เว็บไซต์นี้มีการจัดเก็บคุกกี้ (Cookies) เพื่อวัตถุประสงค์ในการปรับปรุงประสบการณ์ของผู้ใช้งานให้ดียิ่งขึ้น การใช้งานเว็บไซต์นี้เป็นการยอมรับข้อกำหนดและ ยินยอมการจัดเก็บคุกกี้ดังกล่าว โดยท่านสามารถดูรายละเอียดเพิ่มเติมได้ใน นโยบายคุกกี้ และ นโยบายคุ้มครองข้อมูลส่วนบุคคล ของบริษัทฯ
หน้าแรก Privacy and Personal Information Management Guidelines

Privacy and Personal Information Management Guidelines

1. Privacy and Personal Data Management Guidelines of I-Direct Insurance Broker Co.,Ltd. and I-Direct Life Insurance Broker Co., Ltd.

These Privacy and Personal Data Management Guidelines are formulated in line with the Privacy and Personal Data Management Policy of I-Direct Insurance Broker Co.,Ltd. and I-Direct Life Insurance Broker Co., Ltd. to serve as guidelines for collecting, retaining, using or disclosing personal data of service users to ensure security, safety and reliability in pursuant to the Notification of Office of Insurance Commission Re: Rules and methods for issuing and offering insurance policies, and paying compensation for claims according to insurance contracts through electronic channels B.E. 2560 and other relevant laws as the Company provides electronic transaction services on our official website (https://www.idirectbroker.com) 

2. Define

  1. “The Company” or “I-Direct” means  I-Direct Insurance Broker Co., Ltd. and I-Direct Life Insurance Broker Co., Ltd.
  2. “Personal data” means data about an individual that can be used to identify the individual either directly or indirectly. Personal data can be categorized into 2 types as follows:
    • General personal data includes name, surname, gender, date of birth, age, status, address, occupation, workplace, telephone number, fax number, e-mail address or others that contain name of the individual or any identifying number, code or other identifiers such as fingerprints, voiceprints, or photographs. This also includes information about the deceased persons.
    • Sensitive personal data means data unique to an individual such as race, religion, education, financial status, health record, criminal record, professional profile, activity record or data that could result in harm to the individual’s reputation or may cause negative feelings of discrimination or unfair treatment. This also includes data unique to the deceased persons.
  3. “Service user” means the owner of personal data who uses electronic transaction services on the Company’s official website (https://www.idirectbroker.com) or any other electronic services of the Company.
  4. “Personal data owner” means the person owning the data, his/her legal representative, guardian, or curator, and also includes his/her spouse and statutory heir, or the beneficiary as specified in the insurance policy in the case where the data owner deceases.

3. Objective

  1. To ensure the security, safety and reliability of the Company’s electronic transactions and to establish the personal data protection measures in compliance with requirements of the laws.

4. Enforcement

  1. The Guidelines shall be applicable to the Company’s employees and vendors or outsourcing service providers having access to personal data.

5. General information

  1. These Privacy and Personal Data Management Guidelines are established for implementation in conjunction with the Privacy and Personal Data Management Policy of the Company.
  2. Details of scope of enforcement of the Privacy and Personal Data Management Policy: The Company collects, retains or uses personal data for carrying out transactions under the scope stipulated in Item 5 of the Privacy and Personal Data Management Policy and in accordance with the purposes stipulated in Item 7 of the Policy.
  3. Should there be any changes to the aforesaid purposes of personal data collection, the Company will inform service users of the changes, make an online request for consent of service users, and make relevant announcements on the Company’s official website (https://www. idirectbroker.com) at least 30 days in advance. In this connection, any adjustments or additions will be recorded as evidence.

6. Collection, classification and use of personal data

The Company provides electronic services via website (https://www.idirectbroker.com) and by means of filling in the document according to the format specified by the company for further conversion into electronic data or for storage by any other means. Details are as follows:

  1. 6Insurance sale via website : The Company collects only necessary personal data such as national ID number, name-surname of service user, telephone number, e-mail address, etc. The information will be used for insurance selling and policy issuance process.
  2. Premium payment by Credit Card Debit Card ATM or Direct Debit: The Company collects personal data of service users such as name-surname, address, telephone number, Credit Card  & Debit Card number and etc. in order to process transactions on the specified deposit accounts or charge to the specified credit cards for insurance premium payment.
  3. The Company will not collect personal data about personal beliefs, political opinions, and sexual behaviors, etc.
  4. Communication between the Company and service users: The Company will contact service users via telephone or e-mail to ask for information, request confirmation of information, or provide service advice and support. Service users may choose to respond via call center, telephone, letter or e-mail, etc.
  5. Use of cookies: The Company’s website uses cookies that link to personal data. “Cookies” are data sent to web browser of service users. When the cookies are installed and used on the service user’s system, the Company’s website will be able to record or remember data of service users until the service users exit the web browser or delete the cookies or disable the cookies. With cookies, service users will find it more convenient to use the website. Also, the data recorded or stored by “cookies” will be used in statistical analysis or other activities to further improve the Company’s services.
  6. Collection of demographic information: The Company’s website (https://www.idirectbroker.com) collects demographic statistics that can be linked to personally identifiable information for the purpose of usage survey that will be used to enhance the Company’s service quality.
  7. Log files: Log files are files that record data on communication between computer systems including sources, origins, destinations, paths, time, date, volume, time period, types of services or any other things related to the communication. The Company’s website (https://www.idirectbroker.com) automatically keeps entry/exit logs of users that may be linked to personally identifiable information such as IP address, the website viewed before and after the Company’s website, and type of web browser, etc. as evidence for future examination of user’s activities on the website (https://www.idirectbroker.com) in accordance with the Computer-Related Crime Act B.E. 2560
  8. “Optional” provision of information: The Company provides electronic services through our website or mobile application where service users is requested to provide information in 2 field types, i.e. mandatory fields in red letters or with an asterisk (*) in which service users are required to provide data necessary for processing the desired services, and optional fields in which service users can choose to provide data. In cases where service users do not wish to provide data via website, they may provide the data to the Company directly via the Company’s telephone number.

7. Display of personal data linkage to other entities or organizations

The Company links personal data to other entities in order to execute electronic transactions of service users such as payment by direct debit, etc. according to the following guidelines:

  1. The Company links only necessary personal data.
  2. The personal data linkage is undertaken only when prior consent is obtained from personal data owners.
  3. The personal data linkage must be undertaken in a secure and safe manner by appropriately applying risk control measures to maintain data confidentiality, accuracy and availability.
  4. During each step of data transmission process, the Company will communicate to and seek cooperation from staff of relevant entities or organizations for strict compliance with the Privacy and Personal Data Management Policy and Guidelines of the Company or those announced by the entities or organizations.

8. Collection of information from multiple sources

The Company combines personal data of service users obtained through the Company’s website Call Center and from documents with information obtained from agency/brokerage companies and any Business Alliance according to the following guidelines:

  1. The Company will gather only necessary personal data from other sources.
  2. The Company will gather personal data from reliable sources which must be able to show evidence of consent from personal data owners.
  3. The personal data must be gathered in a secure and safe manner by appropriately applying risk control measures to maintain data confidentiality, accuracy and availability.
  4. During each step of data transmission process, the Company will communicate to and seek cooperation from staff of relevant entities or organizations for strict compliance with the Privacy and Personal Data Management Policy and Guidelines of the Company or those announced by the entities or organizations.

9. Use or disclosure of personal data by third parties

The Company will not disclose stored personal data to other irrelevant persons or entities unless consent is given by personal data owners or disclosure is required by laws, court orders or orders of legally authorized entities or persons such as disclosure of personal data to local and international law enforcement entities, disclosure for the purpose of litigation process, etc.

10. Use and disclosure of data of service users

The Company will not use personal data of service users for purposes other than those specified in the Privacy and Personal Data Management Policy. However, should it be necessary to use the personal data for other undertakings, the Company will contact the information owners to obtain their prior consent by proceeding as follows:

  1. Give objectives of the use of personal data
  2. Explain how the personal data will be used
  3. Explain benefits the information owner will get from the use of personal data
  4. Obtain a written consent and keep it as evidence before the personal data is used

11. Access, change, and update to personal data

Service users may access and change or update personal data collected and stored by the Company via the Company’s website (https://www.idirectbroker.com) in accordance with the regulations and procedures specified by the Company and record the objection as evidence.

12. Maintenance of personal data security

The Company has stringent information security measures as follows:

  1. Appoint IT Security Committee to handle IT risk management, formulate IT security policies and implement risk control measures in accordance with ISO/IEC 27001:2013.
  2. Promote consciousness of personal data security among personnel, employees or staff of the Company by disseminating information and news, providing knowledge, arranging seminars or trainings on information security on a regular basis.
  3. Clearly determine rights and restrictions of access to personal data for each level of personnel, employees or staff of the Company. Keep record and backup of data of access or use of personal data for an appropriate period of time or for a period required by laws.
  4. Examine and assess security risks of the website and all information systems at least once a year.
  5. Ensure implementation of appropriate and specific measures for maintaining security of sensitive personal data or data that may adversely affect feelings, beliefs, public order and morals, or obviously damage or affect rights and freedom of personal data owners. This data includes debit or credit card number, national ID number or personal identity number, race, religion, personal beliefs, political opinions, health record, sexual behaviors, etc.

13. Personal data retention period and revocation of consent

The Company shall retain personal data of service users only for a period necessary for carrying out the tasks as per the purposes specified in the Policy. In cases where information owners wish to revoke their consent to retention of personal data, they may express their intention at the Head Office, The Company shall consider taking appropriate actions and record the expressed intention as evidence.

14. Contact us

Should you have any questions, suggestions or comments regarding the Privacy and Personal Data Management Policy or compliance with the Policy, the Company is willing to answer all your inquiries, and listen to your suggestions and comments that will be beneficial to our service improvement. Please contact us at the following address:

 

I-Direct Insurance Broker Co., Ltd. and I-Direct Life Insurance Broker Co., Ltd.
Telephone : 02-700-5222 
Fax : 02-090-1982 
E-mail : customercare.admin@idirectbroker.com
Website: https://www.idirectbroker.com