Privacy Notice for Business Partners and Related Persons
Muang Thai Life Assurance Public Company Limited and its subsidiaries including companies or organizations that control, are controlled or are under control by the Company which may mostly have the same shareholders or directors (hereinafter referred to as “the Company”) highly respect your privacy and are aware of the responsibilities in relation to collection, use, and disclosure of personal data of business partners and related persons and their subsidiaries including companies or organizations that control, are controlled or are under control by the business partners and related persons (hereinafter referred to as "you") and/or delivery, transfer of your personal data to others.
The Company greatly values your trust and confidence in the Company and is committed to processing and protecting your personal data accurately and appropriately. Therefore, it is also very important to the Company that you understand about methods and procedures for the collecting, use, processing and disclosure of personal data. You must carefully read and understand the Privacy Notice regarding the personal data of the business partners and related persons (“Notice”) as follows.
1. Types of individuals whose data is collected by the Company
Business partners and related persons refer to individuals involved in the purchase and/or sale of goods or the receipt and/or provision of services with the Company, regardless of whether they are registered as business partners of the Company. This includes, for example, contracting parties, service providers, service recipients, employers, contractors, consultants, experts, etc. This also includes individuals who are associated with or act as representatives of legal entities that are business partners of the Company, such as executives, directors, employees, staff, agents, representatives, or any other individuals. It also includes individuals whose personal data appears in documents related to transactions between the Company and such legal entities, such as coordinators, delivery personnel, and cheque issuers, as well as individuals whose information has been provided to the Company by those legal entities.
2. Personal Data Collected
Types of personal data that the Company collects, uses, processes and/or discloses depends on purpose of your consent. In this regard, the Company aims to collect only necessary personal data for the purposes specified in Section 4 of this Notice. If you do not provide the personal data necessary for the Company's operations, the Company may be unable to proceed with the contractual arrangements with you or you may not receive certain rights from the Company. Examples of personal data that the Company may collect include:
2.1 Information required for transactions: This includes personal data found in corporate registration documents issued by the Department of Business Development, Ministry of Commerce, such as the name and surname of directors, etc.; data from identification cards or other identity documents, such as name, surname, national identification number, date of birth, gender, age, nationality, address as per household registration, and photograph of the cardholder; passport number (for foreign individuals); taxpayer identification number; educational background; employment history (e.g., occupation, name of workplace, position); information relating to control and shareholding interests in a business (e.g., being a director, shareholding percentage); signature; information appearing in documents evidencing property rights issued by government or relevant authorities, such as land title deeds, Nor Sor 3 Kor, Nor Sor 3, condominium ownership documents, etc.; information from the Legal Execution Department’s database; and contact information such as current address and telephone number.
2.2 Financial information: This includes bank account numbers and types of accounts, information related to transactions with the Company, financial history, compensation, and information relating to financial status.
The Company does not intend to process any sensitive personal data that may appear on identity documents or documents used in transactions and/or legal agreements. The Company may take action on its own by redacting or obscuring your sensitive personal data without the need to notify you. Alternatively, the Company may request that you redact or obscure your own sensitive personal data yourself.
3. Methods of Collecting Your Personal Data
The Company will collect your personal data directly from you, which you may have provided or which may have been obtained through various activities, such as the purchase or sale of goods/services, the provision or receipt of services, use of the Company’s website, participation in Company activities, or when entering into a contract with the Company. However, in certain cases, the Company may collect your personal data from other sources, such as your employer, employees, secretaries or coordinators acting on your behalf, government agencies or state authorities, real estate agents or brokers, individuals who referred you to the Company, sources related to your business, commercial data sources, or public sources such as websites or information available on the internet.
In case you disclose personal data of other individuals to the Company, you hereby certify and guarantee an accuracy of such personal data. You also certify and guarantee that you have completely informed those parties of the details of this Notice.
4. Purposes of Processing Your Personal Data
The Company uses your personal data to fulfill the purposes for which you provided the data, to manage its business operations, and to enhance the overall experience between you and the Company. The Company processes your personal data for various purposes under the following legal bases:
| Purpose and/or Activity | Data Type | Legal Basis |
|---|---|---|
- For the necessity of transactions between you and the Company, such as: |
- Information required for transactions |
- Compliance with the contract |
- For billing or debt collection related to outstanding amounts owed to the Company, conducting transactions, processing payments and/or receiving payments |
- Information required for transactions |
- Compliance with the contract
|
- Conducting feasibility studies to assess investment suitability |
- Information required for transactions |
- Compliance with the contract |
- Reporting transactions that the Company is obligated to report as a reporting entity, detecting and preventing suspicious or irregular transactions, and managing and mitigating potential risks |
- Information required for transactions |
- Compliance with the contract |
- Using your data in matters related to handling complaints, exercising legal claims, or in the event of disputes filed by you or other parties |
- Information required for transactions |
- For legitimate interests |
- For evaluating performance, internal reporting or audits, data analysis, and participation in sales competitions |
- Information required for transactions |
- For legitimate interests |
- For compliance with applicable laws, notifications, regulations, and lawful orders issued by government agencies, such as the Revenue Department, the Office of Insurance Commission (OIC), the Anti-Money Laundering Office (AMLO), and others |
- Information required for transactions |
- Compliance with the law |
5. Methods of Personal Data Protection
The personal data collected by the Company will be processed fairly and accurately in accordance with the Personal Data Protection Act. The Company has implemented physical and electronic security measures to ensure compliance with the applicable regulatory standards for protecting your personal data. You can find more details and information on how to protect your personal data from the Company's Privacy Policy at https://www.muangthai.co.th/en/privacy-policy
6. Retention Period of Personal Data
The Company may collect and use your personal data for the above purposes in accordance with the law. The Company will retain your personal data for no longer than twelve (12) years from the date your relationship with the Company ends or from the last date of contact with the Company.
7. Disclosure and Transfer of Your Personal Data
The Company has Personal Data security policy and procedures, and restrict access to your Personal Data whereby only those who need to use your Personal Data are allowed to access in order to comply with the purposes for which the data is collected, as detailed in Item 4. However, your Personal Data may be shared to the following persons
- The Company will disclose your personal data to external parties who are its business partners, such as external parties providing information technology services that assist in the Company’s business operations, entities responsible for receiving/payments of compensation and benefits to you, hospitals, service providers related to travel or accommodation. If the Company discloses information to external service providers, the Company will use strict control measures to ensure appropriate protection of the data.
- The Company’s professional advisors or consultants, such as lawyers, accountants, insurers, independent appraisers associated with the Company, as well as the Company’s auditors.
- The Company may disclose your information to financial institutions or payment service providers, such as financial institutions that provide payment systems for transactions between you and the Company.
- The Company may disclose your information to customers/partners if necessary for customer service or for coordinating with partners. For example, the Company may provide your contact details so that customers can contact you regarding work you are involved in.
- The Company will disclose your information if required to comply with the law. For example, when the law, government agencies, law enforcement agencies, committees established by law, or regulatory authorities require the Company to disclose such information. For instance, the Office of Insurance Commission (OIC), the Anti-Money Laundering Office (AMLO), the Stock Exchange of Thailand (SET), the Thailand Securities Depository (TSD), clearing houses, courts, the Royal Thai Police, the Department of Special Investigation (DSI), the Legal Execution Department, the Revenue Department, the Department of Business Development, and the Land Office, or the Company may disclose information as part of legal claims. The Company may also disclose your information for important public interests when such disclosure is necessary and proportional. For example, the Company may provide your information to tax authorities.
- Any other persons or entities as necessary to achieve the purposes outlined in Section 4.
Your personal data may be transferred, transmitted, collected or processed by the Company or delivered to entity or others department as detailed above which may located inside/outside Thailand. However, the Company shall formulate standards of agreements and/or business contracts with agencies, organizations that will receive such personal data based on acceptable personal data protection standards and applicable laws in order to ensure security of your personal data.
The Company will not disclose your personal data to external parties for commercial purposes. However, the personal data you provided to the Company may be transferred to other companies within the Company’s group, subcontractors, service providers necessary to achieve the aforementioned purposes, external service providers who provide services under the Company’s control such as personal data processors, authorized entities for advertising our products and services or facilitating and providing services to you, financial transaction service providers (e.g., banks, payment collection companies), data analytics service providers (e.g., big data analysis, business insight), technology service providers (e.g., cloud systems, blockchain systems, SMS delivery services, data analytics services), IT system and software developers, auditors, insurance companies, consultants, independent corporate valuation companies, government agencies (e.g., Revenue Department, AMLO, OIC), organizations related to insurance, such as the Thai Life Assurance Association and insurance industry associations or councils, and other individuals necessary for the Company to conduct business and provide services to you, including any implementation in accordance with the purposes of personal data collection and processing as set forth in this Notice.
In the event that the Company enters into a contract with a third party or a service provider, the Company will implement appropriate measures to ensure the security of personal data and the protection of confidential information. This is to ensure that your personal data is kept secure.
8. Your Rights Based on Personal Data Protection Law
You have the right, as a data subject, to access data relating to you, to be informed about the existence and the extent of data processing, to rectify incorrect personal data (whichever the case may be), to make use of your personal data’s portability and to oppose further processing on serious and legitimate grounds. You can learn more about your rights regarding personal data protection under the Company’s Privacy Policy at https://www.muangthai.co.th/en/privacy-policy
Additionally, you can consult and find information on personal data protection or the process for filing a complaint from the Office of the Personal Data Protection Commission as outlined in the Personal Data Protection Act B.E. 2562 (2019).
9. Amendments to the Privacy Policy
The Company reserves the right to amend this Privacy Notice Regarding Personal Data of Business Partners and Related Persons at any time. In case of any changes or amendments to this Notice, the Company will update the new information on the Company’s website https://www.muangthai.co.th/en/privacy-policy or through the channel as the Company deems appropriate. This Notice was last updated on 23 April 2025.