FWD Life Insurance Public Company Limited (‘FWD’, ‘we’,
‘us’ or ‘our’) cares about your privacy and is fully committed to protect
the privacy of your personal data.
what, when, and why we collect, use, disclose, transfer or process your personal data, what steps we take to
ensure your personal data stays private and secure, how long we retain your personal data, how you can
contact us, and your rights under the Personal Data Protection Act B.E. 2562, also known as the PDPA.
you without delay.
2. What personal data we collect from you
Your personal data means any information relating to you that can identify you, whether directly or
indirectly, from that data alone or in a combination with other identifiers we possess or can reasonably
access, except information about the deceased. The types of personal data we collect will depend on the
scope of services and/or type of products that you are interested in and we provide to you.
Depending on the type of products or services you select or your relationship with us, FWD may collect and
hold the following personal data:
- Details about you, such as name, surname, gender, date of birth, educational background, occupation,
marital status and nationality
- Contact details, such as your name, home address, email address, phone number and social media
- Identification and authentication details, such as identification card number, passport number,
driving license number, photo and CCTV footage
- Financial details, such as your payments, credit card numbers and bank account details
- Results of any credit or background checks we have made on you
- Insurance claim information, where this is relevant
- Your employment information and salary
- The names and addresses of your dependents or beneficiaries
- Information about how you use our website, apps or other technology, including IP addresses and
- Other information that you give us
In addition, we may also collect and hold your sensitive data such as:
- Health or medical information
- Racial or ethnic origin
- Sexual preferences or practices
- Membership of political, professional or trade associations
- Criminal records
- Religious or philosophical beliefs
- Genetic data; and
- Biometric data.
If you do not or are unable or decline to provide certain personal data or consent us to collect, use, and
disclose certain personal data which is necessary for us to make a relationship with you or provide our services
and/or products to you, we may not be able to stay in contact with you, enter into a contract with you or
perform our obligations resulting from a contract entered with you.
3. Why and how we collect, use and disclose your personal data
We only collect, use, disclose or process your personal data by fair and lawful means to the extent necessary
for the specific purposes. We have also set out some lawful reasons why we may process your personal data.
These depend on what kind of personal data we are processing.
We normally process personal data it is required or allowed by any law that applies (legal compliance), to
provide the services/products set out in a contract (contracts), if it is necessary to prevent danger to a
person’s life, body and health (vital interests), if it is in our legitimate interests (legitimate interest)
or we have your permission (consent).
For more information about this and the reasons we may need to process your personal data, please see
Note that when the data subject is classified as a minor, quasi-incompetent
or incompetent, consent will be requested from their legal representatives, guardians or curators.
- Legal compliance
We will rely on the purpose of legal compliance in which the processing of your personal data is
necessary for compliance with a legal obligation to which we are subject.
We will rely on the purpose of contracts in which the processing of your personal data is necessary
for the performance of a contract to which you are a party or in order to take steps at your request
before entering into a contract.
We will process your personal data in accordance with the agreement between you and us, and for the
- Providing services and products to you, and administering,
implementing, maintaining, managing and operating such services and products, including but
not limited to insurance, financial and other products
- Processing, assessing, and determining any applications or
requests made by you in connection with our services or products, issuing or arranging
insurance contracts and maintaining your account with us;
- Creating and maintaining FWD’s credit and risk related
- Processing and implementing payment
- Determining any amount of indebtedness owed to or by you and
collecting and recovering any amount due from you or any person who has provided any
security or undertaking for your liabilities;
- Exercising any rights that we may have in connection with
the services and/or products provided to you; and
- Any purposes in connection with any claims made by or
against or otherwise involving you in respect of any services and/or products provided by
us, including but not limited to making, defending, analysing, investigating, processing,
assessing, determining, responding to, resolving or settling such claims.
- Vital interests
We will rely on the purpose of vital interests where the processing of your personal data is
necessary to prevent or avoid danger to a person’s life, body or health.
- Legitimate interests
We may rely on the purpose of legitimate interests pursued by us or by a third party which require
us to process your personal data. Considering your interests, rights and freedoms, legitimate
interests which allow us to process your personal data include:
- Complying with obligations, policies or procedures for
sharing data and information within FWD and/or other use of data and information in
accordance with FWD programmes to comply with sanctions or to prevent or detect money
laundering, terrorist financing, fraud or other crimes and unlawful
- Meeting any present or future contractual or other
commitment with any legal, regulatory, governmental, tax, law enforcement or other
authorities, and self-regulatory or industry bodies such as federations or associations of
insurers in Thailand or any other jurisdictions; and
- Meeting disclosure obligations imposed by laws, rules,
regulations, codes of practice or guidelines (applicable in or outside Thailand) that are
binding on FWD or its subsidiaries, holding companies, associated or affiliated companies,
or companies controlled by, or under common control of FWD, partners, including but not
limited to, making disclosure to legal, regulatory, governmental, tax, law enforcement or
other authorities, and self-regulatory or industry bodies; and
- Ensure security and business continuity.
Apart from the above lawful bases, we may process your personal data with your consent. We will only
ask for your consent if there is no other lawful basis to process your personal data, especially, in
the case where our processing activities have potential impact on your sensitive personal data. If
we need to ask for your consent, we will make it clear what we are asking for and ask you to confirm
your choice to give us that consent. If we cannot provide a product and/or service without your
consent to process your personal data, we will make this clear when we ask for your consent.
We may request your consent to process your personal data for the following purposes.
- Designing insurance and other financial products for
- Performing policy review and needs analysis (whether or not
on a regular basis)
- Operating, maintaining and providing subsequent services in
relation to the applications for services and/or products;
- Verifying and conducting any eligibility, credit, physical,
medical, security, underwriting and/or identity checks for the provision of services or
- Identifying and providing you with information about
services or products that may benefit you or may be of interest to you;
- Analysing and conducting data analytics, surveys and
feedbacks to develop, build and implement our business models, products, services and
systems which help us to provide high standard services or enhance the benefits to
- Marketing services and products to you; and
4. Informing you of your personal data collection
We will always notify you, before or at the time of collecting your personal data, about our purpose for
processing. However, in some circumstances, it is not necessary for us to inform you about our processing of
your personal data, such as when:
- you are aware of such new purposes or details of our processing;
- we believe that notice of such new purposes or the details of our processing is impossible or will
obstruct the use or disclosure of your personal data, where we have taken suitable measures to protect
your rights, freedoms and interests;
- it is urgent to use or disclose your personal data as required by law and we have implemented suitable
measures to protect your interests; or
- we are aware of or acquire your personal data from our duty, occupation or profession, and we have
maintained such new purposes with confidentiality as required by law.
5. How we collect your personal data
We collect your personal data in different ways which include in writing, by electronic or hard copy form, by
telephone, email, in person, and over the internet such as via our website, cookies, online forms or social
media. We may collect your personal data directly from you. For example, you provide us with your personal data
when you fill in an application form, deal with us over the telephone, send us a letter or use our
We may also collect your personal data indirectly from publicly available sources of information and/or
from other parties including:
If you provide personal data about another individual to us, you agree
- your intermediary or professional adviser(s)
- other insurers, reinsurers or distribution partners
- our service providers and business partners
- organisations that we have an arrangement with to jointly offer products
- our related entities
- third parties who, at the time of collection, have notified you that your information will be
provided to us
- government, statutory or regulatory body and law enforcement bodies
- other third parties; and
- anyone that you have authorised to deal with us.
- inform them that you are disclosing their personal information to us;
- collect their consent to do so;
6. How we share your personal data
departments, personnel, and third parties that handle personal data with a contractual arrangement with FWD
and/or its affiliated entities.
Your personal data may be transferred or disclosed to, accessed by or shared on a need to know basis with
the following parties and for the following purposes.
- Group members or business partners:
- members of FWD in order to provide our products and services
- any business partners of FWD that we have an agreement
- any person or company carrying on insurance-related and/or
reinsurance-related business which is engaged by FWD in connection with FWD's business
Please refer to the list of FWD Group, affiliated entities and business partners and/or
third party entities here. https://www.fwd.co.th/en/third-parties
- Agents or contractors
- any person or company which is acting for or on behalf of
FWD, or jointly with FWD, in respect of a purpose or a directly related purpose for which
your personal data was provided;
- any agents, contractors or service providers who provide
administrative, credit reference, debt collection, telecommunications, computer, payment,
printing, redemption or other services in relation to the operation of businesses of
- any physicians, hospitals, clinics, medical practitioners,
laboratories, technicians, loss adjustors, risk intelligence providers, claim investigation
companies, administrators or other professional advisors who are engaged by FWD in
connection with FWD's business;
- any person or company to whom FWD is obliged or expected to
make disclosure under the requirements of laws, rules, regulations, codes of practicetor
guidelines (applicable in or outside Thailand) including any legal, regulatory,
governmental, tax, law enforcement or other authorities, self-regulatory or industry bodies
such as federations or associations of insurers in Thailand or any other
7. Transfer outside Thailand
We deal with many international organisations and use global information systems. As a result, we transfer
countries outside Thailand have data protection laws that are similar to those in Thailand. Where data
security standards are deemed inadequate, we will provide appropriate safeguards to protect your interest or
the transfer will take place if one of the exceptions defined by the PDPA is met.
These exceptions are:
- if the transfer is necessary for compliance with the law;
- if you have explicitly consented to the proposed transfer after having been informed of the possible
risks due to the absence of an adequacy decision or adequate safeguards;
- if the transfer is necessary for the performance of a contract with you or the implementation of
pre-contractual measures taken at your request;
- if the transfer is necessary for the conclusion or performance of a contract in your interest between
FWD and another natural or legal person;
- if the transfer is necessary to protect vital interests of you or other persons, where you are
physically or legally incapable of giving consent; and
- if the transfer is necessary for important reasons of public interest.
8. Your rights
You have rights to your personal data, and according to the PDPA these rights include:
- Right to access
You have a right to access and obtain a copy of your personal data that we hold about you. You may ask
us to disclose the sources of where we obtained your personal data to which you have not consented
- Right to data portability
You have a right to request us to transfer your personal data to other persons/organisations, or request
to see the personal data that we have transferred to other persons/organisations, unless it is
impossible for us to carry out your request due to technical circumstances.
- Right to object to the processing of your personal data
You have the right to object to the processing of your personal data, unless there are circumstances
that do not allow you to make the objection. These may include cases where we have compelling legitimate
grounds or when the processing of your personal data is carried out to comply, exercise or defend legal
claims or for the public interest.
- Right to erasure
You have a right to request us to delete, destroy or anonymise your personal data in the following
- The personal data is no longer necessary for the purpose for
which it was collected, used or disclosed;
- You have withdrawn your consent on which the collection, use
or disclosure was based and we no longer have legal grounds to collect, use or disclose the
- You have objected to the collection, use or disclosure of
the personal data and we do not have legal grounds to reject the request;
- When the personal data has been lawfully collected, used or
disclosed under the PDPA.
- Right to restrict the processing of your information
You have a right to request us to restrict the processing of your personal data in the following
- It is under a pending examination process to check if the
personal data is accurate, up-to-date, complete and not misleading;
- The personal data should be deleted or destroyed as it does
not comply with the law and you request to restrict it instead;
- The personal data is no longer necessary for the purpose for
which it was collected, used or disclosed, but you have the necessity to request the
retention for purposes of establishing, complying, exercising or defending legal
- We are pending verification of a basis to reject the
objection request for the collection, use or disclosure of personal data.
- Right to rectification
You have a right to rectify inaccurate personal data in order to make it accurate, up-to-date, complete
and not misleading. If we reject your request, we will record the rejection with reasons.
- Right to lodge a complaint
You have the right to make a complaint in the case where we, our data processors, employees or
contractors do not comply with the PDPA or other announcements under the PDPA.
- Right to withdraw consent
You may withdraw your consent at any time, unless we have a lawful basis to deny your request.
If you change your mind about how you would like us to have or process your personal data, you can tell
us anytime by following our withdrawal process.
9. Exercising your rights
In order to exercise your rights stated above, you may refer to our contact’s details under “How to contact
us” stated hereinbelow. If you make a request, we will ask you to confirm your identity (if necessary), and
to provide information that helps us to understand your request better. We expect to respond to your request
within 30 days of the receipt of your request.
We have full rights and sole discretion to either fulfil or decline your request or charge a reasonable fee
to fulfil your request in the case where you have made more than 3 consecutive requests within 10 working
days, or in the event that the requests are obviously excessive or unfounded. We are entitled to refuse your
request on statutory grounds and we will notify you of the refusal and our grounds.
If you have any questions or would like to exercise any rights relating to your personal data, please contact
us via the provided details in the ‘How to contact us’ section.
10. How long we keep your personal data
The period we keep your personal data is often linked to the prescription and enforcement periods under law.
We will not keep your personal data longer than is necessary for the purposes for which that personal data
was collected, held and processed, except when the retention period is determined by other laws and
regulations, which in many cases is up to 11 years after the end of our relationship with you.
After this time, we will only keep your personal data if we must do so to comply with a legal obligation, or
if existing claims or complaints reasonably require us to keep your personal data, or for regulatory or
technical reasons. If we do need to keep your personal data for a longer period, we will continue to protect
that personal data.
We will delete, destroy, permanently anonymise, or otherwise dispose of all personal data at the end of the
retention period, or when we must comply with your request for erasure of your personal data.
If you have any questions, please contact us at the provided details in the ‘How to contact us’ section.
11. Marketing and preference
As part of our products and/or service, we may use your personal data to identify a product or service that
may benefit you. We may contact you occasionally to let you know about new or existing products or
We may also disclose your personal data to our related entities or
business partners to enable them to tell you about a product or service. The marketing delivery channels
may be through electronic means, email, telephone, text and other forms of communication.
For direct marketing, FWD intends:
If you change your mind about how you would like us to contact you or
you no longer wish to receive any of the above information, you can tell us anytime by following our
- to use your name, contact details, service and product portfolio information, financial background
and demographic data held by FWD in direct marketing;
- to market the following classes of services and products offered by FWD, other members of FWD and/or
- insurance services and products;
- financial services and products;
- selling, cross selling or upselling of services and
- reward, promotion, campaign, loyalty or privilege
programmes and related services and products; and
- donations and contributions for charitable and/or
non-profit making purposes.
- to provide your personal data described in 1) above to any members of FWD and/or our partners for
their use in direct marketing the classes of services and products described in 2) above.
12. Ensure security
To keep your personal data safe and secure, we use a range of measures, which include encryption and other
forms of security. We require our employees and third parties who carry out work on our behalf to comply
with appropriate privacy standards including obligations to protect against the leakage of information and
to apply appropriate security measures for the processing of information.
We maintain and update our security procedures and measures to ensure a level of security for the personal
data appropriate to the respective risk and the ability to ensure the ongoing confidentiality, integrity,
availability and resilience of processing, including to prevent loss and unauthorised collection, access,
use, modification, correction or disclosure of personal data. Our security measures apply to all types of
data processing regardless of whether the personal data is processed electronically or in paper form.
We certify that all personal data collected will be safely and securely stored with strict security
standards. If you have reason to believe that your personal data has been breached or if you have any
13. Hyperlinks and cookies
FWD’s website may include hyperlinks to third-party websites. FWD has no control over the content, accuracy,
expressed opinions, and links provided at these third party websites or how these third party websites deal
with your personal data. You should visit these third party websites for details of their privacy policies
in relation to their handling of your personal data.
FWD may use ‘cookies’ to improve our internet service. Cookies are small data files that are automatically
stored on the web browser in your computer which can be retrieved by FWD’s website. Cookies enable FWD’s
website to remember you and your preferences when you visit the website and enable us to tailor the website
to your needs.
The information collected by cookies is anonymous personalised settings information that contains no name or
address information, or any information that will enable anyone to contact you via telephone, e-mail or any
other means. No customer personal data is stored in cookies. However, you can disable cookies by changing
your web browser settings. Please note that this it may affect how you use our website or online services.
It may make it difficult for you to transact with us through our website and we may require time to request
notify you of any change, amendment or update on our website or via www.fwd.co.th/en/privacy-policy/ which you can check at any
15. How to contact us
If you have any comments, suggestions, questions, complaints or want to exercise your rights regarding your
personal data, please contact:
Name: Data Protection Officer
Email address: email@example.com
14th Floor, 16th Floor, 26th - 29th Floor, 130-132 Sindhorn Building Tower 3, Withayu Road, Lumpini,
Pathumwan, Bangkok 10330
Updated on 29 April 2020