FWD Life Insurance Public Company Limited (‘FWD’ or “We”) cares about your privacy and is fully committed to protect your personal data.
2. What personal data we collect from you
Your personal data means any information relating to you that can identify you, whether directly or indirectly, from that data alone or in a combination with other identifiers we possess or can reasonably access, except information about the deceased. The types of personal data we collect will depend on the scope of services and/or type of products that you are interested in or that we provide to you.
Depending on the type of products or services you select or your relationship with us, we may collect and hold the following personal data:
- Details about you, such as name, surname, gender, date of birth, educational background, occupation, marital status and nationality
- Contact details, such as home address, email address, phone number and social media accounts
- Identification and authentication details, such as identification card number, passport number, driving license number, photo and CCTV footage
- Financial details, such as your payments history, credit card numbers and bank account details
- Results of any credit, background and financial background checks we have conducted on you
- Insurance claim information, where this is relevant
- Your employment information and salary
- The names and addresses of your dependents or beneficiaries
- Information about how you use our website, applications or other technology, including IP addresses and device information
- Records and result of your insurance application
- Personal status indicating the abilities that have been limited by laws to proceed any transactions, such as bankruptcy laws, anti-money laundering laws, prevention and suppression of financial terrorism support laws, tax laws, being a membership of organisations, professional organisation or trade association.
- Other information that you have given to us
In addition, we may also collect and hold your sensitive data such as:
- Health, medical or treatment information;
- Racial or ethnic origin;
- Sexual preferences or practices;
- Membership of political associations;
- Criminal and lawsuit records;
- Religious or philosophical beliefs;
- Genetic data; and
- Biometric data.
If you do not or are unable or decline to provide certain personal data or to consent us to collect, use or disclose certain personal data which is necessary for us to make a relationship with you or provide our services and/or products to you, we may not be able to stay in contact with you, enter into a contract with you or perform our obligations resulting from a contract entered with you. In some cases, where we have legal obligations to collect, use or disclose certain personal data and you do not or are unable or decline to provide certain personal data to us, we may be liable for failure to comply with the legal obligations under the applicable laws.
3. Why and how we collect, use and disclose your personal data
We only collect, use, disclose or process your personal data by fair and lawful means to the extent necessary for the specific purposes. We have also set out some lawful reasons why we may process your personal data. These depend on what kind of personal data we are processing.
We normally process personal data which is required or allowed by any law that applies (legal compliance), to provide the services/products set out in a contract (contracts), if it is necessary to prevent danger to a person’s life, body and health (vital interests), if it is in our legitimate interests (legitimate interest) or we have your permission (consent).
For more information about this and the reasons we may need to process your personal data, please see below.
Note that when the data subject is a minor, quasi-incompetent or incompetent, consent will be requested from their legal representatives, guardians or curators.
- Legal compliance
We will rely on the purpose of legal compliance in which the processing of your personal data is necessary for compliance with a legal obligation to which we are subject, for example, relevant insurance laws, anti-money laundering laws, tax laws, securities and exchange laws, and personal data protection laws.
We will rely on the purpose of contracts in which the processing of your personal data is necessary for the performance of a contract to which you are a party or in order to take steps at your request before entering into a contract.
We will process your personal data in accordance with the agreement between you and us, and for the following reasons:
- Providing services and products to you, and administering, implementing, maintaining, managing and operating such services and products, including but not limited to insurance, financial or other products of FWD;
- Processing, assessing, and accepting any applications or requests made by you in connection with our services or products, issuing or arranging insurance contracts and maintaining your account with us;
- Processing and implementing payment instructions;
- Determining any amount of indebtedness owed to or by you and collecting and recovering any amount due from you or any person who has provided any security or undertaking for your liabilities;
- Exercising any rights that we may have in connection with the services and/or products provided to you; and
- Any purposes in connection with any claims made by or against or otherwise involving you in respect of any services and/or products provided by us, including but not limited to claiming, defending, analysing, investigating, processing, assessing, determining, negotiating to, resolving or settling such claims.
- Vital interests
We will rely on the purpose of vital interests where the processing of your personal data is necessary to prevent or avoid danger to a person’s life, body or health.
- Legitimate interests
We may rely on the purpose of legitimate interests pursued by us or by a third party which require us to process your personal data. Considering your interests, rights and freedoms, legitimate interests which allow us to process your personal data include:
- Complying with obligations, policies or procedures for sharing data and information within FWD and/or other use of data and information in accordance with FWD programmes to comply with sanctions or to prevent or detect money laundering, terrorist financing, fraud or other crimes and unlawful activities;
- Meeting any present or future contractual or other commitment with any legal, regulatory, governmental, tax, law enforcement or other authorities, and self-regulatory or industry bodies such as federations or associations of insurers in Thailand or any other jurisdictions;
- Meeting disclosure obligations imposed by laws, rules, regulations, codes of practice or guidelines (applicable in or outside Thailand) that are binding on FWD or its subsidiaries, holding companies, associated or affiliated companies, or companies controlled by, or under common control of FWD, partners, including but not limited to the disclosure to legal, regulatory, governmental, tax, law enforcement or other authorities, and self-regulatory or industry bodies such as federations or associations of insurers in Thailand or any other jurisdictions;
- Internal administration including generating internal reports, accounting, audit and complaint handling management;
- Creating and maintaining FWD’s credit and risk related models;
- Ensure security and business continuity; and
- Any purposes in connection with any claims made by or against or otherwise involving you in respect of any services and/or products provided by us, including but not limited to claiming, defending, analysing, investigating, processing, assessing, determining, negotiating, resolving or settling such claims.
Apart from the above lawful bases, we may process your personal data with your consent. We will only ask for your consent if there is no other lawful basis to process your personal data, especially, in the case where our processing activities have potential impact on your sensitive personal data. If we need to ask for your consent, we will make it clear what we are asking for and ask you to confirm your choice to give us that consent. If we cannot provide a product and/or service without your consent to process your personal data, we will make this clear when we ask for your consent.
We may request your consent to process your personal data for the following purposes:
- Designing insurance and other financial products for customers including analysing and improving of services and products;
- Performing policy review and needs analysis (whether or not on a regular basis)
- Operating, maintaining and providing subsequent services in relation to the applications for services and/or products;
- Verifying any eligibility, credit, physical, medical, security, underwriting and/or identity checks for the provision of services or products;
- Providing services and products to you, and administering, implementing, maintaining, managing and operating such services and products, including but not limited to insurance, financial and other products of FWD in the case where we need to process your sensitive personal data;
- Identifying and providing you with the information about services, products or any events that may benefit you or may be of interest to you;
- Analysing and conducting data analytics, surveys and feedbacks to develop, build and implement our business models, products, services and systems which help us to provide high standard services or enhance the benefits to you;
- Internal administration including generating internal reports, accounting, audit, complaint handling or claim management and handling in the case where we need to process your sensitive personal data; and
- Offering our services and products or other offers to you.
4. Informing you of your personal data collection
We will always notify you, before or at the time of collecting your personal data, about our purposes of processing. However, in some circumstances as specified under the PDPA, it is not necessary for us to inform you about our processing of your personal data, such as when:
- you are already aware of such new purposes or details of our processing;
- we believe that notice of such new purposes or the details of our processing is impossible or will obstruct the use or disclosure of your personal data, where we have taken suitable measures to protect your rights, freedoms and interests;
- it is urgent to use or disclose your personal data as required by law and we have implemented suitable measures to protect your interests; or
- we are aware of or acquire your personal data from our duty, occupation or profession, and we have used your personal data in accordance with such professional purposes and maintained the confidentiality as required by law.
5. How we collect your personal data
We collect your personal data in different ways which include in writing, by electronic or hard copy form, by telephone, email, in person, and over the internet such as via our website, cookies, online forms or social media.
We may collect your personal data directly from you. For example, you provide us with your personal data when you fill in an application form, insurance application form or our request form, communicate with us over the telephone, send us a letter or use our website.
We may also collect your personal data indirectly from publicly available sources of information and/or from other parties including:
If you provide personal data about another individual to us, you agree
- your intermediary or professional adviser(s)
- other insurers, reinsurers or distribution partners
- sanitorium, our service providers and business partners
- organisations that we have an arrangement with to jointly offer products
- our related entities
- third parties who, at the time of collection, have notified you that your information will be provided to us
- government, statutory or regulatory body and law enforcement bodies
- other third parties; and
- our agent, broker, or anyone that you have authorised to deal with us.
- inform them that you are disclosing their personal information to us;
- collect their consent to do so;
6. How we share your personal data
Your personal data may be transferred or disclosed to, accessed by or shared on a need to know basis with the following parties and for the following purposes
- Group members or business partners:
- group members of FWD in order to provide our products and services to you;
- any business partners of FWD that we have an agreement with including the members of those partners
- any person or company carrying on insurance-related and/or reinsurance-related business which is engaged by FWD in connection with FWD’s business
Please refer to the list of FWD Group, affiliated entities and business partners and/or
third party entities here. https://www.fwd.co.th/en/third-parties
- Agents or contractors
- any person or companies which is acting for or on behalf of FWD, or jointly with FWD, in respect of a purpose or a directly related purpose for which your personal data was required;
- any agents, contractors or service providers who provide administrative, credit reference, debt collection, telecommunications, computer, payment, printing, redemption, courier or other services in relation to the operation of businesses of FWD;
- any physicians, hospitals, clinics, medical practitioners, laboratories, technicians, loss adjustors, risk intelligence providers, claim investigation companies, administrators or other professional advisors who are engaged by FWD in connection with FWD’s business;
- any person or company to whom FWD is obliged or expected to make disclosure under the requirements of laws, rules, regulations, codes of practicetor guidelines (applicable in or outside Thailand) including any legal, regulatory, governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies such as federations or associations of insurers in Thailand or any other jurisdictions.
7. Transfer outside Thailand
These exceptions are:
- if the transfer is necessary for compliance with the law;
- if you have explicitly consented to the proposed transfer after having been informed of the possible risks due to the absence of an adequacy decision or adequate safeguards;
- if the transfer is necessary for the performance of a contract with you or the implementation of pre-contractual measures taken at your request;
- if the transfer is necessary for the conclusion or performance of a contract in your interest between FWD and another natural or legal person;
- if the transfer is necessary to protect vital interests of you or other persons, where you are physically or legally incapable of giving consent; and
- if the transfer is necessary for important reasons of public interest.
8. Your rights
You have rights to your personal data, and according to the PDPA these rights include:
- Right to access
You have a right to access and obtain a copy of your personal data that we hold about you. You may ask us to disclose the sources of where we obtained your personal data to which you have not consented to.
- Right to data portability
You have a right to request us to transfer your personal data to other persons/organisations, or request to see the personal data that we have transferred to other persons/organisations, unless it is impossible for us to carry out your request due to technical circumstances.
- Right to object to the processing of your personal data
You have the right to object to the processing of your personal data, unless there are circumstances that do not allow you to make the objection. These may include cases where we have compelling legitimate grounds or when the processing of your personal data is carried out to comply, exercise or defend legal claims or for the public interest.
- Right to erasure
You have a right to request us to delete, destroy or anonymise your personal data in the following
- The personal data is no longer necessary for the purpose for which it was collected, used or disclosed;
- You have withdrawn your consent on which the collection, use or disclosure was based and we no longer have legal grounds to collect, use or disclose the personal data;
- You have objected to the collection, use or disclosure of the personal data and we do not have legal grounds to reject the request; and/or
- When the personal data has been lawfully collected, used or disclosed under the PDPA.
- Right to restrict the processing of your information
You have a right to request us to restrict the processing of your personal data in the following
- It is under a pending examination process to check if the personal data is accurate, up-to-date, complete and not misleading;
- The personal data should be deleted or destroyed as it does not comply with the law and you request to restrict it instead;
- The personal data is no longer necessary for the purpose for which it was collected, used or disclosed, but you have the necessity to request the retention for purposes of establishing, complying, exercising or defending legal claims;
- We are pending verification of a basis to reject the objection request for the collection, use or disclosure of personal data.
- Right to rectification
You have a right to rectify inaccurate personal data in order to make it accurate, up-to-date, complete
and not misleading.
- Right to lodge a complaint
You have the right to make a complaint to the Personal Data Protection Committee in the case where we, our data processors, employees or contractors do not comply with the PDPA or other announcements under the PDPA.
- Right to withdraw consent
You may withdraw your consent at any time, unless we have a lawful basis to deny your request.
If you change your mind about how you would like us to have or process your personal data, you can tell us anytime by following the process under “Exercising your rights” section.
9. Exercising your rights
In order to exercise your rights stated above, you may refer to our contact’s details under “How to contact us” stated hereinbelow. If you make a request, we will ask you to confirm your identity (if necessary), and to provide information that helps us to understand your request better. We expect to respond to your request within 30 days of the receipt of your request.
We have full rights and sole discretion to either fulfil or decline your request or charge a reasonable fee to fulfil your request in the case where you have made more than 3 consecutive requests within 10 working days, or in the event that the requests are obviously excessive or unfounded. We are entitled to refuse your request on statutory grounds and we will notify you of the refusal and our grounds.
In the case where we reject your request, we will record the rejection with reasons according to the PDPA.
If you have any questions or would like to exercise any rights relating to your personal data, please contact us via the provided details in the ‘How to contact us’ section.
10. How long we keep your personal data
The period we keep your personal data is often linked to the prescription and enforcement periods under law. We will not keep your personal data longer than is necessary for the purposes for which that personal data was collected, held and processed, except when the retention period is determined by other laws and regulations, which in many cases is up to 11 years after the end of our relationship with you.
After this time, we might keep your personal data if we must do so to comply with a legal obligation, or if existing claims or complaints reasonably require us to keep your personal data, or for regulatory or technical reasons. If we do need to keep your personal data for a longer period, we will continue to protect that personal data.
We will delete, destroy, permanently anonymise, or otherwise dispose of all personal data at the end of the retention period, or when we must comply with your request for erasure of your personal data.
If you have any questions, please contact us at the provided details in the ‘How to contact us’ section.
11. Marketing and privilege
As part of our products and/or service, we may use your personal data to identify a product and/or service that may benefit you. We may contact you occasionally to let you know about new or existing products or services.
We may also disclose your personal data to our related entities or business partners to enable them to tell you about a product or service. The marketing delivery channels may be through electronic means, email, telephone, text and other forms of communication.
For direct marketing, FWD intends:
- to use your name, contact details, service and product portfolio information, financial background
and demographic data held by FWD in direct marketing;
- to market the following classes of services and products offered by FWD, FWD Group and/or our partners:
- insurance services and products;
- financial services and products;
- selling, cross selling or upselling of services and
- reward, promotion, campaign, loyalty or privilege
programmes and related services and products; and
- donations and contributions for charitable and/or
non-profit making purposes.
- to provide your personal data described in 1) above to any members of FWD and/or our partners for
their use in direct marketing the classes of services and products described in 2) above.
If you change your mind about how you would like us to contact you or you no longer wish to receive any of the above information, you can tell us anytime by following the process under “Exercising your rights” section.
12. Ensure security
To keep your personal data safe and secure, we use a range of measures, which include encryption and other forms of security. We require our employees and third parties who carry out work on our behalf to comply with appropriate privacy standards including obligations to protect against the leakage of information and to apply appropriate security measures for the processing of information.
We maintain and update our security procedures and measures to ensure a level of security for the personal data appropriate to the respective risk and the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing, including to prevent loss and unauthorised collection, access, use, modification, correction or disclosure of personal data. Our security measures apply to all types of data processing regardless of whether the personal data is processed electronically or in paper form.
13. Hyperlinks and cookies
FWD’s website may include hyperlinks to third party websites. FWD has no control over the content, accuracy, expressed opinions, and links provided at these third party websites or how these third party websites deal with your personal data. You should visit these third party websites for details of their privacy policies in relation to their handling of your personal data.
FWD may use ‘cookies’ to improve our internet service. A cookie is a small file of letters and numbers that automatically store on your computer's browser and can be viewed by FWD’s website. Cookies also help FWD’s website to recognize you and your list of favorites or most common use when visiting the website, as well as assisting FWD in customizing the website to suit your need.
15. How to contact us
If you have any comments, suggestions, questions, complaints or want to exercise your rights regarding your personal data, please contact:
Data Protection Officer
Address: 130-132, Sindhorn Building Tower 3, 14th, 16th, 26th - 29th Floor, Wireless Road, Lumpini, Phatumwan, Bangkok 10330
Email address: firstname.lastname@example.org
FWD Contact Center: 1351
By virtue of Royal Decree Prescribing Organisations and Businesses of which Personal Data Controllers are not Subject to Personal Data Protection Act B.E 2563 postponing the PDPA effective date, you may exercise your rights regarding your personal data from 1 June 2021 onwards.
Updated on 25 September 2020