About Us

Good Corporate Governance

​​​​

Privacy Notice

Bangkok Life Assurance Public Company Limited and its subsidiaries (hereinafter referred to as “the Company” or “we”) respect your privacy and are committed to protecting your personal data in accordance with applicable confidentiality practices and laws governing personal data protection, including the Personal Data Protection Act B.E. 2562 (2019). The Company undertakes to provide transparent information regarding the processing of personal data that corresponds to your respective relationship with the Company. You are advised to review the applicable Privacy Notice provided below in accordance with your relationship with the Company.

The Company may, in certain circumstances, process your personal data for purposes other than those specified in the notices below. In such instances, the Company shall provide you with prior notice or notice at the time of collection your personal data and may specifically request your consent thereto, unless the Company is authorized by law to process such data.

Privacy Notice for Shareholders

     Privacy Notice for Shareholders Bangkok Life Assurance Public Company Limited (hereinafter referred to as "the Company" or "we") places great importance on protecting your personal data as a shareholder, including in cases where you act as a proxy or authorized representative of a shareholder (hereinafter referred to as "representative"). To ensure that your personal data is protected and processed in accordance with the Personal Data Protection Act B.E. 2562 (2019), this Privacy Notice is established to inform you of the details regarding the processing of your personal data that may occur, as well as to inform you of your rights concerning your personal data and the channels to contact us.

Section 1: Purposes of Processing Personal Data

          The Company may collect, use, or disclose your personal data based on the following legal basis and purposes:

No. Purposes Legal Basis
1.1 To manage shareholder registers, proxy appointment, and other related matters for shareholders in compliance with laws relating to public limited companies and securities and exchange etc., and to record meetings and prepare meeting minutes to be submitted to relevant agencies such as the Stock Exchange of Thailand. Legal Obligation Basis
1.2 To pay dividends to shareholders and repay principal amounts. Legal Obligation Basis
Contractual Basis
1.3 To organize and manage shareholder meetings, including registration, vote recording, data analysis, activity preparation, event coordination, and shareholder facilitation services etc. Legitimate Interests Basis
1.4 To record images, audio, and/or video during meetings for the purpose of broadcasting meetings via the Company's website and other communication channels. Legitimate Interests Basis
1.5 To create databases of operations related to investor relations activities, shareholder privileges, opinion surveys, related communications, and analysis or improvement of the Company's operations. Legitimate Interests Basis
1.6 To ensure risk management and internal control, audit supervision, corporate governance, and internal organizational management. Legitimate Interests Basis
1.7 To establish, comply with, exercise, or defend against legal claims, litigation proceedings, and enforcement of legal actions. Legitimate Interests Basis
1.8 To comply with laws, orders from agencies, independent agencies, or competent authorities, including compliance with subpoenas, court orders, requests from police officers, prosecutors, and government agencies, and reporting or disclosing information to government agencies or independent agencies. Legal Obligation Basis
1.9 To manage health and safety for your protection. Vital Interests Basis


Section 2: Personal Data Collected

2.1 Sources of Data

Direct Collection of Personal Data Collection of Personal Data from Other Sources
The Company collects your personal data by directly requesting it from you, such as through forms specified by us, direct information requests, or by requesting submission of documents containing your personal data. The Company collects your personal data from other sources to achieve the purposes specified in Section 1, such as data from Securities Registrars.

2.2 Categories of Personal Data

Data Category Example
Identity Data Name, surname, national ID number, passport number, date of birth, gender, age, nationality, signature, name change information, and photographs
Contact Data Address, telephone number, email address, and electronic account information.
Financial Data Bank account number (used for dividend payments, principal and/or interest payments), and share numbers.
Communication Data Records of images or audio when contacting the Company.
Other Personal Data Occupation, opinions, or suggestions.

​2.3 Sensitive Personal Data

     The Company has no intention of processing "religion" and "blood type" data, which constitute sensitive personal data that appear on your national ID card copies, for any specific purpose. If you provide us with a copy of your national ID card, please conceal such data. If you have not concealed the aforementioned data, we wish to inform you that we do not collect or use such sensitive personal data.
    However, during the processing of shareholders' personal data, certain activities may require additional sensitive personal data. We will inform you and obtain your express consent before collecting such sensitive personal data.

Section 3: Personal Data Retention Period

     The Company will retain your personal data for the period necessary to fulfill the purposes for which the personal data is collected, used, or disclosed as specified in this Notice. The criteria used to determine the retention period include: 

  1. The period during which we have a relationship with you; and/or
  2. The period during which we provide benefits to you; and/or
  3. The period required for legal compliance or pursuant to statutory limitation periods for the establishment of, compliance with, exercise of, or defense against legal claims.

Section 4: Data Disclosure

No. Third Parties to Whom Information May Be Disclosed
4.1 Subsidiaries, affiliated companies, and group companies to support us in achieving the purposes specified in Section 1.
4.2 Government agencies, regulatory bodies, or other agencies as required by law, including officials exercising legal authority, such as courts, police, the Securities and Exchange Commission, and the Revenue Department.
4.3 Representatives, contractors, subcontractors, and/or service providers for operational purposes, such as shareholder event organization and facilitation service providers, auditors, lawyers, legal advisors, and financial institutions appointed as financial advisors.
4.4 Banks responsible for disbursing payments to shareholders.
4.5 Securities Registrars.


Section 5: International Transfer of Personal Information

     Your personal data may be transferred, stored, or processed in other manners by the Company or sent to any person or agency which may be located or provide services in Thailand or outside Thailand. Where required by applicable laws, we may request your consent for the transfer of such data to the third parties specified above outside Thailand. Your personal data will be transferred to locations that provide an adequate level of protection for the integrity and security of such personal data.


Section 6: Your Rights as a Data Subject

     As a data subject, you have the rights specified under the Personal Data Protection Act B.E. 2562 (2019). You may exercise these rights through the channels specified by the Company in Section 8.

No. Rights Description
6.1 Right to be Informed You have the right to be informed about the processing of your personal data, including the nature of the personal data, the purposes for processing, the retention period, and the persons with whom we may share such data.
6.2 Right of access You have the right to request access to and obtain copies of your personal data held by us, subject to appropriate identity verification procedures.
6.3 Right to rectification You have the right to request that we update or correct your personal data to ensure it remains accurate, up to date, complete, and not misleading.
6.4 Right to erasure You have the right to request that your personal data be deleted, destroyed, or anonymized.
6.5 Right to restrict processing You have the right to request suspension of the use of your personal data as permitted by law.
6.6 Right to Data Portability You have the right to request the transfer of your personal data to another data controller, except where this is not technically feasible.
6.7 Right to Object You have the right to object to the collection, use, or disclosure of your personal data as permitted by law.
6.8 Right to Withdraw Consent Where we have requested your consent for the processing of personal data, you have the right to withdraw such consent provided to us, unless such withdrawal is restricted by law or contract that benefits you. However, withdrawal of consent will not affect the lawful processing of your personal data to which you have already consented.
6.9 Right to Lodge Complaint You have the right to lodge a complaint with the competent authority under the Personal Data Protection Act B.E. 2562 (2019) if the Company violates or fails to comply with the provisions of the said Act.


Section 7: Changes to Privacy Notice for Shareholders

     The Company reviews this Notice regularly. Should we make any changes or amendments to this Notice, the current version will be posted on our website. Please visit our website at https://www.bangkoklife.com to ensure you are informed of current personal data processing practices. In certain cases, we may notify you about personal data processing through other means.


Section 8: Contact Information

     8.1 Company and Data Protection Officer Contact Information

Bangkok Life Assurance Public Company Limited
address 1415 Krungthep-Nonthaburi Road, Wong Sawang Subdistrict, Bang Sue District, Bangkok 10800
Company Website https://www.bangkoklife.com/th/Investor/Contact
Call Center 02-777-8888
Company Secretary Section 02-777-8845
Data Protection Officer Head of Compliance Office
dpo@bangkoklife.com
​​

     8.2 Competent Authority Contact Information

         If you wish to lodge a complaint or believe that the Company has not satisfactorily addressed your concerns, you may contact the Personal Data Protection Commission (PDPC).

12th September 2025

Privacy Notice for Customers and Stakeholders

Bangkok Life Assurance Public Company Limited and its subsidiaries (hereinafter referred to as "the Company" or "we") respect your privacy and guarantee protection of your personal data in accordance with confidentiality practices and applicable laws governing personal data protection, particularly the provisions of the Personal Data Protection Act B.E. 2562 (2019). We are committed to providing you with clear information regarding the processing of personal data in connection with your relationship with us.

1. Purposes of Processing Personal Data of Customers and Stakeholders

     1.1 Purposes Requiring Consent for Personal Data Processing

(1) To conduct direct marketing activities, communicate, and provide marketing services, news, special offers, sales promotion information, and benefits regarding our products or services when you are our potential or prospective customer and when you are our current customer in a manner that may exceed normal expectations. This may be carried out by other service providers under our control. We will specifically request your consent as required by law, particularly in the following circumstances:
  • When we offer products or services unrelated to your original products or services; or
  • When you have never had a relationship with us before; or
  • When you have terminated your relationship with us; or
  • When we receive your personal information from other customers or business partners.
(2) To conduct direct marketing activities, communicate, and provide marketing services, news, special offers, sales promotion information, and benefits regarding our products or services when you are our potential or prospective customer and when you are our current customer in a manner that may exceed normal expectations, using health information including health service utilization, disability, and sexual behaviors. This may be carried out by other service providers under our control. We will specifically request your consent as required by law.
(3) To achieve objectives regarding the development and improvement of our products, services, benefits, or activities through analysis, research, surveys, and compilation of statistical data, using health information including health service utilization, disability, and sexual behaviors. This may be carried out by other service providers under our control. We will specifically request your consent as required by law.
(4) To conduct direct marketing activities of the Company's affiliates or business partners. We will specifically request your consent as required by law.
(5) To verify and confirm your identity when you contact, establish relationships, or conduct transactions with us to ensure that such transactions are genuinely performed by you. However, we do not require processing of information about religion, race, or blood type that may be obtained from copies of identification cards or passports from certain countries. We request that you conceal such information before submitting documents to us. If you choose not to conceal such information, we will specifically request your consent as required by law.
(6) To verify and authenticate digital identity using biometric data when you conduct high-risk transactions through our electronic services, such as application registration, insurance contract execution, investment unit purchase contract execution, and personal data editing or modification, to ensure that such transactions are genuinely performed by you. We will specifically request your consent as required by law.
(7) To process health information, including health service utilization, disability, and sexual behaviors, when you are our potential or prospective customer, for the purpose of assessing your eligibility and health suitability. This enables us to offer insurance products or services appropriately and specifically. This may be carried out by other service providers under our control. We will specifically request your consent as required by law.
(8) To collect, use, or disclose health information, including health service utilization, disability, and sexual behaviors, whether existing or future information, for purposes necessary for insurance contract execution or for insurance contract performance, such as insurance applications, underwriting consideration, policy renewal consideration, policy modification requests requiring additional health examinations, claims processing, policy benefit payment, and compensation under insurance contracts. We may receive such personal data directly from you or from doctors, hospitals, other insurance companies, or publicly disclosed information with your express consent. We will specifically request your consent as required by law.
(9) To carry out advertising and public relations activities through our media and social media platforms, including disclosure to public media. We may record images or videos from participation in our activities. We will always announce recording activities in designated areas. If you do not wish your personal data to be disclosed, you may avoid entering such areas. You may submit a request to object to the disclosure of your personal data to us at any time. For advertising and public relations activities involving personal data of specific minors, we will request consent from you and/or the person exercising legal authority as required by law.
(10) When you are a potential or prospective customer, we may contact you to conduct satisfaction surveys and inquiries for the development and improvement of our products, services, benefits, or activities. This may be carried out by other service providers under our control.

     
​     1.2 Purposes for Which the Company May Rely on Legal Basis for Processing Other Than Consent

(1) When necessary for taking action at your request prior to executing a contract or for performing a contract that has a binding effect on the Company to which you are a party, particularly for:
  • Providing advice, recommendations, or any other information related to our products or services, including analysis and assessment of your needs;
  • Considering underwriting your life insurance requests, group insurance requests, or renewal requests, or to executing reinsurance contracts for our products or services;
  • Contacting or delivering documents for product and service operations under contracts or for relationship management;
  • Conducting contract-related transactions such as premium payments, life insurance policy services, claims processing, or an exercise of rights under insurance policies, including subrogation and succession rights;
  • Considering benefit payments under life insurance contracts and rider contracts (health insurance, accident insurance, critical illness insurance, etc.);
  • Processing your requests submitted through our forms, life insurance agents, brokers, intermediaries, customer service centers, branch offices, websites, or applications;
  • Analyzing financial data to offer suitable financial products in alignment with your requests;
  • Providing investment and credit advisory services.
(2) When necessary for the establishment of, compliance with, exercise of, or defense against legal claims.
(3) For the legitimate interests of the Company or of another person or entity, provided such interests are not outweighed by your fundamental rights regarding your personal data.
(4) For existing customers, to develop and improve products and services to be more suitable and specific to your needs, we will conduct study and analysis on your general personal data, such as application usage data, transaction management and activities performed through applications (Activity Tracking), website usage data, service usage data through various channels of the Company, and complaints or feedbacks. This enables us to recognize your identity, predict behavior, and understand personal preferences. When sensitive personal data is involved, we will specifically request your consent as required by law.
(5) For existing customers, we may contact you to conduct satisfaction surveys and inquiries for the development and improvement of our products, services, benefits, or activities. This may be carried out by other service providers under our control. When sensitive personal data is involved, we will specifically request your consent as required by law.
(6) Customer relations management, privileges or special services, participation in special events and seminars, including related facilitation and contact activities beyond those specified in life insurance contracts.
(7) Organizing sales promotion activities and providing benefits to promote sales to potential customers or prospects participating in activities according to agreements.
(8) The Company’s management related to internal processes, such as supervision for compliance with our regulations or policies, internal audit, audit and assurance, management of potential risks arising from business operations, complaint management, and business risk database maintenance.
(9) To control the safety of office building areas using closed-circuit television (CCTV) to record images and sounds for entry-exit control and monitor areas within the Company’s premises.
(10) When necessary to comply with laws applicable to the Company.
(11) When necessary to comply with laws to achieve objectives concerning compliance with and supervision to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:
  • Laws relating to life insurance, as well as compliance with orders of Office of Insurance Commission (OIC);
  • Laws relating to securities and exchange, as well as compliance with orders of Office of Securities and Exchange Commission (SEC);
  • Laws relating to bankruptcy;
  • Laws relating to personal data protection;
  • Laws relating to electronic transactions;
  • Laws relating to computer crimes.
(12) When necessary to comply with or supervise to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:
  • Laws relating to prevention and suppression of money laundering, financing of terrorism, and proliferation of weapons of mass destruction, as well as compliance with orders of Anti-Money Laundering Office (AMLO);
  • Revenue Code, applicable tax laws, and international economic and financial cooperation as required by law, as well as compliance with orders of Revenue Department;
  • Cybersecurity requirements.
(13) Compliance with court judgments, court orders, administrative orders, and implementation of criminal justice processes.
(14) To achieve research or statistical purposes, with the Company providing appropriate safeguards to protect your rights and freedoms.
(15) To prevent or suppress danger to life, body, or health of persons.
(16) Security management and monitoring, including cyber threat protection.
(17) Management of complaints and whistleblowing regarding our services, corruption, insurance fraud, and personal data breaches.
(18) Design, development, improvement, and testing of our internal systems, applications, websites, and devices supporting customer and prospect services.
(19) When you are an authorized person or assignee of a legal entity that serves as our contractor or service provider, and you are authorized to execute contracts with us or contact us on behalf of that legal entity, we process your personal data for taking action at the legal entity’s request prior to executing a contract, or for performance of a contract that has a binding effect on us to which the legal entity that appoints you as an authorized person or assignee is a party, particularly for:
  • Qualification and suitability assessment for contractor or service provider consideration;
  • Contract execution or performance;
  • Performance appraisal and consideration of compensation, bonus, or other benefits as agreed;
  • Communications concerning contract performance.
When sensitive personal data processing is involved for this purpose, we will specifically request your consent as required by law.
(20) When you are a natural person serving as our contractor or service provider, we process your personal data for taking action at your request prior to executing a contract, or for performance of a contract that has a binding effect on us to which you are a party, particularly for:
  • Qualification and suitability assessment for contractor or service provider consideration;
  • Contract execution or performance;
  • Performance appraisal and consideration of compensation, bonus, or other benefits as agreed;
  • Communications concerning contract performance.
When sensitive personal data processing is involved for this purpose, we will specifically request your consent as required by law.
 

2 Personal Data Necessary to Achieve Processing Purposes

     When collecting personal data, the Company collects only personal data that is necessary and relevant to achieve the specified processing purposes (Data Minimization). The collection of your personal data depends on your relationship with us, and the types of products or services you require from us

     2.1 Personal Data Collected by the Company

(1) Personal details, such as title, name, surname, gender, date of birth, age, weight, height, blood type, nationality, country of birth, signature, family status, marital status, number of children, child certification, adoption status, legal guardianship status, information from government-issued documents (national ID card, passport, government official card, taxpayer identification number, driver's license details, etc.), name change documents, foreigner-related documents, work permits, residence certificates, land title deeds, photographs, audio recordings of telephone conversations, CCTV recordings, visa-related documents, and other legal documents.
(2) Sensitive personal data as appearing in identification documents or documents supporting transactions and/or contracts and/or services (religion, race, disability, etc.).
(3) Health, disability, and sexual behavior information, such as health status indicators, blood type, medical treatment history, health service utilization information, claim information, and medical facilities visited for services.
(4) Educational information, such as educational history and qualifications.
(5) Employment information, such as occupation, position, job details, business type, organization type, employment duration, workplace, social security information, and personal data appearing in related documents, such as business documents, commercial registration, VAT registration certificate (Por. Por. 20), company affidavit, and corporate tax payment documents.
(6) Contact information, such as postal address per national ID card or house registration, current postal address, work postal address, delivery details, telephone numbers, fax numbers, maps, location information, email address, LINE ID, Facebook account, and other social networking site IDs.
(7) Financial information, such as income level, income and investment sources, countries of income and investment, salary certificates, bank statements, pay slips, financial status information, bank account names and numbers, loan information, collaterals, debt obligations, credit information, bankruptcy status information, receipts, cash bills, invoices, bank statements, financial contract details, tax amounts, balances, financial statements, and other financial information.
(8) Service-related information, such as product or service types chosen, details appearing in our product or service application forms, information in documents supporting underwriting and claim consideration, attached documents for money transfer services, collateral information, information created for use within the Company, insurance document information, insurance premium details, insurance history from insurance companies, insurance history from other insurance companies, insurance necessity information related to daily life, premium payment history, transaction account opening information, investment objectives, number of funds being held, fund names, unit holder numbers, withholding tax, KYC and CDD form details, investment experience, investment risk acceptance levels, suitability test results, system access levels, power of attorney information, and other supporting documents for service applications or requests.
(9) Transaction information, such as transaction details to and from you, transfer or payment dates and/or times, payment and receipt methods, transaction amounts, net amounts received, transfer information, check numbers, transaction reasons, transaction data relating to our products and services, contract information and details, contract expiration dates, contact dates, transaction and contract supporting documents (ID cards, house registration, photographs), transaction recipient signatures, transaction history, location, transaction status, requests and claims, fees, form information provided by you, product purchasing behavior, service usage, benefits, and participation in activities organized by us.
(10) Technical details, such as information obtained from your visits to www.bangkoklife.com, applications, or systems controlled by us, or from your interaction with our online advertisements on social media. The details include browser type and version, type of device used to access services, operating system and platform type, IP address of destination device or tool, location information, information about services and products you visit or search for, etc.
(11) FATCA and CRS information, such as information about your status in the United States, including citizenship, place of birth, permanent residence, and information based on the U.S. Indicia Checklist.
(12) Behavioral details, such as details about your behaviors, attitudes, facts about your interactions with our products or services, feedback and opinions on products or services used, claim and complaint details, and preferences with regards to marketing information.
(13) Civil or criminal litigation information, such as criminal history, civil, criminal, or other litigation records, investigator reports, and court orders. We will specifically request your consent as required by law.
(14) Biometric data, including facial comparison images with automatic systems.
(15) Social media profile information when you use credentials from social media, such as Facebook, Twitter, Line, TikTok, Instagram, etc., to connect or access our services. The information includes, for instance, social media account IDs, interests, and likes that are publicly disclosed with your express consent.

     When sensitive personal data processing is involved for these purposes, we will specifically request your express consent or process the data only as permitted by law.

2.2 How the Company Obtains Your Personal Information

     The Company normally collects personal data directly from you, whereby the collection of your personal data depends on your relationship with us, and the types of products or services you require from us. However, we may receive personal data from other sources, such as:

(1) Personal data of customers and prospects received from business partners in the insurance industry, life insurance agents, life insurance brokers, hospitals, business partners in the financial, banking, and investment industry.
(2) Personal data of beneficiaries under life insurance contracts, premium payors, legal guardians, family members, and benefit or special privilege recipients, which we may receive from persons who have entered into direct contracts with us.
(3) Personal data which we receive from government agencies and/or regulatory bodies exercising statutory powers.
(4) Data disclosed to the public with your express consent.
 

2.3 Personal Data of Third Parties

     If you provide the Company with personal data, such as name, surname, address details, telephone numbers for emergency and debt collection, and income of family members, of third parties, such as beneficiaries under insurance policies, benefit recipients, guarantors, emergency contacts, premium payors, authorized representatives, non-customer persons, and other persons related to your relationship with us, you must notify this Notice to such third parties for their acknowledgment and obtain their consent if necessary, or provide other legal basis to disclose the third party's personal data to us.

2.4 Personal Data of Minors

     The Company processes personal data of minors only within the scope permitted by law. Especially when processing health, disability, and sexual behavior data for underwriting purposes or insurance contract performance, we will only process such data after receiving consent from minors’ legal guardians. If you provide minors’ personal data to us, particularly their health, disability, and sexual behavior data, you must notify this Notice to the minors and their legal guardians for their acknowledgment and obtain their consent for personal data processing for specified purposes. We have no intention to collect personal data of minors or persons who have not reached legal age without consent as required by law. If we learn that we have collected personal data from a person who has not reached legal age without their consent as required by law, we will immediately delete such personal data or will collect, use, disclose, and/or transfer such personal data only when there is a legal basis other than consent or as permitted by law.

3. Personal Data Retention Period

     The Company retains personal data for periods consistent with specified purposes and/or legally required purposes only. We retain your data for as long as necessary, considering the necessity and purpose of collection and further processing according to the purposes for which we received such data. For example, we retain your personal data for the duration of your contract with us. However, to comply with legal requirements, we may need to retain your personal data for longer periods if required by law, such as specific time periods specified by law (e.g. statute of limitations or periods specified by the Civil and Commercial Code, Revenue Code, laws related to insurance, or laws related to anti-money laundering).

4. Personal Data Controller

     When Bangkok Life Assurance Public Company Limited, which is engaged in the life insurance business, determines the purposes and methods of processing your personal data, the Company has the status of a personal data controller under the law. You can find more information about us at www.bangkoklife.com and contact us at 1415 Krungthep-Nonthaburi Road, Wong Sawang Subdistrict, Bang Sue District, Bangkok 10800, or contact our Call Center at 02-777-8888.

5. Data Protection Officer Contact Information

     For questions regarding data subject rights management, personal data protection complaints, and additional comments regarding this Notice, please contact the Data Protection Officer at dpo@bangkoklife.com or 02-777-8888. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

6. Filing Complaints with the Personal Data Protection Commission

     You have the right to lodge complaints about the Company's processing of your personal data with the Personal Data Protection Committee (PDPC), which is the competent supervisory authority, at 120 Moo 3, Government Complex Commemorating His Majesty the King's 80th Birthday Anniversary, Ratthaprasasanabhakti Building (Building B), 7th Floor, Chaeng Watthana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210.

7. Privacy Notice of the Office of Insurance Commission (OIC)

     The Company discloses your personal data to the Office of Insurance Commission (OIC) for insurance business supervision and promotion purposes in accordance with the laws relating to life insurance and the OIC. Details of OIC's collection, use, and disclosure are set forth in its Personal Data Protection Policy available at www.oic.or.th.

8. Exercising Your Rights Under the Personal Data Protection Act B.E. 2562 (2019)

     Under the Personal Data Protection Act B.E. 2562 (2019), you have the following rights. You can exercise your rights through the customer service counter at the head office or email: csc@bangkoklife.com. In addition, you may contact our Call Center at 02-777-8888 for more information. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

     8.1 You have the right to request access to your personal data and receive copies of personal data in our possession, or to have us disclose the source of personal data you have not consented to.

     Conditions and Restrictions:

  • We cannot comply with your request if we are required to comply with the law or court orders.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.2 You have the right to request that your personal data that you have provided to us be shared with you in a commonly readable or usable format through tools or devices automatically, or to use or disclose such personal data through an automatic mean, and to request that your personal data be transferred to another data controller, unless technically impossible.

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent or contractual basis to process your personal data.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.3 You have the right to object to collection, use, or disclosure of your personal data when we rely on legitimate interest or legal obligation basis to process such personal data, or when we process such personal data for direct marketing purposes or scientific, historical, or statistical research purposes.

     Conditions and Restrictions:

  • When you exercise the right to objection because we rely on legitimate interest or legal obligation basis to process your personal data, we may not comply with your request if we have a legitimate ground that overrides your interests.
  • When you exercise the right to objection because we process your personal data for scientific, historical, or statistical research purposes, we may not comply with your request if the processing is necessary for performing tasks in the public interest.

     8.4 You have the right to request that your personal data be deleted, destroyed, or anonymized.

     Conditions and Restrictions:

  • We cannot comply with your request if we must retain the data on scientific, historical, or statistical research or legal obligation basis, as well as for preventive or occupational medicine purposes or public interest purposes in the areas of public health.
  • We cannot comply with your request if such data is needed for establishment of, compliance with, exercise of, or defense against legal claims or for complying with legal obligations.

     8.5 You have the right to request that the use of your personal data be suspended.

     Conditions and Restrictions:

  • You have the right to request such suspension while we process your request to correct data to ensure it remains accurate, up to date, complete, and not misleading.
  • You have the right to request such suspension when your personal data is collected, used, or disclosed unlawfully.
  • You have the right to request such suspension when we no longer need to retain such personal data, but you need us to retain it for establishment of, compliance with, exercise of, or defense against legal claims.
  • You have the right to request such suspension while we prove our defense for denying your request to exercise your rights as required by law.

     8.6 You have the right to request the Company to correct your data to ensure it remains accurate, up to date, complete, and not misleading.

     8.7 You have the right to withdraw your consent at any time through our Call Center at 02-777-8888.

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent basis to process your personal data.
  • If you withdraw consent for processing sensitive personal data for life insurance contract execution or performance (e.g. underwriting and claims), we will not be able to underwrite your insurance application and will not be able to perform the life insurance contract with you.
  • Withdrawal of consent will not affect the lawful collection, use, or disclosure of your personal data to which you have already consented.

9. Personal Data Disclosure Recipients

     The Company prioritizes the security of your personal data and your preferences as primary concerns and has measures to prevent misuse of your personal data by others. However, in the course of our operations, we may need to disclose your personal data to other persons on behalf of or at the direction of others or under our control. In collecting, using, disclosing, and/or transferring personal data abroad for the purposes under this Notice, these third parties may be located in Thailand or outside Thailand. We will always consider the security of your personal data.

     9.1 Service Providers of the Company

      To achieve the stated purposes for processing your personal data and maintain security of your personal data, the Company may disclose your personal data to "service providers" who are third parties with specific expertise performing functions under our control or specialized professional practices, including:

(1) Insurance service providers, including life insurance brokers and hospitals. You can check the list of life insurance agents and life insurance brokers to whom we will disclose personal data at https://smartpro.bangkoklife.com/AgentLicense/ The list may increase or decrease, and we will keep information current.
(2) Financial, banking, and investment service providers.
(3) Transportation service providers.
(4) Communications, media, and public relations service providers.
(5) Security service providers, including information technology and cyber security services.
(6) Information technology, network, communications, data storage, and cloud service providers.
(7) Event, hotel, and tourism service providers.
(8) Educational, skill development, survey, analysis, and research service providers.
(9) Specialized service providers, such as legal experts, auditing services, and internal auditing services.
 

     9.2 Compliance with Applicable Laws

     In some cases, the Company may disclose your personal data to comply with laws, including legally issued orders by law enforcement agencies, courts, Legal Execution Department, authorized persons, government agencies, or other persons if we believe such disclosure is necessary for legal compliance, protecting our rights, third party rights, or individual safety, or for investigating, preventing, or solving corruption, security, safety, and other risk problems, particularly those involving the Office of Insurance Commission (OIC), Anti-Money Laundering Office (AMLO), National Anti-Corruption Commission (NACC), Personal Data Protection Committee (PDPC), Social Security Office, Securities and Exchange Commission (SEC), Department of Business Development (Ministry of Commerce), Department of Labor Protection and Welfare (Ministry of Labor), Department of Skill Development (Ministry of Labor), Revenue Department and foreign tax offices as required by law, Stock Exchange of Thailand, Bank of Thailand (BOT), Royal Thai Police (RTP), and courts, etc.

     9.3 Affiliated Companies and Business Partners

     For personal data processing purposes of affiliated companies and/or business partners or for any joint purposes, the Company will notify you and seek your specific consent, unless permitted by law.

10. International Transfer of Personal Data

     The Company may transfer your personal data to recipients located in foreign countries (e.g. United Kingdom, United States, European Union countries, Singapore, Japan, and Malaysia). However, to ensure your personal data is always protected, we will establish specific security and confidentiality measures. Additionally, for cloud computing, we will consider organizations with international security standards and will store personal data in encrypted formats or other methods that cannot identify the data subject.

11. Changes to Privacy Notice

     The Company may modify this Notice from time to time due to changes in our personal data protection practices for various reasons or necessities, such as technological changes, legal or regulatory changes, and work process improvements. Any changes to this Notice will be effective when they are published on www.bangkoklife.com. However, if such amendments significantly impact you as the data subject, we will take appropriate steps to notify you in advance before such changes become effective.

Published on September 12, 2025.

Privacy Notice for Agents

     Bangkok Life Assurance Public Company Limited and its subsidiaries (hereinafter referred to as "the Company" or "we") respect your privacy and guarantee protection of your personal data in accordance with confidentiality practices and applicable laws governing personal data protection, particularly the provisions of the Personal Data Protection Act B.E. 2562 (2019). We are committed to providing you with clear information regarding the processing of personal data in connection with your relationship with us.

1. Purposes of Processing Personal Data of Agents

     1.1 Purposes Requiring Consent for Personal Data Processing

(1) When necessary to verify prohibited characteristics related to criminal offenses, criminal penalties, insurance fraud, inclusion in lists designated by the Anti-Money Laundering Office (AML List or Suspect List), or bankruptcy status. This verification is conducted for the purpose of considering the establishment of a relationship with the Company, accepting agents, or assessing the suitability of a person to hold a position within the Company. When we cannot rely on any legal provisions, we will specifically request your consent as required by law.
(2) The Company may provide activities, services, benefits, or other special benefits beyond the terms and conditions of life insurance contracts. Such provisions may require the use of health information, including health service utilization, disability, race, and religion. This may be carried out by other service providers under our control. We will specifically request your consent as required by law.
(3) To verify and authenticate digital identity using biometric data when you conduct high-risk transactions through our electronic services, such as application registration and agent contract execution, to ensure that such transactions are genuinely performed by you. We will specifically request your consent as required by law.
 

     1.2 Purposes for Which the Company May Rely on Legal Basis for Processing Other Than Consent

(1) When necessary for taking action at your request prior to executing an agent contract or for performing an agent contract that has a binding effect on the Company to which you are a party, particularly for:
  • Qualification and suitability assessment for agent contract execution, agent code issuance, training attendance, and application for examinations required to become life insurance agents as required by law and/or those involving investment advisor contracts;
  • Consideration of performance results under agent contracts, including performance appraisal and consideration of compensation, bonus, or other benefits as agreed, as well as consideration to pay the aforementioned benefits, and/or those involving investment advisor contracts;
  • Compliance with the Company’s rules, policies, and code of conduct;
  • Agent and investment advisor development, training, and seminars.

When sensitive personal data is involved, we will specifically request your consent as required by law.
(2) For the legitimate interests of the Company or of another person or entity, provided such interests are not outweighed by your fundamental rights regarding your personal data, particularly for:  
  • Workforce management, study, analysis, development, restructuring, or planning;
  • Engagement and satisfaction survey;
  • Allocation of compensation or other benefits beyond those specified in contracts, such as cafeteria services, sports centers, exercise facilities, activities, sightseeing trips, visa processing, airline tickets, and accommodation, as well as consideration to pay the aforementioned compensation or benefits;
  • Data security, user account registration, and identity verification to access work systems and data systems;
  • Analysis and creation of database concerning operations, communications, news dissemination, and public relations;
  • Accident and crime prevention, investigation, complaint management, fraud, and actions concerning disputes;
  • Data analysis, statistical data processing, and report preparation concerning the performance of duties of agents and investment advisors.

When sensitive personal data is involved, we will specifically request your consent as required by law.
(3) To monitor and surveil the use of Company’s devices for operational activities to manage any violations as prescribed in the Company’s policies or regulations and in accordance with legal requirements.
(4) To monitor behaviors and location (GPS Tracking) for the purpose of sales process assessment as prescribed in the Company’s policies or regulations and in accordance with legal requirements.
(5) When necessary for the establishment of, compliance with, exercise of, or defense against legal claims.
(4) The Company’s management related to internal processes, such as supervision for compliance with our regulations or policies, internal audit, audit and assurance, management of potential risks arising from business operations, complaint management, and business risk database maintenance.
(5) To control the safety of office building areas using closed-circuit television (CCTV) to record images and sounds for entry-exit control and monitor areas within the Company’s premises.
(6) To verify work experience, qualifications, and suitability to positions. We may receive such personal data directly from you or from your references, or publicly disclosed information with your express consent. Before providing the Company with personal data of other persons, you are obligated to notify the Privacy Notice to such persons for their acknowledgement.
(7) When necessary to comply with laws applicable to the Company.
(8) When necessary to comply with laws to achieve objectives concerning compliance with and supervision to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:​
  • Laws relating to life insurance, as well as compliance with orders of Office of Insurance Commission (OIC);
  • Laws relating to securities and exchange, as well as compliance with orders of Office of Securities and Exchange Commission (SEC);
  • Laws relating to bankruptcy;
  • Laws relating to personal data protection;
  • Laws relating to electronic transactions;
  • Laws relating to computer crimes.
(9) When necessary to comply with or supervise to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:
  • Laws relating to prevention and suppression of money laundering, financing of terrorism, and proliferation of weapons of mass destruction, as well as compliance with orders of Anti-Money Laundering Office (AMLO);
  • Revenue Code, applicable tax laws, and international economic and financial cooperation as required by law, as well as compliance with orders of Revenue Department;
  • Cybersecurity requirements.
(10) Compliance with court judgments, court orders, administrative orders, and implementation of criminal justice processes.
(11) To prevent or suppress danger to life, body, or health of persons.
(12) Security management and monitoring, including cyber threat protection.
(13) Management of complaints and whistleblowing regarding our services, corruption, fraud, personal data breaches, and other similar matters.
(14) Development, improvement, and testing of our internal systems, applications, websites, and devices supporting operations.
(15) To verify and confirm your identity when you conduct transactions or execute contracts with us.
(16) To carry out advertising and public relations activities through our media and social media platforms, including disclosure to public media. We may record images or videos from participation in our activities. We will always announce recording activities in designated areas. If you do not wish your personal data to be disclosed, you may avoid entering such areas. You may submit a request to object to the disclosure of your personal data to us at any time.


​     You may choose to object to the collection of certain data requested by the Company. Such objection may obstruct our ability to execute contracts, conduct transactions, provide services, or take actions at your requests. Additionally, if we rely on consent to collect, use, disclose, and/or transfer personal data abroad, you have the right to withdraw your consent at any time through the channels we specify. Withdrawal of consent may prevent us from continuing to collect, use, disclose, and/or transfer your personal data abroad for the aforementioned purposes, and may prevent us from fulfilling our duties or obligations to you, wholly or partially. However, withdrawal of your consent will not affect activities involving the collection, use, disclosure, and/or overseas transfer of your personal data to which you had already consented prior to withdrawal. Your personal data may be processed for the aforementioned purposes by service providers under our control, in accordance with the standards and security measures required by us.

     Unless permitted by the specified laws relating to personal data protection, if we wish to process your personal data for purposes beyond those specified in, or directly related to, this Notice, we will inform you of such processing in advance and specifically request your consent as required by law.

2 Personal Data Necessary to Achieve Processing Purposes

     When collecting personal data, the Company collects only personal data that is necessary and relevant to achieve the specified processing purposes (Data Minimization). The details are as follows.

     2.1 Personal Data Collected by the Company 

(1) Personal details, such as title, name, surname, gender, date of birth, age, weight, height, blood type, nationality, country of birth, signature, family status, marital status, number of children, information from government-issued documents (national ID card, passport, visa-related documents, work permits, government official card, taxpayer identification number, driver's license details, name change documents, residence certificates, etc.), vehicle number, color, and model, photographs, audio recordings of telephone conversations, meeting recordings or contacting data in the Company’s systems, CCTV recordings, guarantee information, income tax payment evidence, and financial background (AML List, Suspect List, or bankruptcy).
(2) Contact information, such as postal address per national ID card or house registration, current postal address, work postal address, telephone numbers, fax numbers, email address, maps, location information, online social media accounts (LINE ID, Facebook account, and other IDs), online social media channels, and information from online social networks.
(3) Sensitive personal data as appearing in identification documents or documents supporting transactions and/or contracts and/or services (religion, race, disability, etc.).
(4) Health and disability.
(5) Educational information, such as educational qualifications, proof of educational qualifications, name of the institution, major, graduation year, transcript copy, degree certificate copy, related training and seminars, certificates and special qualifications, name of the training institution, training period, and training year.
(6) Employment information, such as agent code, investment advisor code, affiliation code, ID/initial password, contract period, compensation and benefit information, income tax payment evidence, license information (e.g. license number, card issuance and expiration dates, examination history and results), work experience (e.g. current/past workplaces, occupation, position, monthly salary/income, and compensation details) and other supporting documents, satisfaction assessment data, image or video recordings of participation in our activities, and behavioral and location data (GPS Tracking).
(7) Financial information, such as income level, bank statements, financial status information, bank account names and numbers, collaterals, debt obligations, credit information, bankruptcy status information, tax amounts, and other financial information.
(8) Compensation and benefit information, such as compensation, commission, work fees, special compensation and benefits, and withholding tax.
(9) Security surveillance information, such as access to the Company’s internal systems and devices, entry to office buildings, CCTV recordings, internet, email, and telephone usage logs, and passwords and accessibility to the Company’s information systems.
(10) Performance and disciplinary information, such as performance appraisal, change of affiliated unit, indicators, disciplinary complaints, the Company’s policies or code of conduct, disciplinary procedures, warning procedures, and details of complaint consideration and results.
(11) Biometric data, including facial comparison images with automatic systems.
(12) Prohibited characteristics related to criminal offenses, criminal penalties, or fraud.
 

     When sensitive personal data processing is involved for these purposes, we will specifically request your express consent or process the data only as permitted by law.

     2.2 How the Company Obtains Your Personal Information

     The Company normally collects personal data directly from you, whereby the collection of your personal data depends on your relationship with us.

     We may obtain your personal data from other sources, such as persons who refer you to us. If you are a guarantor, family member, emergency contact person, or a reference for an agent or investment advisor application, we may receive your data from persons who have entered into direct contracts with us. Additionally, we may obtain your data that has been disclosed to the public with your express consent. In some cases, we may receive your personal data from government agencies and/or regulatory bodies exercising statutory powers.

     2.3 Personal Data of Third Parties

     If you provide the Company with personal data of third parties, such as spouse, children, parents, guarantors, references, or former employers, including their name, surname, address details, workplace details, occupation, income, telephone number, national ID, passport ID, nationality, date of birth, gender, type of children, number of children, marriage certificate details (e.g. certificate number, registration date, location of the registration office and the province where it is located, and agreements), and signature, etc., you must notify this Notice to such third parties for their acknowledgment and obtain their consent if necessary, or provide other legal basis to disclose the third party's personal data to us.

     2.4 Personal Data of Minors

     The Company processes personal data of minors only within the scope permitted by law. If you provide minors’ personal data to us, you must notify this Notice to the minors and their legal guardians for their acknowledgment and obtain their consent for personal data processing for specified purposes.

     We have no intention to collect personal data of minors or persons who have not reached legal age without consent as required by law. If we learn that we have collected personal data from a person who has not reached legal age without their consent as required by law, we will immediately delete such personal data or will collect, use, disclose, and/or transfer such personal data only when there is a legal basis other than consent or as permitted by law.

3. Personal Data Retention Period

     The Company retains personal data for periods consistent with specified purposes and/or legally required purposes only. We retain your data for as long as necessary, considering the necessity and purpose of collection and further processing according to the purposes for which we received such data. For example, we retain your personal data for the duration of your contract with us. However, to comply with legal requirements, we may need to retain your personal data for longer periods if required by law, such as specific time periods specified by law (e.g. statute of limitations or periods specified by the Civil and Commercial Code, Revenue Code, laws related to insurance, or laws related to anti-money laundering).

4. Personal Data Controller

     When Bangkok Life Assurance Public Company Limited, which is engaged in the life insurance business, determines the purposes and methods of processing your personal data, the Company has the status of a personal data controller under the law.

You can find more information about us at www.bangkoklife.com and contact us at 1415 Krungthep-Nonthaburi Road, Wong Sawang Subdistrict, Bang Sue District, Bangkok 10800, or contact our Call Center at 02-777-8888

5. Data Protection Officer Contact Information

     For questions regarding data subject rights management, personal data protection complaints, and additional comments regarding this Notice, please contact the Data Protection Officer at dpo@bangkoklife.com or 02-777-8888. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

6. Filing Complaints with the Personal Data Protection Commission

     You have the right to lodge complaints about the Company's processing of your personal data with the Personal Data Protection Committee (PDPC), which is the competent supervisory authority, at 120 Moo 3, Government Complex Commemorating His Majesty the King's 80th Birthday Anniversary, Ratthaprasasanabhakti Building (Building B), 7th Floor, Chaeng Watthana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210.

7. Privacy Notice of the Office of Insurance Commission (OIC)

     The Company discloses your personal data to the Office of Insurance Commission (OIC) for insurance business supervision and promotion purposes in accordance with the laws relating to life insurance and the OIC. Details of OIC's collection, use, and disclosure are set forth in its Personal Data Protection Policy available at www.oic.or.th

8. Exercising Your Rights Under the Personal Data Protection Act B.E. 2562 (2019)

     Under the Personal Data Protection Act B.E. 2562 (2019), you have the following rights. You can exercise your rights through the customer service counter at the head office or email: csc@bangkoklife.com In addition, you may contact our Call Center at 02-777-8888 for more information. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

     8.1 You have the right to request access to your personal data and receive copies of personal data in our possession, or to have us disclose the source of personal data you have not consented to.

     Conditions and Restrictions:

  • We cannot comply with your request if we are required to comply with the law or court orders.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.2 You have the right to request that your personal data that you have provided to us be shared with you in a commonly readable or usable format through tools or devices automatically, or to use or disclose such personal data through an automatic mean, and to request that your personal data be transferred to another data controller, unless technically impossible.

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent or contractual basis to process your personal data.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.3 You have the right to object to collection, use, or disclosure of your personal data when we rely on legitimate interest or legal obligation basis to process such personal data, or when we process such personal data for direct marketing purposes or scientific, historical, or statistical research purposes.

     Conditions and Restrictions:

  • When you exercise the right to objection because we rely on legitimate interest or legal obligation basis to process your personal data, we may not comply with your request if we have a legitimate ground that overrides your interests.
  • When you exercise the right to objection because we process your personal data for scientific, historical, or statistical research purposes, we may not comply with your request if the processing is necessary for performing tasks in the public interest.

     8.4 You have the right to request that your personal data be deleted, destroyed, or anonymized.

     Conditions and Restrictions:

  • We cannot comply with your request if we must retain the data on scientific, historical, or statistical research or legal obligation basis, as well as for preventive or occupational medicine purposes or public interest purposes in the areas of public health.
  • We cannot comply with your request if such data is needed for establishment of, compliance with, exercise of, or defense against legal claims or for complying with legal obligations.

     8.5 You have the right to request that the use of your personal data be suspended.

     Conditions and Restrictions:

  • You have the right to request such suspension while we process your request to correct data to ensure it remains accurate, up to date, complete, and not misleading.
  • You have the right to request such suspension when your personal data is collected, used, or disclosed unlawfully.
  • You have the right to request such suspension when we no longer need to retain such personal data, but you need us to retain it for establishment of, compliance with, exercise of, or defense against legal claims.
  • You have the right to request such suspension while we prove our defense for denying your request to exercise your rights as required by law.

     8.6 You have the right to request the Company to correct your data to ensure it remains accurate, up to date, complete, and not misleading.

     8.7 You have the right to withdraw your consent at any time through our Call Center at 02-777-8888

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent basis to process your personal data.
  • If you withdraw consent for processing sensitive personal data for contract execution or performance (e.g. agent application consideration and agent contract performance), we will not be able to execute or perform the contract with you.
  • Withdrawal of consent will not affect the lawful collection, use, or disclosure of your personal data to which you have already consented.

9. Personal Data Disclosure Recipients

     The Company prioritizes the security of your personal data and your preferences as primary concerns and has measures to prevent misuse of your personal data by others. However, in the course of our operations, we may need to disclose your personal data to other persons on behalf of or at the direction of others or under our control. In collecting, using, disclosing, and/or transferring personal data abroad for the purposes under this Notice, these third parties may be located in Thailand or outside Thailand. We will always consider the security of your personal data.

     9.1 Service Providers of the Company

     To achieve the stated purposes for processing your personal data and maintain security of your personal data, the Company may disclose your personal data to "service providers" who are third parties with specific expertise performing functions under our control or specialized professional practices, including:

(1) Insurance service providers, including life insurance brokers and hospitals. You can check the list of life insurance agents and life insurance brokers to whom we will disclose personal data at https://smartpro.bangkoklife.com/AgentLicense/ The list may increase or decrease, and we will keep information current.
(2) Financial, banking, and investment service providers.
(3) Transportation service providers.
(4) Communications, media, and public relations service providers.
(5) Security service providers, including information technology and cyber security services.
(6) Information technology, network, communications, data storage, and cloud service providers.
(7) Event, hotel, and tourism service providers.
(8) Educational, skill development, survey, analysis, and research service providers.
(9) Specialized service providers, such as legal experts, auditing services, and internal auditing services.
 

     9.2 Compliance with Applicable Laws

     In some cases, the Company may disclose your personal data to comply with laws, including legally issued orders by law enforcement agencies, courts, Legal Execution Department, authorized persons, government agencies, or other persons if we believe such disclosure is necessary for legal compliance, protecting our rights, third party rights, or individual safety, or for investigating, preventing, or solving corruption, security, safety, and other risk problems, particularly those involving the Office of Insurance Commission (OIC), Anti-Money Laundering Office (AMLO), National Anti-Corruption Commission (NACC), Personal Data Protection Committee (PDPC), Social Security Office, Securities and Exchange Commission (SEC), Department of Business Development (Ministry of Commerce), Department of Labor Protection and Welfare (Ministry of Labor), Department of Skill Development (Ministry of Labor), Revenue Department and foreign tax offices as required by law, Stock Exchange of Thailand, Bank of Thailand (BOT), Royal Thai Police (RTP), and courts, etc.

     9.3 Affiliated Companies and Business Partners

     For personal data processing purposes of affiliated companies and/or business partners or for any joint purposes, the Company will notify you and seek your specific consent, unless permitted by law.

10. International Transfer of Personal Data

     The Company may transfer your personal data to recipients located in foreign countries. However, to ensure your personal data is always protected, we will establish specific security and confidentiality measures. Additionally, for cloud computing, we will consider organizations with international security standards and will store personal data in encrypted formats or other methods that cannot identify the data subject.

11. Changes to Privacy Notice

     The Company may modify this Notice from time to time due to changes in our personal data protection practices for various reasons or necessities, such as technological changes, legal or regulatory changes, and work process improvements. Any changes to this Notice will be effective when they are published on www.bangkoklife.com However, if such amendments significantly impact you as the data subject, we will take appropriate steps to notify you in advance before such changes become effective.

Published on September 12, 2025.

Privacy Notice for Staff

     Bangkok Life Assurance Public Company Limited and its subsidiaries (hereinafter referred to as "the Company" or "we") respect your privacy and guarantee protection of your personal data in accordance with confidentiality practices and applicable laws governing personal data protection, particularly the provisions of the Personal Data Protection Act B.E. 2562 (2019). We are committed to providing you with clear information regarding the processing of personal data in connection with your relationship with us.

1. Purposes of Processing Personal Data of Staff

     1.1 Purposes Requiring Consent for Personal Data Processing

(1) When necessary to verify prohibited characteristics related to criminal offenses, criminal penalties, fraud, inclusion in lists designated by the Anti-Money Laundering Office (AML List or Suspect List), or bankruptcy status. This verification is conducted for the purpose of considering the establishment of a relationship with the Company, accepting staff members, or assessing the suitability of a person to hold a position within the Company. When we cannot rely on any legal provisions, we will specifically request your consent as required by law.
(2) The Company requires health check-up results and disability information to assess candidates for employment, or to evaluate candidates’ fitness for specific positions, or to consider qualifications for scholarships. We will specifically request your consent as required by law.
(3) The Company may provide activities, services, benefits, or other special benefits beyond the terms and conditions of contracts. Such provisions may require the use of health information, including health service utilization, disability, race, and religion. This may be carried out by other service providers under our control. We will specifically request your consent as required by law.
(4) To verify and authenticate digital identity using biometric data (Biometric Authentication), such as fingerprint scanning to access the Company’s E-sign system.
 

     1.2 Purposes for Which the Company May Rely on Legal Basis for Processing Other Than Consent

(1) When necessary for taking action at your request prior to executing a contract or for performing a contract that has a binding effect on the Company to which you are a party, particularly for:
  • Qualification and suitability assessment for employment of candidates, appointment of employees to specific positions, and scholarship granting consideration;
  • Consideration of performance results under employment contracts, including performance appraisal, appointment to positions, compensation management, and benchmarking job value and compensation with the industry and other financial institutions;
  • Compliance with the Company’s rules, policies, and code of conduct;
  • Staff development, training, and seminars;
  • Employee benefit, health, and safety management.
When sensitive personal data is involved, we will specifically request your consent as required by law.
(2) For the legitimate interests of the Company or of another person or entity, provided such interests are not outweighed by your fundamental rights regarding your personal data, particularly for:
  • Human resource management, workforce study, analysis, and allocation, and employee development;
  • Employee engagement and satisfaction survey;
  • Provision of medical benefits, insurance benefits, and other benefits beyond those specified in contracts, such as hospital services, cafeteria services, sports centers, exercise facilities, employee activities, and sightseeing trips.
  • Internal communications, interactions with third parties for operational purposes, data security, user account registration, and identity verification to access work systems and data systems;
  • Analysis and creation of database concerning operations, communications, news dissemination, and public relations;
  • Accident and crime prevention, investigation, complaint management, fraud, and actions concerning disputes;
  • Monitoring and surveillance of the use of Company’s devices for operational activities to manage any violations as prescribed in the Company’s policies or regulations.
When sensitive personal data is involved, we will specifically request your consent as required by law.
(3) When necessary for the establishment of, compliance with, exercise of, or defense against legal claims.
(4) The Company’s management related to internal processes, such as supervision for compliance with our regulations or policies, internal audit, audit and assurance, management of potential risks arising from business operations, complaint management, and business risk database maintenance.
(5) To control the safety of office building areas using closed-circuit television (CCTV) to record images and sounds for entry-exit control and monitor areas within the Company’s premises.
(6) To verify work experience, qualifications, and suitability to positions. We may receive such personal data directly from you or from your references, or publicly disclosed information with your express consent. Before providing the Company with personal data of other persons, you are obligated to notify the Privacy Notice to such persons for their acknowledgement.
(7) When necessary to comply with laws applicable to the Company.
(8) When necessary to comply with laws to achieve objectives concerning compliance with and supervision to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:
  • Laws relating to life insurance, as well as compliance with orders of Office of Insurance Commission (OIC);
  • Laws relating to securities and exchange, as well as compliance with orders of Office of Securities and Exchange Commission (SEC);
  • Laws relating to bankruptcy;
  • Laws relating to personal data protection;
  • Laws relating to electronic transactions;
  • Laws relating to computer crimes.
(9) When necessary to comply with or supervise to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including:
  • Laws relating to prevention and suppression of money laundering, financing of terrorism, and proliferation of weapons of mass destruction, as well as compliance with orders of Anti-Money Laundering Office (AMLO);
  • Revenue Code, applicable tax laws, and international economic and financial cooperation as required by law, as well as compliance with orders of Revenue Department;
  • Cybersecurity requirements.
(10) When necessary to comply with or supervise to ensure compliance with laws, regulations, notifications, and orders of government agencies and/or regulatory bodies exercising statutory powers relevant to the Company, including laws relating to labor protection and social security.
(11) Compliance with court judgments, court orders, administrative orders, and implementation of criminal justice processes.
(12) To prevent or suppress danger to life, body, or health of persons.
(13) Security management and monitoring, including cyber threat protection.
(14) Management of complaints and whistleblowing regarding our services, corruption, fraud, personal data breaches, and other similar matters.
(15) Development, improvement, and testing of our internal systems, applications, websites, and devices supporting operations.
(16) To verify and confirm your identity when you conduct transactions or execute contracts with us.
(17) To carry out advertising and public relations activities through our media and social media platforms, including disclosure to public media. We may record images or videos from participation in our activities. We will always announce recording activities in designated areas. If you do not wish your personal data to be disclosed, you may avoid entering such areas. You may submit a request to object to the disclosure of your personal data to us at any time.
 

     You may choose to object to the collection of certain data requested by the Company. Such objection may obstruct our ability to execute contracts, conduct transactions, provide services, or take actions at your requests. Additionally, if we rely on consent to collect, use, disclose, and/or transfer personal data abroad, you have the right to withdraw your consent at any time through the channels we specify. Withdrawal of consent may prevent us from continuing to collect, use, disclose, and/or transfer your personal data abroad for the aforementioned purposes, and may prevent us from fulfilling our duties or obligations to you, wholly or partially. However, withdrawal of your consent will not affect activities involving the collection, use, disclosure, and/or overseas transfer of your personal data to which you had already consented prior to withdrawal. Your personal data may be processed for the aforementioned purposes by service providers under our control, in accordance with the standards and security measures required by us.

     Unless permitted by the specified laws relating to personal data protection, if we wish to process your personal data for purposes beyond those specified in, or directly related to, this Notice, we will inform you of such processing in advance and specifically request your consent as required by law.

2. Personal Data Necessary to Achieve Processing Purposes

     When collecting personal data, the Company collects only personal data that is necessary and relevant to achieve the specified processing purposes (Data Minimization). The details are as follows.

     2.1 Personal Data Collected by the Company

(1) Personal details, such as title, name, surname, gender, date of birth, age, weight, height, blood type, nationality, country of birth, signature, family status, marital status, number of children, military service records, Buddhist ordination history, information from government-issued documents (national ID card, passport, visa-related documents, work permits, government official card, taxpayer identification number, driver's license details, name change documents, residence certificates, etc.), vehicle mileage records, vehicle number, color, and model, distance to office, photographs, audio recordings of telephone conversations, meeting recordings or contacting data in the Company’s systems, CCTV recordings, guarantee information, income tax payment evidence, and financial background (AML List, Suspect List, or bankruptcy).
(2) Contact information, such as postal address per national ID card or house registration, current postal address, work postal address, telephone numbers, fax numbers, email address, maps, location information, online social media accounts (LINE ID, Facebook account, and other IDs), online social media channels, information from online social networks, and overseas address of scholarship recipients studying abroad.
(3) Sensitive personal data as appearing in identification documents or documents supporting transactions and/or contracts and/or services (religion, race, disability, etc.).
(4) Health and disability information, such as health status indicators, blood type, medical treatment history, health service utilization information, claim information, medical facilities visited for services, BMI information, and food allergy.
(5) Educational information, such as educational qualifications, proof of educational qualifications, name of the institution, major, graduation year, grade point average, transcript copy, degree certificate copy, related training and seminars, certificates and special qualifications, name of the training institution, training period, training year, and information to support scholarship management, such as test results required for domestic and overseas education and acceptance letters from overseas institutions.
(6) Employment information, such as employee identification number, user ID/initial password, employee identification card details, position, division, department, function code, length of employment, time and attendance records, salary, income statements, employment certification letters from previous workplaces, investment and contract records, affiliated companies and businesses, reports of interests in other legal entities, shareholding information in legal entities, reports of bank’s securities holdings, income tax payment evidence, license information (e.g. license number, card issuance and expiration dates, examination history and results), work experience (e.g. current/past workplaces, occupation, position, monthly salary/income, compensation details, start date, end date, and length of employment), work experience in government services (if any) and other supporting documents, employee engagement data, satisfaction assessment data, and image or video recordings of participation in our activities.
(7) Financial information, such as income level, salary certificates, bank statements, salary slips, bank account names and numbers, loan information, collaterals, debt obligations, bankruptcy status information, tax amounts, and other financial information.
(8) Salary and benefit information, such as salary records (e.g. salary base, salary level, and bonus), expenses, compensation, commission, overtime pay, medical coverage, offsite work allowance, travel allowance, special compensation and benefits, payroll deductions (e.g. provident fund contributions, taxes, and social security fund contributions), severance pay, and pension payments.
(9) Security surveillance information, such as access to the Company’s internal systems and devices, entry to office buildings, CCTV recordings, internet, email, and telephone usage logs, and passwords and accessibility to the Company’s information systems.
(10) Performance and disciplinary information, such as performance appraisal, promotion, transfer, rotation, position change, indicators, disciplinary complaints, the Company’s policies or code of conduct, disciplinary procedures, warning procedures, and details of complaint consideration and results.
(11) Leave details, such as leave records (e.g. annual leave, sick leave, circumcision leave, personal leave, maternity leave, training/education leave, offsite duty leave, and military service leave).
(12) To verify and authenticate digital identity using biometric data (Biometric Authentication), such as fingerprint scanning to access the Company’s E-sign system.
(13) Prohibited characteristics related to criminal offenses, criminal penalties, or fraud.
 

When sensitive personal data processing is involved for these purposes, we will specifically request your express consent or process the data only as permitted by law.

     2.2 How the Company Obtains Your Personal Information

The Company normally collects personal data directly from you, whereby the collection of your personal data depends on your relationship with us. We may obtain your personal data from other sources, such as recruitment agencies and persons who refer you to us. If you are a guarantor, family member, emergency contact person, or a reference for an employment or scholarship application, we may receive your data from persons who have entered into direct contracts with us. Additionally, we may obtain your data that has been disclosed to the public with your express consent. In some cases, we may receive your personal data from government agencies and/or regulatory bodies exercising statutory powers.

     2.3 rsonal Data of Third Parties

If you provide the Company with personal data of third parties, such as spouse, children, parents, guarantors, supervisors, references, or former employers, including their name, surname, address details, workplace details, occupation, income, telephone number, national ID, passport ID, nationality, date of birth, gender, type of children, number of children, marriage certificate details (e.g. certificate number, registration date, location of the registration office and the province where it is located, and agreements), signature, details of related companies/businesses, your interests in other legal entities, and your shareholding information in legal entities, etc., you must notify this Notice to such third parties for their acknowledgment and obtain their consent if necessary, or provide other legal basis to disclose the third party's personal data to us.

     2.4 Personal Data of Minors

The Company processes personal data of minors only within the scope permitted by law. If you provide minors’ personal data to us, you must notify this Notice to the minors and their legal guardians for their acknowledgment and obtain their consent for personal data processing for specified purposes. We have no intention to collect personal data of minors or persons who have not reached legal age without consent as required by law. If we learn that we have collected personal data from a person who has not reached legal age without their consent as required by law, we will immediately delete such personal data or will collect, use, disclose, and/or transfer such personal data only when there is a legal basis other than consent or as permitted by law.

3. Personal Data Retention Period

     The Company retains personal data for periods consistent with specified purposes and/or legally required purposes only. We retain your data for as long as necessary, considering the necessity and purpose of collection and further processing according to the purposes for which we received such data. For example, we retain your personal data for the duration of your contract with us. However, to comply with legal requirements, we may need to retain your personal data for longer periods if required by law, such as specific time periods specified by law (e.g. statute of limitations or periods specified by the Civil and Commercial Code, Revenue Code, laws related to insurance, or laws related to anti-money laundering).

4. Personal Data Controller

     When Bangkok Life Assurance Public Company Limited, which is engaged in the life insurance business, determines the purposes and methods of processing your personal data, the Company has the status of a personal data controller under the law. You can find more information about us at www.bangkoklife.com and contact us at 1415 Krungthep-Nonthaburi Road, Wong Sawang Subdistrict, Bang Sue District, Bangkok 10800, or contact our Call Center at 02-777-8888.

5. Data Protection Officer Contact Information

     For questions regarding data subject rights management, personal data protection complaints, and additional comments regarding this Notice, please contact the Data Protection Officer at dpo@bangkoklife.com or 02-777-8888. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

6. Filing Complaints with the Personal Data Protection Commission

     You have the right to lodge complaints about the Company's processing of your personal data with the Personal Data Protection Committee (PDPC), which is the competent supervisory authority, at 120 Moo 3, Government Complex Commemorating His Majesty the King's 80th Birthday Anniversary, Ratthaprasasanabhakti Building (Building B), 7th Floor, Chaeng Watthana Road, Thung Song Hong Subdistrict, Lak Si District, Bangkok 10210.

7. Privacy Notice of the Office of Insurance Commission (OIC)

     The Company discloses your personal data to the Office of Insurance Commission (OIC) for insurance business supervision and promotion purposes in accordance with the laws relating to life insurance and the OIC. Details of OIC's collection, use, and disclosure are set forth in its Personal Data Protection Policy available at www.oic.or.th

8. Exercising Your Rights Under the Personal Data Protection Act B.E. 2562 (2019)

     Under the Personal Data Protection Act B.E. 2562 (2019), you have the following rights. You can exercise your rights through the customer service counter at the head office or email: hrpdpa@bangkoklife.com In addition, you may contact our Call Center at 02-777-8888 for more information. The Company may request additional information from you for identity verification purposes and to provide requested assistance.

     8.1 You have the right to request access to your personal data and receive copies of personal data in our possession, or to have us disclose the source of personal data you have not consented to.

     Conditions and Restrictions:

  • We cannot comply with your request if we are required to comply with the law or court orders.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.2 You have the right to request that your personal data that you have provided to us be shared with you in a commonly readable or usable format through tools or devices automatically, or to use or disclose such personal data through an automatic mean, and to request that your personal data be transferred to another data controller, unless technically impossible.

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent or contractual basis to process your personal data.
  • We cannot comply with your request if such compliance would potentially harm the rights and freedoms of other persons.

     8.3 You have the right to object to collection, use, or disclosure of your personal data when we rely on legitimate interest or legal obligation basis to process such personal data, or when we process such personal data for direct marketing purposes or scientific, historical, or statistical research purposes.

     Conditions and Restrictions:

  • When you exercise the right to objection because we rely on legitimate interest or legal obligation basis to process your personal data, we may not comply with your request if we have a legitimate ground that overrides your interests.
  • When you exercise the right to objection because we process your personal data for scientific, historical, or statistical research purposes, we may not comply with your request if the processing is necessary for performing tasks in the public interest.

     8.4 You have the right to request that your personal data be deleted, destroyed, or anonymized.

     Conditions and Restrictions:

  • We cannot comply with your request if we must retain the data on scientific, historical, or statistical research or legal obligation basis, as well as for preventive or occupational medicine purposes or public interest purposes in the areas of public health.
  • We cannot comply with your request if such data is needed for establishment of, compliance with, exercise of, or defense against legal claims or for complying with legal obligations.

     8.5 You have the right to request that the use of your personal data be suspended.

     Conditions and Restrictions:

  • You have the right to request such suspension while we process your request to correct data to ensure it remains accurate, up to date, complete, and not misleading.
  • You have the right to request such suspension when your personal data is collected, used, or disclosed unlawfully.
  • You have the right to request such suspension when we no longer need to retain such personal data, but you need us to retain it for establishment of, compliance with, exercise of, or defense against legal claims.
  • You have the right to request such suspension while we prove our defense for denying your request to exercise your rights as required by law.

     8.6 You have the right to request the Company to correct your data to ensure it remains accurate, up to date, complete, and not misleading.

     8.7 You have the right to withdraw your consent at any time through the Human Resources Department or hrpdpa@bangkoklife.com You can find more information by contacting our Call Center at 02-777-8888

     Conditions and Restrictions:

  • You may exercise this right only if we rely on consent basis to process your personal data.
  • If you withdraw consent for processing sensitive personal data for contract execution or performance, we will not be able to execute or perform the contract with you, including qualification assessment in the recruitment process.
  • Withdrawal of consent will not affect the lawful collection, use, or disclosure of your personal data to which you have already consented.

9. Personal Data Disclosure Recipients

     The Company prioritizes the security of your personal data and your preferences as primary concerns and has measures to prevent misuse of your personal data by others. However, in the course of our operations, we may need to disclose your personal data to other persons on behalf of or at the direction of others or under our control. In collecting, using, disclosing, and/or transferring personal data abroad for the purposes under this Notice, these third parties may be located in Thailand or outside Thailand. We will always consider the security of your personal data.

     9.1 Service Providers of the Company

To achieve the stated purposes for processing your personal data and maintain security of your personal data, the Company may disclose your personal data to "service providers" who are third parties with specific expertise performing functions under our control or specialized professional practices, including:

(1) Insurance service providers, including life insurance brokers and hospitals. You can check the list of life insurance agents and life insurance brokers to whom we will disclose personal data at https://smartpro.bangkoklife.com/AgentLicense/ The list may increase or decrease, and we will keep information current.
(2) Financial, banking, and investment service providers.
(3) Transportation service providers.
(4) Communications, media, and public relations service providers.
(5) Security service providers, including information technology and cyber security services.
(6) Information technology, network, communications, data storage, and cloud service providers.
(7) Event, hotel, and tourism service providers.
(8) Educational, skill development, survey, analysis, and research service providers.
(9) Specialized service providers, such as legal experts, auditing services, and internal auditing services.


     ​9.2 Compliance with Applicable Laws

In some cases, the Company may disclose your personal data to comply with laws, including legally issued orders by law enforcement agencies, courts, Legal Execution Department, authorized persons, government agencies, or other persons if we believe such disclosure is necessary for legal compliance, protecting our rights, third party rights, or individual safety, or for investigating, preventing, or solving corruption, security, safety, and other risk problems, particularly those involving the Office of Insurance Commission (OIC), Anti-Money Laundering Office (AMLO), National Anti-Corruption Commission (NACC), Personal Data Protection Committee (PDPC), Social Security Office, Securities and Exchange Commission (SEC), Department of Business Development (Ministry of Commerce), Department of Labor Protection and Welfare (Ministry of Labor), Department of Skill Development (Ministry of Labor), Revenue Department and foreign tax offices as required by law, Stock Exchange of Thailand, Bank of Thailand (BOT), Royal Thai Police (RTP), and courts, etc.

     9.3 Affiliated Companies and Business Partners

For personal data processing purposes of affiliated companies and/or business partners or for any joint purposes, the Company will notify you and seek your specific consent, unless permitted by law.

10. International Transfer of Personal Data

     The Company may transfer your personal data to recipients located in foreign countries. However, to ensure your personal data is always protected, we will establish specific security and confidentiality measures. Additionally, for cloud computing, we will consider organizations with international security standards and will store personal data in encrypted formats or other methods that cannot identify the data subject.

11. Changes to Privacy Notice

     The Company may modify this Notice from time to time due to changes in our personal data protection practices for various reasons or necessities, such as technological changes, legal or regulatory changes, and work process improvements. Any changes to this Notice will be effective when they are published on www.bangkoklife.com. However, if such amendments significantly impact you as the data subject, we will take appropriate steps to notify you in advance before such changes become effective.

Published on September 12, 2025.