CUSTOMER PRIVACY POLICY - NANA BROKER

Nana Broker highly prioritizes your privacy rights and the protection of your personal data as our customer. This Privacy Policy has been established to serve as a core principle for personal data protection and to inform you of the details regarding the collection, use, or disclosure of your personal data in accordance with the Personal Data Protection Act B.E. 2562 (PDPA).

1. Definitions

• Personal Data Protection Law: The Personal Data Protection Act B.E. 2562 (2019) and any subsequent amendments, including related rules, regulations, and orders.

• Personal Data: Any information relating to an individual that enables the identification of such individual, whether directly or indirectly, but excluding the information of deceased persons in particular.

• Sensitive Personal Data (Sensitive Data): Personal data regarding race, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or any other data which similarly affects the data subject as specified by the Personal Data Protection Committee.

• Nana Broker: The service provider and its designated officers acting as the Data Controller.

• Customer: A natural person or a juristic person who is an insurance applicant, an insured, a prospective customer, a recipient of product/service offers, or a claimant under an insurance policy through Nana Broker.
  

2. Types of Personal Data Collected

Data CategoriesDetails2.1 Identification DataTitle, first name, last name, gender, date of birth, age, photograph, signature, and copies of government-issued documents (e.g., ID card, passport, house registration, driver's license, vehicle registration book, license plate, land title deed).2.2 Sensitive Personal DataHealth data (e.g., blood type, medical history, medical records, medical certificates), criminal records, and religious beliefs (as may appear on the copy of the ID card). This data will be processed only to the extent necessary and with explicit consent or as permitted by law.2.3 Contact DataTelephone number, mobile number, registered/current address, shipping/mailing address, email address, LINE ID, and social media accounts.2.4 Employment DataOccupation, job title, workplace, income/salary, and salary certificate.2.5 Financial DataBank account numbers and details, credit/debit card information, tax information, and transaction/payment history.2.6 Insurance-Related DataInsurance history, underwriting details, policy coverage details, premium payment records, insurance claim history, and beneficiary information.2.7 Behavioral DataCustomer preferences and interest in purchasing products, marketing event participation history, and customer satisfaction surveys.2.8 Legal and Dispute DataPolice daily reports, arrest records, accident case details, charges, and legal complaints/lawsuits.2.9 Technical DataComputer traffic logs, IP address, geographic location (via positioning technology), browser type, website access history, transaction logs, website statistics, and data collected through cookies or similar technologies.2.10 Recording DataVideo recordings, animation, audio recordings of conversations with call centers or online channels, and Closed-Circuit Television (CCTV) footage.

Important Note: If you do not provide the required Personal Data, Nana Broker may not be able to provide services, procure insurance products, perform contractual obligations, or coordinate benefits on your behalf, which may result in a loss of opportunity or damage to you.

3. Sources of Personal Data

Nana Broker may collect your Personal Data from the following channels:

1. Directly from You: Through applications, insurance request forms, websites, mobile applications, telephone conversations, online channels, or any other communications.

2. From Your Representatives: Your authorized persons, contact persons, coordinators, or family members.

3. From External Parties or Organizations: Partner insurance companies, the Office of Insurance Commission (OIC), hospitals, medical facilities, commercial banks, or emergency rescue units.

4. From Public Sources: Reliable public websites, state agencies, regulatory bodies, or social media platforms where you have publicly disclosed your information.

4. Purposes and Legal Bases for Data Processing

PurposesLegal Bases

4.1 Insurance Offering and Policy Procurement

To consider appropriate insurance products/services, calculate premiums, prepare quotations, coordinate and submit data to insurance companies for policy issuance, and deliver policy documents to customers.

● Contractual Basis

● Legal Obligation Basis for important public interests

4.2 Claims Coordination and Management

To receive accident notifications, investigate incidents, negotiate claims with relevant parties, verify accuracy, coordinate claim payments, and handle insurance-related disputes or litigation.

● Contractual Basis

● Legal Claims Basis (Establishment, exercise, or defense of legal claims)

4.3 Communication and Customer Service

To respond to inquiries, notify about policy renewals or expirations, and provide preliminary assistance and information.

● Legitimate Interest Basis

4.4 Product Development and Internal Management

To analyze buying behavior, conduct market research, design new services, and improve Nana Broker's internal operations and business relations.

● Legitimate Interest Basis

4.5 Marketing and Public Relations

To provide news, updates, special offers, privileges, promotional activities, and marketing materials from Nana Broker and its business partners.

● Consent Basis

4.6 Legal Compliance and Government Orders

To submit data to the OIC, comply with Anti-Money Laundering (AMLO) laws, conduct Know Your Customer (KYC) verifications, submit tax reports to the Revenue Department, and support financial audits.

● Legal Obligation Basis

4.7 Security Maintenance

To monitor premises via CCTV and log computer systems to prevent security threats, unauthorized access, and fraudulent activities.

● Legitimate Interest Basis

● Vital Interest Basis (To prevent danger to life or body)

5. Disclosure of Personal Data

Nana Broker will disclose your Personal Data to external individuals or juristic persons solely for the purposes stated above, including:

• Insurance and Reinsurance Companies: For underwriting and policy issuance.

• Business Partners: Agents, other brokers, commercial banks, and related financial institutions.

• Outsourced Service Providers: IT service providers, cloud/data storage providers, Call Center operators, loss adjusters, asset appraisal firms, or other sub-contracted data processors.

• Regulatory and Government Authorities: The Office of Insurance Commission (OIC), Thai General Insurance Association (TGIA), Revenue Department, Royal Thai Police, and the Office of the Personal Data Protection Commission (PDPC).

• Professional Advisors: Legal consultants, lawyers, auditors, and internal/external inspectors.

• Other Related Persons: Beneficiaries, payers, authorized representatives, or family members as necessary.
  

6. Cross-Border Transfer of Personal Data

In the event that Nana Broker needs to send or transfer your Personal Data to a foreign country (such as storing data on overseas cloud servers or coordinating international insurance), Nana Broker will ensure that the destination country has adequate data protection standards in compliance with the law, or will obtain your prior consent as required by law.

7. Retention Period of Personal Data

• Nana Broker will retain your Personal Data for as long as necessary to fulfill the purposes of providing services outlined in this Privacy Policy.

• For Personal Data related to insurance policies and services, Nana Broker will retain the data for a period of 10 years after the termination of the relationship or contract, for verification purposes and in accordance with the legal statutory limitation periods.

• Once the retention period expires, or the data is no longer required for its specified purposes, Nana Broker will delete, destroy, or anonymize the data so that it can no longer identify you.
  

8. Rights of the Data Subject As a Data Subject, you hold the following rights under the PDPA:

1. Right of Access and Review: The right to request access to and obtain a copy of your Personal Data under our responsibility.

2. Right to Rectification: The right to request that your data be corrected, updated, complete, and not misleading.

3. Right to Withdraw Consent: The right to withdraw your consent at any time (this does not affect the lawfulness of processing based on consent before its withdrawal).

4. Right to Data Portability: The right to receive your data or request its transfer to another data controller in an automated format.

5. Right to Object: The right to object to the collection, use, or disclosure of your data under certain circumstances permitted by law.

6. Right to Erasure or Destruction: The right to request the deletion, destruction, or anonymization of your data when it is no longer necessary or upon consent withdrawal.

7. Right to Restriction of Processing: The right to request the restriction or suspension of your data usage during verification processes.

8. Right to Complain: The right to file a complaint with the expert committee under the PDPA if any violation of the data protection law occurs.
   

9. Security Measures

Nana Broker implements strict security measures covering Administrative Safeguards, Technical Safeguards, and Physical Safeguards to prevent the unauthorized or unlawful loss, access, destruction, use, alteration, modification, or disclosure of Personal Data, in alignment with our information technology security policies.

10. Changes to the Privacy Policy

This Privacy Policy may be updated or revised from time to time to comply with changing laws and Nana Broker’s service models. Any changes will be notified to you through our website, application, or official communication channels as appropriate.

11. Contact Information

If you have any questions regarding this Privacy Policy or wish to exercise your rights as a Data Subject, please contact us at:

Nana Broker

• Address: [Insert Office Address of Nana Broker]

• Data Protection Officer (DPO)

• Name: Ms. Supanan Pongsai

• Telephone: 087-506-6378

• Email for Rights Requests (PDPA Request): pdpa@nanabroker.com

How to Exercise Data Subject Rights:

1. Download the Data Subject Rights Request Form here: [Click]

2. Fill out the form and email it back to: pdpa@nanabroker.com

3. The company will process your request and notify you of the outcome as soon as possible.

4. If you do not receive a timely response, you may contact the Data Protection Officer (DPO) directly using the details provided above.