Privacy notice
PRIVACY POLICY
AMG INSURE BROKER COMPANY LIMITED
AMG Insurance Broker Company Limited (the “Company”), which provides services as a general insurance agent and broker, including other insurance-related operations and associated activities (the “Services”), places a high priority on the privacy of its clients. Accordingly, the Company has developed this Personal Data Protection Policy to inform its clients of the Company’s policy and guidelines regarding the protection of rights in relation to the collection, use and disclosure (the “Processing”) of personal data of natural persons (hereinafter referred to as “you”), received by the Company in both document and electronic formats. Such personal data is considered an integral part of the Company’s Service terms and conditions, in compliance with the Personal Data Protection Act B.E. 2562 (2019) (“Personal Data Protection Act”) and relevant laws and regulations.
This Privacy Policy informs you of the methods by which the Company collects, uses, or discloses your personal data, including the types of data collected, the purposes of such processing, and the retention periods. It also provides details regarding the disclosure of personal data to third parties, your rights in relation to your personal data, measures for the confidentiality and security of your personal data, and the procedures by which you may contact the Company.
The Company recommends that you thoroughly read and understand this Policy, whether directly or indirectly, via various channels such as the Company’s website at www.amgib.com, the internet, applications, and all related services or tools. Links to other relevant websites may also be provided to inform you of the Company’s personal data protection practices. Each instance of your use of the services shall constitute full acceptance and acknowledgment of the terms set forth in this Policy.
COPE OF THIS POLICY
1.
This Personal Data Protection Policy governs the Company’s activities concerning the collection, use or disclosure of personal data of data subjects. Such personal data must be identifiable and may include, but is not limited to, the following: full name, age, gender, nationality, identification number, passport number, address, telephone number, or email address. It should be noted that this information must not be generally available to the public.
2.
This Personal Data Protection Policy has been approved by the Company’s Board of Directors and applies to directors, executives, employees, insurance agents, insurance brokers, as well as contractors, partners, and individuals, including service users or visitors to the Company’s website, applications, or other communication channels. All parties involved are required to comply strictly with this Policy
DEFINITIONS
“Company”
refers to AMG Insurance Broker Company Limited, a legal entity engaged in the business of providing non-life insurance agency and brokerage services, as well as other insurance-related activities and operations. The Company shall comply with all applicable laws and regulations to fulfill its business objectives.
“Personal Data”
means information about an individual that can identify that person directly or indirectly, including, but not limited to, title, full name, nickname, address, telephone number, national identification number, passport number, social security number, driver’s license number, tax identification number, bank account number, credit card number, email address, vehicle registration number, land deed number, IP address, Cookie ID, and audio recordings. However, publicly available information, corporate data, general business contact information (e.g., company name, company address, corporate registration number, office phone number, and business email address), anonymous data, and pseudonymized data that cannot be reidentified do not constitute Personal Data.
“Data Controller”
means an individual, legal entity, governmental authority, or organization responsible for determining the purposes and means of processing Personal Data. This responsibility includes the collection, use or disclosure of Personal Data, which may be determined solely or jointly with others.
“Data Processor”
means an individual, legal entity, governmental authority, or organization that processes Personal Data on behalf of a Data Controller and following its instructions. The Data Processor does not have the authority to determine the purposes and means of processing.
“Document Format”
refers to any written or printed material, including letters, numbers, diagrams, or other representations, which serve as evidence of meaning and may be used as a lawful record for Personal Data processing
“Electronic Data Format”
means information created, sent, received, stored, or processed electronically, including data exchanged via electronic data interchange, email, telegraph, telex, or fax. This data must be subject to personal data control and protection according to relevant standards and legal requirements
“Anonymization”
refers to a process that reduces the risk of identifying a Data Subject to an insignificant level. Once anonymized, the data cannot identify an individual, thereby protecting Personal Data in compliance with established standards and legal requirements.
“Anonymous Data”
refers to a process that reduces the risk of identifying a Data Subject to an insignificant level. Once anonymized, the data cannot identify an individual, thereby protecting Personal Data in compliance with established standards and legal requirements.means Personal Data that has been processed to render it non-identifiable. Such data is no longer considered Personal Data. The anonymization process, while a form of data is no longer considered Personal Data. The anonymization process, while a form of data processing, must be legally authorized and capable of ensuring that the data cannot be re-identified.
“Pseudonymization”
refers to processing Personal Data in a way that the data cannot be attributed to a Data Subject without additional information. This additional information must be stored separately and be subject to appropriate technical and organizational safeguards to prevent re-identification, enhancing data security and privacy according to data protection law.
“Pseudonymous Breach”
refers to pseudonymized Personal Data that, while not directly identifying the Data Subject, could be used for re-identification with additional data. Unauthorized access to such data proses risks to the rights and freedoms of the Data Subject.
“Processing”
means any operation or set of operations performed on Personal Data or sets of Personal Data, whether by automated means or not, including but not limited to collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, transmissions, dissemination, or otherwise making available, alignment, combination, restriction, erasure, or destruction, conducted per legal standards for Personal Data protection.
“Sensitive Personal Data”
means inherently private information prone to misuse or discrimination and requires special handling. This data includes but is not limited to race, ethnicity, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, health data, disabilities, union membership, genetic data, biometric data, or other similar sensitive data as defined by the Data Protection Committee.
“Personal Data Breach”
means any security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data that may impact the rights and freedoms of the Data Subject, potentially causing financial loss or damage to the Company’s reputation.
“Data Protection Officer (DPO)”
means an individual or committee appointed by the Company to oversee compliance with the Personal Data Protection Act B.E. 2562 (PDPA). The DPO’s core duties include advising on legal data protection compliance, assessing risks to Personal Data, and collaborating with relevant departments to ensure appropriate safeguards are in place
“Personal Data Protection Law”
refers to the Personal Data Protection Act B.E. 2562, including other related laws designed to safeguard the rights and freedoms of Data Subjects, setting guidelines for the lawful handling of Personal Data, including its collection, use, disclosure, and processing to prevent privacy infringements
PURPOSE OF COLLECTION, USE,
AND DISCLOSURE OF PERSONAL DATA BY THE COMPANY
The Company, operating in the field of insurance agency and brokerage, inclusive of all general and other insurance activities as well as related business operations, finds it necessary to collect, use, and disclose personal data for the following purposes:
1.
Execution of Client Requests: The Company collects, uses, and discloses personal data to fulfil client requests prior to or in accordance with a contractual agreement. The objective is to verify or identify the client’s identity when accessing the Company’s platform, products, and/or services, as well as to facilitate account management, membership, delivery, financial matters, and any associated tasks required for the client to receive requested products and/or services.
2.
Advertising and Marketing Management: The Company’s objective includes advertising, conducting marketing campaigns, analyzing and developing products, and engaging with clients to provide guidance or introduce products and services. This may involve handling media and advertisements, where, in some instances, the client may appear as a presenter or feature within the Company’s promotional media.
3.
Operations and After-Sales Client Care: The Company’s objective includes advertising, conducting marketing campaigns, analyzing and developing products, and engaging with clients to provide guidance or introduce products and services. This may involve handling media and advertisements, where, in some instances, the client may appear as a presenter or feature within the Company’s promotional media.
4.
Information Technology Management:The Company aims to establish and develop information systems for data collection and processing, with data connectivity between clients and agents, to support technology-related services. This includes processing data from website usage, applications, and various social media platforms (e.g., Facebook, LinkedIn, Twitter, YouTube, and Line) to ensure the system operates effectively and supports the Company’s business activities.
5.
Business Development and Operation:The Company pursues activities to enhance business performance, including managing products and/or services, fraud detection and prevention, customer relationship management, as well as evaluating and measuring the effectiveness of marketing and advertising policies across different channels. This is to ensure efficient operations and to foster business growth
6.
Management of Complaints, Disputes, and Legal Proceedings:The Company is committed to handling complaints, disputes, and legal proceedings, including risk management by reviewing, investigating, and taking measures to exercise rights under contracts and relevant laws. This is aimed at resolving disputes or conflicts that may arise between the Company and Clients in connection with the Company’s services.
7.
Risk Assessment: The Company collects and processes personal data for the purpose of evaluating and analyzing risks associated with insurance activities. This encompasses calculating insurance premiums and tailoring proposals suitable for clients, ensuring the Company’s operations align with acceptable risk standards and meet client’s needs appropriately.
8.
Service Improvement: The Company aims to analyze data and conduct research on insurance services to continuously enhance the quality and efficiency of services provided to clients. The goal is to respond to client needs and increase satisfaction by implementing improvements based on data-driven insights and market trend analyzes to maintain service relevance and optimal performance.
9.
Customer Relationship Management: The Company is committed to fostering long-term client relationships by ensuring high-quality post-sales service that fully meets client’s needs. Additionally, the Company values client feedback to refine and develop service offerings, aiming to build client satisfaction and trust through clear and open communication.
10.
Fraud Prevention: The Company uses personal data to detect and prevent potential fraud in business processes. The Company has implemented strict procedures and measures to prevent and examine fraudulent behavior. Additionally, the Company is dedicated to safeguarding personal data from unauthorized access or misuse by employing appropriate security technologies and systems, thereby assuring clients of the safety of their personal data.
PERSONAL DATA COLLECTED
Personal data refers to any information that can be used to identify the data subject, either directly or indirectly. This identification is characterized by at least three key features as follows:
- Distinction refers to the capacity of the data to differentiate between individuals, allowing it to clearly point to a specific person.
- Tracking refers to the ability of the data to monitor the behavior or activities of an individual. This data may be utilized to analyze and assess the individual’s conduct.
- Linkage refers to the capability of the data to be connected with other information in such a way that it identifies an individual. This can be further divided into two scenarios:
- Linked Data: Refers to instances where information, when combined with related data, can clearly identify an individual.
- Potentially Linked Data: Refer to situations where a dataset, when combined with other data, may identify an individual; however, the additional data required for such identification may not be within the system or could be located on the internet or other external sources.
The data may consist of any information that can be used to identify the data subject, either directly or indirectly. Such data may be understood or not, and may be in a form that is accessible by computers or other devices automatically, or stored in an organized manner for easy access. The purpose of such data processing is as follows:
- Collection for Processing: Data may be collected for processing by computers or devices, or as part of a data system used for data processing.
- Processing on Command: Data may be processed by computers or devices following specific instructions or programs, which may include data analysis, data management, or the transmission of data of data to other parts of the system.