When we collect and use your personal information, we ensure we look after it properly and use it in accordance with our privacy principles set out below, keep it safe and will never sell it. 

 We recognize the importance of protecting your personal data including sensitive data. The term of “Personal Data” according to this Policy is including your personal data and other individual person relating to you as required in the application “Third Party” e.g., insured, beneficiary or payor etc. since offering insurance products and other activities may be occurred throughout the insurance period. It is also including person who are not our customers whose information is necessary to collect, use or disclose e.g.,  

the complainant, an authorized person who acts on behalf of the customer, etc. 

 This Policy informs you of the collection, use, disclosure, and international transfer of your personal data and sensitive data. Hereinafter, personal data and sensitive data will be mentioned as “Personal Information”. 

• Personal data means any information of individual that can directly or indirectly identifiable exclude decease person 
• Sensitive data means any information that is defined by the Personal Data Protection Act ("PDPA") as be sensitive data such as racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.

 Whilst there are a number of ways in which we collect your personal information, the two main ways we might collect personal information about you are from things you tell us yourself, and from things we ask other people or organisations to share with us. Things you tell us could include conversations we have on the phone, what you’ve written on an application form or if you post something on one of our forums. We might also collect information about you from other people and organisations, such as medical professionals and credit agencies, or by checking databases. Please see below for a list of ways we collect your personal information: 

 We collect personal information directly from you: 

• via enquiry, registration and claim forms; 
• via feedback forms and forums; 
• when you purchase any of our products or services; 
• when you fill out a survey on our website; 
• through quotes and application forms; 
• via cookies.  
• via our telephone calls with you, which may be recorded; 
• when you provide your details to us either online or offline; 

We also collect your personal information from a number of different sources including: 

• from social media; and 
• Other third parties including: 
  - your family members where you may be incapacitated or unable to provide information relevant to your policy; 
  - medical professionals and hospitals; 
  - third parties who assist us in checking that claims are eligible for payment; 
  - third parties such as companies who provide consumer classification for marketing purposes e.g. market segmentation data; and 
  - third parties who provide information which may be used by KTAXA to inform its risk selection, pricing and underwriting decisions 
  - government authorities e.g., Anti-Money Laundering Office (AMLO), Personal Data Protection Commission (PDPC), etc. 

We might collect personal information, such as your contact details, information about your bank or credit cards. The information we collect depends on which product or service you’re interested in or relationship between you and us, for example,  if you are interested in obtaining car or travel insurance, we’ll collect information about the car you drive or where you’re planning to travel to and for medical insurance, we may ask you about you or your families' medical history. Please note, in certain circumstances we may request and/or receive "sensitive" personal information about you. For example, we may need access to health records for the purposes of providing you with a policy or processing claims, or details of any court judgments for the purposes of preventing, detecting and investigating fraud. Please see below for a more detailed list of personal information we collect.

The information that we collect will depend on our relationship with you. Where other people are named on your policy, we may ask you to provide the information below in relation to those people too, if this is relevant to your insurance.

 Where KTAXA is the data controller of your personal information we may collect the following about you

• Personal information
  - contact details such as name, e-mail address, postal address and telephone number.
  - details of any other persons included on the policy where they are named on your policy and the relationship to you as policyholder.
  - identification information such as your date of birth, identification number, passport number.
  - financial information such as bank details, credit card details and information obtained as a result of our credit checks.
  - information relevant to your insurance policy such as details about your previous policies or claims.
  - information relevant to your claim or your involvement in the matter giving rise to a claim.
  - information obtained through our use of cookies.
  - your marketing preferences.
  - lifestyle and social circumstances, for example, your interests, such as whether you play a sport, your housing status and number of dependents.
• Sensitive personal information
  - details of your current or former physical or mental health.
  - details concerning sexual life or sexual orientation.
  - details regarding criminal offences, including alleged offences, criminal proceedings, outcomes and sentences. (previous criminal convictions, bankruptcies and other financial sanctions such as court judgements)
  In addition, sensitive personal data such as religion, blood type are sensitive personal data that may be attached to other documents, which cannot be avoided such as the copy of ID card. We do not have the purpose of processing such information. If you do not wish to disclose such information to us, you can mask or cross out the above text and sign as evidence.

 We mainly use your personal information to provide you with an insurance policy or benefits and to provide you with the right services based on your situation. So, if you have a problem, we make sure the right network of providers and specialists are in place and we can also update you quickly on the progress and cost of your claim and keep you safe from fraud.

However, there are a number of other reasons why we use your personal information; please see below for a more detailed list of how we use your personal information.

We may collect your personal information for a number of different purposes, and these are set out in more detail in the below sub-sections for KTAXA where applicable. Under the PDPA, we need a reason to use and process your personal information, including sensitive personal information such as details about your health or criminal offences (“Special Categories”), and this is called a legal ground. We have set out below the main reasons why we process your personal information and the applicable circumstances when we will do so.

• Processing is necessary in order for us to provide your insurance policy and services, such as assessing your application and setting you up as a policyholder, or trust beneficiary, administering and managing your insurance policy or benefits, providing all related services, providing a quote, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we will be unable to offer you a policy or process your claim.
• We may use Cloud storage solutions within Singapore, where KTAXA has a Data Centre, or any other designated AXA group entity (as the case may be) which are chosen to ensure efficiency and improved performance through up to date technology.
• Where we have a legal or regulatory obligation to use such personal information, for example, when our regulators, The Office of Insurance Commission, The Securities and Exchange Commission, The Anti-Money Laundering Office, our data protection regulator, and The Office of the Personal Data Protection Committee wish us to maintain certain records of any dealings with you.
• Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves.
• Where we need to use your personal information for our legitimate interests or compliance with applicable laws, such as investigating fraudulent claims and carrying out fraud, credit and anti-money laundering checks.
• Where you have provided your consent to our use of your personal information. We will usually only ask for your consent in relation to processing your sensitive personal information (such as health data) or when providing marketing information to you (including information about other products and services). This will be made clear when you provide your personal information. If we ask for your consent, we will explain why it is necessary. Without your consent in some circumstances, we may not be able to provide you with cover under the policy or handle claims or you may not be able to benefit from some of our services. Where you provide sensitive personal information about a third party, we may ask you to confirm that the third party has provided his or her consent for you to act on their behalf.
• Where we have appropriate legitimate business need to use your personal information such as maintaining our business records all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.
• Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, this being a life-or-death matter or legal obligation to achieve the objectives of the public interest

4.1 Legal grounds for each use of your personal information

1) To verify your profile and qualification for reviewing your application, preparing sales illustration including assessment ability of premium payment.

• Legal ground: contract, i.e., such use is necessary in order to provide your insurance policy.
• Legal ground for sensitive personal information: explicit consent or legal obligation to achieve objectives of the public interest.

2) To calculate valuation, product pricing, premiums, and generate loan balance report and claim report.

• Legal ground: legitimate interest, legal obligation and contract, i.e., we have a legitimate business need to use your personal information to administer your insurance policy and reporting matters, such use is necessary for us to comply with our legal or regulatory obligations of The Office of Insurance Commission, and such use is necessary in order to provide your insurance policy and handle claims.
• Legal ground for sensitive personal information: explicit consent.

3) To communicate with you regarding the policy e.g., policy information, premium payment period.

• Legal grounds: legal obligation and contract i.e., personal data using for notifying you about your policy information and premium payment period, so you can have continuous coverage.
•  Legal grounds for sensitive personal information: explicit consent or legal obligation to achieve objectives of the public interest.

4) To administer, provide and service your insurance policy, assess eligibility for and handling and paying claims.

• Legal grounds: contract and legitimate interest, i.e., such use is necessary in order to provide your insurance policy and we have a legitimate business need to use your personal information to administer your insurance policy and handle any claims.
• Legal grounds for sensitive personal information: explicit consent, i.e.you have provided your explicit consent or legal obligation to achieve objectives of the public interest i.e., be able for claim payment .

5) To communicate with you and resolve any complaints you may have.

• Legal grounds: contract and legitimate interest, i.e., such use is necessary in order to provide your insurance policy and we have a legitimate business need to resolve any complaints.
• Legal grounds for sensitive personal information: explicit consent or legal obligation to achieve objectives of the public interest, i.e., such use is necessary for managing and develop our services as your complaints.

6) To establish, implement, exercise or protect legal rights.

• Legal grounds: legitimate interest to establish, implement, exercise or protect legal rights.
• Legal ground for sensitive personal information: to establish legal rights i.e., such use is necessary for the purpose of establishing a legal rights, exercise of legal rights and raising the defence of legal rights.

7) To disclose to other parties according to rights, duty or contract.

• Legal grounds: contract, legitimate interest and consent i.e., such use is necessary due to contract or legitimate interest, or consent given.
• Legal ground for sensitive personal information: explicit consent or legal obligation to achieve objectives of the public interest.

8) To prevent, detect and investigate fraud.

• Legal grounds: contract and legitimate interest, i.e., such use is necessary in order to provide your insurance policy and we have a legitimate business need to prevent fraud.
• Legal ground for sensitive personal information: legal claim or explicit consent, i.e., it is necessary for the establishment, compliance, exercise or defence of legal claim legal claim or you have provided your explicit consent.

9) For the purposes of debt collection. (where you have not paid for your insurance policy)

• Legal ground: legitimate interest, i.e., we have a legitimate business need to recover any debt in the event that legal action is required for you to pay insurance premium if you do not pay the premium or delay payment.

10) For our own management information purposes including managing our business operations such as data to support actuarial calculation, maintaining accounting records, analysis of financial results, internal audit requirements, receiving professional advice (e.g., tax or legal advice). We also undertake measures to secure our system and to ensure the effective operation of our systems.

• Legal grounds: legitimate interest, i.e., we have a legitimate business need to use your personal information to understand our business and monitor performance and maintain appropriate records, to protect the security of our systems.
• Legal ground for sensitive personal information: explicit consent or legal obligation to achieve objectives of the public interest.

11) For research and analytical purposes and to improve our products and services.

• Legal ground: legitimate interest i.e., such use is necessary for products or services improvement.
• Legal ground for sensitive personal information: explicit consent.

12) Complying with our legal or regulatory obligations.

• Legal ground: legal obligations, i.e., such use is necessary for us to comply with our legal or regulatory obligations i.e., relevant insurance laws, anti-money laundering laws, tax laws, securities and exchange laws, and personal data protection laws.
• Legal ground for sensitive personal information: legal obligation to achieve objectives of the public interest.

13) Providing improved quality, training and security. (for example, with respect to recorded or monitored phone calls to our contact numbers)

• Legal ground: legitimate interest i.e., such use is necessary in developing or upgrading our security system or in training and developing quality of operation.
• Legal ground for sensitive personal information: explicit consent.

14) Providing marketing information to you, as a personal customer (including information about other products) in accordance with preferences you have expressed.

• Legal ground: consent or legitimate interest

15) Providing marketing information to you, as a business customer. (including information about other products)

• Legal ground;legitimate interest.

16) Informing benefits i.e., special event, seminar, free health check up.

• Legal ground: consent or legitimate interest.

4.2 Legal grounds for each use of personal information of person relating to you

1) To comply with insurance policy e.g., payor, beneficiary.

• Legal ground: contract, i.e., such use is necessary in order to provide your insurance policy i.e., such use is necessary at policy acceptance or claims payment to beneficiary.

For KTAXA

Who might we disclose your personal information to?

Disclosure within our group i.e., Krungthai Bank PLC and our affiliates. You can find our affiliates name list here.

In order to provide our services your personal information is shared with other companies in our group. Your personal information might be shared for our general business administration, efficiency and accuracy purposes or for the prevention and detection of fraud.

We provide safeguards to ensure the security and the confidentiality of your Personal Data by framing the transfer through the Binding Corporate Rules when your Personal Data is transferred to other entities of the AXA Group.

Disclosures to third parties and affiliates of third parties

We also disclose your information to the third parties listed below for the purposes described in this Privacy Policy. This might include.

• Your relatives or, guardians (on your behalf where you are incapacitated or unable) or other people or organisations associated with you such as your insurance broker or your lawyer.
• Where you have named an alternative contact (such as a relative) to speak with us on your behalf. Once you have told us your alternative contact, this person will be able to discuss all aspects of your policy (including claims and cancellation) with us and make changes on your behalf.
• Our insurance partners such as our agents, i.e. agency, Financial Service Advisor (FSA), and Bancassurance, brokers, other insurers, reinsurers or other companies who act as insurance distributors.
• Other third parties who assist in the administration of insurance policies.
• We may share the personal information of any persons named on the policy with third parties to obtain information which may be used by KTAXA to inform its risk selection, pricing and underwriting decisions.
• Fraud detection agencies or any other person with authority to investigate fraud, Royal Thai Police, and other third parties or law enforcement agencies where necessary for fraud prevention and crime investigation.
• The police and other third parties or law enforcement agencies where reasonably necessary for the prevention or detection of crime.
• Our third-party services providers such as IT suppliers, actuaries, auditors, lawyers, marketing agencies, research specialists, document management providers and tax advisers.
• Customer satisfaction survey providers.
• Financial institution and advisory.
• The Office of Insurance Commission (OIC), The Securities and Exchange Commission (SEC), The Office of the Personal Data Protection Committee (PDPC) and other relevant government authorities.
• Loss Adjusters.
• Your healthcare provider.
• Debt collection agencies.
• Credit reference agencies.

Disclosure of your personal information to a third party outside of KTAXA will only be made where the third party has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also disclose your personal information to other third parties where

• We are required or permitted to do so by law or by regulatory bodies such as where there is a court order, statutory obligation, The Office of Insurance Commission, The Securities and Exchange Commission and other relevant government authorities; or
• We believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action (including fraud) or is otherwise in the overriding public interest; or
• Exemptions under the data protection legislation allow us to do so

Some of the recipients and technical solutions set out above may be in countries outside of Thailand notably in Singapore, where KTAXA has a Data Centre, or any other designated AXA group entity as the case may be. Where we make a transfer of your personal information outside of Thailand, in all cases where personal data is transferred to a country which is deemed not to have the same standards of protection for personal data as Thailand will ensure Appropriate Safeguards have been implemented to ensure that your personal information is protected where standards are not the same or similar to those standards within Thailand. Such steps may include placing the party we are transferring personal information to under contractual obligations to protect it to adequate standards.

In most cases, we will keep your information for ten years after our relationship with you ends but it will vary depending on what data we hold, why we hold it and what we’re obliged to do by the regulator or the law.

We keep your personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Privacy Policy and in order to comply with our legal and regulatory obligations. In some instances, we will minimise personal data; or de-identify data to use for statistical or analytical purposes, this activity is undertaken in accordance with data protection laws.

The time period we retain your personal information for will differ depending on the nature of the personal information and what we do with it. How long we keep personal information is primarily determined by our regulatory obligations. We typically keep quotation information and claims records for up to twelve (12) years from the end of our relationship with you and general policy data for twelve (12) years from the release of business liability under the last entry of liability.

You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked, or explain why we can’t - usually because of a legal or regulatory issue.

According to the PDPA B.E. 2562, you have the following rights in relation to our use of your personal information.

Right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested. However, we may require you to verify your identity before processing a request for the security of your personal information.

Right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact us by using the details shown in your documentation and you can ask us to update or amend it.

Right to erasure

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

Right to data portability

In the event that we have made the personal data in a readable or generally usable form by means of an automated tool or device and that the personal data can be used or disclosed by an automated means. In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information including having following rights.

• Request for transmission or personal data transferal in such form to another personal data controller whenever possible by automated means
• Request for transmission or personal data transferal in such form to another personal data controller directly unless by technical condition it is not possible

When we have proceeding upon your request, the recipients of such personal information are responsible for your personal information.

 Right to object

You have the right to object to the collection, use or disclosure of your personal information for direct marketing purposes or on grounds stipulated by law.

 Right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information at any time. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

 Please note that your withdrawal shall have no effect to previous legitimated personal data processing.

 Right to lodge a complaint

You have a right to complain to the Personal Data Protection Committee at any time if you object to the way in which we use your personal information.

You can make any of the requests set out above using the contact details provided to you in your policy documentation or the contact details of the Data Protection Officer (DPO). Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.

In some circumstances exercising some of these rights will mean we are unable to continue providing you with cover under your insurance policy and may therefore result in the cancellation of the policy. You will therefore lose the right to bring any claim or receive any benefit under the policy, including in relation to any event that occurred before you exercised your right, if our ability to handle the claim has been prejudiced. Your policy terms and conditions set out what will happen in the event your policy is cancelled.

To download a full copy of this Privacy Policy in PDF format “Click Here”

 Version: 1 September 2022

If you wish to contact KTAXA or the Data Protection Officer, the details are below:

Krungthai-AXA Life Insurance Public Company Limited

Address : 9, G Tower Grand Rama 9 Floor 1,22-27, Rama 9 Road, Huai Khwang, Huai Khwang, Bangkok 10310

Customer Care Centre : 1159 Operated everyday 24 hours

The Data Protection Officer

Address : 9, G Tower Grand Rama 9 Floor 1,22-27, Rama 9 Road, Huai Khwang, Huai Khwang, Bangkok 10310

E-mail  :  dpo@krungthai-axa.co.th

 Your personal information can help us give you a better, more personalised service. But looking after that data is a big responsibility. We take our responsibilities seriously, so we’ve introduced internationally recognised data privacy rules to protect you. We keep your data safe, confidential and will never sell it. And, if you ask us to, we’ll tell you exactly what information we have so you can be sure it’s up-to-date and accurate.

KTAXA's mission is to help you, our customers, live your lives with more peace of mind by protecting you and your family against risks. Doing so involves the collection of data so that we understand the nature of these risks that we cover for you, and that we may provide you with the right products and services to meet your needs.

Today's world is one in which the amount of available data is growing exponentially. Ultimately, this allows us to enhance your experience through tailor-made protection, more relevant information and simplified, efficient procedures.

We believe that protecting your personal information is essential when seizing these opportunities. This is why we considered it important to share with you the principles that will guide us with regard to the treatment of personal information.

10.1 Our Commitment to Safeguard Personal information

We know that respecting the confidentiality of personal information is critical to preserving your trust and therefore have developed security procedures and we use a range of organisational and technical security measures designed to protect your personal information from unauthorized use or disclosure.

We have a Data Privacy team at a global level and a network of Data Privacy Officers throughout our businesses to oversee data safety.

10.2 Our Commitment in Respect to the Use of Personal information

We provide you with up-to-date prevention and protection solutions, we collect your personal information and use it in compliance with data protection.

We have in place procedures and contractual arrangements designed to ensure that all employees, sales representatives, advisers and service providers keep client files confidential.

Our customers often entrust us with sensitive personal information in connection with insurance coverage we provide to them - both at the time of their initial subscription and during the term of their coverage. We view ourselves as custodians of this data and do not sell it to third parties outside KTAXA. We may market products jointly with other companies in cases where we believe there is a unique or compelling value proposition for our customers. 

10.3 Our Commitment to Dialogue and Transparency

As a leading international insurance group, we play a proactive role in public policy and regulatory debates around personal information protection.

These are our continuing commitments to you. We will keep pace with future developments surrounding data privacy to adapt them to your evolving needs.

For more information, please feel free to contact Customer Care Centre 1159 operated everyday 24 hours.

This Privacy Policy may be amended or updated from time to time as appropriate to ensure that your personal information is properly protected. If there are any amendment or any update made on the Policy, we will notify you via the Company's website, notify through our applications installed on your device or by other appropriate means. You can also visit to learn about the latest revision of the Company's Privacy Policy through such channels.

 This Personal Data Protection Policy is effective from the date the Personal Data Protection Act comes into force.