Bangkok Life Assurance Public Company Limited and its subsidiaries (“The Company”) realize the importance of personal data and privacy of data subject. In the rapid changing environment on technology and transition to digital economy, the Company dedicates and places importance on personal data protection and prevention of personal data breach, which are under the Company’s governance. The Board of directors considered issuing this policy.
The purposes of this policy are for governing, protecting, and maintaining security of personal data; and for supporting the Company’s strategies on managing personal data to create favorable outcome for the business; by specifying principles on handling personal data, under the Company’s supervision, which consist of collection, recording, usage, and disclosure of personal data; including prevention and remedy for damages regarding breach of privacy of data subject; as per personal data protection laws and international standards.
This policy applies to the Company’s personnels and those related to the Company, including but not limited to life insurance agents, financial advisors, brokers, partners, external service providers, etc. Those individuals must study and strictly follow this policy. Any violation is subject to punishment according to the Company’s policy and /or law punishment, including termination of business relationship.
“Personal Data” is defined as data related to an individual that can identify such individual, whether directly or indirectly. Personal data is classified into two types; general personal data and sensitive personal data.
“Data subject” is defined as an individual whom personal data can identify such individual’s identity, such as customers, employees, directors, life insurance agents, financial advisors, etc.
“Personal Data Protection Laws” is defined as Personal Data Protection Act B.E. 2562, and legislations issued under such act; including other enforcement laws related to personal data protection.
“Breach of Personal Data” is defined as violation of security measures that leads to destruction, loss, access, usage, change, modification, or disclosure of personal data without authorization or illegally.
The Company collects, records, uses, and discloses personal data in accordance with “Personal Data Protection Principles” under personal data protection laws, which are in line with international standards. In case of no specification under personal data protection laws or this policy, the Company will process personal data as per principles as follows;
The Company specifies frameworks on personal data management, which cover collection, recording, usage, and disclosure of personal data; assessment of risks and impact on using personal data; usage of data subject’s rights; usage of external service; security measures; and handling of breaches, etc.; taking into account the importance of the data subject’s privacy. The frameworks follow international standards and personal data protection laws.
The Company arranges training and raises awareness, so that its personnels and related persons understand personal data protection principles, the Company’s Personal Data Protection policy, and personal data protection laws.
The Company governs, monitors, and evaluates performance under this policy appropriately to ensure standard of internal controls and service provided are effective and in line with related regulations and laws.
The Company reviews the policy at least annually or when a significant change occurs.
Reviewed in accordance with the resolution of the 1/2024 Board of Directors’ Meeting held on February 21, 2024