Privacy Policy

AXA Insurance Public Company Limited (“AXA” or “we”) recognizes the importance of protecting our employee’s ("You”) personal data including sensitive data, so we have prepared this privacy policy to inform you of the collection, use, disclosure, and international transfer of your personal data and sensitive data. Hereinafter, personal data and sensitive data will be mentioned as Personal Information.

Personal data means any information that can directly or indirectly identify you.
Sensitive data means any information that is defined by the Personal Data Protection Act ("PDPA") as be sensitive data such as racial, ethnic origin, political opinions, cult, religious or philosophical beliefs, sexual behavior, criminal records, health data, disability, trade union information, genetic data, biometric data, or of any data which may affect the data subject in the same manner.

1. Personal Information We Collect

The detail of personal information is as follows:

1.1 Personal Data

(a) Contact details such as name, surname, e-mail address, postal address, telephone number

(b) Identification information such as your date of birth, gender, age, identification number, passport number, marital status, photo

(d) Information relevant to your education and experience such as educational background, work experience, skills, qualifications, training course records

(e) Other information such as information of family members, references, emergency contact persons

1.2 Sensitive Data

(a) Details of Identification card or Passport such as religion, blood type, and racial information

(b) Information about your health, disability, drug test results

(d) Biometric data for identification and verification e.g. Facial Recognition, Fingerprint Verification and etc.

2. How We Collect Your Personal Information and Third Party’ Information

We might collect your personal information from you directly and from other sources, for example;

Hospital when you do a Health check and/or annual health check
Government authorities such as Royal Thai Police, Immigration Bureau
References provided in job application form of AXA
Other publicly available sources such as our website, other job posting sites, information made available on the internet or other social media platforms
Outsource service provider such as Headhunter company

3. Purposes of Collection, Use or Disclosure of Personal Information

We collect, use or disclose your personal information for the purposes as follows:

4. Data Disclosure and Transfer

For the purposes set out in this Privacy policy, we may disclose your personal information to companies inside the AXA Group and other recipients outside the group as follows:

4.1 Companies and affiliates within our group for our efficiency and accuracy of business administration or the prevention and/or detection of fraud and screening against international sanctions, counter-financing terrorism and anti-money laundering.

4.2 Recipient and their affiliates for the purposes set out in this Privacy policy, for example;

(a) Government authorities, supervising authorities or other authorities as stipulated by laws, including competent official, e.g. courts, police officers, etc.

(b) Agencies and/or service providers, such as document storage and destruction service providers, IT development companies, etc.

(c) Any other external party for the purpose of contractual requirements or legal requirements, where applicable and on a need-to-know basis.

(d) Other recipients beyond those specified above, in case you grant consent.

Disclosure of your personal information to a recipient outside of AXA will only be made where the recipient has agreed to keep your information strictly confidential and shall only be used for the specific purpose for which we provide it to them.

We may also disclose your personal information to other recipients where:

- we are required or permitted to do so by the law or by regulatory bodies; or

- we believe that such disclosure is necessary in order to assist in the prevention or detection of any criminal action including fraud or is otherwise in the overriding public interest; or

- exemptions under the data protection legislation allow us to do so.

Some of the business partner set out above may be in countries outside of Thailand notably in Singapore, where AXA has a Data Centre, or any other designated AXA group entity, as the case may be. Where we make a transfer of your personal information outside of Thailand, in all cases where personal information is transferred to a country which is deemed not to have the same standards of protection for personal data as Thailand will ensure Appropriate Safeguards have been implemented to ensure that your personal information is protected where standards are not the same or similar to those standards within Thailand.

However, you can review the external privacy policies of the recipients we disclosed your personal information according to the purposes are stated in this Policy by visiting the Privacy Notice from External Parties.

5. Data Retention Period

AXA retains your personal information for 10 years after the termination of your employment contract.

6. Your Rights as a Data Subject

You can ask us to do various things with your personal information. For example, at any time you can ask us for a copy of your personal information, correct mistakes, change the way we use your information, or even delete it. We’ll either do what you’ve asked or explain why we cannot.

You have the following rights in relation to our use of your personal information.

The right to access your personal information

You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing, unless otherwise requested.

The right to rectification

We take reasonable steps to ensure that the personal information we hold about you is accurate and complete. However, if you do not believe this is the case, please contact our DPO team by using the contact information as specified in article 7 of this policy and you can ask us to update or amend it.

The right to erasure

In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.

Right to restriction of processing

In certain circumstances, you are entitled to ask us to stop using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.

Right to data portability:

In certain circumstances, you have the right to ask that we transfer any personal information that you have provided to us to another third party of your choice. Once transferred, the other party will be responsible for looking after your personal information.

Right to object:

You have the right to object to the collection, use or disclosure of your personal information for direct marketing purposes or on grounds stipulated by law.

The right to withdraw consent

For certain uses of your personal information, we will ask for your consent. Where we do this, you have the right to withdraw your consent to further use of your personal information. Please note in some cases we may not be able to process your insurance if you withdraw your consent.

The right to lodge a complaint

You have a right to complain to the Personal Data Protection Committee at any time if you object to the way in which we use your personal information.

You can make any of the requests set out above using the contact details of the Data Protection Officer (DPO) as specified in section 7 of this Privacy policy. Please note that in some cases we may not be able to comply with your request for reasons such as our own obligations to comply with other legal or regulatory requirements. However, we will always respond to any request you make and if we can't comply with your request, we will tell you why.

7. Contact information

If you wish to contact AXA or the Data Protection Officer, the details are below:

AXA Insurance Public Company Limited.

Address: 414 Siam Patumwan House, Floor 25th, unit2511-1-2, Phayathai Rd., Wangmai Sub-district, Pathumwan, Bangkok 10330 Thailand

Call Center: 02–118–8111 [Monday to Friday - 8:30 AM - 6:30 PM and Saturday - 9:30 AM - 6:00 PM Closed on Sunday and official holidays]

The Data Protection Officer

Address: 414 Siam Patumwan House, Floor 25th, unit2511-1-2, Phayathai Rd., Wangmai Sub-district, Pathumwan, Bangkok 10330 Thailand

E-mail: dpo@axa.co.th

Channels for exercise your rights as the Data Subject: https://direct.axa.co.th/PDPA

8. Update to this Privacy Policy

AXA regularly reviews and, if appropriate, updates this Privacy policy from time to time to ensure that your Personal Information is properly protected. In case of any update to this Privacy policy, AXA will inform you through AXA internal communication, public share drive or other appropriate methods. Please click here for the updated Privacy Policy.

This Privacy Notice shall take effect as of the date that the Personal Data Protection Act becomes effective.

[Updated on 08/09/2023]