skip to main content

Employee Data Privacy Policy

Employee Data Privacy Policy

Chubb Samaggi Insurance Public Company Limited (“Chubb”, “we”, “us”) values its employees (“you”) and respects and protects their privacy. This employee data privacy policy ("Privacy Policy") sets out the types of information that Chubb, as data controller, collects about you, the purposes for which it is collected, the basis on which we process it and how Chubb handles your personal data.

 

This Privacy Policy principally applies to current employees even after the end of their employment but, where relevant, it also applies to workers, job applicants, interns, agency workers, consultants, directors, and third parties whose information is provided to us in connection with the employment or work relationship (for example, referees or emergency contact information). Where we use the term employee or employment then for the purpose of this Privacy Policy that includes those who work for us on a basis other than employment to the extent it is relevant, but this does not in any way indicate that the individual is an employee of Chubb.

 

This Privacy Policy does not form part of any contract of employment and does not confer any contractual right on you or place any contractual obligation on us. We may update or otherwise amend this Privacy Policy at any time.

 

Overview

 

Chubb collects and uses personal details which you provide as part of the recruitment and on boarding processes, together with additional personal data collected throughout the course of your employment or engagement (for instance, in relation to performance reviews, disciplinary processes and participation in voluntary benefit schemes).

 

The personal data Chubb collects is used primarily for the recruitment process, onboarding employees, managing the workforce and complying with contracts of employment. The data may be stored in systems based around the world and may be processed by third party service providers acting on Chubb's behalf.

 

We need your data in order to commence, perform and terminate your employment and for performing the related contractual or statutory obligations. Without this data we will not be able to enter into a contract with you or to perform our obligations under such contract.

 

It is our policy to comply with our obligations under the Personal Data Protection Act B.E. 2562 (Thailand) including relevant subordinate laws and regulations (“PDPA”). But you also have an important role to play in protecting the security of personal data, and you should be careful to whom you disclose personal data, and how you protect your communications and devices. Please refer to the Chubb Global Information Security Policy (https://village.chubb.com/docs/DOC-115912) and the Global Information Security and Privacy Policy and Guidelines (https://village.chubb.com/docs/DOC-338831) for more information about your responsibilities.

 

You also have certain rights in respect of your personal data, which you can exercise by contacting us using the contact details below.

 

Email:

Dpo.th@chubb.com

 

Write to:

Data Protection Officer, 

Chubb Samaggi Insurance PCL, 2/4 Chubb Tower, 12th Fl., Northpark Project, Vibhavadi-Rangsit Rd, Thung Song Hong, Laksi, Bangkok 10210

 

Types of Personal Data that Chubb Processes

 

"Personal data" refers to information which relates to an identified or identifiable natural person. An identifiable natural person is an individual who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. Personal data includes, for example, your contact details and your date of birth.

 

Chubb processes your personal data. In this context, “processing” means dealing with the data in any way, such as using, disclosing or destroying it.

 

The types of personal data which we process will vary depending on your role, your location and any terms and conditions of employment or engagement relevant to you. Typically, the types of personal data will include, for example, your personal and basic work details and details of your remuneration and benefits.

 

The types of personal data which we process will include, but may not be limited to, the following:

 

  • Your Personal Details - for example your name, date of birth, gender, personal contact details (including address, telephone number and email), emergency contact/next of kin details, immigration and eligibility to work data and languages spoken, marital status, Passport/ID card number, photographs, military service history;
  • Basic Work Details - for example your work contact details (corporate email address and telephone numbers), employee number, photograph, job title, job description, assigned business unit or group, reporting lines, primary work location, working hours and your terms and conditions of employment;
  • Professional Qualifications and Regulatory Data - where applicable, including certifications school/university certificates, work history, academic or language testing, professional licenses (e.g. non-life insurance agent/broker licenses), reference letters and unique regulatory identifiers;
  • Recruitment/Selection Data - for example, any personal data contained in your CV, application form, record of interview or interview notes, records of assessments and vetting and verification documentation;
  • Remuneration and Benefits Data - for example, details of your pay and benefits package, bank account details, grade, social security number, tax information and third party benefit recipient information;
  • Criminal Records Data - where permitted under local law in relation to recruitment for specific roles;
  • Leave Data - for example your holiday and family related leave records;
  • Incapacity Data - for example, any personal data contained in your absence records, medical forms, reports or certificates and records relating to accommodations or adjustments;
  • Disciplinary and Grievance Data - for example, any personal data contained in records of allegations, investigations and meeting records and outcomes;
  • Performance Management Data - for example, colleague and manager feedback, appraisals, outputs from talent programmes and formal and informal performance management processes;
  • Equality and Diversity Data - where permitted under local law, data regarding gender, age, race, nationality, religious belief and sexuality (stored anonymously for equal opportunities monitoring purposes);
  • Training and Development Data - data relating to training and development needs or training received;
  • Monitoring Data - where permitted under local law, identifiable images contained in CCTV footage, system and building login and access records, keystroke, download and print records, call recordings, data caught by IT security programmes and filters, handset details including IMEI number (for company issued devices);
  • Health and Safety Data - personal data in audits, risk assessments and incident reports;
  • Employee Claims, Complaints and Disclosures Data - personal data in the subject matter of employment based litigation and complaints, employee involvement in incident reporting and disclosures;
  • Termination Data - for example, dates and reason for leaving, termination arrangements and payments, exit interviews and references;
  • Personal Data of Other Persons - such as reference information, contact persons and emergency contact/next of kin details;
  • Any other personal data - which you choose to disclose to Chubb personnel during the course of your employment, whether verbally or in written form (for example, on work emails and internet usage records).

 

In the event that you have provided personal data of other persons to Chubb for emergency purposes or to allocate benefits, such as a family members or relatives, you acknowledge and confirm that you have provided such persons with the details pertaining to this Privacy Policy. In cases where Chubb is required to obtain consent for the processing of personal data, you will need to take whatever action is necessary for Chubb to lawfully process those personal data.

 

Special Categories of Personal Data

 

To the extent permitted by applicable laws, Chubb may also collect and process a limited amount of personal data falling into special categories. Within this category, Chubb collects and records information relating to health or disability (including details of accommodations and adjustments) as permitted by applicable laws. We may also process information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual behavior, criminal records, trade union membership, genetic data or biometric data, only as permitted or required by applicable laws.

 

Sources of Personal Data

 

Primarily the personal data we process about you will have been provided by you, either during your application for employment or engagement, the on boarding process, or on an ad hoc basis during the course of your employment or engagement. This will especially include your personal and basic work details as well as equality and diversity data.

 

During the recruitment process, we may request references from third parties, and carry out screening and vetting processes using third party sources. We carry out such screening and vetting processes only to the extent permitted by applicable laws. These may include reference checks, credit checks, sanctions checks, regulatory references and directorships.

 

We also receive information which may include your personal data from your line manager (for example, in respect of performance reviews) or, from time to time, from other managers or colleagues (for instance, in the course of conducting an investigation).

 

We may also receive personal data about you from other third parties, for example clients, brokers, benefit providers, regulatory bodies and other government agencies.

 

In some circumstances, data may be collected indirectly from monitoring devices or by other means (for example, building and location access control and monitoring systems, telephone logs and recordings and email and internet access logs), if and to the extent permitted by applicable laws. In these circumstances, the data may be collected by Chubb or a third party provider of the relevant service. This type of data is generally not accessed on a routine basis but access is possible. Access may occur, for instance, in situations where Chubb is investigating possible violations of Chubb policies such as those relating to travel and expense reimbursement, use of the internet, or employees conduct generally, or where the data are needed for compliance purposes. More frequent access to such data may occur incidental to ana email surveillance program, if and to the extent permitted by applicable laws.

 

Apart from personal data relating to yourself, you may also provide Chubb with personal data of other third parties, notably your referees, dependents, and other family members or friends, for purposes of HR administration and management, including employment verification, the administration of benefits and to contact your next of kin in an emergency. Before you provide such third party personal data to Chubb you must first inform these third parties of any such data which you intend to provide to Chubb and of the processing to be carried out by Chubb, as detailed in this Privacy Policy.

 

Purposes of Processing

 

We process your personal data for recruitment decisions, the performance of the employment contract and the termination of the employment relationship. This will include the following:

 

  • to assess applications for employment and make recruitment decisions;
  • to create IT and building access rights;
  • to manage day-to-day aspects of your employment, including paying salary and providing your benefits and training and development;
  • to manage health and safety at work and report on incidents;
  • to investigate and respond to concerns about your conduct or performance or other issues arising during your employment.

 

The purposes for which we process your personal data are to:

 

  • assess applications for employment and make recruitment decisions, including entering into an employment contract with Chubb;
  • review eligibility to work;
  • where authorised by law and required for your role, seek criminal record disclosure and carry out credit and employment history checks;
  • conduct an equal opportunities monitoring programme;
  • bring you on-board and create an employee record on our HR IT system;
  • create IT and building access rights;
  • manage day-to-day aspects of employment, including:
    • paying fees, salary, reimbursable expenses and bonuses and distributing stock awards;
    • providing and administering benefits;
    • planning and allocating work and measuring working hours;
    • creating and maintaining records relating to your absence from work and calculating and administering any related payments (including for sickness, parental leave, discretionary leave, holidays, sabbaticals etc.);
    • creating and maintaining training records and administering training and development programmes;
    • addressing occupational health issues, incapacity at work and making reasonable adjustments;
    • setting work objectives and reviewing and reporting on and managing your performance at work;
    • responding to and resolving grievances whether from you or other employees;
    • conducting disciplinary investigations processes and making related decisions; and
    • managing professional certifications / licences and liaising with regulatory bodies on your behalf;
  • budgeting, financial review and internal business reporting;
  • management and development of talent and succession planning;
  • maintain emergency contact and beneficiary details;
  • manage health and safety at work and investigate and report on incidents;
  • monitor employee use of IT and communications, consistent with the law and with Chubb internal policies;
  • maintaining security of our sites, systems, employees and visitors;
  • investigate and respond to complaints from clients and brokers;
  • workforce planning and planning and implementing business change programmes, restructures or redundancy exercises including to develop a business case, programme planning, facilitation of appropriate selection and redeployment decision making and managing an effective and efficient process;
  • due diligence processes in relation to any potential corporate transaction or service transfer which may be relevant to your role;
  • make decisions on continuation of employment or engagement and administer terminations and provide references;
  • exercise our rights to defend, respond to or conduct prospective or actual legal claims or proceedings whether in relation to you or a third party;
  • internal directories to facilitate contact and effective working and communication;
  • tendering for client work and the effective management and delivery of client work and relationships including compliance with client contracts;
  • monitoring of access to systems for recording data access and details of data access such as access time and the name and title of the person accessing data;
  • processing of sensitive personal data under such as health data for providing benefits and welfare to employees such as health insurance or reimbursable medical expenses;
  • provision of information to Chubb’s owners, investors, asset managers, lenders for use, review, analysis in their capacity as such or pursuant to performance of contract;
  • where relevant, for publishing appropriate internal or external communications or publicity material (including via social media in appropriate circumstances);
  • to provide technical support, including support and maintenance for HR information and other IT systems;
  • to comply with lawful requests by public authorities (including without limitation to meet national security or law enforcement requirements), discovery requests, or where otherwise required or permitted by applicable laws, court orders, government regulations, or regulatory authorities;
  • to comply with the requirements under internal policies and compliance;
  • to comply with the requirements of any applicable laws, rules, regulations, agreements or policies;
  • for the purpose of managing, storing, saving, backing up or destroying personal data.

 

Please note that this not an exhaustive list and we may process your personal data for other purposes that are consistent with the legal basis on which we process your personal data.

 

Legal Basis for Processing

 

Whenever we process your personal data, we do so on the basis of a lawful "condition" for processing. The processing of your personal data by us will be justified because it is necessary to give effect to the employment contract.

 

Apart from that, the processing of your personal data can be justified because:

 

  • you have given your consent for one or more specific purposes;
  • it is necessary to give effect to the performance of the contract;
  • it is necessary for us to comply with a legal obligation (for example, disclosing tax data to the tax authorities, compliance with health and safety or employment laws or compliance with statutory payment or record keeping obligations); or
  • where it is in our legitimate interests as a business and as your employer, and our interests are not overridden by your interests, fundamental rights or freedoms (for example, succession planning).

 

In addition, where we process special categories of personal data (including data relating to health, disability, sexual life, sexual orientation, racial or ethnic origin, trade union membership, political opinions or religious or philosophical beliefs, criminal records, genetic data, biometric data or other data which may affect the data subject in the same manner as prescribed by the Personal Data Protection Committee), this will always be justified on the basis of an additional lawful condition.

 

The processing of special categories of personal data (for example, data relating to health, disability, sexual life, sexual orientation, racial or ethnic origin, trade union membership, political opinions or religious or philosophical beliefs, criminal records, genetic data, biometric data or other data which may affect the data subject in the same manner as prescribed by the Personal Data Protection Committee) will be justified by one of the following special conditions:

 

  • the processing is necessary for the purposes of carrying out obligations under employment law, social security law and for social protection, if there is no reason to believe that your legitimate interests for excluding the processing of your personal data prevails (for example, complying with health and safety rules, statutory sick pay, making reasonable adjustments for someone with a disability or ensuring any dismissal is fair);
  • the processing is voluntary and is carried out subject to your explicit consent for one or more specific purposes (for example if you wish to participate in an additional support programme or benefit related to incapacity or health promotion). If we are relying on consent, we will be clear about this and will not rely on consent if there is another relevant lawful condition;
  • the processing is necessary for the establishment, exercise or defence of legal claims (whether a claim is made by you or a third party);
  • the processing is necessary for an assessment of your working capacity carried out by a health professional (for example, an occupational health report);
  • the processing is necessary for reasons of substantial public interests authorised by local law (for example, preventing or detecting unlawful acts or equal opportunities monitoring where permitted by local law); or
  • in exceptional circumstances, the processing is necessary to protect your vital interests and you are incapable of giving consent (for example in a medical emergency).

 

Retention of Personal Data

 

We only retain employee personal data for as long as is required to satisfy the purpose for which it was collected by us or provided by you. We therefore will retain your personal data as a minimum for the duration of your employment with us.

 

In certain cases, legal or regulatory obligations (for example in the case of tax related matters) require us to retain specific records for a set period of time, including following the end of your employment. In the case of tax related matters, we are for example obliged to keep data concerning your remuneration for six or in some cases even for ten years.

 

For more information about Chubb's data retention practices, including in respect of employee records and applicants’ records, please refer to the Chubb Records Management Policy (https://village.chubb.com/docs/DOC-386860).

 

Disclosures of Personal Data

 

Internally your direct and indirect line managers, HR professionals supporting your work area and in some cases certain colleagues will have access to some of your personal data where relevant to their role.

 

We routinely share your personal data with other members of the Chubb group where required in order to, for example, run global processes, carry out group wide reporting, or assist with workforce planning.

 

Certain basic personal data, such as your name, location, job title, contact information and any published skills and experience profile may also be accessible to other staff.

 

We may also be required to disclose your personal data to third parties. This will include suppliers which help us provide HR services, tax or other authorities, a regulator or a professional adviser (e.g. in relation to occupational health, legal advice or in connection with a corporate transaction).

 

Examples of third parties with whom your data may be shared include tax authorities, medical/occupational health professionals, regulatory authorities, law enforcement and regulatory bodies, Chubb’s insurers, bankers, IT administrators, lawyers, accountants, data centre providers, doctors or other healthcare providers, auditors, notaries, investors, lenders, training providers, landlords, office access providers, social media and marketing suppliers, consultants and other professional advisors, payroll/tax providers, and administrators of Chubb’s benefits programs. Your personal data is also accessed by third parties whom we work together with in connection with IT services, such as hosting, supporting and maintaining the framework of our information systems.

 

Chubb expects such third parties to process any data disclosed to them in accordance with applicable law, including with respect to data confidentiality and security. Where these third parties act as a “data processor” (for example, a payroll provider), they carry out their tasks on our behalf and upon our instructions for the above-mentioned purposes. In this case your personal data will only be disclosed to these parties to the extent necessary to provide the required services.

 

We may also share limited information with clients where you are part of a client team or proposed team in a tender process.

 

We use a number of third party suppliers to help us provide HR services or perform processing activities, such as insurance agents/brokers, insurance companies, recruiter support providers, and/or to maintain Chubb's information technology systems or programs that help in recruiting or providing compensation accounting systems, benefits or provident funds. These third parties may have access to or merely host your personal data but will always do so under our instruction and subject to a contractual relationship.

 

Some third parties to whom we may provide personal data, for instance private health insurance or occupational health providers or professional advisers or regulators, are data controllers in their own right, and you should refer to their own privacy policies in respect of how they use your personal data.

 

We may also be required to disclose your personal data to third parties in response to orders or requests from a court, regulators, government agencies, parties to a legal proceeding or public authorities, or to comply with regulatory requirements or as part of a dialogue with a regulator.

 

Your personal data may also be disclosed to advisors, potential transaction partners or interested third parties in connection with the consideration, negotiation or completion of a corporate transaction or restructuring of the business or assets of any part of the Chubb group.

 

Cross-border Transfers

 

The global nature of our business means that your personal data may be disclosed to members of the Chubb group outside of Thailand. Certain suppliers and service providers may also have personnel or systems located outside of Thailand.

 

The Chubb group has an intra-group data transfer agreement in place which regulates cross-border transfers of your personal data within the group. Where third parties transfer your personal data outside of Thailand, we will take steps to ensure that your personal data receives an adequate level of protection, including by, for example, entering into data transfer agreements or by ensuring that third parties are certified under appropriate data protection schemes.

 

Data Subject Rights

 

Right to access, correct and delete your personal data

 

Chubb aims to ensure that all personal data we store are correct. You also have a responsibility to ensure that changes in personal circumstances (for example, change of address and bank accounts) are notified to Chubb so that we can ensure that your data is up-to-date.

 

You have the right to request access to any of your personal data that Chubb may hold, and ask us to:

 

  • confirm whether we are processing your personal data; and
  • give you a copy of that data.

 

We may not have to comply with a request where it is permitted by law or pursuant to a court order, and such access would adversely affect the rights and freedoms of other persons.

 

You have the right to request us to rectify any inaccurate personal data relating to you. We may seek to verify the accuracy of the data before rectifying it.

 

You furthermore have the right to request us to erase your personal data, but only where:

 

  • it is no longer needed for the purposes for which it was collected or otherwise processed or
  • you have withdrawn your consent (where the data processing was based on consent) or
  • following a successful right to object (see “Objection” below) or
  • it has been processed unlawfully.

 

We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary:

 

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

 

There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.

 

Additional rights

 

You also have the following additional rights:

 

Right to restriction of processing – you can ask us to restrict (ie keep but not use) your personal data, but only where:

 

  • its accuracy is contested (see right to rectify above), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected or otherwise processed, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

 

We can continue to use your personal data following a request for restriction, where:

 

  • we have your consent; or
  • to establish, exercise or defend legal claims; or
  • where permitted by law.

 

Right to data portability – you can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it “ported” directly to another Data Controller, but in each case only where:

 

  • the processing is based on your consent or on the performance of a contract with you;
  • the processing is carried out by automated means; and
  • the provision or “porting” would not violate the rights and freedoms of other persons.

 

Right to withdraw consent – where you have provided us with your consent to process data, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

 

Right to object to processing justified on legitimate interest grounds – where we are relying upon legitimate interests to process data, then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing, we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.

 

You also have the right to lodge a complaint with the Personal Data Protection Committee if you consider that the processing of your personal data infringes applicable law. We ask that you please attempt to resolve any issues with us first although you have a right to contact the Personal Data Protection Committee at any time.

 

If you wish to investigate the exercising of any of these rights, please contact Chubb’s Data Protection Officer.

 

Data Protection Officer

 

Chubb has a Data Protection Officer who is responsible for Chubb’s compliance with data protection law.

 

You may contact Chubb's Data Protection Officer securely and confidentially at any time if you have general concerns about the processing of your personal data, or any data protection issue. The DPO's email address is

 

Email:

Dpo.th@chubb.com

 

Write to:

Data Protection Officer, 

Chubb Samaggi Insurance PCL, 2/4 Chubb Tower, 12th Fl., Northpark Project, Vibhavadi-Rangsit Rd, Thung Song Hong, Laksi, Bangkok 10210

 

Additional Privacy Policies

 

We may undertake certain processing of personal data which are subject to additional privacy policies, and we shall bring these to your attention where they engage.

 

Download for more information Click here