Siam Liberty Insurance Broker Master Privacy Policy

Data Protection at Siam Liberty

At Siam Liberty Insurance Broker Company Limited (“Siam Liberty”, "we", "us"), we routinely collect and use personal data about individuals, including prospective insureds, insured persons, policyholders, claimants or business partners ("you"). We are aware of our responsibilities to handle your personal data with care, to keep it secure and comply with applicable data protection laws.

How this Policy Works

The purpose of this Policy is to provide a clear explanation of when, why and how we collect and use information relating to you, which enables the identification of you, whether directly or indirectly ("personal data").

Important

Do read this Policy with care. It provides important information about how we use personal data and explains your statutory rights. This Policy is not intended to override rights you might have available under applicable data protection laws.

Data Protection Policy

1. Who is responsible for looking after your personal data? 

Siam Liberty Insurance Broker Company Limited will be principally responsible for looking after your personal data (your Data Controller).

Where your personal data has been passed to another Data Controller (e.g., insurer), as we do in Section 6 of this Policy. 

You should be aware that although we are principally responsible for looking after your personal data. When accessing your personal data, Siam Liberty will comply with the standards set out in this Policy.

2. What personal data do we collect?

We collect and process non-sensitive as well as sensitive personal data.

Prospective Insureds and Insured Persons/Policyholders. In order to facilitate insurance purchases, we collect information about the prospective insureds, insured persons, policyholders and related parties. This may include information about previous quotes obtained, background and contact information on the prospective insured, insured persons, policyholder or their representative and matters relevant to the assessment of insurance purchase and management of insurance policies. The prospective insured or policyholder may be an individual, company or their representative. The level and type of personal data we collect and use varies depending on the type of policy that is applied for or held and may include information on other individuals who need to be considered as part of the policy. In some instances, it is necessary for us to collect and use Sensitive Personal Data, such as information about health or past criminal convictions. We are required to establish a legal exemption to use your Sensitive Personal Data - see Section 5 for further details. 

If you are an insured person, from time to time you may need to provide us with the personal data of third parties, for example an injured third party in relation to a claim under a liability policy. Wherever possible, you should take steps to inform the third party that you need to disclose their details to us, identifying Siam Liberty as your broker. We will process their personal data in accordance with this Policy. 

Claimants. If you are making a claim under a policy, we will collect your basic contact details together with information about the nature of your claim and any previous claims. If you are an insured person we will need to check details of the policy you are insured under and your claims history. Depending on the nature of your claim, it may be necessary for us to collect and use Sensitive Personal Data, such as details of personal injury you may have suffered during an accident. 

Business Partners and Visitors. If you are a business partner, we will collect your business contact details. We may also collect information about your professional expertise and experience.

Shareholders. If you are a shareholder, we will collect your personal data concerning the holding of shares or other securities, this includes a photocopy of your identification card, your passport, or your book bank and other information which may contain sensitive personal data. We may collect your personal data if you attend shareholders’ meeting for keeping record and compliance with law and internal policies.

In the event that you have provided personal data of other persons to Siam Liberty, such as a prospective insured or beneficiary, you acknowledge and confirm that you have provided such persons with the details pertaining to this Policy and have obtained consent where applicable or relied on appropriate legal basis to allow us to process personal data in accordance with this Policy.

For more information on what information we collect, please see Appendix 1.

3. When do we collect your personal data?

Prospective Insureds and Insured Persons

• We will collect information from you directly when you apply for a policy.
• Information about you may also be provided to us by your employer, family member or any other third person who may be applying for a policy which names or benefits you. 
• We may collect information about you from other sources where we believe this is necessary to sell insurance and help insurers manage effective underwriting of the risk associated with a policy and/or help fight financial crime. These other sources may include public registers and databases managed by credit reference agencies, government agencies such as the Department of Land Transport and the Revenue Department, and other reputable organisations.

Claimants

• We will collect information from you when you notify us of a claim. You might make a claim to us directly or through your representative.
• We may also collect information about you if the claim is made by another person who has a close relationship with you or is otherwise linked to the claim - for example if the policyholder is your employer, or if you are the subject of a third party claim.
• We may also be provided with information by your lawyers (or acting on behalf of your employer).
• We may collect information from other sources where we believe this is necessary to assist in validating claims and/or fighting financial crime. This may include consulting public registers, social media and other online sources, credit reference agencies and other reputable organisations .

Business Partners and Visitors

• We will collect information about you if you or your company provides your contact or other information to us in the course of working with us, either directly as a business partner or as a representative of your company.
• We may also collect information about you if you attend meetings, events or conferences that we organise, contact us through our website or sign up to one of our newsletters or bulletin services.
• We may collect information from other public sources (e.g. your employer's website) where we believe this is necessary to help manage our relationships with our business partners.

Shareholders

• We will collect information about you or your representative when it is required to verify your identification and fulfill legal obligations with you as a shareholder including when attending annual general meeting.

Applicable to all

•  If you telephone Siam Liberty (for example, when notifying a claim or discussing that claim with us) or if Siam Liberty telephones you (for example, to sell an insurance policy) we may record the telephone call. We may also use Interactive Voice Response (“IVR”) technology to automate responses to voice commands, and to analyse call recording data. We use call recordings as an evidence of your agreement to purchase an insurance policy or submit a claim, to help train our staff and to provide an accurate record of the call in case of complaints or queries. We may also analyse call recordings using automated technology in order to detect where there may be customer service failings (and then resolve these), or to detect potential evidence of fraud. 

4. What do we use your personal data for?

We use your personal data for the purposes set out below. Please refer to Appendix 2 for more detail, including in relation to the legal basis we rely upon in each case.

Prospective Insureds and Insured Persons/Policyholders. If you are a prospective insured or an insured person, we will use your personal data to offer insurance, verify your identity, facilitate filling out an application for an insurance policy, deliver an insurance policy, premium payments. If we have provided you with your policy, we will use your personal data to administer your policy, deal with your queries, and manage the renewal process. We will also need to use your personal data for regulatory purposes associated with our legal and regulatory obligations as a provider of insurance.

Claimants. If you are a claimant, we will use your personal data to help with your claim and settlement. We may also need to use your personal data to evaluate the risk of potential fraud. If you are also an insured person, we will use personal data related to your claim to inform the renewal process and potentially future policy applications.

Business Partners and Visitors. If you are a business partner, we will use your personal data to manage our relationship with you, including sending you marketing materials (where we have appropriate permissions) and to invite you to events. Where relevant, we will use your personal data to deliver or request the delivery of services, and to manage and administer our contract with you or with your employer. If you are a visitor, we will use your personal data; typically, to register for certain areas of our website, enquire for further information, distribute requested reference materials, or invite you to one of our events.

Shareholders. We use your personal data to manage your shareholder rights including providing you with share registry services and managing affairs as appropriate in accordance with our Articles of Association and applicable laws. This includes but is not limited to dividend distributions, shareholder resolutions, communication regarding reports, meetings, news, offers, and responses to your inquiries.

Data analytics. We routinely analyse information in our various systems and databases to help improve the way we run our business, to provide a better service. We take steps to protect privacy by aggregating and where appropriate anonymising data fields before allowing information to be available for analysis.

5. Protecting your privacy

We will make sure that we only use your personal data for the purposes set out in Section 4 and in Appendix 2 where we are satisfied that:

• our use of your personal data is necessary to perform a contract or take steps to enter into a contract with you (e.g. to manage your insurance policy);
• our use of your personal data is necessary to comply with a relevant legal or regulatory obligation that we have (e.g. to comply with OIC requirements);
• our use of your personal data is necessary to support 'legitimate interests' that we have as a business (for example, to improve our products, or to carry out analytics across our datasets, share registry services and compliance with relevant laws), provided it is conducted at all times in a way that is proportionate, and that respects your privacy rights; or
• you have provided your consent to us using the data in that way.

Before collecting and/or using any Sensitive Personal Data we will establish a lawful exemption which will allow us to use that information. If your Sensitive Personal Data is collected on a form (including on a website) or over the telephone, further information about the exemption may be provided on that form. This exemption will typically be:

• your explicit consent (if this is specifically requested from you on a data collection form, in language which references your consent); 
• the establishment, exercise or defence by us or third parties of legal claims; or
• a specific exemption provided by law which is relevant to the insurance industry.

PLEASE NOTE. If you provide your explicit consent to permit us to process your Sensitive Personal Data, you may withdraw your consent to such processing at any time. However, you should be aware that if you choose to do so we may be unable to continue to provide services to you. If you choose to withdraw your consent we will tell you more about the possible consequences, including the effects of cancellation, (which may include that you have difficulties finding cover elsewhere), as well as any fees associated with cancellation. Please see Appendix 2 to find out more about the information we collect and use about you and why we believe it is appropriate to use that information for such activities.

6. Who do we share your personal data with?

We work with many third parties, to help manage our business and deliver services. These third parties may from time to time need to have access to your personal data.

For Prospective Insureds and Insured Persons/Policyholders these third parties may include:

• Insurers to provide insurance coverage to you and Third Party Administrators who help insurers manage the claims process
• Service Providers
• Healthcare providers and travel and medical assistance providers
• Our regulators, which include the OIC, as well as other regulators and law enforcement agencies in Thailand and around the world
• Agencies and organisations working to prevent fraud in financial services
• Lawyers and other professional services firms and partners such as medical professions, accountants, actuaries, auditors, experts, consultants, banks and financial institutions that service our accounts
• Your employer or company acting on your employer’s behalf to monitor, audit or otherwise administer our services and fulfill contractual obligations in relation to our services (in the case that you are entitled to our services because your employer has signed an agreement with us to provide you with insurance cover and other additional covers and services as it may apply)

For Claimants this may include:

• Insurers
• Third Party Administrators who help insurers manage the claims process
• Loss Adjusters and Claims Experts who help insurers assess and manage claims
• Service Providers
• Assistance Providers, who can help provide you with assistance in the event of a claim
• Healthcare providers and travel and medical assistance providers
• Lawyers, who may be legal representatives for you, us or a third party claimant and other professional services firms such as accountants, actuaries, auditors, experts, consultants, banks and financial institutions that service our accounts
• Agencies and organisations working to prevent fraud in financial services
• Your employer or company acting on your employer’s behalf to monitor, audit or otherwise administer our services and fulfill contractual obligations in relation to our services (in the case that you are entitled to our services because your employer has signed an agreement with us to provide you with insurance cover and other additional covers and services as it may apply)

We may be under legal or regulatory obligations to share your personal data with courts, regulators, law enforcement or in certain cases insurers. If we were to amalgamate our businesses, we would need to transfer your personal data to such businesses or other third parties in connection with the sale, reorganization, transfer, amalgamate or disposal of our businesses. We may also share your personal data with any other persons acting for or on behalf of or jointly with Siam Liberty in respect of a directly related purpose for which your personal data was required.

Descriptions of certain categories of third parties and defined terms are set out below.

Insurers/ Reinsurers: insurance companies which underwrite and administer insurance policies. Some policies are insured on a joint or "syndicate" basis. This means that a group of insurers will join together to write a policy. Policies may also be reinsured, which means that the insurer will purchase its own insurance, from a reinsurer, to cover some of the risk the insurer has underwritten in your policy.

Assistance Providers: these are a special category of service providers which Insurers use to help provide you with emergency or other assistance in connection with certain policies (e.g. certain travel policies).

Claims Experts: these are experts in a particular field which is relevant to a claim, for example medicine, forensic accountancy, mediation or rehabilitation, who are engaged by Insurers to help us properly assess the merit and value of a claim, provide advice on its settlement, and advise on the proper treatment of claimants.

Data Controller: means a natural or juristic person (such as a company) which has the power and duty to make decisions regarding the collection, use or disclosure of personal data. For example, Insurers which sells you an insurance policy will be your Data Controller as it determines how it will collect personal data from you, the scope of data which will be collected, and the purposes for which it will be used.

OIC: the OIC is the Office of Insurance Commission, which is an insurance regulatory body. Siam Liberty may disclose personal data to the OIC to support its supervision over, and promotion of, insurance businesses, in accordance with the insurance commission law, the non-life insurance law and the OIC’s privacy policy which can be viewed on the OIC website (https://www.oic.or.th).

Personal Data Protection Committee: The Personal Data Protection Committee regulates the processing of personal data by all organisations within Thailand.

Prospective Insured and Insured Person/Policyholders: we use this term to refer to prospective, active or former individual policyholders, as well as any individual who purchases and benefits from insurance coverage under one of policies (for example, where an employee benefits from coverage taken out by their employer).

Loss Adjuster: these are an independent claims specialist which investigates complex or contentious claims.

Sensitive Personal Data: means any personal data relating to your health, disability, genetic or biometric data, criminal records, sexual behaviour, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. At Siam Liberty, (other than in the context of our employees, which is outside the scope of this Policy) we routinely only process Sensitive Personal Data relating to health or criminal records.

Service Providers: these are a range of third parties to whom we outsource certain functions of our business. For example, we have service providers who help us manage our IT and back office systems. Some of these providers use 'cloud based' IT applications or systems, which means that your personal data will be hosted on their servers, but under our control and direction. We require all our service providers to respect the confidentiality and security of personal data. We also use other services from service providers, such as website hosting, data analysis, payment processing, document and records management, order fulfilment, credit reference, debt collection, delivery services, and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

Lawyers: we frequently use lawyers to advise on complex or contentious claims or to provide us with non-claims related legal advice. 

Third Party Administrators (or TPAs): these are companies which administer the underwriting of policies for insurers, the handling of claims, or both. The insurers require all TPAs to ensure that your personal data is handled lawfully and in accordance with this Policy and our instructions.

7. Direct Marketing

We may use your personal data to send you direct marketing communications about our insurance products or our related services for the purposes of conducting direct marketing activities, marketing communication, news updates, making special offers, giving promotional information, and offering privileges (these may include other products and services offered by affiliated companies or business partners), in a way within customers' expectation. This may be in the form of email, post, SMS, telephone or targeted online advertisements.

In most cases our processing of your personal data for marketing purposes is based on our legitimate interests to provide information you might find helpful to manage your insured risks, insurance renewals and other products, services and offers that may be of interest to you, although in some cases (such as when that is beyond your expectation or where required by law) it may be based on your consent. You have a right to prevent direct marketing of any form at any time - this can be exercised by following the opt-out links in electronic communications or by contacting us using the details set out in Section 14.

We take steps to limit direct marketing to a reasonable and proportionate level and to send you communications which we believe may be of interest or relevance to you, based on the information we have about you.

8. International Transfers

From time to time we may need to share your personal data who may be based outside Thailand. We may also allow our Service Providers or Assistance Providers, who may be located outside Thailand, access to your personal data. We may also make other disclosures of your personal data overseas, for example, if we receive a legal or regulatory request from a foreign law enforcement body.

We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

• We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights,
• Transfers to Service Providers and other third parties will be protected by contractual commitments and where appropriate further assurances, such as certification schemes,
• Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.

9. How long do we keep your personal data?

We will retain your personal data for as long as is reasonably necessary for the purposes listed in Section 4 of this Policy. In some circumstances, we may retain your personal data for longer periods of time, for instance where we are required or permitted to do so in accordance with legal, regulator, tax or accounting requirements.

For example, if you are the holder of an insurance policy, your personal data will typically be retained for 10 years after the cancellation or termination of the policy, unless an exception applies.

In specific circumstances, we may also retain your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

Where your personal data is no longer required we will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

10. Importance Notice

If you: (i) do not or decline to provide certain personal data we inform you as necessary to provide for compliance with a law or contract, or where is it necessary to provide the personal data for the purpose of entering into contract; or (ii) do not or decline to consent us to collect, use or disclose certain personal data; or (iii) exercise your rights to withdraw your consent for our collection, use, disclose, transfer or process certain personal data which is necessary for us to make a relationship with you or provide our services and/or products to you, we may not be able to provide you with our products or services you request, enter into a contract with you or perform our obligations resulting from a contract entered with you nor may not be able to stay in contact with you.

In such circumstance, you will be informed about the consequences of your refusal to provide us personal data or grant us consent, or your withdrawal of consent, as the case may be.

11. Security

We seek to use reasonable organizational, technical and administrative including security measures to protect personal data from unauthorised or accidental access, processing, erasure, loss or use within our organization, which are consistent with the PDPA and other applicable data protection laws.  Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure.  If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with Section 14 below.

12. What are your rights

You have a number of rights in relation to your personal data.

You may request access to your data, correction of any mistakes in your data, erasure of records where no longer required, restriction on the processing of your data, objection to the processing of your data, withdrawal of consent, data portability and various information in relation to the basis for international transfers. You may also exercise a right to complain to the Personal Data Protection Committee. More information about each of these rights can be found by referring to the table set out further below.

To exercise your rights, you may contact us as set out in Section 14. Please note the following if you do wish to exercise these rights:

 

13. Changes to the Policy

We may modify or update this Policy at any time in order to address future developments of Siam Liberty, or changes in industry or legal trends. 

We will post the change on the home page of the website or app. You can determine when the Policy was revised by referring to the “Updated” legend on the below of this Policy. Where changes to the Policy will have a fundamental impact on the nature of our collection, use or disclosure of your personal data, or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights your rights in accordance with Section 14 of this Policy in relation to your personal data.

14. Contact and complaints

The primary point of contact for all issues arising from this Policy, including requests to exercise data subject rights, is our Data Protection Officer.

The Data Protection Officer can be contacted in the following ways:

Email: 
dpo.th@chubb.com

Write to:
Data Protection Officer, 
Siam Liberty Insurance Broker Company Limited, 2/4 Chubb Tower, 8^th Fl., Northpark Project, Vibhavadi-Rangsit Rd, Thung Song Hong, Laksi, Bangkok 10210

Webform

If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with the Personal Data Protection Committee at any time.

Updated January 2024

Appendix 1 – Categories of Personal Data

Information type	Details of information that we typically capture
Prospective Insureds and Insured Persons/Policyholders
Contact Details	Name, address, telephone number, email address, social media account
Identification Information	Identity card number, passport number, work permit number, driving license number, photos
Policy Information	Policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims, telematics data
Personal Risk Information	Gender, date of birth, claims history. Vehicle registration number Professional history or CV, occupation, employment information Publicly available information Schedule of possessions, property construction, physical condition, security, fire protection and value Travel information Other details in relation to insurance application Sensitive Data that we collect in connection with your relationship with us and that you have chosen or required to provide to us Health data – e.g. physical and mental conditions, disability status, medical history and procedures (including consultation history, prescriptions, treatments, medical billings), relevant personal habits Background check information where it is deemed sensitive data, judicial data such as civil, criminal record or information on other judicial or administrative proceedings, police reports, court orders and other information required under the laws, including bankruptcy laws, anti-money laundering laws, prevention and suppression of financial terrorism support laws, tax laws Race, religion, ethnicity Sex life or practices or sexual orientation Genetic or biometric information, biometric templates Political or philosophical beliefs, political party or trade union membership
Financial Information	Bank account details (where you are the payer of the policy premium), credit card data used for billing, salary, income, tax information, credit/debit card details, loan details, investment information and other payment details
Marketing	Name, email address, interests/marketing list assignments, past purchases, record of permissions or marketing objections, website data (including online account details, IP address and browser generated information)
Claimant
Contact Details	Name, address, telephone number, email address, social media account
Identification Information	Identity card number, passport number, work permit number, driving license number, photos
Policy Information	Policy number, relationship to the policyholder, details of policy including insured amount, exceptions etc., previous claims, telematics data
Claim Details	Details of incident giving rise to claim, vehicle registration number, handset details and IMEI number, health data, criminal record data
Financial	Bank account details used for payment
Anti-fraud Data	Address, history of fraudulent claims, details of incident giving rise to claim, criminal record data
Business Partners and Visitors
Contact Details	Name, work address, work email, work telephone numbers, job title
Marketing	Name, job title, email address, interests / marketing list assignments, record of permissions or marketing objections, website data (including online account details, IP address and browser generated information)
Office Visitor	Name, job title, email address, telephone number, CCTV images, dietary preferences (for events), disability data (voluntarily provided)
Website Visitor	behaviour on website, Cookies, computer traffic data

 

Appendix 2 – Legal Basis for Processing

Activity	Type of information collected	The basis on which we use the information	Who we may disclose the information to
Prospective Insureds and Insured Persons
Help you enter into an insurance contract such as providing suggestions, facilitating in filling out and delivering insurance policy including providing relevant services	• Contact Details • Identification Information • Policy Information • Personal Risk Information	• Performance of a contract	• Insurer • Business Partners • Service Providers • Healthcare providers and travel and medical assistance providers • Credit reference agencies • Anti-fraud databases • Third party administrators • Other insurers/ reinsurers • Assistance Providers • Lawyers and other professional services firms and partners • Regulators (eg OIC) • Law enforcement bodies • Courts • Other insurers (under court order)
Set up and manage a record on our systems.	• Contact Details • Identification Information • Policy Information • Personal Risk Information	• Performance of a contract • Legitimate interests (to ensure we have an accurate record of all Insured Persons we cover)
Carry out background, sanction and fraud checks	• Contact Details • Identification Information • Personal Risk Information • Criminal Record Data	• Legitimate interests (to ensure that Insured Persons are within our acceptable risk profile and to assist with the prevention of crime and fraud) • Legal obligation • If we have specifically asked for it, your consent • Local law exemption
Act as a broker/intermediaries between Insurers and you such as manage renewals etc.	• Contact Details • Identification Information •  Policy Information • Personal Risk Information • Health Data      • Criminal Record Data	• Performance of a contract • Legitimate interests (to determine whether to extend cover for a renewal period, and if so, on what terms) • If we have specifically asked for it, your consent
Provide client care, assistance and support	• Contact Details • Policy Information	• Performance of a contract
Receive premiums and payments on behalf of Insurers	• Contact Details • Financial Information	• Performance of a contract
Marketing	• Contact Details • Marketing	• Legitimate interests (to provide Insured Persons with information about insurance products or services which may be of interest) • Consent
Market research, advanced data analytics, and statistical, reporting or financial assessment undertaken by business partners or respective regulators	• All (where relevant to the research/ data analytics)	• Legitimate interests • Legal obligation •  Consent
Comply with legal and regulatory obligations/ cooperate with law enforcement	• Contact Details • Identification Information • Policy Information • Personal Risk Information • Financial Information	• Legal obligation
Claimant
Receive notification of claim	• Contact Details • Identification Information • Policy Information • Claim Details	• Performance of a contract • Legitimate interests (third party claimants) (to maintain an accurate record of all claims received and the identity of claimants)	• Third Party Administrators • Assistance Providers • Service Providers • Healthcare providers and travel and medical assistance providers • Loss Adjusters • Lawyers and other professional services firms and partners • Claims Experts • Anti-fraud databases • Law enforcement bodies • Banks • Regulators (eg OIC) • Courts • Other insurers (under court order)
Monitor and detect fraud, including communicating with companies within the financial services and insurance industries and our respective regulators	• Claim Details • Anti-fraud Data	• Performance of a contract • Legitimate interests (to monitor, assess and ultimately prevent fraud) • If we have specifically asked for it, your consent • Establish, exercise or defend legal claims
Comply with legal and regulatory obligations/ cooperate with law enforcement	• Policy Information • Claim Details • Anti-fraud Data • Financial Information	• Legal obligation
Business Partners and Visitors
Manage relationships	• Contact Details	•  Legitimate interests (to maintain an accurate client and partner relationship management platform) • Consent	• Service Providers
Administer contracts	• Contact Details	• Performance of a contract
Marketing	• Contact Details • Marketing	• Legitimate interests (to communicate to Business Partners about events, services or products which may be of interest to their sector) • Consent
Run events and host office visitors; accommodate website visitors	• Website or Office Visitors	• Legitimate interests (to organize and host events which may be of interest to Business Partners) •  Consent
Monitor and analyse behaviour on website; deliver targeted contents and advertisings on website	• Marketing • Website Visitor	• Performance of a contract • Legitimate interests • Legal obligation •  Consent
Applicable to all
Transfer of books of business	• All (where relevant to the book)	• Legitimate interests (to structure our business appropriately) • Legal obligation • Consent	• Courts • Purchaser/ Transferee/ Other third parties in connection with the sale, reorganization, transfer or disposal of businesses • Lawyers and other professional services firms and partners • Service Providers • Regulators • Law enforcement bodies
Sale or reorganization or amalgamate of Siam Liberty	• All	• Legitimate interests (to structure our business appropriately) • Legal obligation • Consent
Recording of telephone calls	• Contact Details • Identification Information • Claims Details • Other information shared in the context of the call	• Legal obligation • Legitimate interests (to train staff, to provide evidence of intention to enter into an insurance contract, to help resolve complaints, to improve customer service or to detect fraud)
Internal management, including to develop, manage, process, analyse, improve, design, operate and administer products, services and operations, to protect our rights, privacy, safety or property, and/or that of you or others	• All	• Legitimate interests
Shareholders
• Manage your shareholder rights, calling and convening shareholders’ meeting • Share registry services • Comply with legal and regulatory obligations/ cooperate with law enforcement	• Contact Details • Identification Information • Financial Information	• Legitimate interests	• Share Registrar • Bank