1. to provide service, improve products and services of the Company, conduct underwriting process, financial planning, administer insurance policies include providing other services or products that may be launched in the future as well as supervise, maintain and operate any action related to the aforementioned service;
2. to operate transactions relevant to the products or services of the Company i.e., insurance premium payment or claim request of the Data Subject both as the owner, as the rightful representative or as a governor of the insured (whichever applies);
3. to manage the relationship between the Company and the Data Subject;
4. to confirm and/or identify the Data Subject for accessing or using the service on platforms or communications with the Company;
5. to communicate, notify and/or informed news and updates from the Company;
6. to fulfill the purpose for which the Data Subject has informed the Company;
7. to propose privileges and/or services of the Company i.e., suggestions and/or proposals of products and services as well as marketing promotions and transactions related to the services of the Company;
8. to conduct the Company’s businesses such as data analysis, audit, new product development, enhancement or change of service, monitoring and analyzing service usage, conducting a survey to organize promotional campaigns, considering the Company’s transactions and business expansion;
9. to conduct operations necessary and suitable for
   1. auditing and preventing any action that does or may violate the law;
   2. responding to requests from government authorities including government authorities and states outside your country of residence;
   3. enforcing the Company’s terms of service and personal data policies;
   4. protecting the Company’s business operations;
   5. protecting personal rights, safety and assets of the Company, its personnel, the Data Subject and others;
   6. relieve, prevent or limit the damage which may be sustained;
10. to comply with the law, investigations of authorities or regulator and to comply with the rules, regulations or obligations as required by the government entities;

The Data Subject will be notified in case their Personal Data are requested by the Company for other purposes which are not mentioned above.

The Company shall collect, use or disclose your Personal Data for the objectives stated in Clause 1 only when:

1. Data from your Applications or other forms during applying for an insurance or any other service of the Company such as name, surname, identification number or other identity card number, phone number, date of birth, gender, address, email, financial and health data;
2. Data from your application for a membership, or creating an account for which a profile with details of Personal Data given to the Company is created in order to use the service through service channels of the Company such as mobile Applications and/or the Company’s website i.e., BLA Happy Life Club, online account or application account serviced by the Company as well as Personal Data given for signing up such as participating in an activity and/or contact the Company via website or other channels as specified by the Company;
3. Data that you provide to the Company to receive news, complete a survey or the records of your participation in activities such as satisfaction, interests or consuming behaviours etc.;
4. Data about your transactions with the Company or its Subsidiary or others such as job application, Applications for life insurance agent, broker, financial advisor, investment advisor, bidding, quotation proposal, the insured’s data, policy data and coverage, premiums, data from policy data change or correction, payment history which includes credit or debit card information, bank account number or banking or payment information including dates and time of payment. This depends on your types of the transactions made by the Data Subject;
5. Data from your visits to the Company’s website, other websites of its Subsidiary or Applications operated by the Company, use of social media and online interactions with advertisements of the Company such as browser type and version, type of terminal device that you use to access the services such as personal computer, laptop or smartphone, operating system and platform, IP address of your terminal equipment or device, location and data about the services and products viewed or searched by the Data Subject;
6. Data records from the contact between the Company and the Data Subject in the forms of customer notes, satisfaction survey, research and statistics or call recordings or image recordings through CCTV when the Data Subject contacts the Company’s customer service center as well as data shared via researched media such as SMS, social media Applications or emails etc.;
7. Data from social media profile when the Data Subject uses social media credentials such as Facebook, Twitter and Line to log in or to access any service of the Company such as social media account ID, interests, likes and friend list of the Data Subject who may control this privacy option provided by the social media service provider in the media account setting;

1. Personal Data received directly from the Data Subject such as details in insurance application form, a request form to change the details in the policy, information from signing up for BLA Happy Life Club;
2. Personal Data obtained from a Subsidiary;
3. Personal Data obtained from third parties such as life insurance agents or brokers, financial advisors, investment advisors, business partners and financial institutions;
4. Personal Data obtained from visits to websites i.e., name of the internet service provider, IP address via internet access and the address of the website which is connected to the Company’s website;
5. Personal Data obtained from public records and non-public records which the company has legitimate permission to collect and gather;
6. Personal Data obtained from government authorities and regulatory bodies who exercise legal authority.

1. Disclosure of Personal Data
   The Company shall disclose Personal Data to third parties and/or organizations only in the following cases:
   1. authorized insurance intermediaries i.e., agents, life insurance brokers, financial advisors, and investment advisors to offer products and services of the Company;
   2. business partners, subsidiaries and/or third-party service providers in order to offer services, privileges and other benefits of the Company to Personal Data Subject as well as to develop and enhance the products or the services of the Company such as data analysis, data processing, credit card processing, IT services and relevant infrastructure provisioning, customer service platform development, email/SMS delivery, website development, mobile application development, reinsurance, satisfaction survey and research, customer relationship management whereby a contract to maintain confidentiality of the Personal Data. In case of juristic persons, acceptable standard of Personal Data protection is required;
   3. government entities, the government or any legal entities to comply with the laws, the orders, the requests or otherwise cooperating with authorities pursuant to a legal compliance matter;
2. Transfer, Transmission and/or Sending Personal Data to a Foreign Country
   In the event where the Company transfers, transmit and/or send data to a foreign country, the Company shall formulate agreements and/or business contracts with entities or organizations that will receive such Personal Data to have acceptable Personal Data protection standards and in accordance with relevant laws to assure that the Personal Data will be safely protected.
   
   The Company shall transfer, transmit and/or send Personal Data to a foreign country under specific circumstances, examples of which are as follows:
   1. applying for reinsurance with a reinsurer overseas;
   2. the Company is bound by necessity to store and/or transfer and transmit Personal Data for storage purposes;
   3. Cloud processing by provider with international standard of security where the Personal Data will be retained by encryption or other means which cannot identify the Data Subject.

The Data Subject may find the list of life insurance agents and life insurance brokers whose Personal Data will be disclosed at https://smartpro.bangkoklife.com/AgentLicense/. The names on the list may increase or decrease, and the Company will constantly keep the list up to date.

In addition to the aforementioned purposes and as permitted by law, the Company will use Personal Data for marketing purposes i.e., sending promotional materials via mail, email and other means as well as conducting direct marketing to increase the benefits which the Data Subject will receive from being the Company’s customer through introduction of products and services.

You may choose to not receive the communications for the marketing purposes except the communications which are relevant and necessary for insurance policies and/or services which the Company provide such as premium payment reminder and premium payment receipt etc.

In order to assure you of the prevention against illegitimate access, amendment, leakage and loss of Personal Data, the Company creates awareness on information technology security as well as complies with the applicable regulatory standards and laws to guarantee information technology security and business contingency procedures.

The Company establishes measures to protect the privacy of the Personal Data Subject by restricting the access to Personal Data to only individuals who need to use such data to offer insurance products, financial products and services including employees, life insurance agents or brokers, financial advisors, investment advisors of the Company. The individuals permitted by the Company to access Personal Data are obliged to strictly adhere to and comply with the measures for Personal Data protection, as well as maintaining the confidentiality of such Personal Data. The Company has both physical and electronic preventive measures which are compliant to the regulatory standards enforced to protect Personal Data.

When the Company makes contracts or agreements with third parties, the Company imposes appropriate security and confidentiality obligations towards Personal Data on them to ensure the security of the Personal Data in possession of the Company.

1. the right to be informed about the existence, the type of Personal Data and the Company’s purposes of Personal Data use;
2. the right to access and request a copy of Personal Data which is under the responsibility of the Company where appropriate identity verification procedure shall apply;
3. the right to request the Company to make corrections, amendments or changes Personal Data to be up to date, complete and not causing misunderstanding;
4. the right to object to collect, use or disclosure Personal Data including the right to object any Personal Data processing;
5. the right to request temporary suppression of use or disclosure of Personal Data;
6. the right to request erasure, destruction or anonymization of Personal Data;
7. the right to request disclosure of Personal Data acquisition in case that consent had not been granted to collect such data;
8. the right to revoke consent given to the Company to collect, use or disclose Personal Data. The revocation of consent does not impact the collection, use and Personal Data disclosure for which the consent had been given.

The Company has determined the contact channels for you to exercise your rights based on the details in Clause 13. The Company will process and consider your request within 30 days starting from the date of receiving the request. Nevertheless, the Company remain the rights not to fulfil such rights of the Data Subject under the provisions of the law or insurance contracts made with the Company in the event that such events will cause the Data Subject to lose the rights or benefits according to an insurance policy.

The erasure, destruction or any action which anonymizes Personal Data or the revocation of consent from the Data Subject may be done under the provisions of the law and insurance contracts only. Exercising such rights may impact compliance with insurance contracts or any other service due to the inability to identify the Data Subject. Thus, there may be limitations to services which require Personal Data and may prevent the Data Subject from receiving the benefits, services, or news from the Company.

1. Use of Cookies
   The Company uses Cookies to enhance user experience on the Company’s website visits and to increase efficiency in presenting data and content by storing your usage data to improve and control the performance of the website and/or Applications. Cookies do not cause damage to the user’s devices and their content will be retrieved for use only by the website which creates such Cookies. The user can configure the browser to turn off the Cookies function and to delete all Cookies stored in a device at any time. The Cookies data stored are anonymized.
2. Connection to Other Websites or Applications
   The Company’s website or Applications may be redirected to third-party websites or Applications which may have Personal Data protection policy different to that of the Company. The Data Subject shall study the Personal Data protection of such website in order to understand the details of Personal Data protection and to make a decision regarding Personal Data disclosure. The Company will not be held responsible for the content, policy, damage or any action performed by the third-party websites or Applications.
   You may study the details and the configurations of Cookies at Cookies Policy.

The Company has appointed Data Protection Officer to investigate any operations related to collect, use or disclosure of Personal Data to be pursuant to the Personal Data Protection Act B.E. 2562 and the policies, regulations, announcements, orders issued by the Company as well as to coordinate and cooperate with Personal Data Protection Commission.

If you have questions or concerns regarding this Privacy Policy or the management of your data, you may reach us via the following contact channels:

If you have enquiries about the privacy policy, the personal data that the Company collects or wish to exercise any of your legal rights pursuant to the Personal Data Protection Act according to Clause 9, you may contact the Company via the following channels:

If you wish to report complaints, concerns or not satisfied with the response of the Company regarding your concerns, you can contact and/or file complaints to the Personal Data Protection Commission.

The Company reserves the rights to revise, change or amend this Privacy Policy in the future under the provisions of the law. Any update of this policy will be announced via the Company’s website at Privacy Policy.