of Personal Data

Pursuant to Objectives in Clause 4, the Company may disclose necessary Personal Data to organization or third parties per the consent granted by the data subject unless such disclosure is permitted by law. The Personal Data controlled by the Company may be disclosed to the followings:

10.1. Affiliate or group company

10.2. Counterparties, suppliers or business alliances

10.3. Non-life insurance company, life insurance company

10.4. Insurance broker appointed by the Company

10.5. Government agencies with legal authorities

10.6. Professional consultant

10.7. Other business-related agencies or organization of the Company

Generally, the Personal Data controlled by the Company will be processed in Thailand. Nevertheless, under the necessary circumstances, the Company will disclose, transfer or forward the Personal Data to person or organization as stated in Clause No. 10.1-10.7 located outside the country, according to the framework set out in the Personal Data Protection Law and in order to achieve the purposes stated in this Privacy Policy. In such case, the Company will ensure that the recipient company has adequate data protect standard unless there is exception under the law.

11. Rights of the data subjects

11.1. Right to withdraw consent: The data subject shall have the right to withdraw their consent for the processing of Personal Data that they have given to the Company throughout the period in which the Personal Data is kept by the Company. The withdrawal of consent may affect any action which might occur after the withdrawal. Nonetheless, the withdrawal of consent will not affect the processed Personal Data which the data subject has given consent to the Company.

11.2. Right of access: The data subject shall have the right to access their Personal Data and request the Company to make a copy of such data, including the right to ask the Company to disclose any acquisitions of their Personal Data for which consent has not been given.

11.3. Right to data portability: The data subject has the right to transfer Personal Data that they have provided to the Company to other Data Controllers or themselves for certain reasons.

11.4. Right to restriction of processing: The data subject shall have the right to request the Company to restrict the use of their Personal Data for certain reasons.

11.5. Right to rectification: The data subject shall have the right to request the Company to correct the incorrect data or add the incomplete data.

11.6. Right to be forgotten: The data subject shall have the right to request the Company to erase, destroy or make the Personal Data unidentifiable.

11.7. Right to object: The data subject shall have the right to object to the processing of their Personal Data for certain reasons.

11.8. Right to lodge a complaint: In the event that the data subject foresees that the Company does not act in accordance with the Personal Data Protection Law, the data subject shall have the right to lodge a complaint to the Data Commission immediately.

12. Personal Data security

The Company has appropriate Personal Data security and safety measures in management, technical and organization aspects to prevent the data that may be loss, destroyed, or accessed by the unauthorized person including any changes that may cause damage to the data subject.

Nevertheless, it is widely known that the processing of Personal Data through the internet system is not completely secure. Therefore, the Company will develop the security system in accordance with the current technology and under the appropriate cost of changing technology.

13. Policy review and improvement

The Company will review and update this Privacy Policy from time to time or if there is any material change to the Privacy Policy. If necessary, the Company will request consent from the data subject related to such change. The data subject can review the change(s) to the Privacy Policy from below QR code.

14. Contact information

Committee of Data Protection Officer: DPO

Siam Cosmos Services Co., Ltd. (Data Controller)

142 Two Pacific Place Building, 15th Floor, Room No. 1502,1503, Sukhumvit Road, Klongtoey, Klongtoey, Bangkok 10110.

Contact number: 02-257-4100

Email: privacy@siamcosmos.co.th